Issue
A student or staff member reported (or it was discovered) that their account has been compromised with fraudulent activity.
Environment
Information
Removing and preventing further access is the top priority when an account is compromised.
Removing groups in SuperVault is key for fraudulent activity on a staff account. Students do not receive special access via groups; therefore, disabling their account is sufficient.
Infrastructure is the only department that can terminate a live active session.
Resolution
- Look up the user in SuperVault.
- Disable the account.
- If the user is Staff, go to Group Memberships and remove:
- ActiveStaff
- Staff
- 2FA Exception
- Alternatively, remove all groups to ensure maximum security. To maintain accuracy when restoring the account, capture a screenshot or create a list of the existing groups beforehand.
- Click Apply.
- Go to the Restrictions tab.
- Go to the Login Restrictions sub-tab.
- Select Account disabled.
- Click Apply.
- Log into CSProd.
- Look up the account under User Profiles.
- Lock the account.
- Contact Infrastructure to terminate the live session after locking down the account.
- If the user has not been contacted, call the user and inform them of the situation.