Secure a Compromised Gmail Account

Article ID: 
1168

If you believe that your account has been compromised, please complete the following recommended steps for its recovery as soon as possible to secure your compromised account, protect others who may respond to spam sent from you from becoming compromise as well, and to safeguard yourself from being compromised again in the future.

1. PASSWORDS:

Change your Google password immediately at www.brown.edu/myaccount (under the subheading "Change GoogleApps@Brown Password".) If your Brown password is the same, change it as well. That goes for any other accounts that might have had the same password. (Note that you should not be using the same password for non-Brown accounts.)

2. OTHER SESSIONS:

Log into your Brown Gmail account, using your new password (make sure to uncheck the “Stay signed in” box). Check the account activity (bottom of IInbox, right side) by clicking on Details, then in the new window, “Sign out all other sessions.” (This will force all computers that have your Gmail account open to sign out and prevent an attacker from continuing to use your account if currently logged in.)

3. SENT FOLDER:

Check your Sent Mail folder to see if anything suspicious has been sent from it.

4. SUSPICIOUS ACCOUNTS:

Check your Google Account settings and remove any suspicious accounts. (Gear icon > Settings > Accounts > Send Mail As). Also under Settings, check your Filters and Forwarding to make sure there have not been any unwanted changes (e.g. all of your email is being forwarded to someone else’s address).

5. GOOGLE DRIVE:

As an extra precaution, check your Google Drive for any files that were created to collect others' information. Report any findings to us by responding to this email.

6. SCAN:

Run a scan of your system to check for any viruses or other malware. (You can do this with any standard anti-virus program, e.g. MalwareBytes, Sophos, Norton-Symantec, Kaspersky. Brown has anti-virus programs available for download and use at software.brown.edu.)

It is also recommended that if fraudulent emails were sent to your contacts from your account, please consider communicating to them that your email account was compromised and that the messages were not sent by you. 

If you had been in previous contact with the IT Service Center, notify them when you have completed these steps.

If you discovered that confidential or restricted information may have been compromised as well, please notify the Information Security Group at ISG@brown.edu.

Tags: Revisit   Spam   

This article is:

Note: All visitors can mark pages Helpful or Incorrect. If you log in with a Brown username and password, you will also have the ability to save articles as Favorites and send us detailed feedback.