Summary
With the recent increase of phishing scams and a few instances of people replying to these scams, please follow these basic instructions to secure your UH Username. Call our ITS Help Desk to report the possible compromise and to get further assistance.
Body
Purpose
With the recent increase of phishing scams and a few instances of people replying to these scams, please follow these basic instructions to secure your UH Username. Call our ITS Help Desk (link) to report the possible compromise and to get further assistance.
Signs That Your Account Was Compromised
Here are some signs to look for to help determine if your account may be compromised
- You receive a flood of email in your Inbox, either in response to spam sent from your account (several thousands of emails) or from people informing you that your account is being compromised
- You can't login anymore, which may indicated that your account might have been disabled or your password reset
- You see suspicious logins are detected for your Google@UH accounts; see Google@UH - How to Check Your Account for Suspicious Activity (link) to check for suspect logins
Back to Top
What To Do If Your Account is Compromised
- Change your password IMMEDIATELY
- Change your password by going to https://hawaii.edu/username/ and clicking on the Forgot your password? link. More details, including password requirements, can be found at:
- DO NOT use the same password that was previously set. Using a COMPLETELY NEW, unique password not used on any other account or website will decrease the likelihood of another compromise. For example, an 8-character password needs all 8 characters to be changed. Changing only a few characters, or changing only lower to uppercase (and the reverse) is not sufficient.
- Sign out of all other active sessions, see Google@UH - How to Check Your Account for Suspicious Activity (link) for more information
- Check your Google@UH Gmail settings, as some compromised accounts have had their configurations changed
- Login to Google@UH Gmail at https://gmail.hawaii.edu/
- Click on the gear icon on the top-right, then select See all settings
- In the General tab, check your Signature and Vacation responder settings
- In the Accounts tab, check your Send mail as, Check mail from other accounts, and Grant access to your account settings for any unknown addresses
- In the Filters and Blocked Addresses tab, check for any unknown filters that may have been created
- In the Forwarding and POP/IMAP tab, check your Forwarding setting for any unknown addresses
- Check your computer system for viruses or malware
Back to Top
To Prevent Having Your UH Username Compromised
Here are some preventative actions that you can take to avoid getting compromised. While some information is geared to your UH account, this can be applied to other accounts in your personal life (e.g. bank accounts, personal email accounts, etc.)
- NEVER tell ANYONE your password via email, voice, or chat
- No legitimate institution or organization will ask your to send your password or other confidential information via an email or chat message
- DO NOT REPLY to any suspicious email messages
- If you see a Reply To: address that is not within our hawaii.edu domain or that you do not recognize, most likely it is a scam. Replying to one of these email messages can potentially lead to an increase in these suspectemail messages being sent to your email account
- We realize that the instigators of these scams get paid for this and will try all types of methods to get someone to reply. As they get more sophisticated, it can get more difficult to determine if the email is legitimate or not. If in doubt, for any email asking for account information appearing to be from the University of Hawaii, please contact the ITS Help Desk
- Make sure your operating system has the most recent updates. Run Windows Update (Windows) or Software Updates (macOS)
- See UH ITS Information Security's resources here: https://www.hawaii.edu/infosec/resources-tips/
- Don't save your UH Username password on your computer. It might take a few extra seconds to login, but it might save you hours of time cleaning up after a compromise.
- DO NOT APPROVE any Duo Multi-factor Authentication (MFA) requests that you did not initiate
- If you receive an unknown Duo request, you can mark it fraudulent, but this indicates that your password has been compromised
Back to Top
To Report a Suspicious Email Saying It's From The University of Hawaii
Ocassionally, threat actors will pretend to be a faculty, staff, or executive from the University of Hawaii. If you notice anything suspicious, you can do the following:
- Forward a copy of the message with full mail headers to phishing@hawaii.edu
- Optional: see if it's already been reported by checking http://www.hawaii.edu/its under "Security Alerts"
Back to Top