How Do I Find Out If I Have Been Hacked?
By Rafael Garrido, Chief Information Security Officer
Have I Been Hacked?
Sometimes, no matter how secure you are while online, you are still subject to constant threats. Thus, sooner or later you may make a mistake and fall victim to a hack. Why? It’s simple — social media accounts, email addresses, and devices are viewed as easy and profitable targets. Compromised passwords? Hacked laptop or phone? If you’re asking yourself, “How do I find out if I have been hacked?” luckily, there are online tools and telltale signs that can help you determine that. Keep reading to learn more:
Assessing Online Accounts and Email Addresses
‘Have I Been Pwned?’ is one of the best tools for checking your email accounts’ safety. The process is fairly simple. Go to their website and enter each of your email addresses. The site will check if they have ever been part of a data breach or if your account details have been publicly shared online. If either is true, you will be provided with that information and will know that your account is at risk.
Assuming that your email address is in the database, you should update the password associated with it. Consider enabling two-factor authentication if available, too. If you share the same password with other accounts, make sure you change it immediately. Also, when creating a new password, consider using a password generator and password manager.
Until you update your credentials, remain vigilant and be on the lookout for any suspicious activity on your email account.
‘Have I Been Pwned?’ is an easy-to-use tool for checking your email addresses’ security and can help you answer the question, “how do I find out if I have been hacked?”| Source: Have I Been Pwned?
Telltale signs that your accounts or devices may be compromised
Email Accounts
- Sign-In email alerts associated with devices or locations you do not recognize
- Messages marked as read – that you did not read
- Delivery failure notification messages for sent items you did not send
Online Accounts
- Your password to an account no longer works, even though you know the password is correct
- Family or friends say they are receiving unusual messages or invites from you, that you know you did not send
- Notifications that someone has logged into your account, which you do not recognize. Pro-tip: do not click on any links in such notifications to check your account. Instead, type the website address yourself into your browser, use your previously saved bookmark, or access your account from a mobile app.
Computer or Mobile Devices
- You receive Antivirus alerts notification. Validate they are generated by your installed antivirus and not a random website trying pushing pop-up windows to fool you into calling a number or installing something else.
- Applications randomly close or load very slowly
- While browsing the web, you are often redirected to pages you did not want to visit or new, unwanted pages appear
- Notifications that read “your computer has been encrypted and you have to pay a ransom to get your files back”
What To Do If Your Accounts Have been compromised?
You recently received suspicious login alert emails from online services you are using or notifications that your password/s have changed. At first, you panic – who wouldn’t? But what else should you do? Here are some immediate steps you need to take if your online account has been hacked.
Make Changes to Your Account
If you can still access your account, log in from a trusted computer that you are confident is not infected and reset your password. Set it to use a unique and strong password. Consider using a password manager to track all of your passwords. Also, if an option, enable Multi-Factor Authentication (MFA), to prevent this from happening again.
If you are unable to log on to your account, you should follow the service’s own protocol for hacked accounts. Typically, one can reset recent changes via the received email alerts. If that is not the case, try getting in touch with the service’s customer support and see if they can help you. Also, refrain from creating a new profile or account on the same platform using the same credentials (email or phone number). This will make it much more difficult to recover your original account.
Let Your Friends and Family Know
Your friends and family members should be made aware that one or more of your accounts have been hacked. Why? Well, most hackers hack for financial gain, and when they get access to your account, they will likely try to scam or blackmail your friends and family, too, by impersonating you.
What To Do If Your Computer Has Been Hacked?
Recovery Attempt
If your antivirus and/or antimalware program is unable to fix your infected computer or you want to be more certain your system is safe, consider reinstalling the operating system. This will require erasing or replacing the hard disk drive and restoring personal files from backups.
If your computer is old, it may be time to purchase a new one. If you need help, consider using a professional service. Do not reinstall the operating system from backups, unless you are certain that you have a backup that predates the malware that compromised your computer.
Don’t Pay The Ransom
If you suspect you have been hacked, stay calm; you will get through this. If the hack is work-related, do not try to fix the problem yourself; report it immediately.
If it is a personal system, the consensus is to never pay the ransom because it does not guarantee that you will get your data back. For example, there could be bugs in the malware used to encrypt your data, making it unrecoverable even if you pay for the right encryption key.
Instead of paying the ransom, consider looking at the NoMoreRansom site for free decryption tools and information on how to report a crime.
If you have suffered financial harm or feel in any way threatened, report the incident to local law enforcement.
Hopefully, this quick read has provided you with some insight on how to assess if your accounts are at risk, what common indicators of compromise to look out for, and how to deal with a compromised account or hacked computer. Here’s to hoping you don’t have to ask “How do I find out if I have been hacked” again anytime soon!