3. What to do next

The most important thing you can do is change the password of the compromised account. This should be done from a machine you know to be safe, otherwise the attackers may pick up the new password and begin the cycle again. Any other accounts you know to use the same password, within the University or otherwise, should also be changed to new, different passwords. Do not reuse your compromised password for any account in the future, you have no way of knowing how long the attackers will keep this information for.

As soon as possible, please inform your local IT support staff, if that is not possible please contact the IT Services general helpdesk. The sooner we are aware of the problem the better. For further information please see:

http://www.it.ox.ac.uk/help/gettinghelp/

To make it more difficult to assess how the attackers have used your account they may have deleted large amounts of emails or set up rules to forward new emails to places you aren’t expecting. You can start by checking your deleted items folder for the missing mail and disabling any mail filtering rules which you did not create. If you require any assistance with this please contact your local IT support staff or the helpdesk.

Apart from data theft, attackers often use email accounts they have gained access to to send spam. You may notice a number of emails from recipients of the spam, you may wish to respond to them letting them know that you are aware the account has been compromised and are taking steps to prevent further misuse.

It is also highly likely that your account will receive a large amount of junk emails, in the form of bounces and auto-replies from the addresses the attacker sent email to. Care should be taken not to delete legitimate correspondence when dealing with these emails.

Another consequence of the account being used to send spam is that your email address may have been added to blacklists which could cause your emails to be blocked in the future. These lists are numerous and controlled by organisations outside of the University. If you suspect emails from your account are failing to reach certain recipients, please contact your local IT support staff or the IT Services general helpdesk who will endeavor to assist you.

Up: Contents Previous: 2. What the attackers may have done Next: 4. How to avoid your account being compromised again