Over the past three months, cyber attacks that target password resetting have increased dramatically. These attacks use your account’s security questions to trigger a password reset. When attackers reset your account password, they gain full access to your email, files, and any services that use your Lehigh email address for account recovery processes, including social media, data storage, professional, and other personal online accounts.
STEPS TO TAKE IMMEDIATELY
1) Review the security questions on your account. Ensure that your security questions cannot be answered by guessing or by browsing your social media profiles or the profiles of family and friends.
Review and update your Lehigh security questions by:
a) Going to https://www.lehigh.edu/change
b) Entering your username and password
c) Selecting the Set Security Questions option and clicking the Continue button
2) Review the privacy settings on your social media accounts and consider restricting your profile’s visibility to only those individuals you know and disabling settings for public searchability.
3) Be on guard to any unauthorized access or attempts on your Lehigh or other personal accounts.
Should you suspect any unauthorized account access or credentials compromise, immediately contact Colin Foley (610-758-3072) or Forest Crowley (610-758-3830) in Information Security & Identity Management.
Thank you for doing your part to protect your information and the university's systems and data.
Bruce M. Taggart, Ph.D., Vice Provost, Library & Technology Services
Keith K Hartranft, CISSP, CISM, PCI-DSS ISA & PCIP, Chief Information Security Officer, Library & Technology Services