Step 1 - Assess what you know
The first step is always to review what you know - having a full & accurate understanding of the situation is key for being able to minimise any damage.
Firstly, how do you know your account has been hacked - were you told by the company, did your bank alert you to suspicious transactions, or have you spotted something unusual?
Signs that your account has possibly been hacked:
- Purchases made on your account that you didn't make;
- Friends complaining that you're sending them spam;
- Your password having been changed (not just that you've forgotten it!);
- Personal details, such as a delivery address, having been changed;
- A "last login" notification on the website that definitely wasn't you.
- A (genuine) notification from the website of either suspicious activity, an unrecognised login, or that your password has been changed.
Tiny unexplained transactions on your credit card could also be an indication that your credit card has been compromised too (small charges could be hackers testing if the card is 'live'), although you won't neccessarily know where the criminals got these details from. If you spot these alert your card provider immediately.
STOP! Were you notified by the website?
Is the reason you think you've been hacked because of an email from the website? If so - stop & consider whether this email is genuine!
Using scare tactics in phishing emails is a common tactic by criminals, wanting you to click through to a copycat website where they can steal your login details. They'll craft genuine looking emails with messages such as:
- They're doing a 'security review' and you need to change your password;
- An alert that your password has been changed;
- A vague message about suspicious activity on your account.
The frustrating thing is that websites do genuinely send these types of emails out - and distinguishing fake from genuine can often be tough! Check out our guide for how to spot a phishing email.
The safest option is to always type the web address into your browser (never click a link in the email), login, and look for any notification there.
Step 2 - Clean up any damage
If you have been hacked then there's several things you can do to repair any damage:
1) Run a virus scan
2) Check your account
Login to your account and check (and correct if neccessary) the details below. Visit the website by typing the address into the browser directly - don't click on a link in any email as this could be faked.
If you're locked out of your account then follow our guide here.
a) Change your password & any reset questions
- Even if you're not 100% sure that you've been hacked it's still a good idea to change your account password.
- Change your answers to any password reset questions too if the website uses these, as the hacker may have noted them down.
b) Cancel any orders not from you
- If it's an e-commerce website and orders have been placed that you didn't make then let the website know. You should still report it even if it's too late to stop the order; the website can investigate and if neccessary give you a refund.
c) Correct any changes to your personal details
- Sometimes hackers leave themselves a way to get back into your account by changing your details. Double check everything - your postal address, email addresses, phone numbers, and anything else - to make sure everything is correct & as it should be.
d) Delete any unrecognized devices
- Some websites, such as Facebook or Google, know which devices you've previously logged in from to help verify your identity. If the affected website offers this feature then review the devices it knows of (they'll be listed somewhere in your account settings) & delete any you don't recognise.
e) Remove any stored credit cards
- It's also sensible to delete any credit cards that you've got stored on your account. Whilst no website should ever display the full card number, it may display the last 4 digits. These are sometimes used as a security question by customer service departments to identify users; delete any cards so that the hacker can't use these to "identify" themselves.
3) Check your email account
If you've had any website account hacked then it's always worthwhile double checking that the attacker didn't acheive this by gaining access to your email account first (remember, it's our email account where password reset links are often sent to). One common tell-tale sign is that an attacker will have set up an "auto-forward" rule to forward themselves a copy of your emails, whilst silenting deleting any that they didn't want you to see (such as a password reset email).
Login to the website of your email provider (for example Gmail or Outlook.com) and double check there for any auto-forward rules that may have been set-up.
It's far more likely that your web account was hacked by some other means, but checking your email account is always sensible just in case.
4) Inform your friends & contacts
If your account is an email or social media account then it can be helpful to let your friends know you've been hacked in case the hackers have used it send out spam. If it's too late & some of your friends have already clicked on something in one of these emails, or opened an attachment, then direct them to this website for help.
Step 3 - Report it
Once you've cleaned up the damage as much as you can then you might want to report the hack - especially if you've lost any money.
At a minimum you should contact the website in question to let them know - they can then take the neccessary steps to investigate.
You might also want to consider reporting the hack to your bank if you suspect your credit card details have been taken too, and especially if fraudulent transactions have been made from the website.
Whilst attackers should never be able to obtain your card details just by logging into your account, it can sometimes still be a case of better safe than sorry.
Step 4 - Prevent it happening again
Now that you've cleaned up the damage you'll want to prevent it happening again - not just on this website, but all others too.
Having an account hacked can suddenly make us aware of the need for securing our accounts properly. Go through each of your accounts and make sure:
- They have strong unique passwords;
- That there's no easy backdoors left open; and
- Enable 2 Step Verification (2SV) where you can.
Remember to remind your family & friends to review their web accounts too!
Some websites have specific pages for helping you if your account has been hacked. Links to some of the more common ones are here: