Compromised or Suspicious Activity on StFX Account - Next Steps

If you are receiving this knowledge based article, your account has been identified as compromised recently. This typically occurs when credentials are provided through the various spear phishing emails recently circulated. It is likely that you may have clicked on one of the email links and logged to a fake portal that was replicated to look like it originated from StFX or potentially opened an attachment.

What does this mean?

If your identity was compromised, data in your email, contacts and OneDrive may have been copied.
Your email account will be used to send spam and phishing messages ­ this may result in you seeing undeliverable messages for next few weeks.
Your mailbox access has been disabled to prevent any further spam messages from being sent.

What do I do next?

1. Change your Password: Using the mypassword.stfx.ca tool. (Click here to access the myPassword tool)
   • Do not go back to the password you were using at the time your account became compromised.
   • After changing your password be sure to check your recovery information to make sure it not unfamiliar.  Do this by going to mypassword.stfx.ca and choosing the last option "update recovery info"
2. Check your Office365 signs - Office keeps a log of location of successful and unsuccessful log ins, you can view this list at https://myaccount.microsoft.com 

3. Check for email rules or forwarding

• Log into office365.stfx.ca and choose Outlook
• Click on the choose View all Outlook settings
• Check the Rules and Forwarding for unfamiliar rules and addresses

All accounts that are flagged by Microsoft as sending spam will have their mailbox access disabled. In coming messages will still be delivered but box access is restricted until you have confirmed that your password has been reset.  Once your mailbox has been enabled,