University of Alberta

Login Sign up

My CCID Account Has Been Compromised, What Do I Do?

Modified on: Fri, 14 Mar 2025 2:09 PM

Introduction


This guide is designed to assist users with an active CCID who've been targeted by phishing emails, leading to an account suspension.

Applicability


This guide is applicable for users who have been affected by a phishing email. The steps outlined here will guide you in ensuring your account will remain secure and give you best practices for the future. 

Procedure


Before You Begin


IMPORTANT!


If you do not follow the steps completely, your account may become compromised again. This can happen as bad actors may change your account settings that need to be reverted to their original state. 


Process Steps:

If you currently have no access to your CCID account. 

  • If you suspect you have been the target of a phishing email, you will need to contact the IT Service Desk at 780-492-8000 ext 1, Monday to Friday, 7:30 AM to 6:00 PM. We are not able to assist you over email when it comes to account compromises. 
  • You will need to have your 7-digit Student or Employee ID number when you call us. If you do not know your 7-digit Student or Employee ID number, please check out the article listed here: Find Your Student or Employee ID Number
  • Once you give us a call, the analyst on the phone will complete a verification with you using that ID number and continue with the procedure to get you back into your CCID account.
  • You will need to have access to a computer at this time. The analyst will need to go over your account settings with you, and those settings can only be checked on a computer. 

If you have already spoken to IST and regained access to your CCID account, but are waiting to regain Google Services access.


Once you have received confirmation that you have regained Google Services access after your account compromise, you will need to check the settings below to ensure you do not lose access to your account again. Failure to follow all these steps could result in your account becoming compromised again. 

  1. Navigate to your Self-Service Password Reset settings. Ensure what is entered for both the phone and email options are yours and not someone else's. 

  2. On your computer, navigate to Gmail. You will not be able to use a mobile device as some settings are not accessible without a computer.

  3. Head to settings by finding the Gear icon at the top right  then click "See all settings".

  4. You will then want to navigate to "Accounts and Import" and ensure that the information under the section labeled "Send mail as" is set to your name and your email and not something else, if it is something you do not recognize you will want to click on edit info and change the settings back to default. Reference below. 



  5. Next, you will want to navigate to Filters and Blocked Addresses and ensure you do not have any unknown filters set up or blocked addresses, if you see something you do not recognize, you will want to delete it as it could be redirecting or deleting your emails. Reference below.
     


  6. Lastly, you will want to check "Forwarding and POP/IMAP", we want to ensure that there are no forwarding email addresses set up to ensure emails you receive are not going to a third-party address. Unless you do have a legitimate email for forwarding, it should just say "Add a forwarding address". Reference Below. 


Now that your Gmail settings have been checked, your account should be secured once again. It is important to note, if you had used your compromised password on any other site other than your CCID, you will want to update that to ensure those accounts are secured as well. 

IMPORTANT!

IST will never ask you to provide your CCID password or a Duo passcode, nor will we ask you to verify your CCID. 

If you have been asked to verify your CCID or worried about your CCID being deleted because of an email, please forward the email to abuse@ualberta.ca to confirm its legitimacy.

You can also always call the IT Service Desk at 780-492-8000 ext 1, Monday to Friday 7:30 AM to 6:00 PM to ask about the legitimacy of an email. 


Additional Considerations


Your account may have been used to send out other phishing emails to other accounts, which may result in emails regarding bounced back messages or replies asking if it is legit, please do not reply to these emails and just delete them as they come in, they will eventually stop.

If you fell victim to a financial scam, where you have lost money, you will need to report the scam to your bank immediately, and it is also recommended to report the incident at https://www.antifraudcentre-centreantifraude.ca/scams-fraudes/victim-victime-eng.htm


For more information about being secure online please visit our Information Security website here: https://www.ualberta.ca/en/information-services-and-technology/security/index.html
 

Was this answer helpful?