Uh oh! Your computer is acting funny. Is all of your email suddenly gone? You suspect something is wrong. What to do next?
Having your computer or UBIT account broken into can be a stressful time. You don't know what's been deleted or what they've used the account for. The most important thing to do is not panic.
There are several steps that need to be taken if your computer seems to have been “compromised,” which is the technical term given to being hacked or infected, but you may also suspect that your personal information has been stolen. But first, a warning for people accessing High Risk Data.
High Risk Data
If you have access to high risk data (for example other people’s Social Security numbers, identity documents such as driver's licenses, or financial account numbers, such as credit cards), you should contact your local IT support or the Information Security Office before taking any action.
If your computer or phone is acting funny (odd pop-up messages, running very slowly, rebooting unexpectedly), then you should immediately stop using it. It is often the case that the computer virus is monitoring any passwords you enter. This includes your UBIT password, as well as your banking passwords, shopping passwords, and so on.
In addition to not using the device, you must change all of your passwords for any account that you've accessed from that computer. Don't assume that those accounts are safe!
Once you’ve done that, if this is a personal device, you should either re-install your computer's operating system (or "restore" your phone), or ask someone to help you if you don't feel comfortable doing this. If you are a faculty/staff member using an university-owned device, you should ask your IT support for assistance. Unlike the ubiquitous television commercials, don’t try to "clean" the computer, as this is generally not effective. Many infections today are sophisticated enough to resist the cleaning procedure—in fact, the cleaning tools will often not even detect the infection!
Once your computer is re-installed (and fully patched) and your passwords are changed, you’re ready to think about how the compromise happened in the first place. Can you remember clicking on a link that your friend sent you? Did you open an attachment in an email? These things are common Internet pitfalls, and are easily avoided by being more cautious while you’re online.
It may be that your computer is fine, but when you checked your email today, you found it was all deleted.
This is a common indication that your password was compromised, often because it was guessable or you were phished (see our last article on "phishing").
If your account gets compromised, you should immediately change the password and security questions. If you’re dealing with a non-UB email account, be sure to contact your service provider. Next, if you use that password on other accounts (you shouldn't!), go change those passwords as well. A thief can often guess, from the contents of your email, where you have other accounts. Your banks, Facebook page, etc, are all at risk. Even if you don’t use the same password on those accounts, the hacker may have clicked the "forgot my password" link in order for your bank to send a reset message to your compromised email. That would be bad!
The final piece of the recovery process is to understand the behavior that got your account into trouble in the first place. Common things people do that result in account compromise are: A) using untrustworthy public computers (e.g. at conferences), B) clicking on entertaining links your friends send you, C) opening attachments such as videos, zip files, and Word documents, and D) being "phished" (scammed) by a mail message that looks official, but isn't.
We also recommend using Identity Finder to securely remove or encrypt Personally Identifiable Information (PII). UB students, faculty and staff can download and install Identity Finder on personally-owned computers; IT staff can install a managed version to regularly scan a UB-owned computer.
Recognizing these high-risk behaviors and working to change them is the best preventive medicine you can take to keep your account and computer safe.
For more information, please contact the UB Information Security Office at email@example.com.
VITEC Solutions services both personal and department-owned computers and iProduct devices; visit their drop-off depot in the Lockwood 2nd Floor Cybrary or call 800-333-1075. You can also request office pick-up for UB-owned equipment.
iPhone usage by students is up in every UB school. Students in the School of Nursing reported the biggest increase this year- their iPhone usage jumped from 18.6% in 2011 to 45.9% in 2012. Verizon Wireless is currently the carrier of choice of students at UB, with 39% using their service.
In 2012, more students reported connecting to Wi-Fi through UB Secure. 74% reported securely connecting vs. 67% in 2011.
Computing and Information Technology at UB is more than 40 years old. Here’s a look back at the Interface newsletter from March 1980. (Please note: this PDF file includes perturbations natural to the duplication process at the time.)