What to do if you think your UCD account is compromised

If you think your UCD account has been compromised it's important to act fast; quick identification and response can reduce the harm done to your account and your personal information.

 

If you think your UCD account is compromised there are a number of steps that need to be taken to reduce its impact.

  • Change your password immediately. Change your UCD Connect using UCD's  Password self service
    If you used your University account details (email and password) when creating personal online accounts, you should also check recent activity on these accounts and change the account password e.g. Online Bank account, Pay pal, LinkedIn, etc. Please ensure the your UCD passwords are UNIQUE and not used for any personal accounts.   
  • Report it. The IT Helpdesk and IT Security team are here to help, so if you suspect that your account is at risk then please report the incident to the IT Helpdesk by calling 01-7162700 or emailing IThelpdesk@ucd.ie
  • Check the security and settings of your accounts. Hackers often change the setting of accounts, such as adding automatic email forwarding, filters, add new accounts or change email signatures. Details on how to check the security, settings and recent account activity of your University email account is outlined below.   
  • Run an antivirus scan. Scan your machines using Sophos Antivirus for virus and malware. Take note of any malware discovered before you quarantine or delete the suspicious files and provide these details to the IT helpdesk.

  • Is your computer still acting strange? It might be best to start from scratch with a complete rebuild (factory reset) of your work device or work computer so you can be sure that all suspicious software has been removed. The Helpdesk will arrange for an IT Support person to contact you to help clean or rebuild UCD Staff owned computer. Please ensure to backup any important documents, photos, etc. before rebuilding a device.

  • Self-report to credit agencies. If you believe your personal information is at risk, such as bank account numbers, PPS number, etc. you should contact your Bank, Revenue, etc. to inform them of the incident.
  • Be prepared with backups. Backup your files frequently.
  • Stay ahead of the hackers. Check the Have-I-been-pwned website to see if your University or personal email addresses were discovered in external data breaches. 

Open All

Step 1 Check inbox and sent folders

Check the inbox and sent folders for any unusual or deleted emails




Step 2 Make sure your email is not getting forwarded or shared

Open the Gmail account

Click the gear in the top right



Select Settings

Select the Forwarding and POP/IMAP tab



Check “Forwarding “ section for forwarding email address

Click the first drop-down menu after “Forward a copy of incoming mail to” and check for any addresses listed as “(in use by a filter).”  If unknown email listed make a note of it. To disable the filter, choose the Remove option


Step 3 Check/Remove delegated (sharing) access to your account

Check to see if access has been granted to somebody to the account, follow these instructions:

Click the gear in the top right



Select Settings

Click the Accounts tab



In the "Grant access to your account" section, click delete on any account you do not recognise to remove

 

Step 4 Check email signature details

Click the gear in the top right



Select Settings

Click the General tab



In the “Signature” section, check that   signature has not been changed or added


Step 5 Check Last account activity

Click on the “Details” link at the very bottom of the page to find the most recent IP addresses your mail was accessed from, and their associated locations



If associated locations are not locations that you accessed your account make a note of them



 

Make sure the “Alert preference” in the activity box is set to “Show an alert for unusual activity”

 
Step 6 Check Google Drive

Check google drive for any recently uploaded files

Check folders or files that may have been shared with third parties