So, your e-mail account has been compromised. What do you do now?

1. Immediately change your password
   1. You may have to use the forgot password feature.
   2. Step-by-step instructions on how to change your passwords are available for CCSF employees*
2. Look for rules in your account
   1. Bad guys sometimes add rules to hide what's been done and/or to continue getting information from your account
   2. In G-mail, see https://support.google.com/mail/answer/6579
   3. Step-by-step instructions on how to add/remove e-mail rules are available for CCSF employees*
3. Keep an eye on your account for a while to see if anything else happens
   1. Seem to be missing e-mails?
   2. Getting e-mail replies to items you didn't send?
   3. If you notice anything, report it right away
4. If you've used this password on another account, change the password on that account also.
   1. Use unique passwords for each account.
   2. Use a password manager/wallet to keep track of your passwords (see the Cyber Security page for reviews and recommendations).

Check the Safe Computing Practices page to harden your defenses

Here are a few highlights:

1. Turn on Multi-Factor Authentication (MFA)
   1. Google calls this 2-Step (https://support.google.com/accounts/topic/7189195)
   2. Step-by-step instructions on how to turn on MFA are available for CCSF employees*
2. Be wary (look for red flags)
3. Get educated (see our Cyber Education and Training page.

* You may have to sign in to access this page