Versions Compared

Version Old Version 31 New Version 32
Changes made by

Aaron Schanz

Aaron Schanz

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

First, don't panic. You are not alone!  Many people have fallen for the techniques of scammers and hackers.  It might be a terrible feeling that moment you realize you have become a victim of a phishing attack, but ITS Information Security group is here to helpvictim to phishers and have been tricked into giving away their passwords or personally identifiable information.  Once you realize that you’ve been compromised, there are some immediate steps you should take to protect yourself, your information and your identity.

Anchor
topofpage
topofpage

By following the security measures outlined on this page you will lower, or hopefully eliminate, the risk of further data loss.

Steps to Securing Your

...

Information after a Phish Attack

Table of Contents
minLevel3

Step 1:  Change your passwords

The first step in securing your information and to mitigating further attacks is changing your passwords.  Remember not only should you change your NetID password but you should change any and all passwords that could be affected as well.  Most people wrongly use the same password on multiple sites (Netflix, Amazon, Social Media, even banking).  If the attacker has your NetID password what would stop them from trying the same password on all of your accounts?  So change your passwords! For directions on how to change your password please see change passwords link

Return to Top

Step 2:  Update then Scan your device

Scammers will attempt to infect your device not only to annoy you but to also try and gather more information.  Most attackers try and infect your device to secretly gather information that may be stored or entered into other sites without you knowing.  They may also use your device to try and spread their attacks to others you know.  

When you update then run a full scan on your device this could help mitigate those future attacks on not only you but possibly your friends/family. 

For help with antivirus software please see the Antivirus Software answers pageYou should immediately change your Syracuse University (NetID) password.  Instructions for doing so can be found on the Answers “Password Change” page.  

You should not be using the same password you use for your NetID anywhere else, but if you do, you should change those passwords to be unique passwords.

Return to Top

Step

...

2: Check the email rules on your Syracuse University email

...

Attackers may attempt to add email rules to your account in an attempt to hide their activity from you.  They will set up rules to forward and/or delete email most of the time without you even seeing or knowing about them.  

...

from key individuals or University offices such as ‘ITS’, ‘Bursar” or ‘Payroll’. 

Please take note of what those rules are and provide them to the Information Security Department. 

Return to Top

Step

...

3

...

Remember ITS Information Security group is here to help.  Notification is very important, this could help ITS Information Security to detect the attackers and block the sites from affecting others.  The quicker we know the less the attacker can gain a foothold in our University.  Below is information that ITS could use to mitigate the threat:

...

Notify the ITS Information Security Department

The ITS Information Security Department depends on the Syracuse University community to help detect and protect against phishing attacks.  Taking a brief moment to send us an email may help protect many others from the attack.  Simply forwarding the message to ITSecurity@listserv.syr.edu is helpful, but providing additional information as shown below will help us better protect other individuals and your access. 

  • Have you already changed your password? Letting us know that you’ve already changed your password may prevent us from locking your account if we detect your original password being compromised.
  • Provide the original email headers. Headers contain detailed mail routing information that we can use to investigate the attack.  Instructions on obtaining the headers can be found on the Answers “Sending Email Headers” page.
  • What  information you provided.  Did you provide your SSN?  Your date of birth?  Your name?  Your NetID/Password?   We don't need the actual information just , but letting us know what you entered  (Name, address, phone, username, password, SSN, DOB, etc..)
  • Check the email rules from Step 3 and attach screenshots
  • If you have followed the above steps so far
  • Send emails to ITS Security Groupthe type of information you entered helps us to understand the scope of the attack.
  • The content of your inbox rules.  If you found malicious rules in your email box, letting us know what those were will help us detect other accounts that have been compromised.

Return to Top

Step

...

4: Reduce threats to your identity

...

    • review your statements regularly and be alert for benefits activity you didn’t initiate.

Return to Top

Step

...

5: Minimize future threats

  • Use Syracuse University's Two-Factor Login service.  Navigate to NetID and click the "Opt-in to Two-factor" link.
  • Keep your device up to date and scan regularly
  • Use a strong password and a password manager.  For tips refer to the following link passwords and strong passwords/password managers 
  • Use different passwords for every account
  • Remember don't click links or download attachments without verifying they are safe 
  • If you ever question an email let ITS Information Security do the work to verify it's safety first
  • Helpful links

Return to Top

Getting Additional Help

Still have question? For support of the information above, do not hesitate to contact the ITS Help Desk by calling at 315-443-2677, by emailing help@syr.edu, or by stopping into 1-227 CST.

...

    • Enable two-factor authentication for your online accounts. This will protect you against unauthorized use of your credentials, even if they are stolen. For your University Office 365 , visit NetId.syr.edu and click Two-factor Opt-in
    • Be suspicious of any email from senders you don’t know, or that seems out of character for the sender. Verify that the sender is actually who they appear to be before clicking on any links or attachments.
    • Any request for money or goods is bound to be fraudulent. If it claims to be from a campus member, contact them or their office to verify first, or check with Information Security.
    • Verify the URL of any link before you click it by hovering your cursor over the link and examining the URL. If you don’t recognize the URL, don’t click it.
    • Never open attachments unless they are from someone you know or are otherwise expected.
    • Delete any suspicious emails, before opening them if possible.
    • Don’t enter your username and password (especially your University NetID) to access any website if you are not 100% sure of its validity. In particular, you should be suspicious of email messages that have links to sites that ask you to use your University NetID and password to log in.
    • Keep your computer software updated and patched, particularly your antivirus and anti-malware software.
    • Make sure your computer’s firewall is installed and running.
    • Remember that nobody at Syracuse University will ever ask for your NetID or password for any reason, in any form other than when you’re logging in to an SU system. If somebody does, they're not representing the University or any of its offices. Report any occurrences to itsecurity@syr.edu.


Return to Top

If you need more information or assistance with verifying any email messages, please do not hesitate to contact your local IT support team (if you’re faculty or staff), or the ITS Service Center (if you’re a student) at 315.443.2677 or help@syr.edu.

To receive timely notification from ITS of current information security threats follow @SecureCuse and @SU_ITS on Twitter.

Return to Top