Cyberattacks are increasingly common with roughly 600 million occurring every single day. Yet when an unexpected login or password reset happens on your social media, email or gaming accounts, you never expect it and it’s easy to panic. But it’s important to stay calm and do the right things to recover your account. You don’t want to make impulsive mistakes that lock you out permanently. Panicking like this is why it takes an average of 17 days to recover a hacked account (if you get it back at all). So take steps to protect yourself and limit the damage, and you can take back control of your accounts and keep hackers out for good.
Act now to protect your account
Change your password immediately if you think your account’s been hacked. Then revoke all active sessions and this option is usually found in the account’s security or privacy settings. This will log everyone out of your accounts (including yourself) and you can then log back in with your new password. Do both these things in quick succession because the hacker might still be on your account on an old session token even if you’ve changed the password. Then if you don’t have multi-factor authentication (MFA) switched on yet, do it. This means you need two or maybe three bits of info to log into your account with. Usually this is a password and a temporary code, which makes it harder for hackers to get in. It’s best to use an authenticator app on your phone instead of regular texts because hackers can intercept these.
Assess (and contain) the damage
You should then check what damage the hacker has done. First look at the forwarding rules on your emails. Hackers might have made it so they receive copies of all your incoming messages, which includes important info like bank alerts and password resets. Also check your inbox and spam folder for confirmation emails you don’t recognize as you may have been signed up for new accounts. If you find any, simply reset the password to get into the account and then delete it. Then check for strange financial activity. Contact your bank right away if you see any unfamiliar payments. It’s also good to check your address/shipping info looks right on ecommerce sites; hackers sometimes change these details so they receive your orders instead.
The stakes are even higher if the compromised account is your work email. Automatically forwarded emails are actually a key hallmark of Business Email Compromise on company email accounts, and this scam costs U.S. businesses over $4 million on average. These attacks can be hard to detect as anything hackers do once they get inside a work email just looks like normal activity. They can then, without you knowing, use your inbox to access any other tool or site tied to that email address, which means that overall business email compromise is an identity threat and not just an email problem. Report it to your IT team if you think your work email’s been compromised. Don’t just try to fix it yourself as the hackers may have already gotten inside other company systems.
Stop it from happening again
You can now take action to prevent your accounts from getting hacked again. You’ve already turned on MFA, which is a great start. But you can protect your accounts even more if you also switch on login alerts across all platforms. These tell you when someone tries to get into one of your accounts as you’ll get an email or push notification. Also check what personal details of yours have been leaked on the web. You can enter your email on sites like Have I Been Pwned to see if your info has turned up in any breaches. Change your password straight away on any accounts that show up in the search. This is good practice even if you haven’t noticed any odd account activity yet.
It’s easy to panic if you realize you’ve been hacked. But stay calm and act fast to contain the damage, and you’ll soon recover your accounts and prevent the same thing happening again.