Compromised or Suspicious Activity on StFX Account - Next Steps

 
 

Environment: StFX account that has been notified by IT of a potential compromise or suspicious signin

Purpose: This guide is to aid StFX account users in regaining access to their account in the event it becomes compromised or suspicious activity is detected

If you are receiving this knowledge based article, your account has been identified as compromised recently. This typically occurs when credentials are provided through the various spear phishing emails recently circulated. It is likely that you may have clicked on one of the email links and logged to a fake portal that was replicated to look like it originated from StFX or potentially opened an attachment.

What does this mean?

Your identity was compromised, data in your email, contacts and OneDrive may have been copied.
Your email account will be used to send spam and phishing messages ­ this may result in you seeing undeliverable messages for next few weeks.
Your mailbox access has been disabled to prevent any further spam messages from being sent.

What do I do next?

  1. Change your Password: Using the mypassword.stfx.ca tool. (Click here to access the myPassword tool)
    • Do not go back to the password you were using at the time your account became compromised.
    • After changing your password be sure to check your recovery information to make sure it not unfamiliar.  Do this by going to mypassword.stfx.ca and choosing the last option "update recovery info"
  2. Notify IT Services that your password had been changed.   When an account is flagged as compromised or as having suspicious activity some features are disabled on your accounts, depending on warning it could be mailbox access or the ability email external accounts. 
  3. Check your Office365 signs - Office keeps a log of location of successful and unsuccessful log ins, you can view this list at https://myaccount.microsoft.com 

 

All accounts that are flagged by Microsoft as sending spam will have their mailbox access disabled. In coming messages will still be delivered but box access is restricted until you have confirmed that your password has been reset.  Once your mailbox has been enabled,

Check for email rules or forwarding

  • Log into office365.stfx.ca and choose Outlook
  • Click on the choose View all Outlook settings
  • Check the Rules and Forwarding for unfamiliar rules and addresses

 

 

 
100% helpful - 1 review

Details

Article ID: 35575
Created
Mon 8/21/17 11:18 PM
Modified
Wed 5/19/21 4:10 PM