What to do when your account has been compromised

Recognizing your account has been compromised

There are a number of ways that you can recognize that your account may have been compromised.  This is a list of some of the most common.

• You are all of a sudden unable to access any SUNY New Paltz computer accounts (note: if you are a former employee, your account may have been disabled because of that).
• You start to receive a large amount of undeliverable messages for emails that you did not send.
• You are no longer receiving any emails sent by people to you (even test messages you email yourself).
• You notice that your email signature has been changed.
• You receive notice from SUNY New Paltz IT (as an email at your personal email address, or a phone call/voicemail from IT).
  • Note: if you receive such a message and are not sure of its authenticity please contact the Service Desk at 845-257-HELP (4357)

What to do if your account has been compromised

• If you have not regained access yet, you should contact the Service Desk at 845-257-HELP or in-person at Humanities 103.
• If you used the same password on other (non-New Paltz) sites as you used at New Paltz, you should change those passwords as well.  This is especially true for accounts on sites that are of high value to cyber criminals (such as financial/banking sites, social networking sites like Facebook or Twitter, and other email accounts).  Criminals will often try to access other accounts after obtain access to one of your accounts (through password reuse, or sending password reset emails).
• You should ensure that you have an up-to-date anti-virus application on your computer and run a full virus scan.
• You should monitor your banking/credit card statements for any unauthorized activity, as such may occur following a compromise (if the compromise involved a keylogger, the criminals may have obtained banking/financial access to your accounts).

General tips to avoid being compromised

• Do not install applications (on your computer, phones, or even plugins on a web browser) that you do not absolutely need.  Ensure that any software you do install is from a trusted source.
• Avoid pirated software and apps - these often contain malicious software such as keyloggers.
• Be cautious of clicking on links in emails (especially about giving out username/password information to the sites that come up after clicking on a link).
• Don't open attachments that aren't from a source you know AND expect to receive attachments from.
• Try to keep separate passwords for different sites, especially keeping different passwords for any email, social networking, or banking sites.

How was my account compromised

We often are unable to attribute a compromise to a specific cause.  Sometimes we can infer the cause based on other information we have but not always

The most common sources are:

• Responding to phishing messages (providing usernames & passwords to the criminals).  Phishing is any attempt to fraudulently trick someone into giving out their username, password, or other sensitive information.  It usually starts with a fraudulent email purporting to be from a legitimate source (i.e. an email that says it is from the college).  The email will have a link to a site meant to capture usernames & passwords.  It is usually setup to look just like the legitimate site they are targeting.
• Password reuse (if you use the same password on a number of sites and one of those sites is compromised, then the criminals will try the same username/password on other sites).
• Malware that contains keyloggers.  Keyloggers are viruses (or parts of viruses) that report back any data typed into an infected computer.  Criminals will use the information they obtain (such as usernames, passwords, and even credit card numbers) to profit.