My account at the university is suspended

[id : 462] [10/06/2016] [hits : 64866]

fr  nl  

When abuse of a computer account is detected by the system administrators, the account is suspended immediately. Before the account will be released again, users will have to take precautions to avoid the same thing happening again.

When will an account be suspended

Any unauthorized access to an account that is observed by the system administrators will lead to the immediate suspending of the account, in order to prevent any future abuse through the compromised account.

How intruders obtain passwords

There are a number of possibilities:

- by responding to a phishing message
- by clicking on a link in a phishing or strange message
- by using a computer or smartphone/tablet that is infected by viruses and/or spyware
- by consulting e-mail in an non-secure way (note: webmail is secured)
- by logging on onto an non-secured website (HTTP vs HTTPS)
- uploading documents with FTP rather than with SFTP
- by using an unsecured wireless network
- by having another account with the same password hacked
- by communicating the password to a third party (friend, family member,...)

It is primordial to determine the cause of the intrusion, and fix it, to prevent any recurring incident of this type in the future. Each compromised account is a security risk, for the user but also for the university, as a third party can get unauthorized access to secured information or networks. It may also endanger internet access or access to internet services for all members of the university.

What users should do

when having responded to a phishing message

If the owner of a suspended account has responded to a phishing message, the cause of the intrusion is pretty clear. In that case, users have to read the 'Beware for phishing e-mails' webnote that contains useful info about phishing and practical examples.

They should also look into the Phishing Alerts webnote that contains most recent phishing alerts, and let the ICT-Helpdesk known which one they responded to.

when *not* having responded to a phishing message

In that case users will have to take the following actions:

- make sure that their Windows and Android system has up-to-date antivirus and antimalware software installed and active, and check their computers and other equipment for the existence of both. See the Links at the bottom for additional information.

Malwarebytes is a dedicated antimalware software that is available for Windows and Android systems.
Users with a Mac or iPhone or iPad should be reasonably safe from viruses, unless they are running Windows on their system.
- make sure that their mailprogram - except when they only use webmail - is configured in a secure way, that is activating SSL for the incoming mail server. See the Links at the bottom for additional information.

Users may also have used a computer or device belonging to another person, or a public computer on which viruses and malware were active. They should inform the owner of it, especially if they plan to use the same computer again in the future.

Users should be extremely careful when using unknown wireless networks, and unsecured communication may lead to the compromise of an account.

Choosing a new password

Users of whom the account was compromised must choose a new password for their account.

1. they must choose a completely new password, not just change a letter or digit or special character
2. they cannot ever again set their password to the old one, not even in 1 or 5 or 50 years, as it is forever compromised
3. they should also choose a new password for any other service on the internet for which they use the same password, and preferably choose a different password for each service.

How to have an account unsuspended

Users who have taken the necessary steps to secure their access can call or send an e-mail to the ICT-Helpdesk (helpdesk@vub.ac.be or support@ulb.ac.be) to request the release of their account.

When sending an e-mail, they must indicate which steps they have taken to secure their access, indicate which phishing message they responded to if they did so, and report any suspicious findings on their computers and devices. They have to confirm explicitly to have taken all the necessary steps to avoid their account will be compromised again in the future, and they will also have to confirm explicitly that they will choose a completely new password and never set the old password on their account again.

The Helpdesk Team will then release the account and allow the owner to choose a new password through PAM's Lost Password procedure. Make sure to respect the instructions given in Choosing a new password above.

A final note

A lot of the abused accounts are accessed in Webmail. Users should examine their Identity settings in Webmail as the intruders frequently change the name and e-mail address of the account. They should also check if their signature does not contain any publicity.

Peter Van Rossem - helpdesk@vub.ac.be

Users who haven't changed their password in a very long time are more susceptible to see their accounts compromised. We advise all users to regurarly change their passwords (at least once a year).

As of September 1st 2014, the Urbizone wireless network is no longer active at the university. Users having used the Urbizone network in the past and having chosen the same password as their university account are advised to choose a new password for their university account.


: :: ::: ::::