Help! My Account Has Been Hacked—What Should I Do?

ByEmily Dolloff

How would you realize that one or more of your Internet accounts—email, social media, financial—have been hacked? (Some prefer the terms “compromised” or “breached”—you may hear them from support techs.) Unfortunately, there’s no telltale warning sign because “hacked” could mean any number of things. Here are some possible indications:

  • People you trust report receiving email that you didn’t send.
  • Social media friend requests are made to people you don’t know, or messages you don’t recognize are sent from your account.
  • Although you’re certain you have the correct password, you can’t log in to an account.
  • You become aware of your personal data appearing in places it shouldn’t.
  • Unknown charges or transfers appear in a bank or credit card account.

However, attackers will also try to fool you into thinking an account has been compromised to get you to enter passwords or financial information on a website designed to steal data. Don’t assume you’ve been hacked just because you received a phishing email saying so or because you see unexpected notifications claiming your computer is infected. No legitimate entity will ever send such email, and the only notification about malware you should ever see would come from anti-malware software you installed.

(Speaking of malware, dealing with that is a topic for another day—we’re focusing on online accounts in this article. Nonetheless, if one of your accounts has been compromised, it’s also worth scanning your Mac with the free version of Malwarebytes or VirusBarrier Scanner, just in case.)

First off, don’t panic. It’s important to take a deep breath, document everything you see with screenshots (press Command-Shift-5), and move quickly to regain control over whatever accounts were hacked and prevent others from falling prey to the attacker.

When you suspect an account has been compromised, try to verify the problem. Do the following:

  • Alert techs: If the account in question is for work, immediately alert your IT department and follow their instructions. If it’s a personal account, contact us. Tell whoever is helping you that you have screenshots you can send and be ready to forward any suspicious messages you have as well.
  • Gather evidence: Ask the person who told you about the problem to forward the message they received to another of your email addresses, or to a close friend or family member so you can see what’s being said in your name. Scrutiny of the fake message may reveal information about what has happened, though you may need help from someone with more technical experience.
  • Examine email: Since email account breaches are the most concerning (because they can be used to reset passwords elsewhere), scan your email for messages you didn’t send or replies to such messages. Along with the Inbox, look in the Sent mailbox and the Trash. Also, check your settings and filters to ensure incoming messages aren’t being forwarded elsewhere and then deleted.
  • Check social media: Connect to all your social media accounts—even those you don’t use regularly—and look for posts, friend requests, messages, or anything else that suggests an attacker has been impersonating you.
  • Audit accounts: Log in to important accounts and look for suspicious activity, such as login attempts from unfamiliar locations or IP addresses or changes to account settings.

If you find evidence to suggest that one or more of your accounts have been compromised, follow these steps:

  • Immediately change the passwords for any affected accounts. We always recommend using a password manager like 1Password to generate strong, random passwords.
  • Whenever possible, turn on two-factor authentication.
  • If available for the account in question, follow advice from the service. Apple, Facebook, Google, Instagram, Microsoft, and Twitter all have advice on how to respond, as will many other companies.
  • Review account settings for unauthorized changes, especially recovery options like backup phone numbers and email addresses.
  • Look through your accounts in your password manager and change the passwords for the most important ones and any that might be related.
  • If you can’t get into an account because the password has been changed, make sure you have sole control of your email account and then trigger a password reset.
  • For affected financial accounts, along with changing the password, immediately call the institution and ask for their help locking the account to prevent any transfers.
  • If your email account was used to send phishing messages to contacts, you should alert any friends, family, and colleagues who might have received the messages that your account was hacked and that the previous message wasn’t from you.

Security breaches are stressful, we know, but it’s imperative that you deal with them right away. The longer you wait, the more damage the attacker can cause, including stealing your money, impersonating you, scamming your friends and family, and compromising your employer’s systems. We’re here to help.

(Featured image by iStock.com/PUGUN SJ)

Social Media: If you notice strange behavior in your online accounts, you might have been hacked. It’s imperative that you act immediately to verify the breach, change passwords, lock accounts, and alert support personnel. We provide steps here.

Similar Posts

  • It is getting quite warm down here and I have had to fiddle with my solar heating system for the pool to get it turned down so I don’t have a hot tub instead of a refreshing plunge pool. One thing that is surprising here in Florida in my estimation is the lack of solar energy installations. Seldom do you see solar PV arrays either on rooftops or as a solar farm and even my rudimentary solar heating system for my pool is somewhat unique. You would think with all the sun down here…

    I am doing some upgrades and maintenance on the motorcycles this weekend. I do enjoy motorcycle mechanics, well, most of the time. It may seem frustrating to some but freeing a stuck bolt or troubleshooting that backfiring is actually relaxing for me even as I sweat it out. Anyone need a really clean 2009 S150 Vespa?

    Thank you for reading this issue of Kibbles & Bytes!

    Your Kibbles & Bytes Team,

    _Don, Emily & Hadley_

  • Be Alert for Deepfake Phishing Scams

    Phishing scams have entered a new, AI-powered phase and can now convincingly mimic real people. Attackers can generate fake voice or video deepfakes…

  • B.B. King – The King of the Blues

    For more than half a century, Riley B. King – better known as B.B. King – defined the blues for a worldwide audience. Since he started recording in the 1940s, he has released over fifty albums, many of them classics. He was born September 16, 1925, on a plantation in Itta Bena, Mississippi, near Indianola. In his youth, he played on street corners for dimes, and would sometimes play in as many as four towns a night. In 1947, he hitchhiked to Memphis, TN to pursue his music career. Memphis was where every important musician of The South gravitated, and it supported a large musical community where every style of African American music could be found. B.B. stayed with his cousin Bukka White, one of the most celebrated blues performers of his time, who schooled B.B. further in the art of the blues.

    B.B.’s first big break came in 1948 when he performed on Sonny Boy Williamson’s radio program on KWEM out of West Memphis. This led to steady engagements at the Sixteenth Avenue Grill in West Memphis, and later to a ten-minute spot on black-staffed and managed Memphis radio station WDIA. “King’s Spot,” became so popular, it was expanded and became the “Sepia Swing Club.” Soon B.B. needed a catchy radio name. What started out as Beale Street Blues Boy was shortened to Blues Boy King, and eventually B.B. King.

    In the mid-1950s, while B.B. was performing at a dance in Twist, Arkansas, a few fans became unruly. Two men got into a fight and knocked over a kerosene stove, setting fire to the hall. B.B. raced outdoors to safety with everyone else, then realized that he left his beloved $30 acoustic guitar inside, so he rushed back inside the burning building to retrieve it, narrowly escaping death. When he later found out that the fight had been over a woman named Lucille, he decided to give the name to his guitar to remind him never to do a crazy thing like fight over a woman. Ever since, each one of B.B.’s trademark Gibson guitars has been called Lucille.

    B.B. was inducted into the Blues Foundation Hall of Fame in 1984 and into the Rock and Roll Hall of Fame in 1987. He received NARAS’ Lifetime Achievement Grammy Award in 1987, and has received honorary doctorates from Tougaloo(MS) College in 1973; Yale University in 1977; Berklee College of Music in 1982; Rhodes College of Memphis in 1990; Mississippi Valley State University in 2002 and Brown University in 2007. In 1992, he received the National Award of Distinction from the University of Mississippi.

    B.B. King came to Vermont many times and I had the pleasure of being at several of his concerts. He died last year at the age of 90 and was performing to sold out crowds right up until he died. B.B. King is gone but the –The Thrill is Gone- lives forever.