First, don't panic. You are not alone! Many people have fallen for the techniques of scammers and hackers. It might be a terrible feeling that moment you realize you have become a victim of a phishing attack, but ITS Information Security group is here to help.
By following the security measures outlined on this page you will lower, or hopefully eliminate, the risk of further data loss.
Steps to Securing Your Account and Devices
Step 1: Change your passwords
The first step in securing your information and to mitigating further attacks is changing your passwords. Remember not only should you change your NetID password but you should change any and all passwords that could be affected as well. Most people wrongly use the same password on multiple sites (Netflix, Amazon, Social Media, even banking). If the attacker has your NetID password what would stop them from trying the same password on all of your accounts? So change your passwords! For directions on how to change your password please see change passwords link
Step 2: Update then Scan your device
Scammers will attempt to infect your device not only to annoy you but to also try and gather more information. Most attackers try and infect your device to secretly gather information that may be stored or entered into other sites without you knowing. They may also use your device to try and spread their attacks to others you know.
When you update then run a full scan on your device this could help mitigate those future attacks on not only you but possibly your friends/family.
For help with antivirus software please see the Antivirus Software answers page
Step 3: Check your email rules
Attackers may attempt to add email rules to your account to forward and/or delete email most of the time without you even seeing or knowing about them.
- Microsoft Office 365, including SUmail accounts
- Users should review your email account settings by following steps found on the Securing SUMail Accounts After Security Locks page (video instructions available).
- Gmail
- At the top right, click Settings
- Click Settings
- Click Filters and Blocked Addresses
- If you question any of those rules please include them by attaching a screenshot in the notification Step 4 below
- At the top right, click Settings
Step 4: Notification
Remember ITS Information Security group is here to help. Notification is very important, this could help ITS Information Security to detect the attackers and block the sites from affecting others. The quicker we know the less the attacker can gain a foothold in our University. Below is information that ITS could use to mitigate the threat:
- The original email headers. For more information please see our sending email headers Answers page or go to MXtoolbox for other email applications
- What information that you entered. We don't need the actual information just letting us know what you entered (Name, address, phone, username, password, SSN, DOB, etc..)
- Check the email rules from Step 3 and attach screenshots
- If you have followed the above steps so far
- Send emails to ITS Security Group
Step 5: Mitigate the threat to your identity
- U.S. government’s one-stop resource for identity theft victims. The site provides streamlined checklists and sample letters to guide you through the recovery process. Get help to report and recover from identity theft:
- Freeze your credit report to prevent attackers from obtaining credit histories and opening new lines of credit:
- Review the recommendations from the Social security Administration about identity theft and your SSN:
- Create your online Social Security account -- regardless of your age or retirement eligibility -- to prevent attackers from doing so:
If you already have an account, regularly review your statements and be alert for benefits activity you didn’t initiate.
Step 6: Minimize future threats
- Use Syracuse University's Two-Factor Login service. Navigate to NetID and click the "Opt-in to Two-factor" link.
- Keep your device up to date and scan regularly
- Use a strong password and a password manager. For tips refer to the following link passwords and strong passwords/password managers
- Use different passwords for every account
- Remember don't click links or download attachments without verifying they are safe
- If you ever question an email let ITS Information Security do the work to verify it's safety first
- Helpful links
Getting Additional Help
Still have question? For support of the information above, do not hesitate to contact the ITS Help Desk by calling at 315-443-2677, by emailing help@syr.edu, or by stopping into 1-227 CST.