Signs Your Account is Compromised

In today’s information security threat landscape, the creativity, ingenuity, and perseverance of the cybercrimimals who want to steal your credentials seems to have no limits.  If it isn’t credential-seeking malware dropped on your device during a download, it is a phishing email attempting to get you to log in to a fake UNH log in page.  Unfortunately, with threats coming from so many directions, even the most careful users can end up with compromised credentials. 

While it is critical for all UNH users to be diligent in safeguarding accounts (find tips on Good Security Practices here), it is also important to be able to tell if you have a compromised account because, when it comes to cybercrime, time is always of the essence.

Here are some of the warning signs that someone other than you has been accessing one of your accounts:

Inbox Rules You Didn’t Create - If a co-worker or family member asks about an email they sent that you don’t remember getting, check to see if there are any inbox rules set-up to automatically forward/move/delete emails.  A common tactic used by cybercriminals is to immediately set-up rules to divert or re-route emails when they arrive in your inbox.  This allows them to use your account without you noticing.

Emails in Sent Folder You Didn’t Send - If a cybercriminal uses your account to send spam or phishing emails, you may see evidence of those emails in your Sent Mail folder. 

No Emails in Your Sent Folder - In some cases, cybercriminals will delete all the email in the Sent Mail folder in an attempt to hide/cover their tracks. 

Inability to Log In to Your Accounts – In some cases, the first action an attacker takes once they get access to your account is to change the password.  In other cases, UNH IT may have secured your due to a suspected or confirmed compromise.   

Last Logged in Date/Time Stamp that Doesn’t Make Sense – If you are using a system that provides you with the last date and time you logged in to that application and that date and time stamp doesn’t align with the last time you believe you accessed the account, it can indicate someone else has been accessing your account.

Confirmation Emails Received for Actions You Didn’t Take – Receiving email confirmations for things like password changes on other accounts, online purchases, and online newsletter subscriptions that correspond to actions that you did not take is a good sign that someone else has access to one or more of your accounts.

Reports from Others of Email Received from You that You Didn’t Send – If co-workers, family members, or others tell you they received email you didn’t send or respond to email you didn’t sent, your account is compromised.

If you suspect you have a compromised account, take the following actions immediately.

If the account is your UNH Account (IT ID), call the UNH IT Service Desk at 603-862-4242 immediately and notify them of the compromise.  They will walk you through the process to secure and recover your account.  Once your account has been recovered, follow the guidance provided in Things to Consider if Your UNH Account has been Compromised.

If the compromised account is a personal account that uses your UNH username (IT ID) as the username, follow the directions above for a compromised UNH account.

If the compromised account is a personal account that does not use your UNH username, review the advice provided in Things to Consider if Your UNH Account has been Compromised and apply those recommendations to your personal accounts.

Custom Fields
  • Author: UNH Information Security Services
  • Department: Information Security Services
Attached Files
There are no attachments for this article.
Related Articles RSS Feed
Should you send or receive UNH personally identifiable information by email?
Viewed 535 times since Thu, Jun 9, 2016
The Fake Speeding Ticket Scam - What Will Hackers Think of Next?
Viewed 604 times since Mon, Apr 4, 2016
System Center 2012 Endpoint Protection Windows Installation
Viewed 5625 times since Wed, Aug 12, 2015
Password Managers 101
Viewed 67 times since Mon, Oct 16, 2017
Network Registration & Vulnerability Scans
Viewed 789 times since Wed, Apr 29, 2015
Ransomware arrives on the Mac: OSX/KeRanger-A
Viewed 635 times since Thu, Mar 10, 2016
Antivirus Software for Mac
Viewed 4292 times since Wed, Aug 12, 2015
Tips to Avoid Malware
Viewed 597 times since Thu, May 7, 2015
SEED: Safe Electronic Equipment Disposal Instructions
Viewed 1544 times since Mon, Apr 27, 2015
Using Facebook, Google or other Social Login Services
Viewed 506 times since Fri, Aug 26, 2016
MENU