Nerd Chick Adventures: You’ve Been Hacked!
At our computer repair company, Nerds on Call, we frequently get calls from customers concerned that they’ve been “hacked.” It’s a term all over the news, from data breaches at companies like Target, Google, and Home Depot, to networks of hackers that make their living stealing identities and data from victims all over the world. What does it mean to be hacked? Here are some of the signs that your personal data may be compromised, and what to do to limit the damage.
Having your data hacked means that an unauthorized person or entity has gained access to your personal data or online accounts. This can happen when a company’s website or database is broken into, giving criminals access to whatever personal information the company maintains about its customers. This could include username and password combinations, email addresses, credit card numbers, even personal data or medical history.
In other cases, hackers target individuals directly. This could involve someone gaining access to your email or social media accounts, online banking accounts, or to your computer itself in order to steal your personal data and perpetrate fraud. Data can be intercepted as it’s sent over public WiFi or an unsecure network, or a hacker may gain access to a username and password combination that you’ve used on one site and apply that same combination across other sites until they find a match.
These days, being “hacked” is such a broad term that it can be difficult to ascertain when your information and/or online accounts have truly been compromised. Receiving a notice from your bank or a website you frequent, notifying you that their servers have been breached is a reliable indicator that whatever data that site had “on file” for you has likely been stolen. But other clues are subtle.
Here are some common signs that you may have been hacked:
Receiving a notice of an account change that you didn’t authorize, such as a change of address, a change of password, or a change of the contact email or phone number on the account.
Friends receiving strange emails or solicitations from your email or social media accounts, often prompting them to buy something or claiming that you’re in trouble and need them to send money.
A merchant contacting you about goods that you never ordered, most likely demanding payment.
It can be even harder to ascertain whether or not your personal computer has been hacked. The appearance of strange new programs or browser toolbars that you don’t recall installing, having your online searches re-directed from the site you want to a different one or even unusually slow performance could indicate that your machine has been compromised. However, these are also common signs of standard malware infection, not a definitive indicator of a data breach.
What do you do if you think you’ve been hacked?
Don’t panic. As data breach becomes alarmingly prevalent, there are more tools to help consumers reduce the damage. And most people won’t blame you once they hear the words, “my account was hacked.”
Unless you’ve received a notice from a specific institution letting you know that their company’s server has been compromised, it’s nearly impossible to figure out where hackers first gained access to your data and accounts. Therefore, the second thing to do is to ensure that your personal computer is locked down from predators and their malicious software.
One of the easiest ways for hackers to obtain your password is “keystroke-logging.” Victims get infected with malware by unintentionally installing a compromised software application, visiting an infected website, or clicking on a pop-up ad from a shady source. Once the malware is on your machine, the program captures every key you type and reports back your activity, giving hackers access to what sites you frequent, as well as your usernames and passwords.
Before you do anything else, update your anti-malware software and run a full scan. It may be tempting to immediately change your username and passwords across all sites that store your personal information, but if you do this while you have a keystroke-logging program on your machine you’ll simply be giving the criminals your new passwords.
Once you’re confident that your computer is squeaky clean, it’s time to start changing passwords. Start with all sites that share a username and password with the compromised one. Take this opportunity to create a unique, difficult to guess username and password for every site you frequent, either by utilizing a password management program like LastPass or by incorporating a password trick. The one I like to use is detailed here!
Hackers commonly target sites with relatively weak security, gather the usernames and passwords from those sites and then try those combinations across other sites with stricter security. There are lists of username and password combinations traded among the hacker community, so even the best, most difficult to guess password won’t help you if you use the same one everywhere.
If you’re confident that a specific email or social media account has been compromised, report it to the appropriate authorities ASAP. Facebook has a reporting page and all the other major players have something similar.
The Identity Theft Resource Center offers a wealth of information about how to protect yourself from data breaches. They’re a good resource if you discover you’ve been hacked, and can provide assistance in pursuing your case.
Watch your credit card transactions like a hawk. If you suspect any fraudulent activity, request a new card immediately. The three credit reporting agencies, Equifax, Experian and TransUnion, allow you to place a 90-day fraud alert on your credit profile. Notify them if you believe a breach has occurred so that creditors and lenders will be required to take additional steps to verify your identity before establishing any new credit in your name. While it will be harder for you to establish new, legitimate lines of credit, it will also make it nearly impossible for criminals to open fraudulent accounts in your name.
Protect yourself from future hacks by setting up two-factor authentication wherever possible. Facebook, Microsoft, Google, Apple and most financial institutions offer it, though you may have to activate it. Once two-factor authentication is in place, when an unrecognized computer is used to login to your online account, the site will text or email you a code that you’ll need to enter before your account can be accessed. This will help to give you a heads up in advance if an unauthorized party tries to break into your accounts.