What to do if your Bronco NetID is compromised

If you fall victim to a phishing attack, you should take the following steps to ensure that your Bronco NetID (account) is secure.

Change your password

If your account is still accessible, change your password as soon as possible. The longer someone has your credentials, the more harm they can cause. 

Flag the message as phishing

If you still have the phishing message, select the message within your inbox,  select the dropdown next to "Junk" and then select "Phishing".

Check your signatures

In an attempt to phish additional victims, attackers may add links to your email signature

Check your forwarding rules

Some attackers may set your account to automatically forward all email to an account they control. Check to make sure that your emails are not being forwarded to another address.

Check your inbox and sweep rules

Attackers may add filters to hide their activity from the account owner. Check to make sure that no new inbox rules have been created.

Identity Theft

If you provided any personal information when responding to a phishing message, you may be at risk of identity theft. Please visit the Security Awareness site for more information on recovering from identity theft.

Check for sending block

After a successful phishing attempt Microsoft may have blocked your account from sending to email accounts other than W-Exchange (Gmail, AOL, Yahoo, etc…). You can test this by sending a test email to your personal email account, if your W-Exchange account is blocked you will receive an email from Microsoft stating so. If this is the case please respond to the email you received in regards to this incident, generally from oit-itsm@wmich.edu, or call the Help Desk at (269) 387-4357.

Check your Payment and Account Information

Log in to GoWMU using your Bronco NetID and password and select the Payment and Account Information channel to check for any changes that may have been made or suspicious activity. If you notice any suspicious activity or have issues with a refund contact Accounts Receivable located in room 1060 of the Seibert Administration Building or at (269) 387-4141 for additional information.

Check if any other accounts have been compromised

Enter your wmich.edu or any other personal email address you would like to test on Have I Been Pwned to see if any of your third party accounts have been compromised in a data breach.