Locked out? We agree, it's no fun.
Compromised accounts: Tips and resources
If you are reading this, chances are that you were locked out of your McGill account because it has been compromised.
It was necessary to lock your account to ensure that it would not be used to steal your personal information. We apologize for any inconvenience this has caused.
Please see below for some tips to help lower the chances of this happening again.
Your account was compromised because your username and password were stolen. Here are some possible reasons why:
- You got phished:
Phishing emails are fraudulent messages designed to trick users into divulging personal and/or sensitive information. If you received a phishing email, clicked any links contained in the message and/or entered your account information, this could have given the hacker your credentials.
- You used your McGill password at an external website that got compromised:
Do you use your McGill password for your other accounts, such as social media and banking? If you do, you increase the risk of losing your personal information if those external sites are compromised: If cybercriminals obtain your password by hacking one of these sites, they may now also have access to your McGill account because it uses the same password. Ensure that your McGill password is used only for McGill applications.
- You used an infected device:
- Never use public or shared devices to sign in to McGill resources since you never know if they are secure. Keep in mind that all other users have the same access to the machine, and that this can increase the risk of having your credentials stolen.
- Some current operating systems now include built-in threat protection features (e.g. Windows Defender Antivirus, included with Windows 10). Ensure that this service is enabled on your personal device and keep your operating system up to date. For more information, see Guidance on antivirus solutions for home use.
How can you help reduce the chance of this happening again?
While there is no guarantee that you will prevent all future data breaches, you can lower the risk of more incidents by opting in to Two-Factor Authentication (2FA).
2FA provides a second step to prove who you are when logging into your account. In addition to your password, you need to provide something else, such as a code generated from a mobile app or a one-time code sent via text message. Taking this second step can block a hacker’s efforts to steal your personal information.
Currently, all Office 365 applications are protected by 2FA, as they are most commonly used off-campus.
It’s an additional layer of protection for your credentials!
McGill provides a variety of resources to help you stay safe online. Refer to the following:
- How to identify a phishing email
- Strong Passwords – Guidelines
- Cybersecurity sitcom - Ten short, entertaining episodes with interactive games containing helpful tips for staying safe online
If you require assistance with your account, contact the IT Service Desk.