So, you’ve been hacked! Now what?
Being the victim of a hack isn’t necessarily the end of your digital world, and whilst it is a serious matter for you or your business, it’s what you do next that truly matters.
Just because you suspect you’ve been hacked doesn’t necessarily mean you have actually been hacked. Thus, the proper course of action to regain access or recover data will differ in each scenario. Choosing the wrong path could potentially cause irreversible harm to your data, highlighting the crucial importance of confirming the issue before moving forward.
The warning signs.
|Your account has been locked or you no longer have access.|
|Emails or messages in the ‘sent’ folder of your account that you did not write.|
|Password reset emails or messages in the ‘inbox’ or ‘bin’ folder of your account that you did not request.|
|People reporting suspicious or unusual messages, comments, or activity from your account.|
|Your account shows a last login time or last login location that is different than what you expect.|
|You have automatically been logged out of your account on all your devices.|
|You received an alert from your account provider warning you of suspicious activity.|
|Your customers or clients have enquired about a suspicious invoice that appears to be from your company, for example, an invoice that is out of a regular cycle.|
What should you do?
Step 1. Secure Your Finances
It’s important to be aware that a cybercriminal could potentially gain access to your bank or financial institution account, putting your funds at risk. In such a situation, it’s crucial to take immediate action. Contact your bank or financial institution without delay and follow their expert guidance on securing your account. They will also assist you in freezing any affected accounts or cards to prevent further unauthorised transactions.
In the event that you feel unsatisfied with your bank’s response, seeking assistance from the Australian Financial Complaints Authority (AFCA) is a recommended course of action. They provide free advice to help you navigate the situation and find a resolution. However, it’s important to exercise caution and refrain from accepting offers from third parties promising to recover your lost money. Unfortunately, such offers often turn out to be scams aimed at deceiving you and extracting more money from you. Stay vigilant and rely on trusted sources for guidance.
Step 2. Safeguard Your Email Account
and Other Vulnerable Accounts
If you suspect that your email account has been compromised, it’s crucial to take immediate action to protect yourself. Remember, email accounts are often used as a gateway to other accounts through password or passphrase resets.
Identify Which Accounts to Secure
Once you’ve ensured the safety of your financial accounts, it’s time to focus on securing your other accounts. Pay close attention to the following:
- Your email account that may have been hacked.
- Any other account that relies on this email address for password or passphrase resets.
- Any account that shares the same password or passphrase as the potentially compromised email account.
Prioritise Your Efforts
When securing multiple accounts, it’s best to prioritise the most critical ones first. For most individuals, this includes bank or financial institution accounts, email accounts, business accounts, cloud storage accounts, and any accounts that grant access to other vital services. Accounts with lower sensitivity should be addressed later in the process.
By taking swift action to secure your email account and related accounts, you can significantly reduce the risk of further unauthorised access. Remember, safeguarding your digital presence is essential in today’s interconnected world.
Secure Your Email Account
- Change your password directly through your account’s online platform or app. Avoid clicking on password reset links received via email or messages, as they may be fake attempts by cybercriminals. If unable to access your account, check if the email provider offers an account recovery option, noting that additional verification checks may take some time.
- Review and ensure the accuracy of your account recovery details in your account settings. Remove any unfamiliar account recovery options.
- If available, log out of all devices through your account settings, which can typically be found on the account security settings page. Changing your password should automatically log out all other devices currently logged into your account.
- Enable multi-factor authentication (MFA) if you haven’t already and is supported by your email account. This added layer of security makes it more challenging for cybercriminals to regain access. Remove any unrecognised MFA methods.
By following these steps, you can fortify the security of your email account and minimise the risk of unauthorised access.
Check for unauthorised activity on your email account.
It’s important to check your account activity to determine if the person who accessed your account has done anything that requires a response from you.
- Review your email forwarding rules in the account settings. If you notice any unfamiliar rules set up to forward your emails to another address, delete them immediately.
- Thoroughly examine your email folders for any indications of unauthorised activity. Pay close attention to the sent emails folder and deleted emails folder. Look for any emails that were sent, opened, or deleted without your knowledge.
Keep in mind that the intruder may have attempted to conceal their actions, such as permanently deleting emails or marking opened emails as ‘unread.’
Step 3. Secure Your Identity
It’s critical to address the possibility of identity theft as part of your overall security measures.
