Signs Your Account is Compromised

In today’s information security threat landscape, the creativity, ingenuity, and perseverance of the cybercrimimals who want to steal your credentials seem to have no limits.  If it isn’t credential-seeking malware dropped on your device during a download, it is a phishing email attempting to get you to log in to a fake UNH log in page.  Unfortunately, with threats coming from so many directions, even the most careful users can end up with compromised credentials. 

While it is critical for all UNH users to be diligent in safeguarding accounts (find tips on Good Security Practices here), it is also important to be able to tell if you have a compromised account because, when it comes to cybercrime, time is always of the essence.

Here are some of the warning signs that someone other than you has been accessing one of your accounts:

Inbox Rules You Didn’t Create - If a co-worker or family member asks about an email they sent that you don’t remember getting, check to see if there are any inbox rules set-up to automatically forward/move/delete emails.  A common tactic used by cybercriminals is to immediately set-up rules to divert or re-route emails when they arrive in your inbox.  This allows them to use your account without you noticing.

Emails in Sent Folder You Didn’t Send - If a cybercriminal uses your account to send spam or phishing emails, you may see evidence of those emails in your Sent Mail folder. 

No Emails in Your Sent Folder - In some cases, cybercriminals will delete all the email in the Sent Mail folder in an attempt to hide/cover their tracks. 

Inability to Log In to Your Accounts – In some cases, the first action an attacker takes once they get access to your account is to change the password.  In other cases, UNH IT may have secured you due to a suspected or confirmed compromise.   

Last Logged in Date/Time Stamp that Doesn’t Make Sense – If you are using a system that provides you with the last date and time you logged in to that application and that date and time stamp doesn’t align with the last time you believe you accessed the account, it can indicate someone else has been accessing your account.

Confirmation Emails Received for Actions You Didn’t Take – Receiving email confirmations for things like password changes on other accounts, online purchases, and online newsletter subscriptions that correspond to actions that you did not take is a good sign that someone else has access to one or more of your accounts.

Reports from Others of Email Received from You that You Didn’t Send – If co-workers, family members, or others tell you they received email you didn’t send or respond to email you didn’t sent, your account is compromised.

If you suspect you have a compromised account, take the following actions immediately.

If the account is your UNH Account (IT ID), call the UNH IT Service Desk at 603-862-4242 immediately and notify them of the compromise.  They will walk you through the process to secure and recover your account.  Once your account has been recovered, follow the guidance provided in Things to Consider if Your UNH Account has been Compromised.

If the compromised account is a personal account that uses your UNH username (IT ID) as the username, follow the directions above for a compromised UNH account.

If the compromised account is a personal account that does not use your UNH username, review the advice provided in Things to Consider if Your UNH Account has been Compromised and apply those recommendations to your personal accounts.

Custom Fields
  • Author: UNH Information Security Services
  • Department: Information Security Services
Attached Files
There are no attachments for this article.
Related Articles RSS Feed
Tips for Keeping Your Devices Secure
Viewed 609 times since Fri, Aug 4, 2017
Password Managers 101
Viewed 659 times since Mon, Oct 16, 2017
Storing Restricted and Sensitive Data in Box @ UNH
Viewed 1462 times since Thu, May 28, 2015
COPPA: Children’s Online Privacy Protection
Viewed 1426 times since Wed, Apr 29, 2015
Good Security Practices to Adopt at Work/School, and at Home
Viewed 674 times since Fri, Jul 14, 2017
Policies on IT resources
Viewed 2864 times since Wed, Mar 25, 2015
Tips to Avoid Malware
Viewed 1145 times since Thu, May 7, 2015
Mobile Device Health and Security
Viewed 1261 times since Fri, Jul 10, 2015
Why Can’t I Forward Emails to
Viewed 304 times since Thu, Feb 22, 2018
Recommended tools for SFTP/FTP
Viewed 117 times since Mon, Sep 10, 2018