University College Dublin
IT Services - Seirbhísí TF

What to do if you think your UCD account is compromised

If you think your UCD account has been compromised it's important to act fast; quick identification and response can reduce the harm done to your account and your personal information.

 

If you think your UCD account is compromised there are a number of steps that need to be taken to reduce its impact.

  • Change your affected passwords using an unaffected device. Change your password using Password self service and contact the IT Helpdesk at  716 2700 informing them that your account may have been compromised.
    Note: You may need to check and change password details to other accounts you have e.g. Online Bank account, Pay pal etc.
  • Check the status of your accounts. When you have changed your password check the status of your accounts. i.e.  Google mail ( see Google mail compromised account checks), Google drive and Novell drives.

  • Update your antivirus software. Scan your machines using Sophos Antivirus for virus and malware. Follow the instructions provided to quarantine or delete any infected files.

  • Contact Data Protection. If you suspect that personal or senstive University informaiton was accessed without authorization, including information contained in your Email account, you must inform the University Data Protection Officer immediately. Please email Data.Protection@ucd.ie and include a short description of the incident and the type of information that was accessed.   

  • Is your computer still acting strange? It might be best to start from scratch with a complete reformat of your machine so you can ensure that all affected software is fixed. The Helpdesk will arrange for an IT Support person to contact you to help clean or rebuild UCD Staff owned device. Please ensure that you have a copy of all the media required to rebuild the device.
  • Update your mobile software and apps. Make sure you keep them up-to-date.
  • Self-report to credit agencies. If you believe your personally identifiable information has been affected, you don’t want to deal with identity theft on top of being hacked. e.g. Your Bank, Revenue etc.
  • Be prepared with backups. Backup your files frequently.
  • Stay ahead of the hackers. Check the Have I been pwned website to see if your accounts were hacked in a known attack.

Open All

Step 1 Check inbox and sent folders

Check the inbox and sent folders for any unusual or deleted emails




Step 2 Make sure your email is not getting forwarded or shared

Open the Gmail account

Click the gear in the top right



Select Settings

Select the Forwarding and POP/IMAP tab



Check “Forwarding “ section for forwarding email address

Click the first drop-down menu after “Forward a copy of incoming mail to” and check for any addresses listed as “(in use by a filter).”  If unknown email listed make a note of it. To disable the filter, choose the Remove option


Step 3 Check/Remove delegated (sharing) access to your account

Check to see if access has been granted to somebody to the account, follow these instructions:

Click the gear in the top right



Select Settings

Click the Accounts tab



In the "Grant access to your account" section, click delete on any account you do not recognise to remove

 

Step 4 Check email signature details

Click the gear in the top right



Select Settings

Click the General tab



In the “Signature” section, check that   signature has not been changed or added


Step 5 Check Last account activity

Click on the “Details” link at the very bottom of the page to find the most recent IP addresses your mail was accessed from, and their associated locations



If associated locations are not locations that you accessed your account make a note of them



 

Make sure the “Alert preference” in the activity box is set to “Show an alert for unusual activity”

 
Step 6 Check Google Drive

Check google drive for any recently uploaded files

Check folders or files that may have been shared with third parties