What to Do if Your Account is Compromised


This article contains information on preventing an account compromise as well as how to regain access once an account is compromised. 


Tips to Prevent an Account Compromise

Taking steps to prevent an account compromise takes little effort on the front end, and can prevent a major inconvenience in the future. It is in the best interests of the student, staff, or faculty at the University (as well as the University itself) to make sure to use appropriate password protection techniques that could include disabling file sharing and scanning for viruses. Below are a few tips to help keep an account secure.

Beware of Phishing

Often e-mails will be sent out that look like they are from the University of Oregon or the Technology Service Desk (TSD). Please remember that the University of Oregon will never ask you for your password in an e-mail. You will receive e-mail notifications to reset your password every 180 days, and the link in said e-mail will take you to the Duck ID Self-Service page. If an e-mail goes out that takes you to another page - even if it looks like the password reset page - do not type in your information! 

Instead, forward a copy of the e-mail to phishing@uoregon.edu

Do not share your UO account information

Not only would sharing put your account at risk of compromise, but it is also not allowed by the Code Of Responsibility For Security And Confidentiality Of Records And Files.

If you write your password down, do not leave the paper where someone else can find it

It is recommended you use a password manager to maintain a strong and unique password for each individual account

Choose a secure password for each account

Your password should be difficult to guess, but easy for you to remember. The following is the password security criteria required by the University of Oregon:

  • Password should not be a word in the dictionary.
  • Maximum Length: 127 characters.
  • Minimum Length: 14 characters.
  • Password should contain the of the following:  
    • Lowercase
    • One number
    • Uppercase
  • Must not contain your UO ID, email, first name, full name, last name, or any nickname.
  • Must not be any previous password.

For advice on how to create a strong password, see How To Create A Strong Password.

Be sure to guard the Security Questions and answers you defined when creating your account

Be aware that the security questions page can be accessed by anyone. Personal social networking accounts (ex. Instagram, Twitter) can contain a great deal of personal information that can be used by others to gain access your account if you are not diligent with protecting your personal information. With this in mind, as always, be careful what you post on social networking sites, and ensure your Security Questions do not refer to information that anyone other than yourself knows. For more information, watch our Protecting Yourself Online video.

If you have reason to believe that your account has been compromised, please contact the TSD immediately at (541) 346-HELP (4357).

Regaining Control of a Compromised Account

If you believe your account has been compromised it is very important that you attempt to reset your password by clicking Manage Your DuckID on the Duck ID Self-Service page. This will prevent anyone from logging into your account in the future. After you do this, double-check if your account has actually been compromised and make sure the problem isn't just because you forgot your password.

If you are unable to reset your password, contact the TSD at 036 EMU or over the phone at 541-346-4357.

Run a virus scan for malware installed on your machine if you feel as though your machine has been exposed to malware.

For devices managed by the University of Oregon, Microsoft Defender for Endpoint is the recommended software to use for scanning for Malware. If you do not have a managed computer, McAfee Endpoint Security is supplied by the University of Oregon and is the the next recommended option. Often, access to the account was obtained through phishing, a Trojan virus, or a key logger. Please refer to the information below on how to install McAfee Endpoint Security or Defender for Endpoint.

  • Windows
    • Microsoft Defender for Endpoint is installed automatically on any managed windows device. Please contact your local IT group for assistance. 
    • Information on how to install McAfee for Windows can be found here.
  • macOS
    • macOS does not have a built-in anti-virus scanner. Thus, it is recommended that you install anti-virus software. 
    • Microsoft Defender for Endpoint is installed automatically on any macOS device. Please contact your local IT group for assistance. 
    • Information on how to install McAfee for Mac can be found here.

When an account is reported or appears to have been compromised, the University of Oregon will quarantine the account while we conduct an investigation. Once we are confident that account access privileges have been restored to the user (and only the user), we will enable access to the account.

Some indicators your account may have been compromised are:

  • There are multiple login attempts from several other states/countries in a short period of time.
  • You have clicked on a known phishing email.
  • Malware was detected on your device.
  • There is account activity from on-campus and off-campus locations at the same time.

More information about Microsoft Defender for Endpoint can be found here: Microsoft Defender for Endpoint


Article ID: 41456
Thu 10/26/17 3:54 PM
Fri 1/5/24 2:59 PM

Related Articles (2)

How to report phishing attempts to our Information Security Office.
The UO community is often the target of unwanted email messaging campaigns requesting that the user visit a website and enter their credentials in order to address an urgent issue with their accounts, banking records, student information, and employee records. This knowledge base article will provide you with ten (10) basic tips that everyone can follow to help discern whether an email message is face.