- Visit the IDCARE website and complete the Get Help Form or dial 1800 595 160 to connect with IDCARE’s Identity and Cyber Security Case Managers. IDCARE serves as the national identity support service for Australia and New Zealand. By engaging with an IDCARE Case Manager, you can develop a tailored response plan for your situation and receive ongoing support throughout the process. The IDCARE Learning Centre is also an invaluable resource for learning about preparation, prevention, detection, and response to identity and cyber security concerns.
- If you suspect that your identity has been compromised, consider applying for a Commonwealth Victims’ Certificate. This certificate can provide support for your claim of being a victim of identity crime and can assist you in re-establishing your credentials with government agencies and financial institutions.
By seeking assistance from IDCARE and utilising the available resources, you can take proactive steps to protect your identity and regain control over your personal information.
Step 4: Secure Your Device
Protecting your device from malware is essential to maintain its integrity and ensure your data’s safety.
Malware refers to malicious software that can cause various harms, such as tracking your activity, stealing information, encrypting, or deleting data, using your device for cryptocurrency mining, rendering your device unusable, and spreading to other devices.
Detect and Remove Malware
- Ensure that your device has antivirus software installed. Windows 10 and Windows 11 come with pre-installed antivirus software called Microsoft Defender. If you don’t have antivirus software, download, and install a reputable one on your infected device.
- Confirm that your antivirus software is receiving regular signature updates. If your antivirus software is on an expired subscription, renew it or consider switching to a free alternative that provides the latest signature updates.
- Turn off Bluetooth and Wi-Fi and disconnect your device from other networks and external storage devices. This minimises the risk of malware spreading.
- Run a comprehensive device scan using your antivirus software to detect and remove any malware. Keep in mind that this scan may take a significant amount of time to complete.
- Continuously monitor your device for any signs of malware. If you still observe suspicious activity or if the antivirus scan doesn’t resolve the issue, performing a factory reset on your device may be necessary to eliminate the malware. Remember to back up your data before proceeding, as a factory reset will erase all your information.
Backing Up Files from Your Phone or Tablet
If the malware has infected your phone or tablet, you can safeguard your important data by following these steps:
- Back up essential information such as photos, videos, contacts, and messages to your device’s cloud service. Connect your device to the internet temporarily to accomplish this task.
- Keep in mind that photos received through messages or other apps may be saved in different locations than the ones in your camera roll. Consult an IT professional before backing up other file types to avoid inadvertently backing up infected files.
By diligently securing your device and taking necessary precautions, you can effectively mitigate the risks associated with malware. Stay proactive and consult professionals when needed to ensure the safety of your data.
Backup files from your computer
Creating a backup when your computer is infected with malware can be challenging. Accidentally backing up an infected file can spread the malware or reintroduce it later. To safely back up your data and minimise the risk of spreading the infection, follow the provided flow chart.
Backup your account credentials
Make sure to backup all your associated account credentials if you have authentication applications like Google Authenticator or Microsoft Authenticator on your device. Failure to backup your credentials could result in losing access to your accounts. Consult the vendor documentation for the best method to backup your account credentials.
Perform a factory reset
Once you’ve checked your backups, secured your data, and transferred any authenticator applications, it’s time to perform a factory reset. The steps for a factory reset vary across devices, so refer to the manufacturer’s website for guidance.
After the factory reset, connect your device to a trusted network (such as your home or work Wi-Fi) to download and install up-to-date versions of your operating system and software. In most cases, a factory reset will eliminate all malware. If you still notice signs of malware, consider seeking assistance from an IT professional.
Restore your data
Now that the malware has been removed from your device, you can safely connect it to your backups and restore your data. Remember to only restore data from a backup if you are confident, it is free from malware.
Step 5. Record and Report
Make a detailed record of the incident, including what occurred, when it happened, possible causes, and the steps you took in response. Use this record to report the incident to the relevant authorities:
- If you suspect the unusual activity or login attempts are related to a scam, report the incident to Scamwatch.
- Check ReportCyber to determine if the incident should be reported to the ACSC.
- Notify your account provider (e.g., Facebook, Google, PayPal) about the incident.
Step 6. Prepare and Prevent
After addressing the incident, take a moment to reflect on its causes and identify strategies to minimise the impact of similar incidents or prevent them entirely. Cybercriminals employ diverse methods to gain unauthorised access to accounts, such as password guessing, social engineering, phishing, and exploiting leaked credentials from data breaches.
Strengthen your security measures by using robust and unique passphrases, utilising a password manager, and enabling MFA on all applicable accounts. These simple practices go a long way to harden your overall security.