Published March 4, 2013
By Jeff Murphy, firstname.lastname@example.org,
Interim Information Security Officer
Uh oh! Your computer is acting funny. Is all of your email
suddenly gone? You suspect something is wrong. What to do
Having your computer or UBIT account broken into can be a
stressful time. You don't know what's been deleted or what they've
used the account for. The most important thing to do is not
There are several steps that need to be taken if your computer
seems to have been “compromised,” which is the
technical term given to being hacked or infected, but you may also
suspect that your personal information has been stolen. But first,
a warning for people accessing High Risk Data.
High Risk Data
If you have access to high risk data (for example other
people’s Social Security numbers, identity documents such as
driver's licenses, or financial account numbers, such as credit
cards), you should contact your local IT support or the Information Security
Office before taking any action.
If your computer or phone is acting funny (odd pop-up messages,
running very slowly, rebooting unexpectedly), then you should
immediately stop using it. It is often the case that the computer
virus is monitoring any passwords you enter. This includes your
UBIT password, as well as your banking passwords, shopping
passwords, and so on.
In addition to not using the device, you must change all of your
passwords for any account that you've accessed from that computer.
Don't assume that those accounts are safe!
Once you’ve done that, if this is a personal device, you
should either re-install your computer's operating system (or
"restore" your phone), or ask someone to help you if you don't feel
comfortable doing this. If you are a faculty/staff member using an
university-owned device, you should ask your IT support for
assistance. Unlike the ubiquitous television commercials,
don’t try to "clean" the computer, as this is generally not
effective. Many infections today are sophisticated enough to resist
the cleaning procedure—in fact, the cleaning tools will often
not even detect the infection!
Once your computer is re-installed (and fully patched) and your
passwords are changed, you’re ready to think about how the
compromise happened in the first place. Can you remember clicking
on a link that your friend sent you? Did you open an attachment in
an email? These things are common Internet pitfalls, and are easily
avoided by being more cautious while you’re online.
It may be that your computer is fine, but when you checked your
email today, you found it was all deleted.
This is a common indication that your password was compromised,
often because it was guessable or you were phished (see our last article on "phishing").
If your account gets compromised, you should immediately change the password and security questions.
If you’re dealing with a non-UB email account, be sure to
contact your service provider. Next, if you use that password on
other accounts (you shouldn't!), go change those passwords as well.
A thief can often guess, from the contents of your email,
where you have other accounts. Your banks, Facebook page, etc, are
all at risk. Even if you don’t use the same password on those
accounts, the hacker may have clicked the "forgot my password" link
in order for your bank to send a reset message to your compromised
email. That would be bad!
The final piece of the recovery process is to understand the
behavior that got your account into trouble in the first place.
Common things people do that result in account compromise are: A)
using untrustworthy public computers (e.g. at conferences), B)
clicking on entertaining links your friends send you, C) opening
attachments such as videos, zip files, and Word documents, and D)
being "phished" (scammed) by a mail message that looks official,
We also recommend using Identity Finder to securely remove or
encrypt Personally Identifiable Information (PII). UB students,
faculty and staff can download and install Identity Finder on personally-owned computers;
IT staff can install a managed version to regularly scan a
Recognizing these high-risk behaviors and working to change them is
the best preventive medicine you can take to keep your account and
For more information, please contact the UB Information Security
Office at email@example.com.