If you believe that your account has been compromised, please complete the following recommended steps for its recovery as soon as possible to secure your compromised account, protect others who may respond to spam sent from you from becoming compromise as well, and to safeguard yourself from being compromised again in the future.
Change your Google password immediately at https://myaccount.brown.edu/ (under the subheading "Change Google Password".) If your Brown password is the same, change it as well. That goes for any other accounts that might have had the same password. (We recommend using a different password for every account!)
Log into your Brown Gmail account, using your new password (make sure to uncheck the “Stay signed in” box). Check the account activity (bottom of IInbox, right side) by clicking on Details, then in the new window, “Sign out all other sessions.” (This will force all computers that have your Gmail account open to sign out and prevent an attacker from continuing to use your account if currently logged in.)
Check your Sent Mail folder to see if anything suspicious has been sent from it.
Check your Google Account settings and remove any suspicious accounts. (Gear icon > Settings > Accounts > Send Mail As). Also under Settings, check your Filters and Blocked Addresses & Forwarding and POP/IMAP to make sure there have not been any unwanted changes (e.g. all of your email is being forwarded to someone else’s address). See below.
As an extra precaution, check your Google Drive for any files that were created to collect others' information. Report any findings to us by responding to this email.
Run a scan of your system to check for any viruses or other malware. (You can do this with any standard anti-virus program, e.g. MalwareBytes, Sophos, Norton-Symantec, Kaspersky. Brown has anti-virus programs available for download and use at software.brown.edu.)
Add an Extra Layer of Protection
Protect your new passwords with Two-Step Verification. Visit the Two-Step section of the IT Knowledgebase for an overview and how to get started.
It is also recommended that if fraudulent emails were sent to your contacts from your account, please consider communicating to them that your email account was compromised and that the messages were not sent by you.
If you had been in previous contact with the IT Service Center, notify them when you have completed these steps.
If you discovered that >a href="http://www.brown.edu/information-technology/computing-policies/policy-handling-brown-restricted-information" target="_blank">confidential or restricted information may have been compromised as well, please notify the Information Security Group at ISG@brown.edu.