Here’s What You Should Do If You Get Hacked

Email

First of all, go to your email provider and log in – it’s time to assess the damage. If the password has been changed, try the ‘Forgot Your Password?’ function to get in. Once you get into your account, Jake Moore, cybersecurity expert at ESET UK, advises the very first thing you should do is change your password. It needs to be long and strong, with multiple numbers, cases and special characters. Avoid real words – this way, a hacker will have a harder time getting in.

Guardian tech editor Samuel Gibbs advises that you should then go through to all your other accounts, including Facebook, Twitter, Amazon, eBay and your internet banking – essentially, anything that may have had the same password should be checked, particularly if these accounts use your email as the username, as that means the hackers likely have both your username and password for all those services.

Next, Gibbs says you should check both your inbox and trash folder for any password resets emails from accounts linked to your email that haven’t been instigated by you. The hacker might have tried to change your passwords on other sites using your hacked email to do the password resets.

After you’ve cut the problem off at the root and you know hackers can no longer access your account, you then have to check whether they have used your account to attack your contacts with spam or phishing emails. Most times, this will be used to trick them into thinking you need help in order to garner personal information from them. Gibbs advises checking your inbox and outbox for dodgy emails sent and received, which will help identify who’s been targeted. If you find some people on your contacts list have been contacted, contact them via another form of communication as soon as possible and let them know you’ve been hacked.

Holly Andrews, fraud protection expert and money laundering officer at KIS Finance says it’s also important to check all your devises for any viruses or malware that could have been downloaded during the hack. “One of the worst-case scenarios is if the hacker installs spyware and keyloggers that track your keystrokes, enabling them to steal your log-in details for other important accounts, such as your online banking.” Use your devise’s antivirus programme to ensure this hasn’t happened.

Facebook

After Facebook’s major security breach in late September, which saw hackers gain access to at least 50 million users, there’s never been a better time to check the security of your account.

If you’ve noticed suspicious activity on your account, Jake says again, the first rule of thumb is to change your password and then change any other account that has the same password. (When you get a moment, Jake adds that this is also “a great opportunity to reinforce the importance of two-factor authentication”. This means every time you log onto Facebook from an unknown device it’ll send a security code to your phone.) Then, check your login history, looking out for any computer or phone you don’t recognise. Comb through your recent activity, such as your recent likes and posts, and delete anything you didn’t do yourself. It’s important to check what apps and games has been added to your account and delete anything you don’t recognise.

There are a number of ways to report suspicious activity on your account to Facebook. If you find spam on your account, you can report it here. You can check that no payments have been made on your account here. Report any activity that you didn’t make here.  And you can learn more about the signs of phishing (AKA, malicious activity on your account) here.

Many also use their Facebook accounts to log in to services such as Instagram, Spotify, Airbnb, Tinder, Expedia and many, many more. Jason Polakis, assistant professor of computer science at the University of Illinois at Chicago, has studied the security of sign-on services like Facebook’s, and said that, while Facebook obviously employs top engineers, there’s no way even the biggest companies can guarantee complete security. He suggests using a password manager, such as LastPass or 1Password, that creates and remembers strong passwords for different sites. “Compared to massive platforms that have millions of different lines of codes and different functionalities, a password manager has one specific job, and so it minimizes the chances of something going wrong,” said Polakis.