What are some signs that one of my online accounts may have been hacked?

• There are posts you never made on your social network page – they may be posts that encourage your friends to click on a link or download an app.
• A friend, family member or colleague reports getting email from you that you never sent.
• Your information was lost via a data breach, malware infection or lost/stolen device.

If you believe an account has been compromised, take the following steps:

• Notify all of your contacts that they may receive spam messages appearing to come from your account. Tell your contacts they shouldn’t open messages or click on any links from your account and warn them about the potential for malware.
• If you believe your computer is infected, be sure your security software is up to date, and scan your system for malware. You can also use other scanners and removal tools.
• Change passphrases to all accounts that have been compromised and other key accounts as soon as possible. A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!

If you cannot access your account because a passphrase has been changed, contact the service provider immediately and follow any steps the provider offers for recovering an account.

Resources

Protect yourself with these tips:

• Keep security software current: Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats.

• Make your passphrase a sentence: A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!

• Unique account, unique passphrase: Having separate passphrases for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passphrases.
  
  
• Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passphrases are not enough to protect key accounts like email, banking and social media.

• When in doubt, throw it out: Links in email, tweets, posts and online advertising are often how cybercriminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.