Skip to table of contents

    Re-activation of compromised accounts

    The official email accounts of the government are much prone to cyber-attacks such as phishing, spoofing, etc. When a user downloads an attachment that has a malware or clicks on phishing link, the user account credentials along with the data gets compromised.

    The data once compromised can lead to data leak putting the sensitive and critical data at the risk of unintended exposure.

    To prevent such incidents, the NIC eMail Security Operations Centre (SOC) pro-actively monitor the network traffic and user sessions. When an anomaly is detected, our SOC systems automatically flag the account and perform containment actions to prevent further compromise of data.

    The containment actions include the following:

    1. All active sessions will be terminated - All web, mobile app, and any IMAP/ POP sessions will be terminated.
    2. Account will be deactivated - The user can not login to their account.
    3. Password for the account will be reset - The user will be prompted to set a new password when the account is reactivated.
    4. App-specific passwords (if any) generated for accesses such as IMAP/ POP will be revoked - The user has to generate new set of app-specific passwords after account reactivation.
    5. API authentication from other applications such as eForms using the NIC eMail account (if any) configured for the account will be reset - The user has to re-authenticate the connections after reactivation.

    Steps for reactivation of a compromised user account in an organisation

    1. When a user account is compromised in an organisation, the containment actions will be performed and hence the user cannot access their account.
      1. The error "Your account is not active. Please contact your organisation admin." will be shown when they try to log into their account using the compromised account's email address.
      2. The user should reach out to the Delegated Administrator of the department.
    2. The Delegated Administrator will be notified via email about the compromise with the details of the same.
    3. The Delegated Administrator can check the status of the account from the Delegated Admin Console of the NIC eMail Services to validate the user grievance. To check the account status:
      1. Log in to the NIC eMail Services using the Delegated Administrator credentials.
      2. Click on the Profile icon on the top-right corner.
      3. Click on Admin Console to navigate to Admin Console.
      4. Navigate to Users section.
      5. Search and locate the user account from the listing.
        1. The user account will be marked as Compromised if containment actions are performed on the user account after the detected breach.
    4. Follow the procedures given in the Cyber hygiene and System cleanup guide to ensure that the user system is sanitized.
    5. After verifying that the system is sanitized and is free of any malware, drop an email to helpdesk-email@gov.in to reactivate the user account.
    6. Our helpdesk team will validate the request with the Security Operations Centre and proceed with the re-activation of the account.

    PREVIOUS

    UP NEXT