How to Proceed after Your USNH Account was Compromised

Summary

This article provides steps to take if your USNH Account was compromised, after it has been secured and recovered. If you believe your USNH Account has been compromised, call the USNH Technology Help Desk immediately at https://www.usnh.edu/it/need-it-help for assistance in securing and recovering your account. This is an important step as it is not always enough for you to simply change your password.

Body

Summary

This article provides steps to take if your USNH Account was compromised, after it has been secured and recovered. If you believe your USNH Account has been compromised, call the USNH Technology Help Desk immediately for assistance in securing and recovering your account. This is an important step as it is not always enough for you to simply change your password.

 

How-To

Task: To ensure account security after your USNH Account has been compromised 

 

Instructions

After your account has been secured and recovered, you will have a new password.  Using your new password, take the following actions immediately:

Step 1 Verify that all your MFA and password recovery methods are correct. The perpetrators who compromised your account may have changed these security settings so they can get back into your account again.  Update this immediately.

  1. Log into your Microsoft Account [ https://myaccount.microsoft.com/ ] > Security info section. 
  2. Read carefully and confirm all:
  • Phone numbers
  • Email addresses
  • Microsoft Authenticator device names
  1. If you do NOT recognize any item, Delete it.  If necessary, delete all entries.
  2. Once you have a clean or empty list, then you can use the Add sign-in method link at the top of the list to add in your correct phone(s), personal email, and Authenticator app(s).

Step 2 - Run a malware scan on any device where you have entered your USNH username and password, even if you only logged into a web application like Outlook Web Access (OWA).

  • You can skip this step if you only use your USNH credentials on your USNH computer and it was already scanned by a USNH support tech.
  • If your USNH device has already been scanned, you still need to scan any other device where you have recently entered your USNH username and password.

Step 3 - If you use your USNH username and password to access any applications at USNH that are not linked to your USNH account (you would have to change the password on these accounts separately when you change your password every year), change those passwords as well.

  • It is recommended that you do not use the same password for multiple accounts.

Step 4 - If you use your USNH username and password for any non-USNH accounts, (Netflix, personal email, etc.), you need to change the passwords on those accounts immediately.

  • It is against University best practice to use your USNH username or email address as the username for non-USNH system access.
  • If you are currently using your USNH username and password on any personal accounts, you should change to a new username and always use a different password.

Step 5 - If you use the same or a similar password for ANY other account (even if you aren’t using the same username) -- at the University or for personal use -- you need to change the passwords on those accounts immediately.

  • You can better protect your information and the University by using a different password for each account you log into, which is easier if you use a Password Manager

Step 6 - If you had to change the password for any personal account in step 3 or 4 that is linked/associated with a bank account, credit card account, or any other account that can be used for financial transactions (like Amazon), check the activity on those accounts to ensure there haven’t been any unauthorized purchases or changes.

  • If you notice any unauthorized activity, notify the financial services provider/company immediately.

Step 7- Check your USNH email account to ensure there haven’t been any inbox rules set up to re-direct or delete mail.

Step 8 - If you had to change the password for any personal email accounts, check those email accounts for inbox rules you did not create as well.

Step 9 - Check the inbox and trash folders in each email account to see if there are any emails indicating your password changed on other accounts that you did not initiate.

  • Contact the provider of that account for any accounts where your password was changed by the attacker.

Step 10 - Review USNH Tips to Stay Safe Online: Tips-stay-safe-online 

 

Outcome

You should be able to understand what steps to take after your USNH Account has been compromised. 

 

Further Readings

Outlook: Troubleshooting No New Emails Coming in after Account was Compromised

USNH Tips to Stay Safe Online 

 

Need additional help?

Visit the Technology Help Desk Support page to locate your local campus contact information or to submit an online technology support request.  For password issues you must call or visit the Help Desk in person.  

Details

Details

Article ID: 1367
Created
Fri 7/19/19 6:02 PM
Modified
Thu 5/30/24 11:52 AM
Applicable Institution(s):
Keene State College (KSC)
Plymouth State University (PSU)
University of New Hampshire (UNH)
USNH System Office