The online world can be a dangerous place, with hackers worldwide looking for victims to exploit. Any computer connected to the internet is a visible target, and hackers have a range of tools at their disposal to find and attack potential victims.
So what do you do if you fall victim to a hacker? The short answer is to stop the attack, reverse the damage and stop it from happening again. In this article, we'll have a brief look at what to do if you've been hacked.
Confirming the Hack
Often the first indication that you're a hacking victim is when you start receiving messages to let you know you've done something that you're sure you haven't. This could be a notification of a change to a password for a service you haven't used for a few weeks or setting up a new payee in your bank account that you don't recognise. This usually is the sign that makes you think, "I've been hacked".
The most common way for hackers to operate is to install malware on your computer to steal valuable information such as passwords. To see if you're a hacking victim, check if malware is on your computer.
The best way to find malware on an infected computer is to use a reputable security program, ideally a subscription-based product rather than one of the free versions. However, good free anti-virus packages are available if cost is an issue, such as those available from McAfee here
Before you start the clean-up, ensure the security program is fully up to date with the latest virus signatures by running the check for updates option.
Once you've confirmed the security program is up to date, run a full computer scan that includes all static storage devices, including the primary hard disk and any other removable storage devices that you connect to your computer. Then sit back and wait for the results. The security program will identify malware and provide details of what it is, what it does, and often how it got there.
Knowing what malware is present allows you to remove it and repair the damage.
Repairing the Damage
Repairing your computer
The first step in any recovery process is finding and removing the malware from your computer. This may be a malicious program installed onto your hard disk, or it may be more complex. Often attacks start with one malware program, which then silently downloads and installs other programs and modified configuration settings to open up back doors that allow the hacker easy access to your computer.
Once you've run a full computer scan, the security program should identify all the malicious software and either automatically delete or provide instructions for removal. There are also online resources that offer helpful information for each malware program found.
It is often a good idea to repeat the process with a second different security product to check the first product caught everything it needed to. If you take this extra belt and braces step, do some research to ensure the two security programs are entirely different. Some companies sell the same software under other brand names. In this case, the two products will potentially miss the same things and provide no additional value to you.
One of the main targets for hackers is authentication credentials, namely usernames and passwords. These allow the hacker to access services such as bank accounts or online accounts for shopping sites where they can turn the stolen details into money, either transferring funds or purchasing goods using your payment details that they can resell.
If your computer has suffered from a hacking attack, it's good practice to change all your various passwords as soon as possible. This will thwart any attempt to misuse your authentication credentials. This action can be time-consuming as we have dozens of different passwords nowadays. However, resist any temptation to take shortcuts.
- Always choose a unique password for each account and ensure it's robust. That is one that someone else can't easily guess. Tools such as a password manager can help with this process.
- Also, use multi-factor authentication where possible so that anyone with your username and password can't access essential accounts without having access to something separate like your fingerprint or a received text message.
Only change passwords using a device that doesn't have any malware on it that could be monitoring you as you type in all this valuable information. Ideally, use a computer with up to date security software that has completed a full scan without detecting problems.
Checking for Leaked Details
Often when computer hackers steal personal information, credit card details or passwords, they don't use this valuable information themselves but sell it on to fraudsters who are more adept at turning knowledge into money.
A part of the internet is invisible to regular search engines where criminals buy and sell such information. This dark web is full of personal data, and with the right tools, you can see if your details are up for sale.
The simplest method is to check your email address using the 'Have I Been Pwnd?
- This service lists all the stolen data that hackers have published on the internet, running into billions of different accounts. This service will tell you if your email is associated with any of these breaches and, if it has, what sorts of information about you are available to criminals.
- This website also allows you to check if a favourite password you use has ever appeared in lists of stolen breach data, not that you should be reusing passwords, of course.
Recovering Social Media
If a hacker has managed to steal authentication credentials to social media accounts, they may have hijacked the account by changing the password to lock you out. Often hackers use hijacked social media accounts to send spam messages or obtain valuable information from your contacts. The more sophisticated social engineering attackers may even try and convince your contacts to send you money or share passwords via the hijacked account.
