If you think your account may have been compromised...- Change your password(s).
- Consider running a virus scan.
- See our page on Virus Troubleshooting for more information.
- Consider enabling multifactor authentication on your account (if you haven't already done so).
- Google offers a multifactor option at https://myaccount.google.com/security
- Drew offers Duo Security at drew.edu/duo
- Check the following:
- In Gmail > Settings* > Accounts and Import, look at "Check mail from other accounts" and "Grant access to your account". Remove anything that should not be there.
- In Gmail > Settings* > Filters and Blocked Addresses, look for and delete any filters you do not recognize.
- In Gmail > Settings* > Forwarding and POP/IMAP, check for and remove any forwarding addresses that do not belong.
- Visit https://myaccount.google.com/permissions to see what apps are connected to your Google account. Remove any you do not recognize (or no longer use).
- Visit https://myaccount.google.com/secureaccount to run a security check-up on your Google account. The goal is to have all green check marks, but you should take a look at the various sections to make sure you recognize all places where you are currently signed in and what apps have access, etc.
- Visit https://contacts.google.com and click on the Settings gear near the top right. Choose “Delegate access” and make sure no accounts are listed. You can click the X to remove any that should not be there.
*Right now, you can get to your account settings by clicking on the gear icon near the top right corner and choosing "See all settings".
The OUCH Security Awareness Newsletter from November 1, 2023 also has some helpful information about what to do if you were hacked: https://www.sans.org/newsletters/ouch/im-hacked-now-what/
Reviewed November 16, 2023