Securing a Compromised Faculty / Staff Email Account


Instructions on handling a compromised faculty / staff email account.



I think that my account has been compromised. What do I do?


The account may have been compromised and malicious activity may have happened with the Exchange account.


  1. Reset your NetID password immediately.
  2. Log into your email.
  3. Click the (gear icon).
  4. Click View all Outlook settings at the bottom.
  5. Select the Mail tab. 
  6. Select Rules.
  7. Delete any unrecognized inbox rules.
  8. Select Sweep.
  9. Delete any unrecognized Sweep rules. 
  10. Select Forwarding.
  11. Select Forwarding.
  12. Un-check Enable forwarding if this option has been turned on, and delete any email addresses that are not yours. 
  13. Click Save.
  14. Select Compose and reply.
  15. Remove any malicious content in the email signature.
  16. Click Save.
  17. Close the Settings window.
  18. Click your account in the upper-right corner.
    Note: If you have uploaded a custom profile picture, you will see that as your icon. If you have not uploaded a custom profile picture, your icon should be your initials. 
  19. Click View account.
  20. You can view your personal information here. If there are any changes that need to be made, make note of them. If your User ID has been changed you will need to contact the ITS Service Desk. Our email admins will have to make this change.
  21. Your account is secure again. Try sending yourself an email from a non-WKU account to ensure you can still send and receive. If you can still not send or receive emails please contact the ITS Service Desk.
  22. Contact the ITS Service Desk immediately to report your compromised email account.



Article ID: 882
Tue 11/4/14 7:35 AM
Thu 10/26/23 2:22 PM

Related Articles

Related Articles (1)

Information on what to do if you notice someone's WKU email account has been compromised.