a person calculating figures surrounded by graph charts

Hacked Accounts

Here are ways you can regain control if your account has been compromised or hacked.


What are some signs that my online account has been hacked?

When hackers strike, acting fast is crucial. But to act fast, you need to determine that one or more of your online accounts has been compromised. Here are some quick tips to see if someone else has gained access to your account:

  1. There are posts you never made on your social network page or your account has sent direct messages that you never wrote. Commonly, these posts may encourage your friends to click on a link, download an app, or buy something through an online store.

  2. A friend, family member or colleague tells you that they received emails from your email address that you never sent.

  3. Your information was lost via a data breach, malware infection or lost/stolen device. Companies are required to tell you if your data was compromised in an incident.

If you believe one or more of your accounts have been compromised, take these steps:

  1. Notify all of your contacts that they may receive spam messages that appear to come from your account or email address. Tell your contacts they shouldn’t open these messages or click on any links from your account. Warn them about the potential for malware. Keep them apprised of the situation as it makes sense; let them know when the situation is cleared up and accounts are secure again.

  2. If you’re concerned your computer is infected, ensure your security software is up to date, and scan your system for malware. Antivirus software will scan your device to check for any security issues.

  3. Change your passwords to all accounts that have been compromised as soon as possible. Also, change your passwords for your other key accounts, like email, social media, and banking. This is especially true if you have reused passwords for different accounts. If you’ve been the victim of an account breach, you should really change your passwords to every online account. Your passwords should be long strings of letters, numbers, and symbols – at least 8 characters. You can use phrases to help remember them (think: “I l0ve country music!”), but the best passwords are ones that aren’t recognizable as words. Use a password manager (sometimes they are included with web browsers or computer operating systems) to store your passwords for you.

Resources


eBay


Facebook


Twitter


Yahoo


Gmail/Google


Paypal


Outlook


YouTube


Protect yourself with these tips:


Keep a clean machine

Keep all software on internet connected devices – including personal computers, smartphones and tablets – current. This reduces the of infection from ransomware and malware. If you don’t want to think about it, configure your devices to automatically update (our recommendation). You can also set your device to notify you when an update is available.


Enable multi-factor authentication

Use 2-factor authentication or multi-factor authentication (like biometrics, security keys or a unique, one-time code through an app on your mobile device) whenever offered.


Use long, unique passwords

Length trumps complexity. A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember. It’s even better to have long strings of letters, numbers and symbols that aren’t recognizable as words. And, yes, you should have a long, complex password that is unique to each account. Does this sound complicated and hard to remember? Nowadays, it is easier than ever. Use a password manager to take care of it all.


Use a password manager

Shred your password notebooks. The best way to manage unique passwords is through a password manager application. A password manager is software created to manage all your online credentials like usernames and passwords. It stores them in a safe, encrypted database. These programs also generates new passwords when needed. Many of them are free, and some are even built into web browsers and computer operating systems.


Think before you click

Links or attachments in email, tweets, texts, posts, social media messages and online advertising are the easiest way for cyber criminals to get your sensitive information. Be wary of clicking on links or downloading anything that comes from a stranger or that you were not expecting. Take four seconds to examine each email, message, post or text before taking action.


Report phishing

If you’re at the office and a phishing email comes to your work email address, report it to your IT manager or security officer as quickly as possible. If you’re at home and the email came to your personal email address, do not click on any links – even the unsubscribe link! Don’t reply back to the email. Delete the email. You can take your protection a step further and block the sending address from your email program, too.


Use secure Wi-Fi

Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected. Limit what you do on public WiFi and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.


Back it up

Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you can restore the data from a backup. You can back up your data on the cloud (i.e., securely on servers online), or on physical backup devices like external hard drives, or, ideally, both. Use the 3-2-1 rule as a guide to backing up your data. The rule is: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.


Check your settings

Every time you sign up for a new account, download a new app or get a new device, immediately configure the privacy and security settings to your comfort level for information sharing. Regularly check these settings to make sure they are still configured to your comfort. Additionally, you should audit your apps and software every so often. In the audit, delete those apps you no longer use.


Share with care

Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it might affect you or others. Consider creating an alternate persona that you use for online profiles to limit how much of your own personal information you share.