Student Account compromised.

182 views
Skip to first unread message

David Fawcett

unread,
May 11, 2016, 1:45:33 PM5/11/16
to techc...@list.em.ohio.gov, appsus...@googlegroups.com

Anyone received email from Google like this below?

 

The following is an automated security notification from Google about your domain accounts.

It has come to our attention that some of your user accounts might have been compromised and are being used to send spam from your domain: elmls.net

The following users in your Google Apps domain appear to be affected:

 


18m...@elmls.net

We have disabled the users in a way that they can be recovered by the admin. Please follow the actions below before you re-enable these users.

ACTIONS REQUIRED

 

1. To reset the user’s password, follow the steps in this Help Center article:http://www.google.com/support/a/bin/answer.py?hl=en&answer=33319

Inform the user of their new temporary password, and ask them to set a new password (it should not be a password used with any other sites).  

 

2. To help check whether their account might have been compromised, advise users to:

  • Check for filters and forwarding rules so that email is not being forwarded to suspect addresses.
  • Check to make sure their signature has not been changed.

 

BEST PRACTICES FOR SECURITY

 

As an administrator, you may also consider implementing additional security features for your Google Apps domain:

 

1. Enrolling your domain in 2-step verification, which offers an additional layer of user authentication:http://www.google.com/support/a/bin/answer.py?hl=en&answer=175197

2. Completing the Gmail Security Checklist:https://support.google.com/mail/bin/static.py?hl=en&page=checklist.cs&tab=29488

Additional Information about the activity of affected user accounts can be obtained by using the Audit API:http://code.google.com/googleapps/domain/audit/docs/1.0/audit_developers_guide_protocol.html

 

Sincerely,

The Google Apps Team

Thanks

 

David Fawcett

 

Network Administrator

Elmwood Local Schools

7650 Jerry City Rd

Bloomdale, Ohio 44817

419-655-2583 ext 375

 

fa...@elmwoodschools.org

 

JP Connolly

unread,
May 11, 2016, 1:46:38 PM5/11/16
to appsus...@googlegroups.com
We have; they were indeed compromised. You should follow up with the student. 

--
You received this message because you are subscribed to the Google Groups "Apps User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to appsusergrou...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.



--
JP Connolly
Director of Technology
Saint Ann's School
129 Pierrepont St.
Brooklyn, NY 11201

David Fawcett

unread,
May 11, 2016, 1:49:09 PM5/11/16
to appsus...@googlegroups.com, techc...@list.em.ohio.gov

How did you fix theirs?  I reset password and not enabled them back yet.

 

I have only to accept mail from elmwoodschools.org domain from Teachers mail.  Their gmail is empty according to Usage.  Could their Android phone be culprit.  It registered itself in Device Manager.

JP Connolly

unread,
May 11, 2016, 1:52:54 PM5/11/16
to appsus...@googlegroups.com
A password reset, but whoever got in emptying their Gmail account is fairly normal. You should check their address book, Gmail trash, and also email filters, as most intruders set up filters to auto-trash any incoming messages. 
Reply all
Reply to author
Forward
0 new messages