So you think you’ve been hacked. Maybe your computer is acting strange, tossing pop-ups and random errors up on screen without warning. Or perhaps your social media account has taken on a life of its own, sending out weird messages to your friends telling them you’re stranded in Belarus with no money, when you’re fairly certain you’re still in your Mr. T jam-jams at home in Cleveland.
If that’s the case, let me be the first person to tell you how much that stinks. Let me also be the first to compliment you on your stylish PJs.
Now, let’s get to it. Just because your computer, smartphone, social network or email account has been compromised, doesn’t mean you have to cast your device into a fiery pit to exorcise the cyberdemon that dwells within.
Instead, you can follow these painless tips to take back control of your machine or online account, and get back to spending more time with them than your family. I’ll even go a step further and give you some tips to prevent yourself from falling prey to such security problems in the future.
What to do when your device has been hacked
Let’s start with the most common security issue: malware on your computer. Malware is any kind of software surreptitiously installed on your desktop or laptop that is designed to negatively impact your machine.
Different kinds of malware have different effects on your system. Some can try to steal your personal information, while others will attempt to scam you into paying for services you don’t need.
Of course, as Symantec’s (SYMC) Director of security response Kevin Haley explains, if criminals are doing their jobs right, you’re unlikely to notice much wrong with your machine at all.
If you suspect you’ve fallen victim to some form of malware, the first thing you should do is unplug your machine from the internet. If your machine is infected, and you’re still online, there’s a good chance that you’re sending data back to the person who owns the malware.
Next, run virus and malware scans on your computer. If you don’t have antivirus software, then you’ll want to install it, connect to the internet to download the latest updates and disconnect again. Run the scans to make sure that your machine is clean and then reconnect to the internet. It’s probably worth running another scan at this point to make sure you’re still in the clear now that you’ve reconnected to the web. From there you should be good to go.
If you’ve got an iOS device like an iPhone or iPad, chances are you won’t have to worry about malware since Apple (AAPL) doesn’t allow users to install unapproved software on their machines. If you’ve got an Android device, though, you can open it up to allow for the installation of third-party apps and services. In fact, that’s one of the draws of owning an Android phone or tablet. It’s your machine, so you can do what you want with it.
It’s also an easy way for users to install malware on the handsets. To combat this, your best bet is to install and run an antivirus app on your phone. All of the major antivirus manufacturers offer some form of smartphone antivirus software. And many times it’s free. There are additional features you can get if you pay a little extra or sign up for a monthly plan, but if you’re simply looking for a program to scan your phone and clean it up, you’re unlikely to have to pay up.
There’s one type of malware, though, that’s so insidious usually the only way you can get rid of it is to delete your computer’s or smartphone’s storage drive and start from scratch: Ransomware.
Ransomware is a form of malware that locks down your device, encrypting its contents until you fork over cash to the malware maker for the keys to unlock the encryption and free your files. Most of the time these criminals require payment in the form of cryptocurrency or even iTunes gift cards.
While you might be tempted to pay these crooks to unlock your device, you never should. Your best bet, unfortunately, is to simply reformat your system, deleting everything on your drive. I know that sounds extreme, especially for people who save important data like irreplaceable family photos and videos, tax documents and other information on their drives. But paying criminals only helps to further embolden them and puts more consumers at risk.
What to do when your account has been hacked
So your computer, smartphone and tablet are fine, but your friends have been telling you that they’re receiving strange emails, tweets, Facebook messages or LinkedIn Inmail from you. The thing is, beyond the occasional drunk message your fire off after too many happy hour margaritas, you don’t recall sending any messages at all.
In other words, your account has been hacked. Chances are you fell for some kind of scam via a random email or Facebook (FB) message asking you to click on a link to verify your account, only for that link to have been a fake designed to steal your login information.
It’s a common mistake, it’s how the Russians got access to the Democratic National Committee’s servers, but easily avoidable if you know what you’re looking for. More on that in a minute. For now, let’s get your account back.
If you still have access to your account, meaning whoever took control of it hasn’t changed your password. Log in and reset your password to something entirely different. Don’t just change a letter or number at the end.
Now that you’re in your account, check out your recently sent messages, delete the ones that look strange, and then let your contacts know that your account was taken over and not to open any links that you may have sent them in the last few days. You’ll also want to check out things like your YouTube account to see if someone posted videos under your name.
If you can’t get in, you can try to recover your account password by following the prompts via the “Forgot password” link on most sites. From here you’ll typically need to give answers to basic questions you provided when you first opened your account. You can also use an alias email or a phone number associated with your account, or simply go through the process using two-factor authentication.
Don’t have any of that information handy? Oh, hm, that’s a whole other issue. In the case of Gmail, for example, you’ll simply have to forget about that account entirely. If Google (GOOG, GOOGL) can’t prove that it’s you trying to access your email and not some stooge trying to steal your information, it won’t let you in. That’s the end of that.
Your banking information was stolen
This is the one everyone fears. Someone has gotten a hold of your online banking username and password or gained access to your address, social security number of other piece of important information in a major corporate security breach.
Your best bet here, unfortunately, is to sign up for a crediting monitoring service to ensure that no one tries to open a credit card, or make a major purchase in your name. You should also check out your recent bank, store cards and credit card transactions to ensure that no one is using them without your knowledge.
How to secure your computer and accounts
The steps needed to keep your computer and smartphone and email, social and banking accounts safe are incredibly similar. The single most important thing you can do is to improve your password by using strings of letters and characters rather than simply numbers. Think about it, there are 10 numbers of your keyboard to choose from and 26 letters.
It makes sense that it would be more difficult to guess a password with more letters. Throw in characters like exclamation points, question marks, hashtags and asterisks and you’ve got a much stronger password. Just make sure you’re not using easily guessable phrases like “password” or “p@ssword!.” Those are already too easy.
You should also make sure to use different passwords for each account you have. Doing so ensures that if a hacker who takes control of one of your accounts won’t be able to take over multiple accounts with the same login credentials. If remembering a bunch of different passwords is too difficult for you, you can use an app like LastPass to help manage them.
Beyond ensuring your passwords are all unique and difficult to guess, you’ll also want to tell setup two-factor authentication for all of your online accounts. Two-factor authentication requires that every time you log into an online account, you have to enter a second randomly-generated password that’s usually sent to you via password or an app. This ensures that you are the only person logging into your account.
Of course, you’ll also need to be more careful about the kinds of emails and social network messages you open or reply to and the links you click. To ensure an email isn’t fraudulent, you can move your cursor over the sender’s name to see if it’s coming from a known address.
If you receive a message with a link included, you can mouse over the link to see the actual URL. So if you receive an email that says its from Google and wants you to enter your username and password via an included link, you can cursor over the link to see if it’s actually going to a Google website, or a fake site.
Your best bet is to always be wary of any emails asking you to click a link or download a file. Even if the message says it’s from your own mother, you’re better off checking out who the real sender is than compromising your computer and email account.
If you follow these tips, you’re likely to save your computer or social accounts and stay safe going forward. Now get online and back to ignoring the people around you. I know I will.
More from Dan:
Email Daniel Howley at firstname.lastname@example.org; follow him on Twitter at @DanielHowley.