Handling your compromised account
Compromised Accounts Overview
This article provides guidance to staff, students and users if an unauthorised person has gained access to your account. When someone that is not you gains access to your credentials (i.e., username, passwords), your account is considered to be compromised. This means that unauthorised persons are able to use your credentials to pose as you, and the privacy of your data and others is at risk. AIT monitors email traffic, and if our systems find a suspicious pattern or behaviour, we will notify you that your account has been compromised. If you receive this notification, or if you notice that you are unable to log into your email account, the sections below provide some steps that you can immediately take to protect your information. Additionally be aware of any unprompted Authenticator notifications you may receive on your device as that may indicate somebody is trying to access your account.
Remember legitimate messages from AIT will never ask for your credentials. If you are unsure please contact us immediately on 0115 9170 197.
Securing your Microsoft 365 Account
-
Log into your Microsoft 365 account from the AIT Website.
-
Navigate to the Gear Icon.
-
Select View all Outlook settings.
-
Click Mail on the left tab if it has not been selected already.
-
Under Compose and Reply, check the Email signature.
-
Check the Rules tab to ensure that the only rules listed are those that you personally have set up.
-
Review all unfamiliar rules, if any are listed.
-
Delete any unfamiliar rules you do not wish to keep.
-
-
Check the Sweep tab to ensure that the only rules listed are those that you have personally set up.
-
Review all unfamiliar sweep rules, if any are listed.
-
Delete any unfamiliar sweep rules you do not wish to keep.
-
-
Review all settings listed on the Junk email tab. You should ensure that specific emails are not blocked and that no spam/unknown emails have been classified as “safe senders.”
-
Check whether the Forwarding tab is disabled. This tab should only be enabled if you personally enabled it.
- Check on your ‘Deleted Items’ and review if any unexpected items are in their.
- Review your ‘Sent Items’ to ensure these are emails sent by yourself.
Security Tips
- You should never share your passwords with anyone, or allow anyone access to your account
- If your account has been compromised, change all passwords across your organisations accounts
- Never reuse the same password
- Ensure you have a complex password
- Remember AIT will never ask you for your password
- Never click on suspicious links within emails if you do not recognise the sender, and check the email address an email has been sent from