Being “hacked,” otherwise known as having an account compromised, can happen to even the most security-conscious online users. Just like in the physical world, there’s no such thing as 100% protection online. You can adhere to every cybersecurity best practice and still be affected by a vulnerability outside your control.
Your data lives on systems and servers across the internet. If attackers gain access to one of those systems, your accounts can be exposed, even if you followed all cybersecurity guidelines correctly. The good news is that knowing how to recognize the hack and responding quickly can significantly limit the damage.
Familiarize yourself with the key signs of a compromise and learn what to do if you are hacked!
How Do You Know If You Have Been Hacked?
- Your computer or phone behaves unusually (slowdowns, pop-ups, unexpected programs).
- Your bank alerts you about or you notice suspicious charges on your bank account or credit cards.
- When you attempt to use your computer, you have been locked out, and a ransom note is displayed asking you for money to restore access your computer.
- Your password suddenly stops working even though you are certain it’s correct.
- New or unknown devices have logged onto your account(s).
- You receive login alerts or password reset emails that you did not request.
- Unusual activity (posts, purchases) appears under your name.
- Friends tell you that they have received strange messages or spam coming from your account.
- Your account details (email, phone number, account name) change unexpectedly.
- Multifactor authentication (MFA or 2FA) is disabled without your permission.
Take These Steps Immediately
- Unplug your ethernet cable or turn off your Wi-Fi/cellular data to prevent the attackers from having continued access to your accounts.
- Change passwords for your accounts. Start with email, banking and other critical accounts. Be sure to use unique passwords for each account.
- Run security scans using an updated antivirus/antimalware tool to detect and remove malicious software that may have been installed on your computer.
- Review account activity and look for actions that you did not take.
- Sign out of unknown devices by checking the affected account’s login activity for unauthorized devices and location.
- Contact customer support of affected platforms, if available, even if a response is not guaranteed.
- If the hacked account is linked to other services, check them for unusual activity and reset those passwords, as well.
- Reference the Federal Trade Commission’s extensive online checklist for steps to take if hacked
- Inform friends and contacts that they may have seen spam or unusual messages from you. They should watch their own accounts closely, especially if they have clicked on any malicious links coming from your hacked account.
Secure Your Finances and Identity
- Freeze your credit until you can confirm its safety. Contact major credit bureaus (Equifax, Experian, TransUnion) to freeze your credit to prevent new accounts from being opened.
- Notify your bank and card issuers. Inform your bank or institution of the issue so they can assist you in securing accounts and notify them of fraudulent charges.
- File a report with the Federal Trade Commission (FTC) at IdentityTheft.gov to start documenting the incident and get further recovery guidance.
Can Law Enforcement Help?
- Filing a report with law enforcement will help with any future identity theft, filing insurance claims and possible criminal investigations.
- Contacting law enforcement also helps the community. It allows for better accuracy in tracking new hacking and malware trends so that other people can be made aware of new scams and help them avoid the same risk.
- File a complaint with your local police, local FBI office (if necessary) and the Federal Trade Commission (FTC). Be sure to file a complaint using FBI’s online form.
How Do You Recover After the Hack?
- Enable MFA on all accounts.
- Review apps or URLs linked to your Google, Apple or social media accounts and remove any you do not recognize.
- Consider factory resetting your phone or reimage your computer to ensure all malware is gone. You may need to hire a professional service, especially if your computer is involved.
- Update all software, browsers and operating systems on your devices to the latest versions.
- Create strong, unique passwords for every account you have and store them in a secure place.
Cyber Habit of the Month: Think Before You Click on Party Invites
As digital invitations have grown in popularity, many people accept party invites without giving them a second thought. Cybercriminals are now taking advantage of that familiarity by creating phishing emails disguised as invitations from trusted, known services. These fraudulent messages are designed to appear authentic, and they typically encourage you to click a “View Invitation” button (or similar wording) that redirects you to a malicious website where the attackers can steal your login credentials or personal information.
To avoid falling victim to these new scams, carefully inspect invitation emails before interacting with them. Hover over links with your cursor to confirm whether they direct the user to a legitimate website or a suspicious unsecured URL. Invitations sent from personal email accounts rather than official domains should be treated with caution. If an invitation seems unexpected or generic, contact the sender through a different method to verify that it’s real. Even if an invitation comes from someone you know, their account could be compromised, and a cybercriminal could be leveraging their account to send the malicious message. Report phishing emails as spam as this helps email providers identify threats and protect other users from similar attacks.
Additional Resources
