“It won’t happen to me.” This is the line many of us tell ourselves when we think about being hacked. We believe that criminals only go after big and wealthy targets, such as large companies. It’s true that they definitely want to catch such big fish, but cybercriminals will attack anyone, and they can cast a wide net. Nobody is too small for their opportunistic crimes. If you use online services and connected devices, you are at risk of being hacked.
A hack (or breach) is any digital act that compromises your information, accounts or devices. It can cover various scenarios. The most obvious event is if someone cracks one of your accounts and gains access. It also counts if your device becomes infected with malware, spyware or browser hijacking plugins (these are types of software that install secretly on your machine, allowing others to track what you do). And some hacks are indirect, such as card cloning (when criminals make a copy of your bank or credit card) or breaching a company that stores your private information.
How do you know if you’ve been hacked?
There are some prominent signs that can show whether you may have been hacked, namely:
1. People receive messages you didn’t send: Criminals hacked your account and sent messages to all your contacts, pretending to be you. It’s common for criminals to hack email accounts or social media accounts, and then send unsolicited messages to all your contacts. These can contain spam messages, or attachments to help the criminals hack other accounts.
2. Your browser search redirects to a new provider: Browser hijacking software has changed where your browser directs its search queries. If you type a search query into your browser address bar, but a different search site appears (or if you notice a very different homepage when you open a new browser page), chances are your browser has been hijacked by a plugin.
3. You can’t log into an account: Criminals hacked your account and changed your password. This activity is relatively rare as the hackers prefer to hide their presence. But they might have reasons to stop you from accessing your account. Be sure you’re not just typing in the wrong password.
4. Suspicious transactions on your bank account: You notice purchases you didn’t make or money movement you didn’t authorise. Criminals syphon money from your account, hoping you don’t notice the small transactions.
5. Your sim card stops working: You might be the victim of a sim swap. Criminals fooled your provider into assigning your number to a sim card they control. Now they can intercept messages such as one-time pins from your bank.
6. You receive a message from the hackers: You receive a message that your data has been stolen or encrypted, and it demands payment to reverse the damages. If this happens, you are likely the victim of a ransomware attack. But sometimes, criminals send out such messages even if there wasn’t a breach. They can claim to have compromising footage or images of you, hoping you’ll panic and pay anyway.
This list isn’t exhaustive. As a rule, watch out for any activities or changes you didn’t initiate. You can also use sites such as haveibeenpwned.com to see if accounts linked to your email address or phone number were hacked. If you suspect something is wrong, change your passwords immediately, contact the relevant service provider and inform all affected parties. If the hack relates to a specific device, quarantine that device by taking it offline, and avoid using it until it’s cleaned.
Most hacks will target popular services, such as Facebook, Google or TikTok. Search for information from those companies on what to do if you suspect your account was hacked. Do not engage with the criminals – you cannot trust them. Instead, contact legal authorities and engage the services of trusted security professionals.
You might also see the result of a hack on someone else, such as receiving messages from a person or company that they didn’t send. Such messages often contain attachments or links that promise financial rewards or claim you are about to lose money. Do not open the attachments or links if you receive such a message. Contact the affected party independently (don’t reply to the email or message) and warn them.
How to stay safe
Unfortunately, once you’ve been hacked, it’s often too late to do much about it other than clean up the mess. Prevention is the best cure, and you can stay ahead of the bad guys with these tips:
1. Cybercriminals are opportunists, so remove opportunities. Don’t share sensitive details such as ID numbers and home addresses unless you have an excellent reason to do so.
2. Create strong passwords and store them in a password manager.
3. Change your passwords often, especially on sensitive services such as banking.
4. Consider using a separate email address specifically for sensitive services, lowering the chances that someone will target that email address.
5. Use multi-factor authentication or one-time pins.
6. Enable transaction notifications from your bank and money services.
7. Enable your smart device’s access pin and fingerprint reader.
8. Install updates to your device software.
9. Watch out for phone calls that ask for information such as your id number, home address or answers to security questions, such as birthdays or pets’ names.
10. Use VPN software if you connect to public WiFi or networks.
11. Run antivirus software on your device.
12. Pay close attention to any urgent message or email that urges you to click on a link.
13. Do not click on links in an email, SMS or social media message unless you are sure what it’s for.
Photo by Sora Shimazaki: On Pexels