A compromised account occurs when a user’s Onyen is stolen. Most accounts are compromised as the result of phishing attacks. Stolen Onyens are used to send spam or to compromise (phish) additional accounts. Spam is a revenue-generating criminal enterprise. The stolen Onyen may also be used to:
- Access the phished user’s other accounts that reuse the Onyen username/password (e.g. a user has a personal Amazon account linked to their UNC email address and the password is the same as their Onyen password).
- Send emails masquerading as the user for financial gain.
- Search for and exploit any personal financial information in the user’s email/OneDrive account.
- Use the account to access UNC resources and change settings with the goal of financial gain.
- Leverage the user’s “trusted” status to attack other UNC resources.
ITS has automation in place to block access by an attacker and reset the compromised account to a safe status once we know about the compromise. Users should immediately report to the ITS Service Desk if you suspect your account has been compromised. Some signs of a compromised account are:
- Return emails for messages you did not send.
- Not receiving emails that you expect or missing large quantities of old emails.
- Discovery of inbox rules that you did not set up.
- Receiving communications about actions on your account that you did not initiate (I.e. password reset).
The best way to protect your Onyen from being compromised is to opt in to 2-Step Verification for your Office 365 account. Please see instructions on setting up 2-Step Verification.