Steps to Secure Your Email Account after a Hack
After a hack, it is imperative that your new password be COMPLETELY different from your current password - you should NEVERÌýuse the current password ever again.
¹ó´Ç±ô±ô´Ç·ÉÌýALLÌýof the steps listed below:
1.ÌýChange your password ()
*IMPORTANT: Once you change your password, you will have to change your password on ALL other devices (smartphone, tablet, etc.) that fetch вÊÍø email.*
2. Scan your computer for Virus/Malware. If your computer is University owned, create an IT ticket to have your computer scanned. (If you need assistance, call the Help Desk atÌý812-465-1080)
Sometimes Cybercriminals will use your account to launch a phishing attack against other people. ÌýThe criminals will harvest information from the responses to the phishing attacks they have sent out through your compromised account. Often they do this by setting aÌýForwardÌý´Ç°ùÌý±õ²Ô²ú´Ç³æÌýRulesÌýon your account. Cybercriminals sometimes change theÌýSignatureÌýto allow them to send out links that can get past some mail filters or to include phishing scams in all the mail thatÌýyouÌýsend out. ÌýThe criminal could also have connected theirÌýmobile deviceÌýto your account.
Steps 3-7 will require you to be logged intoÌý. These steps will require you toÌýsearchÌýyour email settings, to do this follow the picture below.
3.ÌýCheck if your account is Forwarding mail to another address.Ìý
(Settings-->Search Bar-->Type "Forwarding"-->Click "Forwarding"-->If there is an email address typed in,ÌýDELETE IT-->SelectÌýStop forwarding-->Click SaveÌýin the top left.)
4.ÌýCheck your email Signature and make sure it has not been changed or modified. ÌýWe have seen instances where your normal signature will exist - then multiple blanks lines and then added text.
(Settings-->Search Bar-->Type "Signature"-->Click "Email signature")
5.ÌýCheck your email Rules for any new or changed rules. REMOVE the ones that you did not create.Ìý
(Settings-->Search Bar-->Type "Rules"-->Click "Inbox rules")
6.ÌýCheck your account for 'foreign' Mobile devices. ÌýRemove the ones that you did not create.
Ìý(Settings -->Search Bar -->Type "Mobile" --> Click Mobile Devices)
7.ÌýCheck for any Add-Ins on your account. To do this,Ìý
1.Select a message
2. Click this icon on the ribbon:
Ìý
3. Click my add-ins
8.ÌýCheck for any Connectors on your account
9.ÌýFind the message that you received that lured you into giving out your credentials. Forward this email to IT@usi.edu and add "Scam/Phish" to the subject line.
*NOTE: вÊÍø will NEVER ask for your password through an EMAIL.*
10.ÌýIf you use your вÊÍø email addressÌýANDÌýpassword for other accounts (Facebook, Amazon, or Ebay...) you need to change the passwords for those accounts too. It is not good practice to use the same password for other accounts. Ìý
11.ÌýCheck your Deleted Items Folder for any 'suspicious' email - like a password reset for a banking institution/paypal... Ìý
12.ÌýAgree to take part in a Phishing Awareness course (at a later date)
After these steps have been completed, your account will be turned back on.