Being swift to take action following the theft of one of your online accounts is vital. Not only will you need to reclaim control over the affected account, you’ll need to take steps to protect your other accounts, too.

How will you know?

Hackers use compromised email accounts to access campus computing resources or to send spam and scams to your contacts.

With the right login information, a hacker could have full access to UD’s network, which contains the confidential information of thousands of students and employees. If you receive worried calls or angry messages from your colleagues because of mail “you” sent them, you’d better investigate the security of your account.

Most online accounts like Facebook and Gmail will alert you if there’s suspicious activity on your account, for example, multiple failed attempts to log in or attempts to log in from foreign countries.

Steps to take

1. If you suspect your UD email account was hacked, immediately contact secadmin@udel.edu so IT can begin their investigation of the incident.

2. Immediately change the password of the affected account, and the password on every other online account that uses, or is linked to, that email address.

  • Whichever email account has been hacked (UD, Gmail, Yahoo, etc.), IT advises you to change your UDelNet password. Because many people set up other accounts using their UD email accounts as an “alternate” email address, a hacked Facebook, Twitter, or Yahoo! account, could lead to your UD email being compromised as well. Double trouble!
  • Remember, every password should be different and difficult to guess. You can use IT’s secure password page to help create secure passwords, and check their strength with IT’s password checker.
  • If you’re suddenly unable to access an account because of a maliciously changed password, you will need to contact the vendor and prove you are the account owner. Here are the password help pages for many popular online services:

3. Be sure to change your passwords regularly. Choose to customize a vendor’s security question(s) if allowed, and never use real answers to publicly available information—only fake answers you know you’ll remember. Because many of the answers to typical security questions can be found online with ease (birth city, high school name or mascot, mother’s maiden name, etc.), you should not provide the correct answer. Consumerist and Computerworld have both written about the flaws in the commonly used security question system.

[Previous article] [Next article]