What To Do If You Think Your Account Has Been Hacked

October 19, 2023

More Tips for CyberSecurity Awareness Month

Your email, banking, social media, device, and other online accounts may all be vulnerable to attacks from hackers. A hacked account may enable them to steal your money or identity, or event to get access to other potential victims from among your contacts. By alerting authorities and following a few steps, you can often retake control of your hacked account.

However, fast action is crucial. If you suspect that your digital account has been hacked, do something about it as soon as you can. Here’s what you need to know right now!

How does an account get hacked?

Security breaches happen in many ways – sometimes you might click on a bad link, or the company in charge of the account could be attacked. This is why cybersecurity is so important to us all, and why the National Cybersecurity Alliance is so hyped up about it!

Commonly, an account is hacked through phishing. This is when cybercriminals use misleading emails, social media posts, phone calls, texts, or DMs that lure you to click on a bad link or download a malicious attachment. If you take the bait, the hackers can get access to your device or account.

Another common way your account could be hacked is if there is a data breach that reveals your username and password. The company controlling the account in question could be hacked, for example. If you reuse passwords, if any platform you use is compromised then cybercriminals might know your password for many accounts. This is why you should have a unique password for each account and change your password ASAP if you find out a platform you use has had a breach.

Signs that your account has been hacked…

Your social media profile publishes posts that you didn’t create.
Your social media profile sends phishing DMs to followers encouraging them to click on a link, download an app, or buy something.
Friends and followers tell you that they've received emails or messages that you never sent.
A company alerts you that your account information was lost or stolen in a data breach.

Once you determine that your account has been hacked, fast action is essential if you hope to rectify the situation and remove cybercriminals from your social media, email, or other accounts.

What to do…

Change the account's password right away.
This may help lock out the hacker. However, the hacker may have changed your password & locked you out. If this happens, use the account's "Forgot my Password" function to reset it. If that doesn’t work, contact the platform ASAP. If you used the same password for other accounts, a big No No, you should change all of them, and start using unique passwords for every account. Use a password manager to generate and store all your passwords.
Notify your contacts that your account was hacked & that they may receive spam messages that look like they came from you. Tell them not to open any messages or click on any links contained in them. When the situation is cleared up, let everyone know that your accounts are secure again.
Make sure your security software is up to date. Run a full system scan of your computer for malware using your antivirus software. Antivirus software will scan your device to check for any security issues.
Get help. Contact your bank and local police. Contact your IT Department if your work account was compromised...

How to protect your accounts from hacks

Adhere to the “Core 4.” If you can master these four, they will go a long way towards increasing your security online.

Passwords
Protect each account with a unique, complex password that is at least 12 characters long – and use a password manager! Remember, longer is stronger. Password behaviors /secure habits make a huge difference. As our online lives expand, we’ve gone from having just a few passwords to today, where we might manage upwards of 100. That’s 100 unique passwords to remember, if you’re using strong password habits. Password managers can save users a lot of headaches and make accounts safer by recommending strong passwords. This month, we’re dispelling the misconceptions about password managers and showing others how these tools will keep them safe online. Check out this link to Password Managers for additional information.

Multifactor Authentication
Use multifactor authentication (MFA) for any account that allows it. Many people don’t realize that multi-factor authentication is an incredibly important tool that goes a long way in keeping accounts secure. In fact, of those who knew about it, most had applied MFA to their online accounts (79%) and were still using it (94%), showing that once MFA is enabled, users will keep using it. It’s easy to enable MFA wherever possible. See MFA Guidelines for more information.

Update Your Software Automatically
Turn on automatic software updates, or install updates as soon as they are available. Almost 40% of users say they either “sometimes,” “rarely,” or “never” install software updates (NCA). One of the easiest ways to keep information secure is to keep software and apps updated. Updates fix general software problems and provide new security patches where criminals might get in. This Cybersecurity Awareness Month, we’re telling others to step away from the “remind me later” button to stay one step ahead of cybercriminals. See Software Updates for more information.

Recognize and Report Phishing
Know how to identify phishing attempts, and report phishing messages to your email program, work, or other authorities. Phishing attacks increased by 61% in 2022, according to SlashNext. Phishing attacks have become an increasingly common problem for organizations of all sizes and can be very difficult to spot. 30% of small businesses consider phishing attacks to be their top cybersecurity concern. It’s important for every individual to stop and think before clicking on a link or attachment in a message and know how to spot the red flags. Cybersecurity Awareness Month 2023 concentrates on giving you the tools you need to recognize a phish and report it to your organization or email provider. Learn more about Phishing.

Source: National CyberSecurity Alliance Hacked Accounts: What to Do Right Now - National Cybersecurity Alliance (staysafeonline.org)