Compromised Accounts
A compromised EKU account is one accessed by a person not authorized to use the account. Criminals and hackers target EKU users to gain:
- They can access the EKU network, processing power, and storage to commit crimes.
- Access to EKU academic resources, like the library and journal subscriptions.
- Information about you to steal your identity, commit fraud, and use your reputation to target your contacts for phishing and fraud.
- Access to institutional data and financial information.
- Access to other employee and student information.
When accounts are compromised, valuable computing resources and sensitive institutional and personal data is put at risk. Even accounts with limited or no access to institutional data and nothing private or of value in email or personal files are valuable to hackers.
How Accounts are Compromised
- Phishing. Emails asking you to verify, validate, or upgrade your account by logging in to a website or providing your password are most likely phishing scams. Learn more and protect yourself. EKU will NEVER send an email asking you to confirm your identity or provide confidential, personal information.
- Password Stolen on Another Site. Reusing your EKU passwords on other sites, especially those where your eku.edu email is your username, puts EKU resources at risk. If your account on those sites is compromised, your EKU account can be easily accessed.
- Password Sharing. If you shared your password with a friend, significant other, or family member, they might not have been as careful with it as you are.
- Malware. Using an untrusted computer or a computer infected with a computer virus, running a keyboard logger, or subject to other malicious systems compromises your accounts.
- Weak Passwords. A short, simple password can be vulnerable to guessing or brute-force techniques. Passwords should be a minimum of 10 characters, including upper and lowercase letters, at least one number, and at least one special character (!, @, #, $)
How EKU Identifies Compromised Accounts
- Reports from Compromised Users. Come compromised account/spam reports lead IT to discover affected account holders.
- System Monitoring. Automated system monitoring alerts system admins to suspicious or unauthorized activity.
- "Abuse" Complaints. Complaints or alerts received from third parties about spam or network-based attacks coming from EKU accounts.
- Log Analysis. Investigation of security incidents sometimes reveals evidence of compromised accounts.
If EKU Identifies your EKU Account as Compromised
- Your EKU email password will be randomized.
- Multi-factor authentication (MFA) methods will need to be reset.
- Contact the IT Service Desk by phone at 859-622-3000 to reset your password and clean up your account.
- If you use that password on other sites, change it too.
Contact Information
IT Service Desk
support@eku.edu
it.eku.edu
859-622-3000