According to the Identity Theft Research Center, in 2017 alone, nearly 158 million social security numbers were stolen as a result of 1579 data breaches. Once a cybercriminal has access to your personal info, they can open credit cards, take out loans that quickly ruin your credit, or leave you with a giant bill. But that’s not all. Many people don’t realize that, depending on how much information a hacker gets and what their intentions are, you could lose a lot more than money. From sending malware to your contacts from your account to spamming your coworkers with phishing attacks to compromise your employer’s network, the damage a hacker can wreak on your personal and professional life can extend far beyond the monetary bounds.
Additionally, according to Dave Dufour, VP of Engineering and Cybersecurity at Webroot, we’re seeing more evolution in cybercriminal tactics that take advantage of internet users and their trust:
“What’s happening lately is that people are hacking social media accounts. Why would anyone want your social media information? One reason is that, if I have access to one of your social media accounts, I can spread malware to all your followers who trust you. Pretending to be you, I can send out a link, your followers click it, and my malware is now on all of their devices.”
So, what do you do if you’ve been hit with malware, ransomware, phishing, or a social media attack? First, don’t panic. Second, follow these steps to deal with the fallout.
You’ve been hacked. Now what?
Change your passwords
The first step is one you’ve probably already heard: change all your passwords. Yes, all of them. Don’t forget make them strong by using at least 12 characters, changing out at least two or three of the characters to uppercase, using numbers or symbols (e.g., replacing an A with a @ or an S with a 5), avoid using places you’ve lived, acquaintances names, your pets, birthdays, or addresses—and don’t even think about using ABC or 123. If you have trouble keeping track of your passwords, we recommend you use to a secure password manager application that saves your credentials in an encrypted database and automatically fills them in when you log into a site.
Turn on two-factor authentication
Most accounts that house your personal information, such as email or banking, offer two-factor authentication. This provides an additional layer of security that goes beyond your username and password by asking you to confirm your login with an extra step, such as a short-term security code sent via text message or phone call. You can turn on two-factor authentication from the login screen of the account.
Check for updates
One of the best ways to keep your devices protected is to update your operating system regularly and ensure that any applications you use are patched and up to date. If you have questions, you can always call your device provider’s helpline. To make things even easier, most systems and software allow you to set up Automatic Updates, so you don’t have to worry about remembering to check for them manually.
Install antivirus protection and run a scan
Antivirus software is an extremely beneficial tool that doesn’t just help detect and remove malicious software that could be lurking on your computer, it can also stop threats before they infect your device in the first place. But be careful: avoid the temptation to download a free antivirus program, as these often come bundled with malware or potentially unwanted applications. Instead, invest in a reputable option. Once installed, be sure to run a scan and turn on automatic scans and updates.
Delete sensitive data from the compromised account
As soon as you realize you’ve been hacked, go to the compromised account and delete any sensitive data you can. For example, if you know you’ve stored your credit card information, bank statements, social security number etc. in your email or on any retail site, immediately delete them from those locations. This also goes for any personal photos or information you wouldn’t want released. And don’t forget to clear out your folders on any cloud services, such as Dropbox, Google Drive™ or iCloud®.
Monitor bank statements and account activity
One of the top motivations of a cyberattack is to steal your money or identity to go on a shopping spree or use your financial accounts in some way. Be vigilant about monitoring your accounts for recent activity and check to make sure no new shipping addresses, payment methods, or accounts have been added. Also, call your bank and let them know about the incident so they can have their fraud department monitor your accounts.=
Deauthorize apps on Facebook, Twitter, Google, etc.
To protect your accounts and remove malicious individuals, check which apps are connected to your social media accounts and deactivate all of them. Did you sign into a site using your Facebook so you could see which historical figure you look like? That’s an example of something you should deactivate. You can find directions on how to do this for each account in its help or settings section or by contacting the associated customer service line.
Tell friends you’ve been hacked, so they don’t become victims, too
Another important step to take after you’ve been hacked is to alert your contacts. Many social media and email attackers will send messages from your account that contain malicious links, attachments, or urgent requests for money. Letting contacts know right away that your account has been compromised, and what to watch out for, can save them from the same fate.
Because technology continues to advance and the number of connected devices is growing exponentially, being the target of a cyberattack or identity theft is becoming more commonplace. But we’re here to help. Learn more about protecting yourself and your family online, and what you can do to stay safe from modern cybercrime.