Help! I've been Hacked/Phished

See the following instructions for each scenario.

I think I may have been tricked into giving away my username and password.

  • Change your password immediately on the password reset page.
  • If you gave away your username and password via email, forward "as an attachment" the email you received to infosec at holycross.edu.
  • Call the ITS Helpdesk at 508-793-3548 as soon as possible.
  • Your email has potentially been read by an attacker, so you may want to change any passwords for other services you may use on the Internet, such as your bank account login, or credit card login.

What happens next:

  • After you've reset your password and called the Helpdesk, you'll be transferred to the Information Security Officer (ISO).  The ISO will ask questions about the timing of the incident, when you believe you received the email, how you responded to it, did you click a link, etc.  This will aid ITS in preventing it from happening to others.  The ISO will also ask questions about the data in your email and other resources.  This will help ascertain if there are any reporting requirements as a result of the incident.

All my email has disappeared.  I think I may have been hacked.

  • Change your password immediately on the password reset page.  
  • Call the ITS Helpdesk at 508-793-3548 as soon as possible.
  • Your email has potentially been read by an attacker, so you may want to change any passwords for other services you may use on the Internet, such as your bank account login, or credit card login.

What happens next:

  • After you've reset your password and called the Helpdesk, you'll be transferred to the Information Security Officer (ISO).  The ISO will ask questions about the timing of the incident, when you believe you received the email, how you responded to it, did you click a link, etc.  This will aid ITS in preventing it from happening to others.  The ISO will also ask questions about the data in your email and other resources.  This will help ascertain if there are any reporting requirements as a result of the incident.

My computer is acting very strange, I think it may be infected.

  • Unplug your computer immediately from the network.  If it is using the wireless network, power off your computer.
  • Call the ITS Helpdesk at 508-793-3548 as soon as possible.
  • There is a strong chance that alerts have already been created in ITS, as ITS centrally monitors the campus anti-virus systems.
  • Most viruses are highly sophisticated today, and cleaning them is time-consuming, and prone to relapse of the infection.  For this reason, ITS reimages infected workstations in most cases.  It is simply the safest way to guarantee the virus/malware is no longer on the system.
  • If you stored passwords on the system, or used browser-based "remember password" features, you should change all the passwords you believe were stored.
  • Regardless of whether you stored passwords on the system, you should change your Holy Cross network password on the password reset page, just in case.

What happens next:

  • After a re-image, your computer will be updated and security software will be installed.