Skip to main content

A compromised account occurs when a user’s Onyen is stolen. Most accounts are compromised as the result of phishing attacks. Stolen Onyens are used to send spam or to compromise (phish) additional accounts. Spam is a revenue-generating criminal enterprise. The stolen Onyen may also be used to: 

  • Access the phished user’s other accounts that reuse the Onyen username/password (e.g. a user has a personal Amazon account linked to their UNC email address and the password is the same as their Onyen password).  
  • Send emails masquerading as the user for financial gain.
  • Search for and exploit any personal financial information in the user’s email/OneDrive account. 
  • Use the account to access UNC resources and change settings with the goal of financial gain. 
  • Leverage the user’s “trusted” status to attack other UNC resources. 

ITS has automation in place to block access by an attacker and reset the compromised account to a safe status once we know about the compromise. Users should immediately report to the ITS Service Desk if you suspect your account has been compromised. Some signs of a compromised account are: 

  • Return emails for messages you did not send. 
  • Not receiving emails that you expect or missing large quantities of old emails. 
  • Discovery of inbox rules that you did not set up.  
  • Receiving communications about actions on your account that you did not initiate (I.e. password reset). 

The best way to protect your Onyen from being compromised is to opt in to 2-Step Verification for your Office 365 account. Please see instructions on setting up 2-Step Verification.