OVERVIEW
Target audience: McGill students, faculty, and staff
This article explains what to do if your McGill account is compromised.
In this article:
How can your account become compromised?
There are many ways that attackers can gain access to your password and account.
- Trying lots of different passwords, including passwords that have been exposed in data breaches, or that are found in common password lists, until they find the right one to get in.
- Using a common password on many accounts all at once, hoping one will work.
- Responding to a phishing email.
- Entering your credentials while using a computer infected with malware or keyloggers.
- Sharing your account credentials with another person.
- Accessing a fake/compromised website.
What to do if your account has been compromised
If you suspect your McGill account has been compromised, please follow these steps as soon as possible:
- Run a security (antivirus) scan on your computer and ensure that any threats are resolved before you continue.
- Change your McGill password.
- If you haven’t already done so, set up Two-Factor Authentication (2FA) on your McGill account.
- Verify that no changes were made to your personal information in Minerva or Workday.
- Check your Office 365 account settings. Review connected accounts, forwarding, Inbox rules, and automatic replies.
- Evaluate any other data and personal information that could have been potentially compromised.
- Report the situation to the IT Service Desk.
How to protect your password and minimize the risk
Do’s:
- Use strong, unique passwords or passphrases for each of your accounts
- Change any passwords you’ve reused
- Make sure you have security software i.e. antivirus running on your computer that provides antivirus, anti-malware, safe browsing, and other threat protection security features.
- For passwords you don’t need to remember, a password manager can help you generate and store them.
- Never share your McGill password; not even with a family member, your supervisor or manager. Your McGill credentials are only intended for your own, professional use. The more people who know your password, the greater the chances it can get compromised. Cybercriminals often pose as support personnel, law enforcement, or other officials to try and gain access to your accounts.
Don’t:
- Use your McGill password for any other accounts like banking, social media, or online shopping.
- Save your McGill password in your browser or on public or shared computers.
- Reuse passwords.
Frequently asked questions
Why was my McGill account locked?
Often, people don’t realize their account was compromised. We lock accounts when there’s a high or confirmed probability that an account is compromised. We do this based on information from multiple sources. For example, when our detection systems spot signs of suspicious activity on accounts, or we receive information from trusted intelligence sources about threats that can or are impacting McGill users.
ADDITIONAL REFERENCES: