Sometimes being hacked can feel like a personal attack and not like a cyber criminal just going about his or her very illegal job. There’s nothing worse than attempting to log into Facebook, Gmail, iCloud, or even your online banking accounts only to find out that your password isn’t working, leaving you unable to protect your most important online accounts. Just thinking about it can bring about feelings of nausea and helplessness. Fortunately, you can take action in the face of digital vandalism. If you ever find yourself locked out of your accounts, major internet services have prepared a few routes to help you get back in. Below is a list of ways companies help you limit the damage that a hacker can do and restore your access to your own information.
You may be thinking: But how will I know that someone else has really taken control of one of my accounts? Isn’t that just me being paranoid? The biggest clue is not being able to login. However, if your password doesn’t work the first time, don’t immediately assume that you’ve been hacked. We suggest to try again, typing slowly and double checking to make sure that the CAPS lock isn’t on and that everything is spelled correctly. You need to make sure the culprit is really a bad actor: For example, if you can’t get into your Facebook or Twitter account on your computer, try logging in on another device to see if you’ve really lost your access.
Another warning sign can come in the form of email. Many services will send you messages about suspicious activity, such as when somebody logs into your account from an unfamiliar computer (or an unfamiliar/suspicious location), or when somebody changes your username or password. Make sure to check your inbox for emails like these. Also keep an eye out for messages from friends: If “you” have started sending them spam, they can alert you that your account was compromised. Once you’ve realized you’ve been hacked, it’s time to roll up your sleeves and take back your account.
Fortunately you’ll have some help doing so. Google, Apple, Microsoft, and other tech giants don’t want impostors to take over your online identities either, so they’ll try their best to restore your access. For example, in some cases where you can’t open your account, it’s because the company sensed suspicious activity and automatically locked everyone out before any more damage could be done to your account.
The first step to take if you suspect your account has been hacked, is to get in contact with the company. A quick web search, such as “Report Gmail hack,” should reveal the right avenue, method, or contact for you to take and explain your issue. Typically, companies will ask you to visit the company’s official recovery page to see if issues to your account can be addressed through self troubleshooting. Check the URL to make sure the page is hosted on the correct web domain, such as google.com or apple.com, for the service you are trying to access. If the issues can’t be mitigated by troubleshooting, the best course of action is to proceed with reporting your issue.
Once you report your issue, follow the instructions the app or service gives you – these will be tailored specifically for your account. Different programs employ different recovery methods, so you might have to confirm your phone number or backup email address, or answer personal questions – such as a few queries about your Facebook friends – to prove you are the real account owner. If you’re lucky, you’ll be able to get back into your account pretty fast. That’s partially because today’s apps collect so much data about us that they can identify individuals through some bits of information such as date of birth, phone number, location, and more. However, getting back into your account isn’t the last step you’ll need to take to ensure your account is free from hackers.
Once you are able to login to your account again, you’ll want to change your password to boot out any unwelcome visitors that may still have access to your account. When creating a new code, it should be completely new – don’t recycle a password or reuse the same string of letters and numbers that are associated with another account. If you’ve been using this password for multiple accounts (which we highly suggest you to not do), change the password on your other accounts as well and be sure to keep a physical copy of all those passwords as a backup. We know that having too many passwords to remember can be a pain but it’s much more preferable than having the possibility of all your accounts hacked at once.
Also, most online services let users see all the devices where their account is active and has been logged in. Typically, this features is found in the security settings menu. From there, you can opt to logout of all other sessions except the one you’re currently using – or to log out of the ones that you are unfamiliar with.
While you’re poking around your account, review the other settings to make sure nothing has been changed. Look at your personal details, review any third-party apps connected to your account, and check your security questions and answers and your backup email addresses and/or phone numbers. If you think your hacker had a chance to scan your security questions and backup accounts, try to change these on the compromised account and on any other account that relies on the same information. This will prevent the bad actor from using your personal details to breach other accounts in the future.
Speaking of other accounts, were your credit cards, bank accounts, or other financial programs connected to the compromised service? In this case, review your statements. If your hacker spent any of your money, you should try to claim back the cash as soon as possible—contact your bank directly and ask how to do this. While you’re checking for financial malfeasance, also review your account to see if the hacker added any unfamiliar payment methods or shipping addresses.
Having recovered from a hacking attempt, you’ll want to protect against any future ones. So activate the security features designed to prevent attacks—for more details, you can follow our guide to protecting your online accounts. One of the most helpful measures is turning on two-step verification, where logging in requires a code sent to your phone, on top of the standard username and password. And specific services offer their own security features: Facebook, for example, lets you add a list of trusted friends who can verify your identity if you get hacked again. Turn on this option via the Security page in Settings.
Next, try to find out how the hacker managed to access your account so you can prevent future incursions. This won’t always be possible; however, it can’t hurt to run a thorough virus and malware scan of your hard drive (in case that’s how the attacker got in). Before you start, update both your operating system and your antivirus package of choice. After you run the review, get a second opinion from a standalone scanner like Kaspersky Virus Scanner for macOS or Microsoft Safety Scanner for Windows.
If the breach affected a service that includes email, such as your Google account, check the email account for sent messages or for new filters. For example, clever hackers can set up filters that forward all incoming mail to an address you don’t recognize. Delete such filters to prevent people from worming their way back into your account in the future. This is particularly important because you can reset many other accounts’ passwords, and receive notifications about suspicious activity, over email. You don’t want an eavesdropper to nab those recovery messages.
In fact, even if only one account becomes compromised, you should consider all your main services breached. Carry out a thorough security audit on all of them, working through all the steps we’ve mentioned above. For more details on strengthening the security of individual services, check out our previous guides to locking down your Google, Apple, Microsoft, and Facebook accounts.