What to do after your account has been compromised

Immediate steps to take

  1. Report the compromise to the IT HelpDesk - If you suspect that your account has been compromised, It is important that IT knows about this incident or potential incident so they can investigate the scope of the impact. Please call 315-229-5770 immediately.  You can also email helpdesk@stlawu.edu after hours.  It is important that you report this to the HelpDesk and not your favorite IT staff member so the appropriate people can begin their work as soon as possible.
  2. Change the password of your compromised account - The first thing to do if you ever suspect or have been told your account was compromised is to change your password. For your St. Lawrence account, you can do so at the Password Reset page.
  3. Change the password of any accounts that use that same password - If an attacker has your password for one account, if you use that password for other accounts, they can gain access to those accounts as well. If any of your accounts use the same password as the compromised account, change those too. Make sure that in the future, you use a unique and strong password for every account. 
  4. Check your email filters and deleted items folders - Once you have regained access to your account, check your email settings and your folders to ensure that your messages were not deleted, forwarded elsewhere, or that email rules were changed. Accounts that have been compromised often will set up email rules that send all incoming messages to the deleted folder as a means of preventing detection. You can find Microsoft's instructions for deleting email rules on their official troubleshooting page.
  5. Run a malware scan - While not every instance of account compromising is caused via malware, there are some malware programs such as keyloggers that can record the keys typed on your computer and send them back to the attacker to read passwords and sensitive info. Use your computer's built in security software such as Windows Defender to run a malware scan and ensure your device does not have any malware. If you are using a personal device, the free version of Malwarebytes is another good option for both Mac and PCs that will remove any Malware it finds.

What does it mean if my account is compromised?

A "compromise" means that your account name and password have been discovered by someone other than you. Often an attacker will change the password of an account they have compromised in order to prevent the owner from reclaiming it. From there, the account can then be used by the attacker for various purposes depending on the type of account that was compromised. For email accounts, this often includes sending phishing messages to other users, stealing information found within email, or filing password reset requests with other accounts that list your email in order to steal additional information, such as banks, credit cards or social media. 

How can I avoid being compromised in the future?

There are many ways you can improve your security and stay safe online.

Print Article

Details

Article ID: 155553
Created
Thu 5/11/23 3:28 PM
Modified
Wed 7/3/24 10:34 AM

Related Services / Offerings (1)

If you suspect that your network account has been compromised, change your network password immediately.