Post-Account Compromise Security Checklist
What has happened?
If your account has been breached or compromised you will receive a notification from IT to your secondary email address. Your account will be locked with a new password in order to prevent further compromise of your account. Although your Trent account and password have been changed to help eliminate access for the attacker, you need to verify that the initial compromise wasn't used as a starting point to infect additional computers and devices you may use.
How do I make sure I'm safe?
In order to verify that the compromise of your account hasn't spread, you should:
- Change all passwords that may use the same information -- If you use the same password for multiple services you should consider that the password has been exposed and change it as soon as possible. While changing your password, consider adopting a password manager like LastPass to avoid using the same password for multiple services. See https://www.trentu.ca/it/services/password-managers for more information.
- Review and update security questions for accounts connected to the compromised email addresses -- Sometimes a breach of your email account can be used as a starting point to gain access to more sensitive systems. It's a good idea to review other accounts such as online banking, shopping or social media that may use the email. Check and review your security questions to make sure the attacker hasn't tried to perform a forgot password.
- Conduct a malware scan of all devices -- In order to make sure that malware wasn't the starting point of the attack, or isn't present on your system now, it's a good idea to run a malware scan of all your devices. See https://www.trentu.ca/it/services/virus-scanning-and-malware-protection for more information.
- Review messages in your inbox, sent messages and deleted messages -- In case the attacker has tried to use your email as a way to perform "forgot passwords" or send spam from your account, you should review messages in your deleted items, sent items and inbox.
- Check email settings and rules -- Sometimes an attacker will attempt to forward incoming email from a breached account to another location as a way to continue the attack after the password has been changed. Review forwarding rules to make sure all your email is going to the correct location. See https://support.google.com/mail/answer/10957 for Gmail users and https://support.office.com/en-ie/article/manage-email-messages-by-using-rules-c24f5dea-9465-4df4-ad17-a50704d66c59 for Office 365.
We're here to help
If you have any questions, concerns or need help performing any of the above steps please let us know. The IT service desk can be reached by phone at 705-748-1010 or by email at firstname.lastname@example.org
- Professor Emeriti