What to Do if You Suspect your Mainframe Account Has Been Violated

What are some of the things that would lead you to believe your account has been violated? You may run out of money prematurely; you may lose data; you may notice during the logon procedure that your account was accessed at a time you know you did not use your account. If you do suspect your account has been violated, the following would be helpful:

1. Execute the "ACCTBAL Exec." Information on this exec and how to invoke it can be found in the "Mainframe Computing" section earlier in this document. The ACCTBAL exec will allow you to see what your account balances are on your CMS account or any account under your jurisdiction. This may provide you with necessary information to follow up on your concerns.

2. Execute the "USERSCAN Exec." Information on this exec and how to invoke it can also be found in the "Mainframe Computing" section earlier in this document. The USERSCAN exec allows you to obtain a report of security violations, logons, logoffs, disconnects, and all CP links that have taken place on your account or accounts under your jurisdiction. The USERSCAN exec is particularly useful if you suspect someone might have compromised your account or if you just want to see what accesses or violations have been logged against your account.

3. Finally, call the Help Desk (860/486-4357) with any information you have gathered and they will start the process of helping you find out if there was actually malicious activity going on or there are other reasons to account for your concerns.

Likewise, if you are receiving malicious messages via the mainframe system or suspicious files in your reader you fear may cause damage to your own files, etc., call the HELP Desk.

(Taken from the Spring 1996 Computer Center Guide to Services.)