Overview
The Office of Information Technology (OIT) has a number of security measures in place to help protect the account information of all faculty, staff, students, and alumni. If potential suspicious activity is detected, OIT will take action by deactivating all current access, locking everyone out, most importantly any bad actors with unauthorized access, but also those with legitimate access. While this poses a (hopefully temporary) inconvenience to the account owner, it also helps ensure that the account owner and ONLY the account owner regains access to their information with a new, hopefully more secure password. Anyone that suspects suspicious activity is taking place or needs help regaining access to their own account should start by contacting the Help Desk at (989) 774-3662.
Possible Reasons for Global ID Account Deactivation
- Account accessed from a known bad IP address
- Account was accessed from a network location that has been previously flagged as suspicious
- Account accessed from foreign country
- Account was accessed from a location outside the US that has been previously flagged as a source of suspicious security-related activity
- Account accessed from multiple geographic locations
- Account was access from multiple locations within a very short amount of time, sometimes referred to as an impossible travel scenario. For instance, account was detected as having been accessed from a location in Mt. Pleasant, Michigan and then again from San Diego, California 15 minutes later
- Account compromised (general)
- Accounts was flagged as potentially compromised by one of a variety of security safeguards and monitoring tools in use at CMU
- Account compromised (CAS)
- Account was used to access the Chemical Abstracts Service and flagged as compromised, as reported by CAS
- Account compromised (credentials dump)
- Account credentials were found online on an external-to-cmich website, tested against current CMU authentication, and found to be valid
- Account compromised (suspicious forwarding)
- Account mail forwarding was set to either a known SPAM recipient address, or is set to forward to the same address as multiple other cmich.edu accounts
- Account compromised (malware)
- Account was accessed by malicious software (malware) apparently installed on a device used by the account owner
- Account compromised (used to send SPAM)
- Account was accessed by bad actors and used to send SPAM to other cmich.edu accounts. Outgoing email from the account may have been automatically blocked by Microsoft
Actions Taken to Help Secure a Global ID Account Once it has Been Flagged as Potentially Compromised
- Account password reset to a random set of letters and numbers
- Active website and application sessions terminated
- Cleared any existing mail forwarding settings (if any were found)
- Disabled any inbox rule(s) that deleted items (if any were found)
Tips and Resources for Future Reference
- Never give out your password to anyone under any circumstances
- Be suspicious of email messages requesting any usernames and / or passwords
- Hover over links to ensure that they direct you matches the URL displayed
- Avoid using your CMU Global ID and / or password on any other internet sites or services
- If traveling internationally, reach out to OIT through filling out the Security Consultation ticket proactively to see if your account can be considered for an exception to mitigate the event of being disabled
Additional information can be found in the related OIT Account Security article.