Environment: StFX account that has been notified by IT of a potential compromise or suspicious sign in
Purpose: This guide is to aid StFX account users in regaining access to their account in the event it becomes compromised or suspicious activity is detected
If you are receiving this knowledge based article, your account has been identified as compromised recently. This typically occurs when credentials are provided through the various spear phishing emails. Your credentials may have been exposed through a recent phishing email or a deceptive login portal.
What does this mean?
When an account is compromised, data in your emails, contacts and OneDrive may have been copied.
Your email account may have been used to send spam and phishing messages this may result in you seeing undeliverable messages for next few weeks.
Your mailbox access has been disabled to prevent any further spam messages from being sent.
What do I do next?
- Change your Password Immediately: Using https://mypassword.stfx.ca to reset your password
- Do not use the same password you were using at the time your account was compromised.
- After changing your password be sure to check your recovery information to make sure it not unfamiliar. Do this by going to mypassword.stfx.ca and choosing the last option "update recovery info"
- Check your Microsoft365 sign-ins: Microsoft keeps a log of location of successful and unsuccessful log ins, you can view this list at https://myaccount.microsoft.com
- Sign out everywhere: Go to https://mysignins.microsoft.com/security-info and hit "sign out everywhere"
-
Check for email rules or forwarding
- Log into https://m365.cloud.microsoft and choose Outlook in the "Apps" section
- Click on the choose View all Outlook settings
- Check the Rules and Forwarding for unfamiliar rules and addresses
4. Inform IT services:
- If IT was not working with you though the process, letting IT services know that you suspect your account is compromised is the best way to minimize the amount of time that any unauthorized person(s) would have access to your account.
5. Stay Vigilant:
- Any information acquired by unauthorized person(s) could be used in targeted scams, identity theft, and data theft.
- Clicking malicious links can infect your device with malware/spyware/adware even if you don't download and install any programs. Ensure you keep your operating system up to date with the latest security patches. Disconnecting from the network and fully restarting your device is best practice if you think you may have clicked a malicious link.
All accounts that are flagged by Microsoft as sending spam will have their mailbox access disabled. Incoming messages will still be delivered but mailbox access is restricted until you have confirmed that your password has been reset. Once your mailbox has been enabled, you will then be able to send mail again.