Incident Response FAQ - Santa Clara University

What do I do if I think my computer is infected?

Call the Technology Help Desk x5700 (408-554-5700) or visit the Technology Help Desk on the first floor of the Learning Commons.
If it's a laptop or tablet computer, please bring it with you.

My computer is acting funny. Random windows pop open and the mouse is going crazy. The keyboard just doesn't work, either. Have I been hacked?

Probably not. Try changing the batteries in your wireless mouse and/or keyboard.
If the problem persists, call the Technology Help Desk x5700 (408-554-5700)

I've lost the USB stick (DVD, CD, phone, external drive, etc). that I used to carry information home so I can work on it. What should I do?

Call the Technology Help Desk x5700 (408-554-5700). The Help Desk will notify the Information Security Office (ISO) who will call you back with some questions (see example questions below)

Was university data stored on the computer?
- Student records (names, ID numbers, grades)?
- University financial information?
- Student health records?

My computer has gone missing (stolen, lost, disappeared). What do I do?

If it was stolen, file a report with the police
If it was a university owned computer, call the Technology Help Desk x5700 (408-554-5700). The Help Desk will notify the Information Security Office (ISO) who will call you back with some questions (see example questions below)

Was university data stored on the computer?
- Student records (names, ID numbers, grades)?
- University financial information?
- Student health records?
Was your own personal data on the computer? (Tax, banking, health records)
- Consider subscribing to a credit monitoring service.

Also, if it's a university owned computer, call the Risk Management Office to see if the computer is insured and can be replaced without incurring additional cost to your department.

If it's a personally owned computer and there was university data stored on it, call the Technology Help Desk x5700 (408-554-5700). The Help Desk will notify the Information Security Office (ISO).

I am receiving threatening emails, voicemails, instant messages, texts, etc. Who should I call?

Call Campus Safety x4441 (408-554-4441). They will ask you questions about the content of the messages and may contact the Santa Clara Police Department.

I am receiving spam or inappropriate solicitations in my email. What do I do?

If you believe the email is part of criminal activity, DO NOT delete the email until you have contacted Campus Safety x4441.

If it is a garden variety spam that has slipped through Google Apps' spam filters, you can report the undesired spam email:

Click the checkbox next to the message in your inbox
Then find the icon that looks like a stop sign with an exclamation point on it in Google's icon bar.
- Click that icon and you're done!
- You will also be helping Google's spam filters "learn" about the spam that it has been missing.

I got an email that looks like it comes from SCU. It's asking me to enter my SCU username and password because I'm about to lose network access.

Even if the email has our logo and all of the right colors, it may not be from SCU. Does it read strangely? Are there spelling or grammar mistakes?

DO NOT ENTER YOUR USERNAME OR PASSWORD. You have been phished.

Click the little down arrow just to the right of the email date stamp and below the little printer icon to the right of the email's subject line.
Click "Report Phishing"
- You're helping Google's phishing filters to catch the phish that it has been missing

DANG IT! I ALREADY ENTERED MY USERNAME AND PASSWORD. It looked so real. Now what?

Change your SCU passwords immediately!

For more information about phish emails, look here. For more information about changing your SCU password, look here.

SCU will NEVER request your credentials or login ID via email. All email messages that request this or other personal information are fraudulent.

I know I've been hacked! Someone has accessed my computer or data without my permission or university authorization. What should I do?

DO NOT turn your computer off. Stop all activities on the computer and contact the Technology Help Desk x5700 (408-554-5700). Tell the Help Desk analyst that you have an urgent issue, and that you suspect an information security incident has occurred. The Help Desk will contact the Information Security Office (ISO) who will contact you and begin investigating the incident.

I think someone has accessed, misused, or abused SCU's information technology resources. Who do I call?

Call the Technology Help Desk x5700 (408-554-5700). Tell the Help Desk analyst that you have an urgent issue, and that you suspect an information security incident has occurred. The Help Desk will contact the ISO who will contact you and begin investigating the incident.

Be prepared to provide a brief explanation of the suspected abuse or misuse.
When possible, please include the suspected SCU IP address or computer name, and the data and time when the suspected abuse occurred. The more specific you can be, the better the chance we have of tracking down the suspect.