Your accounts on websites and social networks networks can be hacked by intruders. In this article, we’ll talk about what to do if this has already happened.
Anyone can be targeted by cybercriminals or hackers who want to gain access to their personal information. But the likelihood of such a scenario for the average user on the Internet is not great.
The average person is likely to face fewer cyber threats than, for example, a high-profile politician, a popular activist, or the CEO of a large company. More significant figures can be targeted by phishing emails, with which hackers want to steal the secrets of corporate networks or initiate the transfer of large amounts to their accounts. You, your friends and family are likely to face various types of threats. They will come from people you know or, more likely, criminal groups using automated tools to collect credentials in bulk.
“We all like to think that we won’t be the targets of social engineering or other types of cyber attacks, but the truth is that even smart and careful people can lose in the fight against online fraud ," says Jake Moore, cybersecurity specialist at the company Eset, dealing with Internet security.
Many people even accept the fact that without opening phishing emails, they can still fall into the trap of hackers. A number of e-mails are still capable of sneaking into a user’s system, and will have consequences for both the person’s credibility and their financial situation.
Understanding that a threat exists is key. Every person has their own weaknesses. These are the things that are most important to him (and which may not be so important to someone else). In addition, the actions you take on the Internet, from your Facebook page and Netflix to online shopping, also add value. If one of your accounts is compromised, then the stolen information or your credit card details could be used by scammers. For example, with the help of stolen data from the Deliveroo resource, fraudsters can easily order food for free.
Facebook, Instagram, and other social networks are less likely to contain your credit card information, but there are other risks. Hacked social media accounts can be used to post compromising messages that could embarrass or tarnish someone’s reputation, or be used to obtain the personal details of your friends and family members.
“Knowing that you have been hacked is not an easy task,” adds Moore. “You can wait for some time until the fact of hacking is definitely proven; at the same time, you will lose precious control over your accounts with lots of money. However, only complete confidence in the hack and detailed information about it will help prevent the theft of your data in the future .”
Unusual behavior
A clear sign that you’ve been hacked is unusual or strange behavior when logging into or using your account. For example, you can’t access your Google account using your usual username and password, or you receive a check in one of your bank accounts for purchases you didn’t make. These are obvious signs that your personal information has been compromised. Let’s hope the bank notices the suspicious payments before things go too far.
However, warning notices may appear before any of your accounts are compromised. An account that someone is trying to break into may warn you about unusual sign-in attempts. For example, Facebook and Google will send notifications and emails to alert you to attempts to access your account. This usually happens if someone tried to log in and failed, but notifications can also be sent when someone has successfully logged in from an unfamiliar location.
Not a day goes by that a company, app, or website doesn’t suffer a data breach (from Adobe to Dungeons and Dragons ). This stolen information may include phone numbers, passwords, credit card details, and any other personal information. It will allow criminals to gain access to your private life. Companies should tell you quickly if they have been compromised. Using the system security breach notification service will send you a warning about it. Haveibeenpwned and F-Secure’s Identity checker tell you about old data breaches and alert you to new cases if your data falls into the wrong hands.
Taking back control of your account
Once you know that your account has been hacked, then the hard work of recovering it begins. It can be difficult to regain control of an account, depending on who has access to it. There is a chance that this will require the intervention of a huge number of site administrators. The recovery process can include anything: starting with just a story about what happened to the administration of the resource and ending with communication with law enforcement agencies.
First of all, you must contact the company responsible for your account. Each firm has its own security policy, procedures, and account recovery steps when it comes to compromised accounts. These policies can be easily found on the Internet with a search. (What to do if you have been hacked on Facebook, Google or Netflix, you can find out by clicking on the names of these sites).
When recovering a compromised account, you will most likely go through different steps depending on whether you can still access it or not. If you can access an account, companies will often ask how it was compromised and provide guidance on what steps to take. If you are unable to access it, you will likely be asked to provide additional information about how the account has been used (previous passwords, email addresses, security questions). If a person or group of people claims to have accessed your account and sent you a message about it, you must not click on any links they send. This may be false information and further attempts to access your personal information.
Restoring an account through the website of the company where you were hacked is the first step to regaining control of it. You must ensure that all applications and software you use (on phone and desktop) are up to date. What other actions you take depends also on what exactly was compromised. For example, if you can get back into a hacked email account, it’s worth checking your settings to make sure they haven’t been changed. For example, automatic forwarding of all your emails to another account might be enabled.
You should change the password of the compromised account and any other accounts using the same password (more on this later) and contact anyone who may have been affected by the hack. For example, if messages were sent from your Instagram account and you are forced to create a completely new account, you should inform friends and family about this and warn them about possible malicious messages from the old profile.
If necessary, you can also report the breach to law enforcement. In the UK, for example, you have the right to submit details of identity theft to ActionFraud. Cases of extortion must be reported to the police.
Safety in everything
The best way to reduce your chances of being hacked is to limit the area of attack. The better your protection, the less likely you are to be compromised. Although some attacks cannot be defended against. This applies to cases where attacks are carried out by advanced hackers who pursue specific goals.
“Information about you is the key to a successful attack, so minimizing your personal data online should encourage the attacker to choose a different, less hidden victim,” says Moore. If your accounts have only been compromised once but attacked by an organized group, there is a good chance that you will be targeted again.
When you think about your behavior on the Internet, you should understand how much information you post there. “I tell people all the time: hide your personal information from scammers ,” says Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation. “When you post a photo on Instagram, post on Facebook, or share something about your location, scammers see it. What other people can really find out about you is what you have already posted online.”
There are many ways you can protect yourself and your data. You should use a password manager to create and store unique and strong passwords. No one should use the same password on multiple sites, even if they think there is little risk of being hacked.
If one account of yours has been hacked, this should motivate you to check your other online accounts as well. Update your passwords and check your security settings. When updating accounts, you should also try to use complex security questions if possible. The answers should be those that only you know.
Also check the accounts you no longer use. What information, for example, is stored in an old Hotmail account that you never use?
Like a password manager, multi-factor authentication (MFA) should be enabled for as many sites and services as possible. This is one of the most effective ways to protect your accounts from hackers. The most common type of MFA is two-factor authentication, where more information (besides your password) is required to sign in to the service. Most often, this is an SMS message, an authenticator app, or a physical security key. A list of websites and apps that support 2FA can be found here.
For people at high risk, there are a number of additional steps that can be taken. To increase their privacy and anonymity on the Internet, they can use a VPN, Tor, or a special advanced protection program from Google.