Hacking has become ubiquitous on the internet. With even major companies like Evernote getting hacked, it’s not hard to imagine that you, an individual, could also get hacked. The experience is actually quite common, though that does not necessarily make it any less distressing. You are left feeling confused, with no idea what you should do immediately after the sad act.
Whatever you’ve been through, whether it was phishing, hacking, malware, etc, there are some simple steps you can take immediately after that can help you return sanity to your life.
Try To Figure Out The Motivations For The Hack
I know, you’re in a stressful situation and the last thing you feel you can do right now is take time to figure out why you might have been hacked. However, this can be a lot more useful than you might think. A primary example of course, is if your bank account got hacked. In that case, it’s fairly obvious that the hackers were most likely after your money.
There can be other cases as well, such as if your email got hacked. In that case, there are a lot of possibilities. Maybe the hackers want to send spam email from your address, or they want to call your contacts and ask for money. On the other hand, maybe they want to use your email address to reset your password on other accounts. They may even be trying to use your email to find a way into your business. Whatever the case, taking a moment to figure out what the reasons are can go a long way. You can start to take the right set of actions to thwart the hackers and prevent something like this from happening in the future. Additionally, it can set you down a path to recover quickly.
Whatever service has been affected, something you should do immediately is change your password on it. In fact, you shouldn’t only change your password on the affected service but also on all other services that use the same password or a similar password. In fact, it’s definitely not a good idea to reuse your passwords. Therefore, you should change your passwords on a regular basis. Again, the first response to finding out your account has been breached is to change your passwords immediately both on the affected service and everywhere else you’ve used similar passwords.
“Password reuse is actually quite common and it puts a lot of accounts in danger,” says Pauline Johnson, a security researcher with a local essay services company. Indeed, people tend to use similar passwords to aid memory, not realizing that they are taking massive risks in the process.
A good way to get around this is to use a password manager. You can use one password to access the password manager and then it will generate strong and different passwords for your other services. That way, all of your passwords are kept in one place. Just make sure your password manager password isn’t similar to any other passwords.
Update your Machine and Scan it
It’s possible that your computer was the main point of entry for the attacker. Most of the time, it is the victim that installs the malware into their own computer, and the first thing they need to do when they discover its presence is to get rid of it. Start by updating to the most recent version of your operating system. You should then download good antivirus software and scan the computer for any pieces of malware that might exist on the account.
This is a simple process and yet it is vastly crucial to saving your machine from being taken over. As for anti-virus software, use a solid one. A brand name that is well known and trusted and that you are paying for is more likely to do the job well. However, remember that no antivirus software is perfect. Their success rates range from 50% to 75%. However, that hit ratio is better than nothing. The reason why you should go for something that you pay for is that if you go online and just download the first free antivirus software you come across, then you’re a lot more likely to download malware or a cheap and ineffective program.
Reclaim your Account
The good news is that a majority of online social platforms have simple methods that allow you to take back your account from someone who has taken control of it. There are methods for Twitter, Microsoft, Google, Facebook, and Apple. Usually, they’ll ask you a bunch of questions about your account that will help them to verify your identity. Facebook has a different method, though, where your friend verifies your identity to help you get back your account. Even if you’re not using one of the platforms mentioned above you can still recover your account. Just search for the specific recovery methods of that platform on Google.
Make Sure There are no Backdoors
The best hackers don’t just infiltrate your computer or online accounts; they’ll also leave backdoors behind so that, even when you kick them out, they’ll walk right back in. You should therefore make sure that, even after you get your account back, there isn’t a backdoor that the attacker can use to regain access. For example, on email, you should scrutinize the filters and rules to make sure you’re not forwarding emails to some other account without knowing about it. You should also check security questions to see if the answers were changed.
Review Financial Activity
If the hacked account is a financial one, then you should comb through all activities on that account, such as addresses that have been set up, payment methods, accounts linked, and so on. If the attackers hack your PayPal or bank account, then they might also link a debit card to your account and add their address so they can take on loans and do shopping with your account, even after you get it back.
Audit your Accounts
This is more a mindset than an action you should take. Sometimes the hackers hack one account just so they can have access to something else. They might be hacking your email to reset passwords elsewhere. If they hack a cloud account of yours, it might be to access a specific file or folder. You should therefore always scrutinize all files, folders, and accounts linked to the hacked accounts and check them. Reset all passwords, move all important information, and take measures to protect it. Assume everything has been compromised and act accordingly.
In the age of OAuth, many of your social accounts probably use one account login to log into another. So, for example, Facebook and Twitter allow you to login using your Gmail and so on. If a hacker takes control of your account and then remains logged in, they won’t be affected when you change your password. They’ll be running a rogue client without your knowledge.
Your best bet in this case is to de-authorize everything. Go back, for example, to every social platform that uses Gmail for authorization and de-authorize it. You can then re-authorize after changing your Gmail password. While this sounds like a lot of work, it’s certainly better than having a hacker secretly hanging out in one of your accounts, just waiting for the perfect moment to strike.
One of the crimes cyber-attackers like to commit is identity theft. You should therefore take the time to assess the security of your credit. Contact all the major credit reporting agencies and let them know you’ve been hacked. You can then lock down your credit. It can be free or paid, depending on where you live and whether you’ve already filed a police report.
Tell People You’ve Been Hacked
The dangers of hacking don’t end with you. It’s possible the hackers might want to use your account to fool your friends into sending them money. This can be done by impersonating you and claiming that you’re in an emergency and need money. There might also be accessed data in the breach that affects your friends and that you would therefore like them to know about.
While the reasons mentioned above are important reasons for speaking out when you are hacked, they are not the most important. The most important reason to tell people you’ve been hacked is to raise awareness. Prevention is ultimately better than cure, and by raising the awareness to your friends and the general public about what you went through and how you got hacked, you give them a chance to take the right preventative methods. They can keep their software up to date, have the right password practices, and always backup their data for safety.
It certainly feels disorienting and frustrating to get hacked. However, it’s best to keep a level head and take the necessary steps to mitigate the damage and flush the hackers out of your private space. By following the steps above, you can make some progress towards restoring sanity to your life.