If you suspect that your account has been compromised...

With the recent increase of phishing scams and a few instances of people replying to these scams, please follow these basic instructions to secure your UH Username account. Call our ITS Help Desk at (808) 956-8883 or (800) 558-2669 from neighbor islands to report this problem and get help; or follow these directions...

Signs that your UH Username and password were compromised:

  • flood of email in your Inbox either in response to spam sent from your account (several thousands of emails) or from people informing you that your account is being compromised

  • can't log in any more (your account might have been disabled or your password reset) 

What to do if your account is compromised:

  • Check your computer system for a virus or trojan

    • Check if your operating system has the most recent updates

    • Check if you have the latest virus definitions and/or latest anti-virus update

    • Run anti-virus software scan

    •  Run anti-spyware software scan

    • Details are outlined at "Securing Your Desktop" at http://www.hawaii.edu/askus/593

  • If your computer doesn't have a virus, you could check to see if you are able to change your password  e.g. http://www.hawaii.edu/askus/287

    •  Do NOT use the same password as before

    • Log into  Google@UH Gmail <http://gmail.hawaii.edu> to check your settings (some compromised accounts have had their configurations changed)
      1. Click on gear icon in the upper right, then select Settings.  
      2. Check if forwarding is turned on. (Click on 'Forwarding and POP/IMAP' and check that there is no unknown forwarding email address inserted.) 
      3. Check if there is a 'reply to' address filled in. (Click on 'Accounts', and check the 'Send mail as' fields.)
      4. Check the vacation and signature setting. (Click on 'General' and see if any text written there was not written by you in 'vacation responder' or 'signature' fields.)  

To prevent  compromises:

  • NEVER send your password to ANYONE
  • DO NOT REPLY to suspect email 
  • make sure you're up-to-date in Windows updates
  • make sure you're up-to-date in any anti-virus and anti-spyware updates
  • don't save passwords to your email account on your system, it might take a few more seconds to log in manually, but it might save you hours of time cleaning up after a compromise

 To report a suspicious email saying it's from the University of Hawaii and asking for confidential information:

Do not supply passwords or confidential information via email.  No legitimate institution will ask you for this information via an email. Someone who replied to a phishing email mentioned that he wasn't sure if it was legitimate, but answered the email providing Username and password; that account was compromised and used to spam thousands of email messages. As a result, hotmail.com and yahoo.com blocked mail coming from the UH mail server. (They were being flooded with spam.) If you see a reply to: address that is not with our hawaii.edu domain, most likely it is a scam, so please do not reply. We realize that the instigators of these scams get paid for this and will try all types of methods to get someone to reply. As they get more sophisticated, it can get more difficult to determine if the email is legitimate or not. If in doubt, for any email asking for account information appearing to be from the University of Hawaii, please give our ITS Help Desk a call at (808) 956-8883, or toll free from neighbor islands: (800) 558-2669.

Additional Information:

Please rate the quality of this answer: PoorFairOkayGoodExcellent
Not the answer you were looking for? Try different keyword combinations and if you still can’t find your answer, please contact us.
Article ID: 892
Created: Thu, 14 Feb 2008 2:14pm
Modified: Tue, 17 Jul 2012 8:29am