Protecting Your Accounts: What to Do After a Compromise


Introduction

If you suspect that your account has been compromised or experience any suspicious activity, such as a 2-factor authentication request that you did not initiate, please call 4Help for immediate assistance at 540-231-4357.

 

Protecting your personal information and online identity is more crucial than ever. Whether you're a current employee, student, retiree, or alumni of Virginia Tech, understanding the risks of spam and phishing attacks is essential for safeguarding your accounts and data. In the unfortunate event that your account becomes compromised, knowing how to handle the situation is equally important. 

 

This article aims to provide guidance on recognizing potential threats, avoiding falling victim to cyber-attacks, and understanding the procedures followed by Virginia Tech's IT Security Office and Division of IT when dealing with compromised accounts. 

 

Table of Contents

Understanding Account Compromise: How It Happens and What to Look For

How Does the Division of IT Handle Compromised Accounts?

Your Role In the Compromised Account Process

Protecting Yourself From Fraud

Available Resources To Learn How To Secure Your Personal Data

 

Instructions

Understanding Account Compromise: How It Happens and What to Look For

Virginia Tech is dedicated to safeguarding your accounts, data, identity, devices, and university IT systems. Everyone at Virginia Tech plays a role in recognizing threats and using safe practices. It is crucial to understand how accounts can be compromised and take proactive steps to stay informed and secure against potential breaches.

 

Common methods of digital attacks:

 

Phishing - Phishing is the fraudulent practice of posing as a trusted entity to obtain sensitive information. It can occur through email, phone, or text and may request usernames, passwords, credit card details, or personal information. Virginia Tech will never request confidential information via email. Learn more about How to Protect Yourself from Phishing Attacks. 

To avoid phishing scams, watch out for these signs:

Mismatched Sender The email address doesn’t match the organization it claims to be from. For example an email that claims to be from Virginia Tech, but does not come from an address ending in "@vt.edu"
Requests for Personal Info Legitimate organizations including Virginia Tech will never ask you to share your username or password via email
Unsolicited Password Changes Requests to update or change passwords without prior context
Fake Login Pages Scammers use these to steal login details. Always check the URL before providing login information
Unusual Language Formal or awkward grammar can be a red flag
Urgency or Scare Tactics Pressure to act quickly can be a sign of phishing
Unexpected Attachments Be cautious with attachments from unknown sources
General Discomfort Trust your instincts if something seems off about the message

 

Recent Phishing attacks circulating at Virginia Tech

  • Account Termination Scams
    • Users have received phishing emails with subject lines “URGENT VT ALERT” or similar to instill a sense of urgency. These scams falsely claim that your vt.edu account is at risk of termination and urge you to click a link. While these emails may appear to be from Virginia Tech accounts, please note, Virginia Tech does not address account issues through email.

 

  • Fraudulent Job Offers
    • Another known scam involves deceptive emails from supposed Virginia Tech accounts, offering attractive work-from-home jobs with minimal hours. These emails may prompt you to click a link or share personal information. Different versions of this scam have circulated in recent years.

 

The IT Security Office has found that some of these phishing emails come from compromised Virginia Tech email accounts. This outlines why it is so important to protect yourself in order to protect others.

Additional information can be seen at https://police.vt.edu/scam-alerts.html .

 

Malware / Virus -  Malware is software designed to disrupt a device's normal operation, including viruses, worms, spyware, ransomware, and adware. Symptoms of infection can include slowed performance, unwanted software, or phishing messages. Protecting against malware is essential for network security and personal data. Properly configured anti-malware software is both easy to manage and effective.

Reusing Passwords - Reusing your Virginia Tech passphrase on other sites, especially where your email is your username, risks both your and the university's security. If those accounts are compromised, hackers can more easily access your Virginia Tech account.

Password Sharing - Sharing your password is like giving someone the key to your house. If you share your password with a friend, significant other, or family member, they may not be as careful with it as you are.To keep everything safe, it’s best to keep your password private and only use it yourself.

Social Engineering - Social engineering is a tactic used by scammers to manipulate people into giving away confidential information or performing actions that compromise security.Instead of hacking through technical means, they exploit human psychology, often by pretending to be someone trustworthy or creating a sense of urgency.Social engineering attacks come in many different forms and can be performed anywhere where human interaction is involved. 

 

How Does the Division of IT Handle Compromised Accounts

If you suspect that your account has been compromised or experience any suspicious activity, such as a 2-factor authentication request that you did not initiate, please call 4Help for immediate assistance at 540-231-4357.

If someone gains unauthorized access to your Virginia Tech credentials, your account is considered compromised, risking your data privacy. Virginia Tech’s IT Security Office and Division of IT have a process to restore account security and minimize damage from malicious attacks.

If an account has been identified as being compromised, the account will be locked to stop further abuse. Virginia Tech’s IT Security Office and Division of IT have a dedicated workflow to restore the security and integrity of an account. These steps are critical for account security and aim to reduce the damage malicious attacks can have.There is no way to expedite this process. Prompt cooperation with the Division of IT is the fastest way to resolve access issues due to a compromised account. 

 

Your Role In the Compromised Account Process

Virginia Tech takes account and endpoint security very seriously, however it is important to know your role in the process. To protect yourself and minimize security risks the following steps should be taken once a security issue is identified.

