This article provides guidance to faculty, staff, and students if an unauthorized person has gained access to their NetID password. It covers how to change your NetID password and check your email for fraudulent activity. 

Compromised Accounts Overview

When someone that is not you gains access to your credentials (i.e., username, NetID, passwords), your account is considered to be compromised. This means that unauthorized persons are able to use your credentials to pose as you, and the privacy of your data is at risk. ITS monitors email traffic, and if our systems find a suspicious pattern or behavior, we will notify you that your account has been compromised. If you receive this notification, or if you notice that you are unable to log into your UConn email and UConn services with your NetID credentials, the sections below provide some steps that you can immediately take to protect your information.

You should be suspicious of any email message that urges you to take immediate action; a false sense of urgency is a red flag for a phishing scam. Always remember that a legitimate message from ITS will never ask that you enter your credentials. Rather, the links you click in a legitimate ITS message will redirect you to an official, verified website (e.g., netid.uconn.edu) or location (Technology Support Center), where you can then safely enter your credentials.

Securing Your NetID Account

If your account is compromised, but you are still able to log into your NetID account, 

  1. Log into the NetID management website.
  2. Click Change Password. 
  3. Enter your current password. 
  4. Enter your new password.

  5. Confirm your new password.

  6. Click Change Password. 

    The new password must follow the Password Complexity Rules, as listed below:

    • Passwords must be at least twelve (12) characters long.
    • The password must contain characters from three of the following four categories:
      • Upper Case: A B C ...
      • Lower Case: a b c ...
      • Numbers: 1 2 3 ..
      • Symbols: + - _ = . @ ? ! . . .
    • The password cannot contain any three consecutive characters that are part of your name or NetID.

Securing Your Google Apps Account (Students)

You should change your password if it was compromised or if you believe it may have been compromised. To secure your Google Apps account,

  1. Reset your Google Apps password from the G Suite webpage
  2. Navigate to Gmail settings.
  3. Check the Signature listed on the General tab.
  4. Review the Send Mail As settings listed on the Accounts tab.
  5. Review the filters and blocked addresses listed on the Filters and Blocked Address tab.
  6. Review the settings listed on the Forwarding and POP/IMAP tab, paying extra attention to any listed forwarding address.
  7. Press Save at the bottom to update all changes.
  8. Check recovery options. To do so, 
    1. Select the Apps Icon in the upper right 
    2. Select the Account App.
    3. Navigate to Security.
      Security icon
    4. Check the recovery Email and recovery Phone
  9. Update any items that may require updating.

Securing Office 365 Account (Student Workers, Faculty/Staff)

Old Office 365 Look

  1. Log in to the Office 365 account from the UConn email website.

  2. Click on the Gear icon. 

  3. Select Mail from Your App Settings. 

  4. Click on Automatic Processing. 
  5. Check the Inbox and Sweep Rules. You should ensure that the rules are recognized.
  6. Navigate to Accounts. 
  7. Select Blocked or allow and Connected Accounts.
  8. Under Blocked or Allow, verify that there are no unfamiliar addresses on the safe senders list.
  9. Under Blocked Senders, verify that there are no familiar addresses or connected accounts listed. 
    • These options may have addresses listed, which is permissible if they are recognized.
  10. Under Layout, check the Email Signature. You should ensure that the signature is recognized.
  11. Update any items that may require updating.

New Office 365 Look

  1. Log into your Office 365 account from the UConn email website
  2. Navigate to the Gear Icon. 
  3. Select View all Outlook settings.
  4. Click Mail on the left tab, if has not been selected already.
  5. Under Compose and Reply, check the Email signature
  6. Check the Rules tab to ensure that the only rules listed are those that you personally have set up.
    1. Review all unfamiliar rules, if any are listed. 
    2. Delete any unfamiliar rules you do not wish to keep.
  7. Check the Sweep tab to ensure that the only rules listed are those that you have personally set up.
    1. Review all unfamiliar sweep rules, if any are listed. 
    2. Delete any unfamiliar sweep rules you do not wish to keep.
  8. Review all settings listed on the Junk email tab. You should ensure that UConn emails are not blocked, and that no spam/unknown emails have been classified as "safe senders."
  9. Check whether the Forwarding tab is disabled. This tab should only be enabled if you personally enabled it. 

Account Security Tips

Remember that ITS will never ask you for your password.

You should never share your passwords.

You should change any other passwords that are the same as your NetID password.

Office365 Compromised Account
Library Compromised Accounts
Compromised Accounts: Microsoft spamalerts tickets
Handling Compromised Accounts