What to do if your account has been compromised

You think that you have given away your password, or you think that somebody has access to your account who shouldn’t - what do you do?

  1. Change your password immediately.
  2. End current sessions. This will, combined with the password change, stop anyone else using your account directly. To do this, scroll down to the bottom of your list of emails, to “Last account activity" and click on 'Details' and then select 'Sign out of all other web sessions' (see screenshot below).

This is not necessarily enough because hackers will often change your settings to their advantage, so you must also:

  1. Follow Google's Gmail security checklist.
  2. Change passwords anywhere else you used the same password (note that you should not, under any circumstances, use your University password for another service or account).
  3. Tell the IT Service Desk, specifying which of these steps you have taken.

Reminder: you should not give your University password to anybody else, including IT Services.