Cybercriminals attempt to gain access to an email account (highjack) so that they can use it to send spam or phishing emails, steal information and use the account to attempt further attacks.

How do I know if my email account has been hijacked?

Warning signs that someone has hijacked your email account could include:

  • Receiving multiple login notifications or password reset requests
  • Becoming locked out of the account
  • Finding mail in the account that you did not send or do not recognise
  • Contacts alerting you to strange spam from your address.

Actions to take if your email address has been hijacked.

Email address hosted with Kindergarten IT Program

If the address is @kindergarten.vic.gov.au you can follow this guidance. For other mail services refer to the section on email hosted elsewhere below.

1. Change your password

Log into webmail.kindergtarten.vic.gov.au and update the password. You should do this from a different computer if you suspect the computer has been compromised.

If you are unsure, or if you cannot gain access to the account, contact our helpdesk for assistance.

2. Check account mail settings

Cybercriminals will sometimes set up ‘forwarding rules’ to send copy of emails coming into or leaving your email account.

Check if any unusual forwards have been placed on your account in webmail by selecting the Settings cog->Toolbox->Forward addresses.

Check if any malicious mail filters have been placed on your account in webmail by selecting the Settings cog->Filters. Filters will have the (filter icon).

Check if an unusual Out-of-Office autoreply has been enabled by selecting the Settings cog->Out-of-Office.

Check if your signature has been altered by selecting Settings cog->Identities->[email address].

3. Determine the impact of unauthorised access to your email account

Once you have updated to a secure password, review any inbox subfolders, including draft folder, sent folder and deleted items folder. Search for emails that you did not send or malicious emails sent while the intruder had access and who they may have been sent to. Take note of unrecognised attachments but do not download suspicious attachments.

4. Continue to follow your organisation’s response plan

This may include making an impact assessment, reporting the incident to cyber.gov.au and seeking support from IDCARE https://www.idcare.org/.

 

Email address hosted with Gmail, Outlook.com,  Microsoft 365, etc.

Refer to the Australian Cyber Security Centre’s Review your email account security guide here: Review your email account security | Cyber.gov.au