Signs Your Account is Compromised

In today’s information security threat landscape, the creativity, ingenuity, and perseverance of the cybercrimimals who want to steal your credentials seems to have no limits.  If it isn’t credential-seeking malware dropped on your device during a download, it is a phishing email attempting to get you to log in to a fake UNH log in page.  Unfortunately, with threats coming from so many directions, even the most careful users can end up with compromised credentials. 

While it is critical for all UNH users to be diligent in safeguarding accounts (find tips on Good Security Practices here), it is also important to be able to tell if you have a compromised account because, when it comes to cybercrime, time is always of the essence.

Here are some of the warning signs that someone other than you has been accessing one of your accounts:

Inbox Rules You Didn’t Create - If a co-worker or family member asks about an email they sent that you don’t remember getting, check to see if there are any inbox rules set-up to automatically forward/move/delete emails.  A common tactic used by cybercriminals is to immediately set-up rules to divert or re-route emails when they arrive in your inbox.  This allows them to use your account without you noticing.

Emails in Sent Folder You Didn’t Send - If a cybercriminal uses your account to send spam or phishing emails, you may see evidence of those emails in your Sent Mail folder. 

No Emails in Your Sent Folder - In some cases, cybercriminals will delete all the email in the Sent Mail folder in an attempt to hide/cover their tracks. 

Inability to Log In to Your Accounts – In some cases, the first action an attacker takes once they get access to your account is to change the password.  In other cases, UNH IT may have secured your due to a suspected or confirmed compromise.   

Last Logged in Date/Time Stamp that Doesn’t Make Sense – If you are using a system that provides you with the last date and time you logged in to that application and that date and time stamp doesn’t align with the last time you believe you accessed the account, it can indicate someone else has been accessing your account.

Confirmation Emails Received for Actions You Didn’t Take – Receiving email confirmations for things like password changes on other accounts, online purchases, and online newsletter subscriptions that correspond to actions that you did not take is a good sign that someone else has access to one or more of your accounts.

Reports from Others of Email Received from You that You Didn’t Send – If co-workers, family members, or others tell you they received email you didn’t send or respond to email you didn’t sent, your account is compromised.

If you suspect you have a compromised account, take the following actions immediately.

If the account is your UNH Account (IT ID), call the UNH IT Service Desk at 603-862-4242 immediately and notify them of the compromise.  They will walk you through the process to secure and recover your account.  Once your account has been recovered, follow the guidance provided in Things to Consider if Your UNH Account has been Compromised.

If the compromised account is a personal account that uses your UNH username (IT ID) as the username, follow the directions above for a compromised UNH account.

If the compromised account is a personal account that does not use your UNH username, review the advice provided in Things to Consider if Your UNH Account has been Compromised and apply those recommendations to your personal accounts.

Custom Fields
  • Author: UNH Information Security Services
  • Department: Information Security Services
Attached Files
There are no attachments for this article.
Related Articles RSS Feed
Network Registration & Vulnerability Scans
Viewed 881 times since Wed, Apr 29, 2015
Phishing and Spam
Viewed 2576 times since Wed, Apr 29, 2015
System Center 2012 Endpoint Protection for Mac Usage Instructions
Viewed 1736 times since Wed, Aug 12, 2015
Tips for Keeping Your Devices Secure
Viewed 192 times since Fri, Aug 4, 2017
Encryption & Virus Protection
Viewed 1633 times since Wed, Apr 29, 2015
What’s the Deal with Publicly Posted Credentials?
Viewed 284 times since Thu, Jun 29, 2017
Storing Restricted and Sensitive Data in Box @ UNH
Viewed 908 times since Thu, May 28, 2015
Mobile Device Health and Security
Viewed 776 times since Fri, Jul 10, 2015
COPPA: Children’s Online Privacy Protection
Viewed 900 times since Wed, Apr 29, 2015
Microsoft Security Essentials and Windows Defender Usage
Viewed 4386 times since Wed, Aug 12, 2015