 

  • Disconnect the System: Unplug the network cable or disable wireless to preserve evidence for IT investigation.
  • Avoid Using the Compromised System: Do not use or attempt to reset credentials on the compromised device. Contact ITSO by phone if you lack access to a secure device.
  • Restore Account Access: Call 4HELP if your account is locked out.
  • Limit Information Sharing: Share details only with those who need to know and maintain confidentiality.
  • Change All Passwords: Update login credentials for all accounts, not just those at Virginia Tech, and avoid reusing passwords.
  • Monitor Financial Accounts: Watch for signs of identity theft, such as unusual transactions or new credit cards.
  • Report Fraud: In the case of fraud, notify the appropriate authorities, including local police, the FBI (https://www.ic3.gov/Home/ComplaintChoice), and your financial institutions.

Remember: when in doubt, report it!

 

Protecting Yourself From Fraud

Use Unique Passwords Be sure the passwords for your personal accounts are unique (not used for multiple accounts) and are at least 12 characters. Tips for creating a strong password here: Changing or Resetting My Password
Enable 2-Factor Authentication Enable 2FA or MFA (2-Factor Authentication) on your personal accounts when possible
Update passwords If you suspect your account was compromised due to malware or a virus on your workstation, change the passwords for all accounts that were saved in your browser to new, unique passwords
Stay vigilant of Duo 2-factor authentications Never verify a DUO authentication unless you are logging into a Virginia Tech system
Never share your VT password or passphrase Virginia Tech will never request your VT password or passphrase from you. No matter how eloquent, realistic, or grammatically correct a request may sound, if the request is for your passphrase or other personal information, it is fake. Do not respond to any email message or phone call requesting your Virginia Tech VT username and password or passphrase. Anyone who requests this information intends to use it in a malicious manner.  The only exception is when you call 4Help to offer assistance for security purposes or changes to your account.  We will ask that you provide information to verify your identity before making changes to your account.
Review on a larger screen If you see an odd email on your phone, try looking at it on your laptop before doing anything else - a larger screen can help you detect signs of phishing you might miss on a phone
Don’t Respond If you receive a suspicious looking email, do not respond back. Phishers will often try to initiate a conversation to build trust with you. If you receive a phone call where they ask if you would like more details on their program or product, tell them that you will call their company or go to their website to collect this information. Never provide your personal information if you did not initiate the phone call. Self-Reporting Spam and Phish Email attempts through your email client is the most efficient way to report them. There are directions for both Outlook and Gmail
Never include a passphrase (of any kind) in an email message If you need to provide someone with a passphrase, you should do so securely either through a direct meeting with the person or an encrypted communication. The passphrase you provide should always be something that the recipient must change immediately. Passphrases should never be shared between multiple users
Do not click any links or open any attachments in emails if you are not expecting them If you receive an unexpected email with a link or an attachment, do not click it. If the email claims to be from a colleague, ask them about it. If it appears to be from another organization, then call that organization’s customer support center and ask them to verify the message.
Check the sending email address If you receive an email claiming to be from someone that you know but its content seems out of place in comparison to their typical emails or if their message is expressing a sense of urgency around an action they want you to take, you should check the sending email address to confirm the identity of the sender. Common examples are requests asking to help them gain access to an account or make an immediate purchase. Phishers will often “spoof” or change the display name to match one of your contacts. By checking the sending email address, you can determine if the message truly came from the email address of the person being identified in the message.
Change your VT passphrase often All faculty and staff are required to change their passphrases annually by policy. However, you can change it more often. If at any time you feel something odd is happening with your account or if you find out you clicked a link from an unknown sender, you should immediately change your passphrase. For instructions, see Changing or Resetting My Password.
Do not disable your Junk Mail folder Exchange Online and Gmail both have automatic filtering enabled for automatically detected spam, junk, and phish emails. If your Junk Mail folder is disabled, then Exchange Online and Gmail will be unable to filter them, and they will remain in your main folder

 

Available Resources To Learn How To Secure Your Personal Data

 

The University community is encouraged to review the following additional resources to help protect against phishing attacks.

 

Virginia Tech's IT Security Office recommends viewing the following video:

 

Avoiding Phishing Scams

https://www.linkedin.com/learning/avoiding-phishing-scams-2021/avoiding-phishing-scams?u=57888345

 

LinkedIn Learning is an on-demand learning solution designed to help users gain new skills and knowledge. Access is free to current Virginia Tech students, employees, and recent graduates. 

You can access LinkedIn Learning through OneCampus at https://onecampus.vt.edu/task/all/lynda. You will enter your VT email address and your LinkedIn password.

 

ITSO Phishing Awareness Training

In this training, you will learn what phishing is, how it is used by malicious actors to steal information, attack the university's network, or compromise VA Tech accounts and computers of students, faculty, and staff. 

 

Windows Security Support: Protect Yourself Online

This Microsoft website provides a list of strategies for protecting yourself online. It also provides information for protecting your information at home, at work, and how to identify threats, such as common support scams.



Securing the Human Training Program

The Virginia Tech IT Security Office manages this awareness program to educate users on how to recognize security threats and protect personal data.

 

Can you spot when you’re being phished?

This site provides a short assessment to help users test their own knowledge on correctly identifying phishing attacks.

 

From the 4Help Knowledge Base - KB0011109 - How to Protect Yourself from Phishing Attacks

Division of IT - Resources - Cybersecurity Awareness - Phishing and Spear Phishing

Division of IT - Resources - Cybersecurity Awareness - General Cybersecurity Resources

 

Regardless of having a presentation full of helpful information, we all sometimes run into technical issues we need help solving. Requests for assistance to 4Help can be submitted via self-service at 4help.vt.edu or by calling 1-540-231-4357. Agents are available 24x7x365 to assist you.