Steps to Secure Your Email Account after a Hack
After a hack, it is imperative that your new password be COMPLETELY different from your current password - you should NEVER use the current password ever again.
Follow ALL of the steps listed below:
1. Change your password (Click here to learn how)
*IMPORTANT: Once you change your password, you will have to change your password on ALL other devices (smartphone, tablet, etc.) that fetch USI email.*
2. Scan your computer for Virus/Malware. If your computer is University owned, create an IT ticket to have your computer scanned. (If you need assistance, call the Help Desk at 812-465-1080)
Sometimes Cybercriminals will use your account to launch a phishing attack against other people. The criminals will harvest information from the responses to the phishing attacks they have sent out through your compromised account. Often they do this by setting a Forward or Inbox Rules on your account. Cybercriminals sometimes change the Signature to allow them to send out links that can get past some mail filters or to include phishing scams in all the mail that you send out. The criminal could also have connected their mobile device to your account.
Steps 3-7 will require you to be logged into your USI email via the Web. These steps will require you to search your email settings, to do this follow the picture below.
3. Check if your account is Forwarding mail to another address.
(Settings-->Search Bar-->Type "Forwarding"-->Click "Forwarding"-->If there is an email address typed in, DELETE IT-->Select Stop forwarding-->Click Save in the top left.)
4. Check your email Signature and make sure it has not been changed or modified. We have seen instances where your normal signature will exist - then multiple blanks lines and then added text.
(Settings-->Search Bar-->Type "Signature"-->Click "Email signature")
5. Check your email Rules for any new or changed rules. REMOVE the ones that you did not create.
(Settings-->Search Bar-->Type "Rules"-->Click "Inbox rules")
6. Check your account for 'foreign' Mobile devices. Remove the ones that you did not create.
(Settings -->Search Bar -->Type "Mobile" --> Click Mobile Devices)
7. Check for any Add-Ins on your account. To do this,
1.Select a message
2. Click this icon on the ribbon:
3. Click my add-ins
8. Check for any Connectors on your account
9. Find the message that you received that lured you into giving out your credentials. Forward this email to IT@usi.edu and add "Scam/Phish" to the subject line.
*NOTE: USI will NEVER ask for your password through an EMAIL.*
10. If you use your USI email address AND password for other accounts (Facebook, Amazon, or Ebay...) you need to change the passwords for those accounts too. It is not good practice to use the same password for other accounts.
11. Check your Deleted Items Folder for any 'suspicious' email - like a password reset for a banking institution/paypal...
12. Agree to take part in a Phishing Awareness course (at a later date)
After these steps have been completed, your account will be turned back on.