Compromised or Suspicious Activity on StFX Account - Next Steps


Environment: StFX account that has been notified by IT of a potential compromise or suspicious signin

Purpose: This guide is to aid StFX account users in regaining access to their account in the event it becomes compromised or suspicious activity is detected

If you are receiving this knowledge based article, your account has been identified as compromised recently. This typically occurs when credentials are provided through the various spear phishing emails recently circulated. It is likely that you may have clicked on one of the email links and logged to a fake portal that was replicated to look like it originated from StFX or potentially opened an attachment.

What does this mean?

Your identity was compromised, data in your email, contacts and OneDrive may have been copied.
Your email account will be used to send spam and phishing messages ­ this may result in you seeing undeliverable messages for next few weeks.
Your mailbox access has been disabled to prevent any further spam messages from being sent.

What do I do next?

  1. Change your Password: Using the tool. (Click here to access the myPassword tool)
    • Do not go back to the password you were using at the time your account became compromised.
    • After changing your password be sure to check your recovery information to make sure it not unfamiliar.  Do this by going to and choosing the last option "update recovery info"
  2. Notify IT Services that your password had been changed.   When an account is flagged as compromised or as having suspicious activity some features are disabled on your accounts, depending on warning it could be mailbox access or the ability email external accounts. 
  3. Check your Office365 signs - Office keeps a log of location of successful and unsuccessful log ins, you can view this list at 


All accounts that are flagged by Microsoft as sending spam will have their mailbox access disabled. In coming messages will still be delivered but box access is restricted until you have confirmed that your password has been reset.  Once your mailbox has been enabled,

Check for email rules or forwarding

  • Log into and choose Outlook
  • Click on the choose View all Outlook settings
  • Check the Rules and Forwarding for unfamiliar rules and addresses



100% helpful - 1 review


Article ID: 35575
Mon 8/21/17 11:18 PM
Wed 5/19/21 4:10 PM