After having an account or device compromised, be aware of these
common ways to get into trouble in order to prevent future
- Internet browser settings may not be secure.
- For re-installed PCs: the master boot record from the install
CD (e.g. Windows) may not have been completely erased.
- For re-imaged PCs: the master boot record may not have been
restored from the image (using Symantec Ghost, for
example). Learn more from Symantec.
- If a hardware keyboard capture device was plugged directly into
a computer in a public place, it could have connected to something
- Using an unencrypted connection like UB Wireless vs. UB
- Sending a username and password in clear text (http:, ftp,
telnet are some examples).
- Compromised USB flash drive, which re-infected the
- Sharing passwords, even with close family or friends, is never
recommended—remind students, faculty and staff that UB will
never ask for your password.
- Filling out a fake web form with a username and
password—be sure to check the URL. If the website uses
encryption, check the certificate as well.
- Responding to a phishing email.
- Visiting the same infected website, .pdf, etc. without
realizing that it is downloading and running something bad. It's
common for infected files (movies, Word files, spreadsheets,
PowerPoint presentations, and so on) to be transmitted via social
- Using a compromised DNS server.
After rebuilding a PC, ensure the device is fully patched before
restoring all data files. After everything is restored, run a
thorough scan, using as many scanning tools available, to ensure
all of the files are clean.