What to Do if Your Account Is Compromised

Change Your UMICH password

  • If you suspect your U-M account has been compromised:
    1. Change your UMICH password. For instructions and tips, see Guidelines for a Secure Password and Change My UMICH Password.
    2. Reset your account recovery information in UMICH Account Management so you can reset your password yourself if you forget it. 
  • If you suspect a personal account has been compromised: Change the password for that account. Choose a strong password and make it unique to that account. Do not use the same password for multiple accounts; that puts all your accounts at risk if one is compromised. Use the same guidance for U-M passwords, but do not ever use the same password for your UMICH account as any other account.

Report It

  • UM-Ann Arbor: Report a suspected compromised U-M account immediately to the ITS Service Center.
  • Michigan Medicine: Report a suspected compromised U-M account immediately to the HITS Service Desk.
  • If you suspect a personal account has been compromised, check the account documentation to find out how to report the compromise.

Make Sure Two-Factor for Weblogin is On

When you have two-factor authentication turned on, anyone trying to access your U-M account must provide two proofs of ID. The two factors, or proofs of ID, are:

  • Something you know—your password.
  • Something you have, such as a passcode, a phone, or even a mobile app.

Two-factor (Duo) authentication for U-M Weblogin is required and automatically turned on for all current faculty, staff, students, and sponsored affiliates.

Alumni and retirees can turn on two-factor authentication for Weblogin to add extra protection for their accounts.

Monitor for Suspicious Activity

  • Check your U-M Google email for suspicious activity. Make screen shots showing any settings that have been tampered with to include in your report of the incident.
    • Check activity on your account by clicking the Details link at the bottom of your inbox (when accessing your mail from a Web browser). See Google's Last account activity help. Click the Sign out all other web sessions button if you see suspicious activity.
    • Check the Trash and Sent mail folders for messages you didn’t send or delete.
    • In your Mail Settings, review Forwarding and Filters and delete those you don’t recognize.
    • In your Mail Settings, under Account, check the settings for Send mail as and Grant access to your account to be sure these have not been changed.
  • Learn more about monitoring and securing your Google Mail, as well as about protecting your personal information and privacy, at Google: My Account.
  • Check your other U-M services for suspicious activity. For example, look for files in your online storage space, such as U-M Dropbox, that you did not put there.

Follow Additional Identity Theft Guidance

To detect, prevent, and mitigate identity theft, familiarize yourself with the U-M Identity Theft Prevention Program and follow the Safe Computing guidance for Identity Theft.