Now Viewing Information for: Students
Show me information for Employees

Although Mercer strives to prevent phishing, virus, and spam messages from reaching your inbox, some malicious email unfortunately still gets delivered. The information below outlines what to do in the event that an attacker successfully gains access to your Mercer email.

In this section:

I think I responded to a phishing email. What should I do?

Reset your password immediately via the password self-service website:
If you notice bounce messages in your email, it's because someone accessed your account and used it to send out junk/phishing email. You just need to delete these emails. They will stop being sent to you soon after you prevent any more email from going out by changing your password.

My Mercer email tells me I'm unable to send email and I'm receiving several bounce messages.

If Microsoft detects a high volume of suspicious email coming from your account, these are the steps taken:

  • Microsoft will block your account from sending email
  • Your Mercer password will be reset to protect your email and other accounts
  • We will request that Microsoft restores your ability to send email
  • Your new password will be sent to the personal email address listed on your student record. You can verify this address by logging into MyMercer and selecting My Information from the My Profile menu on the left. The email will include directions on how to change your password.

How can an attacker gain access to my email account?

There are several ways attackers may gain access to an email account:

  • You may be tricked into clicking a link in an email and provide your username and password to a fake website
  • Your password may be guessed if it was never changed from the default when your account was first created
  • The answers to your security questions in the password self-service website may be easy to guess

How can I tell if an email is malicious?

If we receive reports of a malicious email, we post it on our System Status page. That page can be reached via the System Status tab in the upper-right corner of any site on If you see an email listed there, you can delete and disregard the message. If you don't see it listed there, feel free to forward the email to for verification.

Our phishing website also provides information on how to identify malicious email.


(478) 301-7000