No hack is the same, but cybercriminals’ motives usually are. They usually want money and/or the satisfaction of knowing they were able to infiltrate an otherwise secure network. And yet, while their motives might be clear, how you should respond to such an attack might not be. Indeed, according to a 2020 Verizon study, an estimated 56% of Americans have no idea what steps to take in the event of a data breach although highly sensitive personal data was involved in 58% of those breaches. That same study revealed that 86% of breaches were financially motivated and 10% were motivated by espionage. These statistics are updated in its 2022 Data Breach Investigations Report. If you believe you have been hacked, consider the following steps:
Notify your friends, family members and internet “followers.” Most hackers are focused on financial gain. If and when they get access to your account, they may try to blackmail you or others associated with your hacked account. This form of social engineering can be highly effective. When individuals receive a message from their family members or friends to send information, codes from a cell phone, etc., they will often do it. Consider creating a page with information you can send to others associated with your accounts to ensure those people are kept safe.
Today, most online services will let you know if you attempt to log into their services with a unique computer, IP or browser. If you do not recognize a login attempt, you should take immediate action and secure your account by:
- Changing the password;
- Adding 2FA (Two-Factor Authentication); and
- Adding whatever additional security levels the service provides.
If you are certain that you have been hacked, experts suggest the following steps:
- Change passwords on all online accounts to which you still have access, securing them as quickly as possible;
- Ensure you have secured your main email account, changed the password, implemented a recovery email, and enabled Two-Factor Authentication;
- Inform your friends and family members you have been hacked to ensure they are not, in turn, scammed by the hackers now pretending to be you;
- Perform an assessment of which accounts have been hacked and what information the hackers have received about you and/or your network;
- Do not create a new profile or account on the same platform via which you were hacked using the same credentials (e.g., the same email address or phone number). That makes it much harder to recover your account information;
- Never pay a ransom, unless advised to do so by law enforcement. If hackers approach you and ask for a ransom, contact local law enforcement, file a police report and consider retaining a third party who can talk to the hackers, so as to not directly involve yourself. Most hackers are in it for the money. As soon as they understand you won’t give them money, they will oftentimes leave you alone and move on to their next victims.
Once you have a full overview of the situation and have secured all other online accounts, you can sometimes recover your hacked accounts. For example, check your emails and see if you can find security alerts from the service to which you’ve lost access. Some companies and services offer the option of resetting recent changes to your account. Try to reset your hacked account’s password, using both email and SMS options where applicable. If that doesn’t help, visit the service’s help portal to report a hacked account. Contact the service directly if it offers a telephone number or support email address. While waiting for a response, monitor changes on the hacked account. For the worst extortion attempts and hacking breaches, consider involving your local law enforcement and filing a police report. Finally, consider using any one or more of the numerous paid services that can assist you in determining whether your sensitive information has been accessed in a data breach. You should not wait to get a letter regarding a data breach to check if your information is vulnerable. You probably won’t get one.
Finally, call us. Seriously…call us. Our firm can help you determine if your information is truly secure. Contacting us is always free of charge, always confidential and may be your best resource for keeping your information/identity protected and for submitting a claim for financial compensation in the event your data was breached. If your information was accessed, you are probably entitled to substantial compensation. Don’t pass up that opportunity.