If you suspect that your e-mail has been hacked, you must take the following actions.
- Change your e-mail password immediately.
- Contact Computer Services to inform us (and re-enable your account if necessary)
- Remove any unfamiliar devices and apps from your Kean account
- Change your password on any account that uses the same password (even personal accounts)
- Fixing your e-mail name (if it was changed)
Once we have received notice of an account compromise or detected suspicious activity, we will investigate. Your account may be disabled once the risk has been detected. In this case, please call or visit the office.
Once you have taken the steps above, no further action is needed on your part unless we contact you.
For more information about these steps and about account compromises, see the steps below.
Detailed Steps:
1) Changing your password
If you are still able to log into your account, please change your password. If you cannot, please call the office.
If you are currently logged into your account, you can reset the password at this link: https://myapps.kean.edu/enduser/settings
2) Contacting Computer Services
You may contact us by phone during our hours of operation. If you do not have access to the account, a phone call will be required to reset your password.
If you still have access to the account, you may send us an e-mail with the details either in a new message or by forwarding any suspicious message you've received.
3) Changing other account passwords
Once a password has been stolen, you should assume that it'll never be safe to use again. When hackers obtain passwords, it is very common for them to save and share those passwords in order to try them on other accounts across the internet. This is especially dangerous if you use the same e-mail or username. For this reason, we highly discourage re-using any passwords across multiple accounts.
4) (Kean Outlook) Fixing the name on your account
Some hackers will change the name listed when you send out e-mails in order to impersonate other people and companies. You can correct these name changes through your mail settings. There are two places where your name may have changed:
For more detailed instructions and information, please see our Solution article about account names.
Common Questions:
(For more information on Phishing scams, please see the FTC's official article)
How do I know if I've been compromised?
Hackers will often use your account to send out e-mails to spread their scam or malware even further. Sometimes, you may notice that your e-mail name has been changed. You may also be locked out of your account if the hacker changes your password. Keep an eye out for any activity on the account that you don't remember doing. Check your Sent e-mail.
How might I have been compromised?
- Clicking on an unfamiliar link, bringing you to a fake page that collected your information or installed malware.
- Entering sensitive information while connected to an unsecured Wi-Fi network (i.e. does not require any passwords or sign-in), sometimes even a home network
- Downloading suspicious files that aren't what they claim to be, especially from unlicensed sources of copyrighted material (i.e. "digital piracy")
- Clicking to allow a "script" to run in an e-mail or installing
- Using a weak or easily guessed password ("123456", "letmein", "password")
- Malware (viruses, spyware, keyloggers, malicious scripts, unsecure browser extensions, etc.)
- Another account using the same password was compromised
What should I do when I receive a link in my e-mail?
- Make sure to never click on a link you do not expect to receive.
- Check where the link really goes and make sure that it looks right.
- Look for anything unusual in the e-mail's content, such as grammatical/spelling errors, unfamiliar terms, or a threatening tone.
- Make sure that all links and e-mail addressed are accurate; Kean pages should be "kean.edu" and not "kean.edu.co"
- When in doubt, navigate directly to the official website instead of using the link.
Please note that URL shorteners such as "tinyurl.com" and "bit.ly" are legitimate websites, but are often exploited to hide the real address of a link. It fine to create and share these links privately since they are not inherently harmful, but it is highly discouraged to use these links for public distribution in order to avoid normalizing them. Online "URL expanders" or "URL checkers" can give the full link that a shortened URL leads to.
Always stay calm and read the e-mail carefully; scammers want to scare and confuse you by making it seem like something is urgently wrong and lure you to click on their links to fix it. If you ever receive an e-mail that doesn't feel right or sound familiar, reach out to IT or to the person who supposedly sent it to you and ask if it's a legitimate link and the proper action to take.