In the world today, it seems that you must create an account to access almost everything. Want to watch a film? Create an account. Want to buy some groceries? Create an account. Want to send your friends a funny picture? Create an account.
Don’t worry, I won’t continue as I am sure you get the point…but with so many accounts under each of our names, what happens if one gets compromised and how do you even know if your account has been compromised?
Being locked out of the account is an obvious indication that something has gone wrong, but the signs can be more subtle. Things to look out for include logins or attempted logins from strange locations or at unusual times. Changes to your security settings and messages sent from your account that you don’t recognise are also give aways.
Whether it’s your email, social media or some other type of online service, there are many things which can alert you to the fact that someone else is accessing your account.
Once you know your account has been hacked, these tips might help you with what you should do next.
Update and Scan
The Operating Systems and apps on the devices you use should all be updated. These updates will install the latest security fixes. If you have it installed, run a scan with up-to-date antivirus software. This isn’t usually necessary for phones and tablets. Once the scan is complete and all is up-to-date, it is worth turning on automatic updates. This will allow your devices to download the newest fixes without you needing to check first.
Contact your provider
If you can’t access your account, go to the account provider homepage and find a link to their help or support pages. These will detail the account recovery process. Reporting any issue to the provider can help them establish if other users are at risk.
If you can’t find what you need on the service’s website, try a search engine like google or bing. For example, “Facebook account hacked.” Follow links to the service’s own advice.
If your email account was hacked
Once you’ve regained control, check your email filters and forwarding rules. It is a common trick for the person hacking an account to set up an email forwarding rule that sends a copy of all your received emails to them. Information on how to do this should be found in your provider’s help pages.
Change passwords
Once you have confirmed there are no unwanted email forwarding rules in place, change the passwords on all accounts which have the same password as the hacked account. Then change the passwords for all the other accounts that send password reminders/resets to the hacked account. Frequently people use the same password, so they don’t have to remember multiple different passwords. Obviously, this causes a big security risk once a password is compromised, a password manager can be used to help store all your different passwords securely which will help mitigate the risk. There are many password managers widely available such as NordPass or Dashlane, whilst many new devices have inbuilt password managers.
Set up 2-factor authentication
This provides an extra layer of protection against your account being hacked in the future. 2-factor authentication requires a secondary step and not just the password. This is commonly done through a code being sent by SMS/Email or by using authentication apps, such as the Google Authenticator App.
Notify your contacts
Get in touch with your account contacts, friends or followers. Let them know that you had been hacked. This will help them to avoid being hacked themselves, especially important to avoid phishing attacks. The longer you wait to notify contacts, the higher the risk to others. You should contact the people you know regardless of whether you managed to restore your account or not.
If you can’t recover your account
You may choose to create a new one. Once you’ve done this, it’s important to notify your contacts that you are using a new account. This will also allow your contacts to block the old account details to avoid any confusion between old and new. If setting up a new account it may be beneficial to not make it too similar to the old one, for example john.smith@example.com and john_smith@example.com. This can make it harder for your contacts to recognise the difference and increase the risk factor. Make sure to update any bank, utility services or shopping websites with your new details.
For any assistance or help with recovering an account or set up a new one.Please feel free to get in contact with us. #CentriVault #Hack #Email #Password #Recovery #New #Phishing #2FA #Cyber #Security
