If you suspect that your account has been compromised...
With the recent increase of phishing scams and a few instances of people replying to these scams, please follow these basic instructions to secure your UH Username. Call our ITS Help Desk to report the possible compromise and to get further assistance.
Signs that your UH Username and password were compromised:
- Flood of email in your Inbox either in response to spam sent from your account (several thousands of emails) or from people informing you that your account is being compromised
- Can't login any more (your account might have been disabled or your password reset)
- Suspicious logins are detected for your Google@UH accounts; see http://www.hawaii.edu/askus/1587 to check for suspect logins
What to do if your account is compromised:
-
Change your password IMMEDIATELY
-
Change your password by going to http://www.hawaii.edu/username and clicking on the Forgot your password? link. More details, including password requirements, can be found at http://www.hawaii.edu/askus/287.
Note: If you receive an error when trying to change your password, it is possible your UH Username has been disabled to prevent malicious use. In this case, please contact the ITS Help Desk for further assistance.
- DO NOT use the same password that was previously set. Using a COMPLETELY NEW, unique password not used on any other account or website will decrease the likelihood of another compromise. For example, an 8-character password needs all 8 characters to be changed. Changing only a few characters, or changing only lowercase to uppercase (and the reverse) is not sufficient.
-
-
Sign out of all other active sessions (logins) to your Google@UH Gmail
- Log into Google@UH Gmail <http://gmail.hawaii.edu>.
- Scroll down to the bottom of any page.
- In the bottom right-hand corner, click on Details. (This is located beneath the text that reads "Last account activite: X minutes ago").
- In the new "Activity information" window that opens, click the button labelled Sign out all other web sessions.
- You can also view your recent account activity in this window, and monitor for suspicious logins.
- For more information on signing out all active sessions, and monitoring your account activity, please see http://hawaii.edu/askus/1587.
-
Check your Google@UH Gmail settings, as some compromised accounts have had their configurations changed
- Log into Google@UH Gmail <http://gmail.hawaii.edu>.
- Click on gear icon in the upper right, then select Settings.
- Check your vacation responder and signature settings for any text not entered by you.
- Click on the Accounts tab, and check if your display name has changed or if any additional email addresses have been added.
- Click on the Forwarding and POP/IMAP tab and check that there is no unknown forwarding email addresses setup.
- Click on the Filters tab, and check that there are no unknown filters that have been added.
-
Check your computer system for viruses or malware
- Check if your operating system has the most recent updates. Run Windows Update on PCs or Software Updates on Macs.
- Check if you have the latest anti-virus software version and updates, as well as the latest virus definitions.
- Run a scan with your anti-virus software.
- Run a scan with an anti-spyware software.
- Details are outlined at "Securing Your Desktop" at http://www.hawaii.edu/askus/593.
To prevent having your UH Username compromised:
-
NEVER send your password to ANYONE via email
No legitimate institution or organization will ask you to send your password or other confidential information via an email message.
-
DO NOT REPLY to any suspect email messages
If you see a Reply To: address that is not with our hawaii.edu domain, most likely it is a scam, so please do not reply. Replying to one of these email messages can potentially lead to an increase in these suspect email messages being sent to your email account.
We realize that the instigators of these scams get paid for this and will try all types of methods to get someone to reply. As they get more sophisticated, it can get more difficult to determine if the email is legitimate or not. If in doubt, for any email asking for account information appearing to be from the University of Hawaii, please contact the ITS Help Desk
- Make sure your operating system has the most recent updates. Run Windows Update on PCs or Software Updates on Macs.
- Make sure you have the latest anti-virus software version and updates, as well as the latest virus definitions.
- Review our Securing your Desktop Computer article.
- Don't save your UH Username password on your computer. It might take a few extra seconds to login, but it might save you hours of time cleaning up after a compromise.
To report a suspicious email saying it's from the University of Hawaii and asking for confidential information:
-
Forward a copy of the message with full mail headers to phishing@hawaii.edu
[instructions on getting full mail headers can be found at http://www.hawaii.edu/askus/895] - Optional: see if it's already been reported by checking http://www.hawaii.edu/its under "Security Alerts"
Additional Information: