Last Updated on July 11, 2021 by Calvin C.
As an internet user, it is important that you actively monitor your online accounts to make sure that they have not been hacked. In this article, I look at what to do when you’ve been hacked and an attacker has complete control of your account.
Security of your email accounts is one area that you should never take for granted because a cybercriminals can get hold of private messages once your email is hacked.
Since it’s common practice to use your email address to log into other online accounts, a hacker can simply request for a password reset and gain access to these other accounts.
You can read more about email security in another article I wrote and run through the checklist to secure all your email accounts.
Who hacks into your account?
The worst group to hack into your accounts are cybercriminals because their goal is to cause maximum damage before you notice and take preventive measures.
In some cases, even authorities may secretly gain access into your accounts especially in volatile regions.
Either way if you do not take security of your emails, social media accounts or financial accounts, seriously, you make life a lot easier for these attackers.
Signs that you’ve been hacked
There are tell tale signs to show that you have probably been hacked and these vary depending on which accounts have been compromised.
Watch out for the following signs:
- If remote servers of a major service provider have been hacked, you may hear it on the news or even get a message from the provider. When SITA passenger system service was hacked, affected travelers received messages from SITA.
- In case of a credit card breach, you may notice extra transactions that you have not carried out, on your statement.
- Your bank may even detect unauthorized access to your account and send an alert.
- Scammers can use your email to send requests for money or specific action from your contacts. You may receive inquiries from relatives, workmates or other contacts as they seek to verify suspicious requests.
- Cybercriminals can use identity theft to open new lines of credit and this come to light when you get rejected by service providers.
- On social media, you may notice posts that you have not uploaded and friends can alert you if something is out of the ordinary.
- In extreme cases, an attacker changes your login credentials and blocks you from accessing your own accounts
- The Sent folder may be suspiciously empty or contain messages that you have not sent and this shows that someone has done so.
Steps to get back into your account
Once you have realized that your account has been compromised, the first thing is not to panic because there are actions you need to take to stop any further damage.
What you want to do is to get your account back because it’s your identity that is on the line, along with consequences that come with malicious requests or actions by the attackers.
1. Report the attack
The first thing you need to do is alert your account provider of the attack.
Each provider has its own policies for handling hacked accounts, for example, Facebook has a page where you can make a report if you suspect that your account is compromised.
2. Run a quick security scan
If you think all it takes to restore your account is by changing your password, well, think again.
Remember, in one article I described the types of malware that are used by hackers to spy on your key strokes (keyloggers, spyware and trojans).
Do a quick scan of your entire device using a reliable, up-to-date security suite to remove any malware first.
Afterwards, you can safely proceed to the next step.
3. Change your passwords
The next obvious step is to reset your password to one that is long and complex.
If you have never used a password manager before, getting hacked is a hard sign that you should start using one.
Nowadays, passwords need to be strong and you don’t even have to memorize any password.
All this is done by a password manager and for more on the subject, read this article here.
I won’t spend time on this step because nowadays, a password manager is a must-have app .
My top pick is NordPass as it is from creators of NordVPN, a highly secure VPN that easily beats other premium VPNs.
It’s FREE and works across all major operating systems. (The link also gives you access to up to 50% discount off a premium plan)
4. Inform your contacts
Malware can spread via email so its important to alert your contacts so that they don’t turn into victims as well.
You need to notify your social media contacts especially if an attacker uploads malicious posts or media.
This minimizes the ripple effects that come with such attacks and that way you protect your contact list.
5. Turn on multi-factor authentication (MFA)
If your account has an option for MFA, you should definitely turn it on.
App-based MFA is more secure than SMS-based 2FA, as hackers have found a way to bypass the latter through tactics like SIM card fraud.
MFA adds an extra layer of security and greatly reduces the risk of getting your account hacked.
6. Change security questions
Security questions are often used to verify your identity when you have forgotten your password.
In most cases, you find that the questions are simple like “Name of first car” “Maiden name” “Name of pet” etc.
Answers to these questions can easily be obtained by hackers by using a bit of social engineering.
The solution to this potential problem is to give false answers that only you can remember.
Never use correct answers, just don’t do it!
7. Assess the damage
This gives you an idea of what the attacker has done as you plan for damage control.
If it’s your email account that has been compromised, you may want to know what messages were sent.
In case of social media, you need to know what posts were uploaded and who was affected.
How to protect your account
One thing to keep in mind is that once your account has been compromised you are likely to be a victim of another attack again.
Therefore the next stage is to prevent any future attacks and you do that by implementing the following measures:
1. Pay attention to fraud alerts
Every time you get a notification about a possible suspicious login activity, go ahead and check it out.
While most of the alerts may be false alarms, it’s a good habit to make sure that all is in order.
It only takes one genuine breach to cause considerable damage.
2. Use secure methods of online payments
Mobile card payment systems, like Apple Pay, are more secure than the usual online card payments.
3. Always use a password manager
This cannot be over-emphasized and I have already highlighted the importance of a good password manager.
4. Use a strong security suite
Nowadays, an antivirus alone is not enough to combat malware.
You need a security suite with all these tools rolled into one package, to enhance security and privacy:
- Parental control
- Backup support
- System tune-up
- Password manager
5. Security updates
Hackers take advantage of vulnerabilities in apps, browsers or operating systems to gain access to your data or devices.
You need to make sure that you install any updates that are rolled out to patch these flaws.
6. ID protection services
You can also sign up for a reputable ID protection service that monitors the web for identity theft.
One option is Lifelock by Norton that prevents hackers from stealing your personal data on your devices.
Your emails and retail accounts are monitored in real time to flag any suspicious activity.
7. Don’t give up your personal data
Be careful when filling forms online and make sure any website that requests for your personal information is legitimate.
Only provide minimum information required and let a password manager handle any login forms.
Verify with your service provider first before responding to suspicious requests in your email or phone.
Make sure you know how to spot a phishing email because hackers use this tactic to get your credentials.
8. Use a trusted VPN
Make it a habit to never carry out sensitive transactions or work with sensitive data online without a VPN.
A VPN creates a VPN tunnel so that all your internet activity is secure and anonymous.
Not even hackers or the government is able to see the sites you visit and that protects your accounts from breaches.
Steer clear of free VPNs, as most of them have serious privacy and security issues.
The overall best VPN that I recommend is NordVPN because of its strong security features and fast connection speeds.
It’s the same company that provides NordPass, a free password manager so you get great value for money.
Check out other discounted premium VPNs
In total, these are 15 main steps you need to take inorder to regain control of your accounts.
Prevention is the best because sometimes the damage caused by attackers costs a lot of money or it may be irreversible.
What’s your experience with hacking of social media accounts or email accounts? Leave comments below and raise awareness by sharing this article on social media.