How to Know If You’ve Been Hacked, and What to Do About It – WIRED

How to Know If You’ve Been Hacked, and What to Do About It  WIRED

Everyone is vulnerable to the threat of cybercriminals or hackers getting access to your information, but the threats aren’t equal for everyone.

WIRED UK

This story originally appeared on WIRED UK.

The average person will likely face fewer sophisticated threats than, say, a senior politician, activist, or CEO. High-profile figures may be targeted with phishing emails that are looking to steal secrets from corporate networks or initiate the transfer of large sums of money. You, your friends, and your family will likely face different threats: from people you know seeking revenge or, more likely, crime groups using automated tools to scoop up credentials en masse.

“We all like to think we’re not susceptible to social engineering or other kinds of cyberattacks, but the truth is that even intelligent, self-aware people get caught up in online scams that can have very damaging consequences, financially or socially,” says Jake Moore, a cybersecurity specialist at Eset, an internet security company.

Understanding the threats is key. Everyone has their own threat model that includes things that matter most to them—what’s important to you may not be equally important to someone else. But there’s a value to everything you do online, from Facebook and Netflix to online banking and shopping. If one of your accounts is compromised, stolen login information or financial details can be used across the web. It’s that sort of scenario that lets people order takeaways through compromised Deliveroo accounts.

While Facebook, Twitter, Instagram, and other social networks are less likely to contain your credit card details, there are other types of risk. Hacked social media accounts can be used to post compromising messages that could embarrass or defame somebody, be used for harassment, or to build up a picture of who you are and everyone you know.

“Discovering if you have been hacked can be a rather complicated task,” Moore adds. “You could wait to have it proven by losing control of your precious accounts, but like anything, it is better to be proactive and stop it from happening in the future.” If you think you’ve been hacked, here’s where to start and what you can do next.

Spot Unusual Behavior

The clearest sign that you’ve been hacked is when something has changed. You might not be able to access your Google account using your regular username and password, or there may have been a suspicious purchase charged to one of your bank accounts. These are fairly obvious indications that you’ve been compromised in some way—and hopefully banks will detect any suspicious payments before things spiral too far.

However, before any of your accounts are compromised, there may be warning signs. The account that someone is trying to break into may warn you about unusual attempts to log in. For instance, Facebook and Google will send notifications and emails alerting you to attempts to access your account. This will usually be if someone has tried to get in and failed, but alerts can also be sent when someone has successfully signed in from an unfamiliar location.

There’s barely a day that goes by without some company, app, or website suffering a data breach—from Adobe to Dungeons and Dragons. These breaches can include phone numbers, passwords, credit card details, and other personal information that would let criminals steal your identity, among other threats. Companies should be quick to tell you if they’ve been compromised, but using a breach notification service can also give you a heads-up. Haveibeenpwned and F-Secure’s identity checker will tell you about old data breaches but can also alert you to new cases where your details are swept up in compromised accounts.

Take Back Control

Once you know your account has been hacked, that’s when the hard work begins. Regaining control of an account may not be straightforward—depending on who has access to it—and there’s a good chance it will involve a lot of admin: anything from telling everyone you know that your email has been compromised to dealing with law enforcement.