Account Recovery

Summary

This article outlines the steps you need to take in order to recover your account after it has been compromised.

Body

Overview

This article outlines the steps you need to take in order to recover your account after it has been compromised.

Environment

JMU account/eID

Troubleshooting/Resolution

If you've arrived at this page, it may be because:

  • You were notified that your JMU password was changed by someone else or someone else was using your account.
  • Someone used your email account to send spam, scam, or phishing messages and your mailbox contains bounced messages and complaints.
  • You are unable to log into your account with a password you know to be good.

If any of these have happened to you, someone was likely in control of your account. Unfortunately, regaining control is often not as simple as just changing your password. If you don't regain complete control, criminals may be able to regain access and cause more trouble, and you'll have to start over.

Common activities that may have been performed while someone had control of your account include:

  • They used it to reset passwords and gain control of other accounts (banking, Facebook, Gmail, etc.).
  • They used it to change your JMU direct deposit information, to get your paycheck or financial aid.
  • They added MFA devices to your account (new Okta Verify phone, new physical security token).
  • They made other modifications to your account to track your activity or steal data.

You must discover and correct for every action that a criminal took in order to completely mitigate the damage they may have caused and prevent them from accessing your account again.

Make sure you complete ALL steps below to prevent your account from being compromised again.

Step 1: Change your password

If your e-ID account was compromised, use mylogin.jmu.edu to change your eID password. If you cannot log in, contact the IT Help Desk.

  • You should be using a totally different password with each change. Making only a minor modification, such as using a similar password but incrementing a number (for example, password1 becomes password2) is completely predictable and a common way that accounts are compromised.
  • Don't use a password that you've used in the past on a non-JMU system. Anytime you reuse passwords between two systems, if an account on one system is compromised, the account on the other system will be next.

Step 2: Check your security methods in Okta (mylogin.jmu.edu).

View this article and follow the instructions to "Remove a Device," but stop short of actually removing anything (do not click any "Remove" buttons yet). Review the devices listed, and be especially suspicious of any that were recently enrolled. Remove anything that doesn't belong.

Step 3: MyMadison Actions

Verify all of your information, because an intruder may have changed it. Employees should pay particular attention to direct deposit information.

Step 4: Email Actions

Use a web browser to login to Outlook (https://outlook.office.com) and click the gear icon in the upper right. It's best to use the web this time, even if you normally use a client like Outlook. Check all of your Settings, but in particular the following:

  • General -> Distribution Groups - Check for changes in your group memberships
  • Account -> Mobile Devices - Check for changes in your device settings.
  • Mail -> Rules - Check for rules that may delete, move, or forward messages.
  • Mail -> Sweep - Check for rules here as well, just as before.
  • Account -> Signatures - Check for changes to your email signature(s). Criminals sometimes change this and include malicious web links or fraudulent information.
  • General -> Notifications -> Check for changes in notifications. Criminals may use this to keep track of your activities.

In the Windows/Mac version of Outlook, check the following:

  • Check for unauthorized Mail Delegation
    • On Windows, click File, then Account Settings, then Delegate Access.
    • On Mac, click Outlook, then Settings, then Accounts, then highlight your account, and click Delegates & Sharing
    • Verify no unauthorized accounts allowed to access your Exchange account.

Step 5: Linked Accounts

  • If you use a JMU or Dukes email account as a recovery address for other accounts (e.g. banking, Facebook, Gmail, Apple, etc.) the criminal may have used it to gain access to those accounts. Change your password in those services and look for changes there as well.
  • Accounts that use the same or similar password are only as secure as the weakest site. Use a password manager to help you generate and manage unique passwords.

Step 6: Report the Account Compromise

Report what happened to abuse@jmu.edu. Include information about any changes you discovered above. Report how you believe the account became compromised, because it might help us warn others about similar attacks. Intelligent, careful people sometimes make mistakes and are fooled by fake email messages or web sites, so never be embarassed to tell us all of the details of your compromise.

Additional Information or Notes

For additional questions you can contact the JMU IT Help Desk at helpdesk@jmu.edu or 540-568-3555.

Details

Details

Article ID: 20711
Created
Mon 4/20/26 1:12 PM
Modified
Fri 6/12/26 8:50 AM

Related Services / Offerings

Related Services / Offerings (1)

Report Unauthorized Account Access
If you believe your account may be compromised, please change your password immediately. If you are locked out of your account, please contact the IT Help Desk at 540-568-3555. Additionally, please report any accounts that you suspect are compromised.