What to do if Your Keyes Email Account is Compromised

If you have discovered your email has been compromised, please notify support@keyes.com immediately. You may suspect a compromise, if you notice unusual activity such as:

Suspicious activity, such as missing or deleted email.

Users receiving email from the compromised account without the corresponding email in the sender’s Sent Items folder. If a hacker has taken over your email address and used it to send messages, they may try to cover their tracks by deleting all sent messages. Alternately, you may notice messages in your sent folder that you never wrote or sent.

You suddenly cannot log into your account: If your password is no longer working, you may have been locked out of your account.

If support has notified you that your account has been compromised, then we have already blocked the account from anyone being able to sign into it.

In order for you to get your account unblocked, you will need to scan your devices using the instructions in the attachments.

After scanning your devices, please be sure to quarantine anything that was found and send us a screenshot of what it found. Then be sure to delete the items in quarantine.

You will want to continue scanning until nothing is found. Support will then reset your password again and unblock your account.

Additionally,you will want to change the passwords on any site using the same password as your email and any passwords on accounts that are either stored in your email or have sent you emails.

NOTE: If the hackers now have access to your email, they may know from your stored emails, what places you go to online and try accessing them with the password from your email. If you used the same password elsewhere, you will want to change it at each site/service (such as your KVC, your banking website and other important sites). Best practice is to never use or share the same password between any service.

Be sure to use a strong password: mix of upper and lowercase letters, at least one number, and at least one special character.

Even if the password history requirement allows it, don’t reuse any of the last five passwords. Use a unique password that the attacker can’t guess and do not use the same password on any other service, website or system.

Change your security questions: If a hacker has had access to your account, they may have found the answers to your existing security questions. Take the extra step and change them. Avoid questions that can be easily guessed or found by scanning your social media profiles.

After you have regained access to the account, for future self-service password resets and/or for MFA requirements by Micro$0ft, you should register a “Phone” and alternate “Email” with Micro$0ft @ https://account.activedirectory.windowsazure.com/passwordreset/Register.aspx

You should request/consent to requiring MFA for your account to be less likely to become compromised.

You should also check your account’s Inbox Rules, to ensure that nefarious actors have not diverted your email elsewhere.

Inbox rules that weren’t created by the user might automatically forward email to unknown addresses or move messages to the Notes, Junk Email, or RSS Subscriptions folders, where nefarious actors can access sensitive materials.

Sign in to your mailbox using Outlook on the web.

Select Settings (gear icon), enter ‘rules’ in the Search box, and then select Inbox rules from the results.

On the Rules tab of the flyout that opens, review the existing rules, and turn off or delete any suspicious rules.

You should confirm that no unrecognized App passwords have been created in your account under “Security-Info” @ https://mysignins.microsoft.com/security-info

Hackers will sometimes create “App passwords” to access your account; if you find and do not recognize a App password, it should be deleted immediately.

Report identity theft. If sensitive information like your social security number was compromised when your account was hacked, report it at the Federal Trade Commission’s Identity Theft site.