This article provides guidance to faculty, staff, and students if an unauthorized person has gained access to their NetID/AD password. It covers how to check your email for fraudulent changes.
Compromised Accounts Overview
When someone that is not you gains access to your credentials (i.e., username, NetID, passwords), your account is considered to be compromised. This means that unauthorized individuals are able to use your credentials to pose as you, and the privacy of your data is at risk. University IT monitors email traffic, and if our systems find a suspicious pattern or behavior, your account will be locked until you have contacted University IT Helpdesk to reset your password. In addition, the sections below provide some steps that you need to take to fully protect your information.Please work with University IT Helpdesk if assistance is needed for any of these steps.
Securing Your Google Apps Account (Students)
- To reset your Google Apps password, follow the steps in the Securing Your NetID or AD Account
- Login to the student Gmail account, navigate to Gmail Settings, and verify the following are accurate:
a. Check the Signature listed on the General tab.
b. Review the Send Mail As settings listed on the Accounts tab.
c. Review the filters and blocked addresses listed on the Filters and Blocked Address tab.
i. Delete any unfamiliar filters or blocked addresses
d. Review the settings listed on the Forwarding and POP/IMAP tab, paying extra attention to any listed forwarding address.
i. Delete any unfamiliar forwarding addresses
e. Press Save at the bottom to update all changes (if necessary).
f. Check recovery options. To do so:
i. Select the Apps icon at the upper right.
ii. Select the Account App.
iii. Navigate to Security.
iv. Check the recovery Email and recovery Phone.
g. Update any items that may require updating.
Securing your Office 365 Account (Faculty/Staff)
- Log into your Office 365 account from Webmail login website.
- Navigate to the Gear Icon.
- Select View all Outlook settings.
- Click Mail on the left tab if it has not been selected already.
- Under Compose and Reply, check the Email signature.
- Check the Rules tab to ensure that the only rules listed are those that you personally have set up.
a. Review all unfamiliar rules, if any are listed.
b. Delete any unfamiliar rules you do not wish to keep.
7. Check the Sweep tab to ensure that the only rules listed are those that you have personally set up.
a. Review all unfamiliar sweep rules, if any are listed.
b. Delete any unfamiliar sweep rules you do not wish to keep.
8. Review all settings listed on the Junk email tab. You should ensure that University emails are not
blocked and that no spam/unknown emails have been classified as “safe senders.”
Account Security Tips
- Remember that University IT will never ask you for your password.
- You should never share your passwords.
- You should change any other passwords that are the same as your account password.
- For more tips regarding your account security go to https://tech.rochester.edu/services/netid/