What are some signs that one of my online accounts may have been hacked?
- There are posts you never made on your social network page – they may be posts that encourage your friends to click on a link or download an app.
- A friend, family member or colleague reports getting email from you that you never sent.
- Your information was lost via a data breach, malware infection or lost/stolen device.
If you believe an account has been compromised, take the following steps:
- Notify all of your contacts that they may receive spam messages appearing to come from your account. Tell your contacts they shouldn’t open messages or click on any links from your account and warn them about the potential for malware.
- If you believe your computer is infected, be sure your security software is up to date, and scan your system for malware. You can also use other scanners and removal tools.
- Change passphrases to all accounts that have been compromised and other key accounts as soon as possible. A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!
If you cannot access your account because a passphrase has been changed, contact the service provider immediately and follow any steps the provider offers for recovering an account.
Resources
Protect yourself with these tips:
- Keep a clean machine: Keep all software on internet connected devices – including personal computers, smartphones and tablets – current to reduce risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available.
- Enable multi-factor authentication: Use 2-factor authentication or multi-factor authentication (like biometrics, security keys or a unique, one-time code through an app on your mobile device) whenever offered.
- Use long, unique passphrases: Length trumps complexity. A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember.
- Use a password manager: The best way to manage unique passwords fis through a password manager application. A password manager is software created to manage all your online credentials like usernames and passwords. It stores them in a safe, encrypted database and also generates new passwords when needed.
- Think before you click: Links in email, tweets, texts, posts, social media messages and online advertising are the easiest way for cyber criminals to get your sensitive information. Be wary of clicking on links or downloading anything that comes from a stranger or that you were not expecting.
- Report phishing: If you’re at the office and the email came to your work email address, report it to your IT manager or security officer as quickly as possible. If you’re at home and the email came to your personal email address. Do not click on any links (even the unsubscribe link) or reply back to the email and just delete it. You can take your protection a step further and block the sending address from your email program, too.
- Use secure Wi-Fi: Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public WiFi, and avoid logging in to key accounts like email and financial services. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.
- Back it up: Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup. Use the 3-2-1 rule as a guide to backing up your data. The rule is: keep at least three (3) copies of your data, and store two (2) backup copies on different storage media, with one (1) of them located offsite.
- Check your settings: Every time you sign up for a new account, download a new app, or get a new device, immediately configure the privacy and security settings to your comfort level for information sharing. Regularly check these settings to make sure they are still configured to your comfort.
- Share with care: Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it might affect you or others. Consider creating an alternate persona that you use for online profiles to limit how much of your own personal information you share.