Compromised Account
Compromised Account
A compromised 91³ΙΘΛ account is one accessed by a person not authorized to use the account. Criminals and hackers target 91³ΙΘΛ users to gain:
- Access to the 91³ΙΘΛ network, processing power, and/or storage they can use to commit crimes.
- Access to 91³ΙΘΛ academic resources like the library and journal subscriptions.
- Information about you to steal your identity, commit fraud, and use your reputation to target your contacts for phishing and fraud.
When accounts are compromised, valuable computing resources and sensitive institutional and personal data are put at risk. Even accounts with limited or no access to institutional data and nothing private or of value in email or personal files are valuable to hackers.
How Accounts are Compromised
- Phishing. Emails that ask you to verify, validate, or upgrade your account by logging in to a webpage or providing your password are most likely phishing scams. 91³ΙΘΛ will NEVER send email asking you to confirm your identity or provide confidential, personal information. Learn more
- Malware. Use of an untrusted computer or a computer infected with a computer virus, running a keyboard logger, or subject to other malicious system compromises. Viruses are malicious programs. The term computer virus typically refers to programs that replicate and spread, although some use it to refer to any malware--adware, spyware, ransomware, and so on--that can damage your computer or compromise your account. To protect your devices from viruses: Install and run antivirus and anti-malware software.
- Unsecured network. If you log in to an 91³ΙΘΛ website while on an unprotected Wi-Fi network, your account information could be stolen. Use secure networks, such as your cellular carrier network, 91³ΙΘΛ Wireless, or wired connections.
- Password Sharing. If you shared your password with a friend, significant other, or family member, they might not have been as careful with it as you are.
- Password Stolen on Another Site. Reusing your 91³ΙΘΛ password on other sites, especially those where your 91³ΙΘΛ email is your username, puts 91³ΙΘΛ resources at risk. If your account on those sites is compromised, your 91³ΙΘΛ account can be easily accessed.
- Weak password. A short, simple password can be vulnerable to guessing or brute-force techniques. Passwords should use the following rules:
Must include three of these four characters: numbers, symbols, uppercase letters, and lowercase letters.
Must be at least eight characters in length.
Should not be something easily guessed by others.
Minimum password age is set to 90 days.
History is set to three, meaning you cannot re-use your two prior passwords.
How to Know if Your Account is Compromised
- You cannot login to your account because a hacker changed the password or it is clearly disabled or locked.
- You cannot send email to external addresses because Microsoft blocked it.
- You notice missing emails or returned undelivered emails.
- You find an unknown forwarding email or deleting email rule in place.
- You see multiple unknown sent items appear in the "Sent Items" folder.
What to Do if Your Account is Compromised
Change your 91³ΙΘΛ password
- If you suspect your 91³ΙΘΛ account has been compromised or stolen:
- Change your 91³ΙΘΛ password. See Support Services for links to reset your 91³ΙΘΛ password. Do NOT set it back to something you have used previously.
- If you suspect a personal account has been compromised, change the password for that account. Choose a strong password and make it unique to that account. Do not use the same password for multiple accounts; that puts all your accounts at risk if one is compromised.
- In Office 365 email, check your Inbox and sweep rules to ensure new messages are not being sent to the Deleted folder. See instructions
- In Office 365 email, check Accounts Forwarding to ensure new messages are not being forwarded to an account to which you are not associated. See instructions
Report It
- Report through Office 365 by right clicking on the message and clicking on Mark as junk.
- Report suspected phishing emails to helpdesk@sru.edu.
- Report a suspected compromised 91³ΙΘΛ account immediately to helpdesk@sru.edu.