However, don't panic. All social media companies have procedures for reporting stolen credentials and resetting passwords once you've proved to them that you are the rightful owner. They use techniques such as asking security questions or contacting you using an alternate email or phone number. Unfortunately, this can be a long and torturous process.
Following the adage that prevention is better than cure, always use multi-factor authentication with social media accounts so that a hacker with a stolen password cannot access your accounts.
Preventing Further Hacks
We've looked at what to do if you have been hacked. The next step is to stop it from happening again. Once you've been hacked, hackers will share your details, making it more likely you'll be a target for hacking again.
Protecting your computer
Always use a professional security product that includes anti-virus software as a minimum. Windows-based systems provide basic security, and a few free products are available too. However, the recommendation is to invest in a security product that provides comprehensive protection.
Once you've installed your security product, ensure you keep the program fully up to date and has the correct configuration settings to protect you. It should check emails as they come in, check websites when you visit them, and periodically scan your computer if any malware has managed to evade these checks.
Hackers create new viruses every day, and the majority of infections rely on computers being unprotected or having out of date anti-virus software. Set up the security product to check for updates at least once per day as a minimum. Scan your computer at least once per week as a minimum. Ideally, these actions should be fully automatic and not rely on you remembering to act.
Hackers often use emails as a means to start an attack. For example, they can send malware as an attachment that installs itself as soon as you open the attachment. Alternatively, emails can contain links to websites that install malware when you click on the link and visit the infected webpage.
A good security product should filter out the more obvious attacks, but some carefully crafted emails may still get through. So again, adopting common sense-based good practices will help. For example, never open an attachment that you don't expect to receive and never click on a link in an email.
If you're unsure about an attachment, save it to disk and perform a security scan on the saved file before opening. You can also contact the sender and ask whether they sent this and why?
If you think accessing a shared weblink might be necessary, check with the sender to see if it's safe or find the page in question using a search engine rather than clicking directly on the link.
As well as the checks available in security programs, most internet browsers include inbuilt security checks to protect you against webpages that contain harmful content. You can find out what features your favourite browser offers by visiting the support pages for the browser.
Good Password Practices
One of the standard methods hackers use is to guess passwords to gain access to accounts. Despite the warnings, passwords such as "Abcde" and "password123" are still in everyday use. Always use a strong password that hackers cannot easily guess and never use the same password for more than one account.
This is because you may find that the business that operates the service you've used a password for has not protected it adequately, so the hackers may steal passwords from their systems. Therefore, if you've used the same password for different services, the failings of the first company will compromise the security of all these other services.
A good tip for choosing an unguessable password is to think of three short unrelated words and make a password by joining them together. It's a lot more secure than a pet's name or the road where you live.
Multi-Factor authentication simply requires two different things to log onto a service. Rather than just entering something you know, such as a password, you also need something separate. Usually, it's either something you have, such as a mobile device for receiving a text message or something you are, such as a fingerprint scanner or face recognition device.
Be cautious if the multi-factor authentication doesn't meet the criteria of two completely different factors. For example, websites often ask for a password and letters from a memorable word. These are both something you know, and a hacker can steal both together using key logger software or other sophisticated techniques.
Having your computer hacked can be traumatic and disruptive, so the best advice is prevention using suitable security software and a cautious approach to using the internet and opening emails. However, if you find your computer compromised, you can take steps to remedy the situation and get back to normal as quickly as possible.
Taking fast and decisive action may also mean that you can protect yourself before the hacker has a chance to cause any harm to you or your computer. So stay calm and carry on securely.
The steps of what to do if you think you've been hacked are straightforward to follow and will help get things back to normal.
About the Author: Stephen Mash is a contributing writer for HP Tech Takes. Stephen is a UK-based freelance technology writer with a background in cybersecurity and risk management.