Handling your Compromised Account

What to do if you believe that your account has been compromised.

This article provides guidance to staff, students and users if an unauthorised person has gained access to your account. When someone that is not you gains access to your credentials (i.e., username, passwords), your account is considered to be compromised.

What is a compromised account?

This means that unauthorised persons are able to use your credentials to pose as you, and the privacy of your data and others is at risk. AIT monitors email traffic, and if our systems find a suspicious pattern or behaviour, we will notify you that your account has been compromised. If you receive this notification, or if you notice that you are unable to log into your email account, the sections below provide some steps that you can immediately take to protect your information.

Additionally be aware of any unprompted Authenticator notifications you may receive on your device as that may indicate somebody is trying to access your account. Never approve/accept an unsolicited authenticator prompt. 

Remember legitimate messages from AIT will never ask for your credentials. If you are unsure please contact us immediately on 0115 9170 197. 

Securing your Microsoft 365 Account 

• Log into your Microsoft 365 account. Go directly to the website in your browser and be sure to not follow any email links, etc. https://office.com 

• Navigate to the Gear Icon. 

• Select View all Outlook settings.

• Click Mail on the left tab if it has not been selected already.

• Under Compose and Reply, check the Email signature. 

• Check the Rules tab to ensure that the only rules listed are those that you personally have set up.

  • Review all unfamiliar rules, if any are listed. 

  • Delete any unfamiliar rules you do not wish to keep.

• Check the Sweep tab to ensure that the only rules listed are those that you have personally set up.

  • Review all unfamiliar sweep rules, if any are listed. 

  • Delete any unfamiliar sweep rules you do not wish to keep.

• Review all settings listed on the Junk email tab. You should ensure that specific emails are not blocked and that no spam/unknown emails have been classified as “safe senders.”

• Check whether the Forwarding tab is disabled. This tab should only be enabled if you personally enabled it. 

  • If the forwarding tab is enabled, please review forwarding rules and remove any rules that you do not recognise. 
• Check on your ‘Deleted Items’ and review any unexpected items. 
• Review your ‘Sent Items’ to ensure these are emails sent by yourself. If you notice any emails that you didn't send yourself, please contact the recipient to inform them that your account was compromised and that they should delete the email and not click on any links.

Security Tips 

• You should never share your passwords with anyone, or allow anyone access to your account.
• If your account has been compromised, change all passwords across your organisations accounts.
• Never reuse the same password.
• Use Multi-Factor Authentication at all times.
• Be wary of email attachments, only open attachments if you absolutely trust the sender.
• Ensure you have a complex password.
• Remember AIT will never ask you for your password.
• Never click on suspicious links within emails if you do not recognise the sender, and check the email address an email has been sent from. 
• If you are unsure if an email is legitimate, contact the sender via a different, trusted method (for example Phone Call, or WhatsApp).