What to do if you think your UCD account is compromised
If you think your UCD account has been compromised it's important to act fast; quick identification and response can reduce the harm done to your account and your personal information.
If you think your UCD account is compromised there are a number of steps that need to be taken to reduce its impact.
- Change your password immediately. Change your UCD Connect using UCD's Password self service
If you used your University account details (email and password) when creating personal online accounts, you should also check recent activity on these accounts and change the account password e.g. Online Bank account, Pay pal, LinkedIn, etc. Please ensure the your UCD passwords are UNIQUE and not used for any personal accounts.
- Report it. The IT Helpdesk and IT Security team are here to help, so if you suspect that your account is at risk then please report the incident to the IT Helpdesk by calling 01-7162700 or emailing IThelpdesk@ucd.ie.
- Check the security and settings of your accounts. Hackers often change the setting of accounts, such as adding automatic email forwarding, filters, add new accounts or change email signatures. Details on how to check the security, settings and recent account activity of your University email account is outlined below.
-
Run an antivirus scan. Scan your machines using Sophos Antivirus for virus and malware. Take note of any malware discovered before you quarantine or delete the suspicious files and provide these details to the IT helpdesk.
-
Is your computer still acting strange? It might be best to start from scratch with a complete rebuild (factory reset) of your work device or work computer so you can be sure that all suspicious software has been removed. The Helpdesk will arrange for an IT Support person to contact you to help clean or rebuild UCD Staff owned computer. Please ensure to backup any important documents, photos, etc. before rebuilding a device.
- Update your mobile software and apps. Make sure your mobile device is secure by reviewing IT Security's recommendations
- Self-report to credit agencies. If you believe your personal information is at risk, such as bank account numbers, PPS number, etc. you should contact your Bank, Revenue, etc. to inform them of the incident.
- Be prepared with backups. Backup your files frequently.
- Stay ahead of the hackers. Check the Have-I-been-pwned website to see if your University or personal email addresses were discovered in external data breaches.
Step 1 - Check inbox and sent folders
Check the inbox and sent folders for any unusual or deleted emails
Step 2 - Make sure your email is not being forwarded (auto-Forwarding) or shared
Open the Gmail account
Click the gear in the top right
Select Settings
Select the Forwarding and POP/IMAP tab
Check “Forwarding “ section for forwarding email address
Click the first drop-down menu after “Forward a copy of incoming mail to” and check for any addresses listed as “(in use by a filter).” If unknown email listed make a note of it. To disable the filter, choose the Remove option
Step 3 - Check/Remove delegated (sharing) access to your account
Check to see if access has been granted to somebody to the account, follow these instructions:
Click the gear in the top right
Select Settings
Click the Accounts tab
In the "Grant access to your account" section, click delete on any account you do not recognise to remove
Step 4 - Check your email signature for changes
Click the gear in the top right
Select Settings
Click the General tab
In the “Signature” section, check that signature has not been changed or added
Step 5 - Check Recent Device Activity
Check that no suspicious devices connected to your Google Account.
If you are not sure of the device or the location that it connected from, then you should take a screenshot, send the details to the ithehelpdesk@ucd.ie and then remove the device.
Step 6 - Check Recent Account Activity
Click on the “Details” link at the very bottom of the page to find the most recent IP addresses your mail was accessed from, and their associated locations
If associated locations are not locations that you accessed your account make a note of them
Make sure the “Alert preference” in the activity box is set to “Show an alert for unusual activity”
Step 7 - Check Google Drive
Check google drive for any recently uploaded files
Check folders or files that may have been shared with third parties