Skip to main content
Navigate Up
Sign In

IT Services, Information Technology Services

 

Compromised Account Procedure and the Phishing Lock Out Process


 

All university users are required to take the following steps if they believe that their university credentials have been compromised:

1) Change your password immediately.

2) Contact the OIT Help Desk (4-HELP or 303-724-4357) and let them know that you believe that your credentials have been compromised. If your department has a LAN Admin, you may reach out to them for additional help and/or information.

The University of Colorado Denver | Anschutz Medical Campus has been a target of ongoing Phishing attacks. Phishing is a way of attempting to acquire sensitive information such as usernames, passwords or credit card numbers by masquerading as a trustworthy entity, typically via email. Phishers frequently use the accounts that they have compromised to send out large volumes of spam, although they may use the acquired credentials for more malicious activities (identity theft, access to private data, etc.). Large volumes of outbound spam may lead to the University's email servers being Blacklisted by other organizations (e.g. Comcast), which in turn results in University email not flowing properly to those external organizations.

In an ongoing effort to combat these phishing attempts, IT Services has implemented new technology to help identify accounts that have been compromised and automatically turn off the account until users can be notified that their account as well as their information is at risk. This technology identifies email accounts that are sending more than 350 email messages at once, tags them as suspicious and then temporarily turns the sender's email (active directory) account off. Users are then notified by IT Services that their account may be compromised.

Users sending out a large number of legitimate emails at one time may be affected by this new technology (ie: having your email account temporarily locked out). Users can avoid this potential problem by using the IT Services List Server when they need to send emails to a large number of recipients.

To find out more information about using the List Server,

© The Regents of the University of Colorado, a body corporate. All rights reserved.

Accredited by the Higher Learning Commission. All trademarks are registered property of the University. Used by permission only.