How to spot the signs of a compromised account or device and where you can get help.
What is a compromised account or device
An email, user account, or device that has been compromised means that it has been accessed by a person who is not authorized to do so. Having weak passwords, using public networks, clicking phishing links, and visiting risky websites can result in a compromise. Cyber-criminals and hackers compromise user accounts to obtain:
- Information about you that can be used for identity theft and/or financial fraud.
- Unauthorized access to our network to execute cyber-attacks that may result in massive financial loss, reputational damage, and loss of essential services.
Compromised email accounts
A compromised email account can result in strange behavior coming from your account that is not initiated by you as the account owner. You may notice that you are no longer receiving emails for a long period of time, or you could be notified by a colleague that they received an unusual email from you.
Email accounts are sometimes targeted for the purpose of sending out spam or other malicious content from your inbox. An attacker may impersonate you and trick your contacts into sending money or clicking links that will result in their own account being compromised.
- Contact IT Services as soon as possible.
- Reset your password immediately, to a pass-phrase that is 14 characters at minimum.
- If your email account is connected to your mobile device, disconnect it and re-connect after your password has been changed.
Compromised devices
Your computer, laptop, and mobile device can become compromised. Compromising your device allows a hacker to monitor your activities and store the information on their own server.
This kind of attack is often the result of clicking a text or email phishing link while using your device, or by downloading an app with malicious content. Signs of your device being compromised may include:
- Sluggish behaviour.
- Battery draining unusually fast.
- High data usage.
- Outgoing calls or texts you didn’t send.
- Unusual inserted words or phrases added to text messages you are composing.
Once a device becomes compromised, it’s important to act quickly in order to secure your personal or work-related information.
For Capilano University devices:
- Contact IT Services for support immediately.
- Include details about unknown apps or unusual behaviour in your report to IT Services.
- Do not continue to use the device until instructed to do so by IT Services.
- If unusual behaviour persists, bring the device back to IT for further investigation.
For personal devices:
- Delete any unknown or unnecessary apps that are installed on the device.
- Install and run anti-malware software to clean up any malicious programs or applications that may have been installed.
- Shutdown and restart your device.
- Change your password.
- If your personal device continues to exhibit unusual behaviour after running the malware scan, a factory reset may be required – seek technical support and guidance before performing this task.