Everyone is vulnerable to the threat of cybercriminals or hackers getting access to your information, but the threats aren’t equal for everyone.
The average person will likely face fewer sophisticated threats than, say, a senior politician, activist or CEO. More high-profile figures may be targeted with phishing emails that are looking to steal secrets from corporate networks or initiate the transfer of large sums of money. You, your friends and your family will likely face different threats: from people you know seeking revenge, or, more likely, crime groups using automated tools to scoop up credentials en masse.
“We all like to think that we’re not susceptible to social engineering or other kinds of cyberattacks but the truth is that even intelligent, self-aware people still get caught up in online scams that can have very damaging consequences,” says Jake Moore, a cybersecurity specialist at Eset, an internet security company. “Many people will even admit they don’t click on phishing emails but may still get caught up in online scams. A number of emails may still slip through the net without realization and can have serious effects financially or socially.”
Understanding the threats is key. Everyone has their own threat model that includes things that matter most to them – what’s important to you may not be equally important to someone else. But there’s a value to everything you do online: from Facebook and Netflix to online banking and shopping. If one of your accounts is compromised, stolen login information or financial details can be used across the web. It’s that sort of scenario that lets people order takeaways through compromised Deliveroo accounts.
While Facebook, Twitter, Instagram, and other social networks are less likely to contain your credit card details there are other types of risk. Hacked social media accounts can be used to post compromising messages that could embarrass or defame somebody, be used for harassment or building up a picture of who you are and everyone you know.
“Discovering if you have been hacked can be a rather complicated task,” Moore adds. “You could wait to have it proven by losing control to your precious accounts although like anything, it is better to be proactive and stop it from happening in the future.” If you think you’ve been hacked, here’s where to start and what you can do next.
Spot Unusual Behavior
The clearest sign that you’ve been hacked is when something has changed. You might not be able to access your Google account using your regular username and password or there may have been a suspicious purchases charged to one of your bank accounts. These are fairly obvious indications that you’ve been compromised in some way—and hopefully banks will detect any suspicious payments before things spiral too far.
However, before any of your accounts are compromised there may be warning signs. The account that someone is trying to break into may warn you about unusual attempts to log in: for instance, Facebook and Google will send notifications and emails alerting you to attempts to access your account. This will usually be if someone has tried to get in and failed but alerts can also be when someone has successfully signed-in from unfamiliar locations.
There’s barely a day that goes by without some company, app or website suffering a data breach—from Adobe to Dungeons and Dragons. These breaches can include phone numbers, passwords, credit card details and other personal information that would let criminals steal your identity, among other threats. Companies should be quick to tell you if they’ve been compromised, but using a breach notification service can also give you a heads-up. Haveibeenpwned and F-Secure’s identity checker will tell you about old data breaches but can also alert you to new cases where your details are swept up in compromised accounts.
Take Back Control
Once you know that your account has been hacked, that’s when the hard work begins. Regaining control of an account may not be straightforward—depending on who has access to it—and there’s a good chance it will involve a lot of admin. Anything from telling everyone you know that your email has been compromised to dealing with law enforcement.