When your accounts have been compromised by a hacker, quick identification and response can greatly reduce any harm done.
How do you know if you’ve been hacked? Common indicators include:
- Your friends – You learn that your friends have received a phishing email from one or more of your accounts.
- Your phone – You notice charges for premium SMS numbers on your bill. Collection companies contact you re: nonpayment.
- Your browser(s) – Some/all of your online passwords are not working. You notice unwanted browser toolbars, homepages and unexpected plugins. Additionally, you see a lot of pop-ups or web page re-directs (which refers visiting a web page with a certain URL and noticing that you are instantly directed to another webpage with a different URL).
- Your software – New accounts appear on your device. Antivirus messages report that a virus has not been cleaned or a fake message from antivirus software that you have not installed appears. Programs randomly crash or programs you did not install are running and requesting elevated privileges.
- Your bank – You notice unauthorized charges or receive a message about insufficient funds due to unauthorized charges.
- Your mail – You receive notification from a company alerting you that it has recently been the victim of a cybersecurity breach.
Steps you can take:
- Change passwords for all accounts you suspect may have been compromised on an unaffected device (never use publicly available devices for this purpose as they may be infected with malware and keystroke loggers). Unsure of which passwords may have been compromised? If this is the case, it is best to change all of your passwords. For password and password manager best practices and recommendations, please see the following Connect article: Under Lock and Passphrase
- Update, update, update! Why update/patch? You may feel inclined not to take a few minutes to periodically update if your device appears to be working well, but when you don’t update, you leave the door open to a possible malware attack as hackers seek to exploit the vulnerabilities/flaws in prior versions of systems and applications.
Update the following:- Your mobile software and apps
- Your antivirus software
- Your browsers and browser plugins
- Be prepared with backups. Have a backup plan in place, which includes scheduled and frequent system back-ups. Consider two separate back-ups: one to cloud storage and the other to an external drive. Backups protect you from data compromise and are the best way to recover from a Ransomware infection. Please see the following Connect article for more information: Ransomware Scams.
- Self report to credit agencies (Experian, Equifax, TransUnion) if you believe your personally identifiable information (PII) has been compromised. For more information on what comprises PII, please see: https://en.wikipedia.org/wiki/Personally_identifiable_information
- Check the have I been pwned website to see if your accounts have been hacked in a known attack.
Questions? Contact the NYU IT Service Desk