What to do if your password has been compromised

Owned by Sean Stockburger (Unlicensed)
Mar 03, 2020
4 min read

Anyone who uses email these days has probably heard the term “phishing.” One day you get an email message asking you to open a file, update a record, or take some other action. You click the link and it takes you to a login page that looks just like the one you use to access your WWU email, but it turns out that the page is an impostor designed to capture your password when you enter it. Once the people behind that fake login page have your credentials, they may use your mailbox to send out more phishing messages. They may also look for messages in your mailbox, files in your OneDrive, and anything else that might be of value.

Unauthorized access to your WWU account might trigger and alert for Western’s Information Security Office. If we suspect your account has been compromised by an unauthorized user, we will disconnect all current logins, scramble your password, and notify you. Getting back into your computer accounts is as easy as setting a new password using our Self Service Password Reset service, but what other actions do you need to take?

Start with your passwords

  • If you used the password that was compromised for any other services, change the password for those services immediately. Make sure you use unique passwords for all of your accounts in the future.

  • Is your @wwu.edu address used as the password reset verification address for any other online computer accounts? Check those accounts for any recent logins or suspicious activity and take the appropriate steps to secure them.

  • Don’t forget security questions. Many online accounts are moving away from security questions (Western no longer uses them), but some accounts still rely on them. If you suspect an online account was compromised, and you have security question set, change the security questions as well as the password.

Also check your devices

Phishing scams can do more than just steal your credentials. Sometimes the messages contain file attachments, or the fraudulent web page you are directed to attempts to download malware to your device.

  • Windows Computers: Open File Explorer and right-click on the C: Drive. Select “Scan with Windows Defender…” (If you have a different antivirus product installed, the option will be “Scan with <the name of your antivirus…” or it may simply say, “Scan for viruses”)

  • MacOS: Not all Macs have antivirus installed. Sophos, Avast, F-Secure, ESET, Malwarebytes, and others offer products that can scan macOS.

  • iOS: Since Apple controls the only source of apps for iOS, malware is not a big concern for an iOS device. The exceptions are iOS devices that have been “jailbroken,” which allows them to install unauthorized apps.

  • Android devices generally allow you to install apps from sources external to the Google Play Store. If you think you may have used your Android phone to sign-in to a fraudulent website, you should scan it for malware.

Check important accounts and data for tampering

  • If you are an employee, check your direct deposit information in Web4U to make sure no attempts were made to redirect your paycheck. (Human Resources will contact you to confirm changes to Direct Deposit.)

  • Check your WWU mailbox for suspicious mailbox rules. Sometimes bad actors set up rules to automatically delete bounce notifications that would alert you to suspicious activity.

  • Do you have access to sensitive information? The Information Security Office can help you try to determine whether or not the data was compromised. Examples of sensitive information include Personally Identifiable Information (PII), HIPAA, and FERPA data stored in systems like Canvas or Banner. The data may also be stored in files like spreadsheets that may reside on a computer, in OneDrive, on a network share, attached to an email message, or stored in a shared cloud location:

    • Student grades

    • Student health information

    • Social Security numbers or W Numbers

    • Information about lawsuits or insurance claims

    • Intellectual property

In most phishing cases, the bad actor is more interested in using your email to send more phishing messages. They may attempt to redirect Direct Deposits, and they may see if your email history offers any other clues to accounts that might allow them to quickly transfer or withdraw money.

Watch out for suspicious activity

In many cases changing your password will stop a bad actor before they have had a chance to download useful information. The longer your account is compromised, the more time a bad actor will have to download data and use your account. It isn’t possible to know absolutely everything they see or do, so watch out for suspicious activity and keep an eye on your credit rating.

Protect yourself from phishing

  • Phishing is is fraudulent communication (usually via email) that attempts to trick you into giving away your credentials. The quality of phishing messages, and the fake login pages they often direct people to, has improved over the years. Visit our Information Security page to see examples of phishing, and to learn how to recognize fake email messages.
    https://atus.wwu.edu/security

If you need assistance with any of this, or if you have any questions, contact the ATUS Help Desk at 360-650-3333 or submit a request to Get Help.