What to Do If You've Been Hacked
From popular mechanics
During the COVID-19 pandemic, millions of Americans worked from home, banked from home, attended school from home, and did pretty much anything that could be imagined from home. Unfortunately, bad actors use this reality to steal citizens' private information.
According to Thales, a French cybersecurity company, large spam campaigns are taking advantage of the coronavirus crisis to spread ransomware, install banking malware and direct users to fraudulent websites about COVID-19.
➡ Don't let technology fool you. Rule your digital world with top notch explanations and unlimited access to Pop Mech - and get started NOW.
So hackers don't get slower - they get smarter. But how can you tell if your information has been compromised and what are the next steps you should take if you suspect one of your accounts has been hacked?
"I think we are inundated with so much information that we sometimes become numb to fear, uncertainty, and doubt," Tiffany Franklin, manager of cybersecurity training at Denver-based network security firm Optiv, told Popular Mechanics. "It's not that we have to be scared of cyber criminals per se, but we have to understand the risks and educate ourselves better."
How to Tell If You Have Been Hacked
Photo credit: id-work - Getty Images
How do you know if any of your accounts have been compromised? In many cases, Franklin says, it's pretty obvious and you can monitor your accounts for suspicious activity.
In a classic scenario, this could involve unusual activity in your bank account. However, there is a good chance you will also receive notifications from Google, Facebook, or Apple that an attempt has been made to sign in to your account. That doesn't necessarily mean a hacked account, but it's certainly a red flag if those login attempts aren't yours.
? Tip: Use these breach notification services to stay one step ahead. They'll let you know if your email accounts were part of a previous breach and send you notifications of new hacks.
You should try resetting or suspending these accounts if you've noticed purchases from your Apple ID account that you didn't recognize, saw emails sent that weren't from you, or discovered other suspicious activity on your accounts who have favourited You can track but can't explain.
It is also important to familiarize yourself with your state's laws on reporting violations. The National Conference of State Legislatures maintains a comprehensive list of enacted laws for all 50 states on its website.
In Pennsylvania, where Popular Mechanics is based, organizations that have control over sensitive personal information must "report system security violations after they discover that the security of the system has been breached."
In other words, a company needs to notify you that there is a violation. Uber has actually gotten into trouble in the past.
Alarm financial institutions
Photo credit: Sorbetto - Getty Images
As soon as you determine that something is wrong with one or more of your accounts, you should notify the appropriate institutions hosting your account. This can mean turning to Apple, Google, your banks, and even the major credit bureaus.
Not only can this help protect you from further harm, or at least serve as a record, it can also alert organizations that a major breach has occurred. Think of it as a way not only to help others but also to pass it on to your future self.
"If someone hacked into your account (especially with two-factor authentication in place), let the company know - it could be a major breach," Franklin said. "Let the company you work for know, whatever ... and what they do with it is up to them." You should also contact the local authorities if there is a financial element in the hack.
Change all of your passwords
Photo credit: Tommy - Getty Images
A 2019 Harris survey shows that two in three people recycle passwords across accounts. That's a terrible idea.
"Level with yourself: How many accounts do I use the same passwords for?" Franklin says.
While anyone involved in a hack should update their passwords for various websites and apps - not just those that have already been compromised - serial password recyclers should pay special attention to this step. If your password is "Fido123!" If your hacker is in your Gmail account and a hacker walks in, you'd better believe they'll try that password on your other accounts.
In any case, make a habit of changing your passwords regularly. Most large companies let their employees do this, and while individuals do not have the same financial resources as companies with full IT teams, it is a small thing that you can do to adhere to this company standard.
While you're at it, find out if you have "zombie accounts," says Franklin. These are accounts that you may have already signed up for in 2006 and that you haven't signed in to in the last ten years. (Think AOL, AIM, and Hotmail.) If a cybercriminal gets into one of these accounts and you are not actively using it, they can access all of the information in it without your knowledge. Erase them now and never look back.
? Tip: Don't save your passwords in your browser anymore. Obtain a password manager.
According to Franklin, there is a common misconception that it is safe to use Google Chrome's password manager tool to automatically save all of your usernames and passwords for your most visited websites.
Sure, it's convenient, but it's a terrible cybersecurity practice. For example, if a criminal gets access to your Gmail account, they can log in to any of these websites, change your passwords, and ban you. If a burglar steals your device, they can automatically access all of your accounts as all of this data is available.
Franklin's advice? "Google is looking for password management software. They see free and paid tools that allow you to import existing passwords from browsers and incorporate them into your management software. It just depends on what you're willing to pay for and what features you want.
Here are some password managers that Pop Mech editors use and recommend:
Update your two-factor authentication settings
There's a good chance your two-factor authentication (2FA) options aren't the best, says Franklin, especially if you're using security questions. Consider any information about you that is publicly available - and no longer use it as an answer to these types of questions.
"Only pick questions that can't be researched or guessed," says Franklin. "Don't pick your mother's maiden name as it can be easily researched. Use something like your best friend's name in elementary school. Perhaps you no longer speak and are not connected through social media."
Better still, if you have the choice of changing your two-factor authentication settings to something else, do it. The gold standard is a physical security key like a Yubico Yubikey. These are small devices that look like a USB stick, and you can simply plug them into a keychain or hide them in a secret place. You do not need a battery or special software. You simply plug it into your device or keep it nearby (depending on the model you purchased) and your identity is authenticated.
Protect yourself from future hacks
Stop oversharing online
Overall, Franklin said, security is about being a responsible digital citizen. The more personal information you put in the wild west of the internet, the more likely a bad actor will use that information to exploit you.
Set your Facebook profile to the highest possible privacy settings and do a quick Google search to see what information about you is already floating around in the airwaves. If a cyber criminal can find out where you work, where you live, and who you are connected to on LinkedIn, you are more vulnerable to social engineering tactics and spear phishing - the practice of sending fraudulent emails that look like the real thing Thing to get people to click on malicious links.
"We get more vulnerable the more we have out there," says Franklin. "Every piece of data that is stored or communicated online has value to a cybercriminal. The more data a cybercriminal can compile, the more likely it is that it will be successful."
You might like it too
This device can send messages without cellular service
The best portable grills for cooking anywhere
The best video game of the year you were born
You should check here to buy the best price guaranteed products.
An invasion isn't the only threat from China that Taiwan and the US have to worry about
Woes mount for legal loyalists who pushed Trump’s election conspiracies
Ikea furniture is still stuck on the Ever Given alongside $550,000 worth of wearable blankets, 2 months after the ship was freed from the Suez Canal
Putin surprisingly arrives on time for meeting with Biden
Water woes at America's largest reservoir
Entire season axed at Outlaw Field in Boise as Idaho Center plans 10 outdoor concerts