Cybersecurity – Iscte-Informática

What to Do If Your Device Is Showing Unusual Behavior

Target Audience: Iscte Community

Signs of Suspicious Behavior

Common indicators that your device may be experiencing a security issue include:

- Sudden slowness or abnormal performance
- Frequent crashes or unexpected errors
- Unusual pop-ups, advertisements, or warning messages
- Redirects to unknown or unexpected websites
- Changes to browser settings (such as the homepage or search engine)
- Unknown or unfamiliar programs and applications appearing on the device

Answer/Solution:

📡 Disconnect the Device from the Internet (If Necessary) → This helps reduce the risk of data transmission or remote control by malicious actors

- Disable Wi-Fi or disconnect the network cable
- Avoid communicating with external systems until the issue has been assessed

🛑 Avoid Continuing to Use the Device → This helps prevent a potential compromise from worsening

- Do not access institutional applications or services
- Do not enter usernames, passwords, or other credentials
- Avoid performing sensitive activities, such as financial transactions or accessing confidential information

⚠️ Check Security Alerts → Security notifications may provide useful information about the cause of the problem

- Review alerts from the operating system, antivirus software, or endpoint protection tools.
- Identify any detected threats or suspicious activity
- Do not ignore critical security warnings

📸 Record Relevant Information → This information can assist technical teams with diagnosis and investigation

- Take screenshots of any unusual behavior or error messages
- Note:
  - When the issue started
  - What actions were being performed at the time
- Identify any applications, websites, or files involved

📣 Contact Technical Support → Prompt reporting enables timely technical intervention and helps protect both the device and the wider community

- Report the issue as soon as possible
- Include:
  - The symptoms observed
  - When they occurred
  - Any actions already taken

Further Information:

Even if the issue is ultimately not confirmed as a security incident, it should still be reported. Early reporting helps prevent future problems and contributes to the overall security of institutional systems.

See also:

- Email (overview)
- Troubleshooting Guide
- Cybersecurity Awareness

What to Do If You Entered Your Credentials on a Suspicious Page

PT

Target Audience: Iscte Community

Answer/Solution:

🔐 1. Change Your Password Immediately → This is essential to prevent unauthorized access using compromised credentials

- Change the password or the affected account as soon as possible
- Chose a strong, unique password that is not used elsewhere
- If the same password is used for other services, change it for those accounts as well

🔄 2. Sign Out of Active Sessions → This helps ensure that any unauthorized access already established is terminated

- Sign out of all active sessions and devices (global sign-out, if available)
- Sign back in only after changing your password

🔐 3. Strengthen Account Security → Additional security measures can help prevent further unauthorized access

- Enable Multi-Factor Authentication (MFA) if it is not already enabled/li>
- Review your account security settings
- Check for unauthorized changes, such as email forwarding rules or modified recovery options

🔍 4. Review Account Activity → This can help determine whether the account has already been misused

- Check for:
  - Unrecognized sign-ins
  - Emails sent without your knowledge
  - Changes to account data or settings
- Continue monitoring account activity after changing your password.

📸 5. Collect Evidence → This information may assist with incident investigation and prevention

- Save the URL of the suspicious page
- Take screenshots of the page, if available
- Record the date and time of the incident

📣 6. Contact Technical Support → Technical support may be able to apply additional protective measures and monitor for suspicious activity

- Report the incident as soon as possible
- Include:
  - Confirmation that credentials were entered on a suspicious page
  - When the incident occurred
  - Any actions already taken (e.g., password change, MFA activation)

Further Information:

Even after changing your password, you should continue monitoring the affected account for a period of time. Unauthorized access attempts or other consequences of the incident may occur after the initial compromise.

See also:

- Email (overview)
- Troubleshooting Guide
- Cybersecurity Awareness

What to Do If You Clicked on a Suspicious Link

PT

Target Audience: Iscte Community

Answer/Solution:

🛑 1. Stop Interacting with the Page → The less interaction that occurs, the lower the risk of compromise.

- Close the website immediately
- Do not click any additional links, buttons, or page elements
- Do not download any associated files

🚫 2. Do Not Enter Any Information → The primary goal of phishing attacks is to obtain user information

- Do not enter your username, password, or any personal information
- Do not complete any forms displayed on the page
- Do not approve any access requests or permissions

🔐 3. Secure Your Account (If Necessary) → This should be a priority to prevent unauthorized access

If credentials were entered:

- Change your password immediately
- Sign out of active sessions, if possible
- Enable additional authentication (e.g., MFA) when available

💻 4. Check for Impact on Your Device → Unexpected behavior may indicate an attempt to install malware

- Verify whether any files were downloaded
- Watch for unusual behavior, such as pop-ups, slow performance, or unexpected redirects
- Avoid continuing to use the device if you suspect it may be compromised

📸 5. Collect Evidence → This information can assist with analysis and help prevent similar incidents

- Save the URL of the suspicious website
- Take screenshots of the page
- Record the date and time of the incident

📣 6. Contact Technical Support → Prompt reporting helps reduce the impact and protect other users

- Report the incident as soon as possible
- Include:
  - The link that was accessed
  - The actions performed
  - Whether any credentials were entered

Futher Information:

Even if no information was entered, the incident should still be reported, as it can help prevent similar attacks within the community.

See also:

- Email (overview)
- Troubleshooting Guide
- Cybersecurity Awareness