Compromised UMS User Account?

If you've recently been notified by the IT Helpdesk that your account was compromised and you are wondering what to do next, here are some ideas!

Detailed Information

UMS Account:

• Change your password
  • All UMS account passwords MUST:
    • be at least 8 characters in length
    • contain upper- and lower-case letters
    • contain digits, punctuation and/or special characters
    • NOT be based upon the username, personal name or personal information
    • NOT be a standalone word in any language, slang, dialect or jargon, etc.
    • NOT be a previously selected password
    • NOT be used as a password for any other accounts elsewhere outside of the University
    • be changed within 180 days
  • Additionally, when updating a password in response to being alerted of a compromised account, it is imperative to choose a new password which is entirely unique to the previously used password for the account, or otherwise to avoid any form of "password recycling," which many users are inclined to do out of convenience.  Explicitly:
    • Do NOT increment on a number used in a previous password without modifying the rest of the password (example: "Password1" > "Password2")
    • Do NOT affix an additional character to the beginning or end of the previous password without modifying the rest of the password (example: "Password1" > "Password1!")
    • Do NOT update a date used in a previous password to another date without modifying the rest of the password (example: "Pw04/2020" > "Pw10/2020")
    • Do NOT alternate capitalization of words within a password without modifying the rest of the password (example: "Lewist0nauburn" > "Lewist0nAuburn")
    • Do NOT rearrange words or phrases within a password without modifying the rest of the password (example: "Correcthorsebatterystaple1" > "Batterycorrectstaplehorse1")
• Review your Gmail filters (Settings / All Settings / Filters and Blocked Addresses), especially for any that automatically trash inbound messages matching certain keywords (e.g. Direct Deposit, Banking, etc)
• Review your Gmail account settings at myaccount.google.com AND in Gmail settings (Settings / All Settings / Accounts and Import, etc)
  • Sometimes your Google display name may be changed to impersonate an individual or department
• Check other UMS systems where you store sensitive data, starting with MaineStreet Employee Self Service if you have Direct Deposit
• Use Google's Security Checkup tool (myaccount.google.com/u/0/security-checkup) and follow any recommendations you find there.
• Consider impact of possible exposure of any other sensitive information intentionally or accidentally stored in your UMS email account (driver's license ID, bank account, SSN, credit card numbers, passwords to other accounts, etc). 
• To become more phishing resistent, turn on MFA for your UMS account if you haven't already 

Non-UMS Accounts:

• Change Passwords to any non-UMS accounts where you might have used the same or similar password.
• Visit the USA.gov site on Identity Theft for recommendations on protecting your personal information.
• Place A Credit Freeze on your accounts at the three Major Credit Agencies (Equifax, Experian, and TransUnion)

Related Articles

• Opt-In Phishing Awareness Program

Environment

• accounts
• security