If your university credentials have been compromised—meaning that another person has gained access to your EID, UTmail, or other university-related login and password—you will receive an e-mail message from the Information Security Office (ISO) alerting you to the situation. If you have received such a message, please read the following information carefully.
There are a number of ways that your credentials could have been compromised:
- You were the victim of a phishing attack.
- Spyware on your computer installed a keylogger.
- Your laptop was stolen.
- You shared your password with another person, which is a violation of the Acceptable Use Policy.
- The credentials of another non-university account were compromised.
If the ISO finds that your credentials have been compromised, your EID will be locked and your Resnet and Public Network Access accounts will be suspended until the issue has been resolved.
If one of your accounts is compromised, the ISO recommends that you format your hard disk and re-install your operating system. Malware, including keyloggers and spyware, is the most common method used to steal confidential information; erasing the contents of your hard disk ensures that all malware will be eliminated.
If you cannot re-install your operating system yourself, the Campus Computer Store can do it for you.
Phishing, a type of confidence scheme whereby an attacker sends a seemingly official e-mail in an attempt to steal private information, is also a common method used to steal credentials. Phishing attacks should be handled in one of the following ways:
- If you believe you have received a message that was an attempted phishing attack, delete it immediately. You can also report the message by forwarding all samples to the UT Postmaster (firstname.lastname@example.org) or by using the "Report" button in your Outlook app.
- If you have responded to a phishing e-mail and fear that your UT EID or other university account has been compromised, contact the Information Security Office.
- If you have responded to a phishing e-mail and fear that you may have compromised the security of a non-university account, log on to the Web site of the organization that maintains the account and change your password immediately. Contact them directly if you have any trouble.
You will also need to complete the following steps to ensure the safety of your private information:
- If your credentials were compromised due to the theft of university-owned equipment, such as a laptop, fill out the stolen equipment notification report form.
- Change your EID password and any other UT password you might have exposed (e.g., UTmail)
- Check for the presence of unauthorized mail rules or mail forwards that might have been created in your mail account by attackers -- which are created to hide their usage of your account.
- Log in to any other important online service accounts (banking, e-mail, etc.) and change your passwords.
- Ensure you have a reliable and updated antivirus solution in place.
- Contact the Help Desk and ask to have your Resnet and Public Network Access accounts reinstated.
- Contact the ISO to have your EID unlocked.
NOTE: Failure to change cached copies of old credentials in applications or devices can result in temporary account lockouts when those applications or devices continue trying to connect with the old credentials.