Compromised Account FAQ

Here's the news.  Your account was not hacked.  Hacking is a type of compromise where bad people use sophisticated computer programs to guess your password.  That's not what happened to you.  Your account was phished.  Phishing is an attempt to steal your password by sending you fake email messages or directing you to fake web pages.  Phishing only works if you go to a fake page and type in your password.  And you did!

If Library & IT staff have already detected that your account was compromised, then your password has already been reset. When directed, you must go to Bucknell Account Management and set up a new Bucknell password.  When you logon for first time after changing your password, please check the following locations to verify that your account is functioning properly.

If you think your account is compromised, contact the Tech Desk immediately!

Secure Your Password

  1. Change your Bucknell password immediately.
    1. Go to Bucknell Account Management at bam.bucknell.edu.
    2. Create a new password. 

Secure Your Duo Security Multifactor Authentication

  1. Login to Duo Security.
  2. Verify that you recognize every device or technique used in Duo Security.
  3. Remove any devices you do not recognize or own.

Secure Your Bmail

  1. Google Security CheckReview your security settings in your account.
    1. Devices - Review the devices that are signed into your account. Remove any devices you do not recognize.
    2. Recent security activity - Review the security activity in your account from the last 28 days. If you see any activity you do not recognize, click See unfamiliar activity and follow the steps to secure your account.
    3. Sign-in & recovery - Verify your recovery email and trusted mobile devices. If you do not recognize these settings, make corrections immediately.
    4. Third-party access - Review the apps that have access to your account. These apps may be installed in Mail, Calendar, Drive, or Chrome. Note: Read&Write by Texthelp is approved and automatically installed for any user logged into Chrome. 
    5. Gmail settings - Review any sensitive settings. If you do not recognize a sensitive setting, remove it.
  2. General - Click on the Gear in the top right corner of your Inbox.  Select Settings from the dropdown menu.
    1. Signature - On the General tab, scroll down to Signature.  If the signature is not your own, delete it.  Pay special attention to any links included in your signature.
    2. Vacation Responder - Scroll down to the Vacation responder and if the message is not your own, delete it.
  3. Accounts - Select the Accounts tab.
    1. Send mail as - If a name other than your own appears, delete it or set a new default.
    2. Check mail from other accounts - If an account you do not own appears in the POP3 section, delete it.
    3. Grant access to your account - If an account you do not recognize appears in this section, delete it.
  4. Filters - Select the Filters tab.  If you see any filters you did not create or you do not recognize, delete them. The bad actors may create filters that automatically move all the messages they send and receive in your account to the trash. They may also create filters that move all notifications from Library & IT to the trash.
  5. Forwarding and POP/IMAP - Select the Forwarding and POP/IMAP tab.
    1. Forwarding - Delete any forwarding addresses you do not own by selecting "Disable forwarding " - This step is very important!!! 
    2. POP - If you do not use POP (and you probably don't), disable it.
    3. IMAP - If you do not use IMAP, disable it.
  6. Contacts - In the top left corner of Bmail, click the down arrow next to Mail.  Select Contacts.  If you see contacts you do not recognize, follow the instructions to Restore Contacts to an earlier point in time.
  7. Sent Mail - In your label list (also known as mailboxes or folders) locate Sent Mail.  Inspect the list to see if there are sent messages you do not recognize.  Delete any unrecognized sent messages.
  8. Calendar - Open your Calendar sharing to verify that you recognize everyone who has permission to view or edit your calendar.  If there are any names or usernames you do not recognize, remove them from sharing.
  9. Google Sites - Go to Google Sites and verify that all the sites in your account are really yours.  If there are any sites that you did not create, delete them.
  10. Authorized Devices - Verify that you own or control all the devices that are accessing your account.
  11. Recent Activity - Over the next few days and weeks, continue to check your Recent Activity.
  12. Phishing - Never respond to email messages that try to scare you into giving your password to dangerous people.  If you get a message like this, use the Report Phishing button to tell Google about the fake email. Please forward a copy of the message to the Tech Desk - Library & IT staff want to review any potential phishing messages you receive.

Secure Other Systems

  • Login to any other Bucknell systems that contain sensitive or confidential information. Verify that each system has not been changed while your account was compromised. For example, login to Workday to verify that your direct deposit for your paycheck is unchanged. If you see signs of compromise in other systems, contact the Tech Desk or the other relevant department.
  • Change all passwords you may have used during this time in any personal or non-Bucknell sites or accounts. For example, if you may need to change your passwords for banking, credit cards, shopping, etc. if you access any of these resources while your Bucknell account was compromised.

Details

Article ID: 477
Created
Thu 9/17/20 3:28 PM
Modified
Mon 2/13/23 2:03 PM