What to do if your Gmail Account has been Compromised or Spoofed

The Help Desk will attempt to make the initial contact with users whose accounts have been compromised and will open a workorder. If we are unable to contact a user, or the user does not contact the Help Desk within 48 hours, the ticket will be closed.

  1. USER:  Call the Help Desk to have your gmail account re-activated and to reset your password

  2. HELP DESK: Will reset your Gmail and computer (AD) password

  3. USER: Once the Help Desk has reset your passwords, you will need to Log Off your computer, then Log Back in and set a new Password - Be sure to make it complex - at least 8 Characters, with a Capital Letter, Number or Special Character

  4. USER:  Open your Gmail and do the following

  5. Open Gmail.

  6. In the top-right, click the gear

  7. Select Settings.

  8. Scroll to the bottom and click on DETAILS - should be in bottom right of screen

  9. New window will open - click on the button to Sign out all other web sessions

  10. When dealing with a password change in Gmail. We need to reset the sign in cookies for the account. This will og it out of all devices. This is done in by looking up the user in admin console, open the user, open accounts. Under password there is link to reset sign in cookies.

  11. Then check for filters and forwarding rules so that email is not being forwarded to suspect addresses in the gmail settings.

  12. General - make sure they are set as you would want them and check to make sure their signature has not been changed. 

  13. Account - make sure you are sending emails as your ISS gmail address

  14. Filters and Blocked Access - make sure any unrecognized filters are off


 I found this article helpful. (0)