Compromised Account | Safe Computing at UNC

A compromised account occurs when a user’s Onyen is stolen. Most accounts are compromised as the result of phishing attacks. Stolen Onyens are used to send spam or to compromise (phish) additional accounts. Spam is a revenue-generating criminal enterprise. The stolen Onyen may also be used to:

Access the phished user’s other accounts that reuse the Onyen username/password (e.g. a user has a personal Amazon account linked to their UNC email address and the password is the same as their Onyen password).
Send emails masquerading as the user for financial gain.
Search for and exploit any personal financial information in the user’s email/OneDrive account.
Use the account to access UNC resources and change settings with the goal of financial gain.
Leverage the user’s “trusted” status to attack other UNC resources.

ITS has automation in place to block access by an attacker and reset the compromised account to a safe status once we know about the compromise. Users should immediately report to the ITS Service Desk if you suspect your account has been compromised. Some signs of a compromised account are:

Return emails for messages you did not send.
Not receiving emails that you expect or missing large quantities of old emails.
Discovery of inbox rules that you did not set up.
Receiving communications about actions on your account that you did not initiate (I.e. password reset).

The best way to protect your Onyen from being compromised is to opt in to 2-Step Verification for your Office 365 account. Please see instructions on setting up 2-Step Verification.