Written by guest blogger, V. Jordan Hutchison, aka “The Intern”
It happens to the best of us. You’re going through your day normally, using good internet safety practices and answering emails. All of a sudden, a friend or family member forwards you a strange email you apparently sent them. “You’ve been hacked,” the subject reads. “I’m pretty sure you didn’t mean to send me this link to a time-sensitive Viagra discount.” Unless that’s your thing, in which case, you probably weren’t hacked. Other notable hacking signs include: erased contacts, mysteriously empty inboxes, and weird changes to your account. What are you supposed to do next?
Change Your Password
First things first: try to log into your account. Sometimes this is easier said than done. If the hacker changed your email password, you’ll be locked out of your account. In this case, contact your email provider for help. You may also be able to reset your password by answering security questions or sending a password reset link to an alternate email.
If you’re one of the lucky ones and you can log into your account, change your password immediately. If the hackers actually got into your account (more on that later) they know your old username and password. Therefore, you need to change it FAST. Your new password should be completely different from your old one – consider using a series of random numbers, letters, and punctuation. When creating a password, imagine that your arch-nemesis will be trying night and day to crack the code. Don’t make it easy for them by using your dogs name, or God forbid, your birthday.
Spread the Word
Now you need to contact your email provider. Let them know that you may have been hacked. They might have some good advice for you or tools that will help you resolve the issue. Even if they don’t, it’s good to let them know about a potential security breach. They don’t want your email hacked any more than you do.
Next, send a second email to everyone in your contact list. Let them know that you’ve potentially been hacked and advise them not to open any suspicious looking emails. As a reminder, suspicious looking emails include:
- Emails with nothing but a link
- Emails with long, complicated-looking links
- Emails that ask you to enter any personal information (your birthday, usernames, passwords, etc.)
- Emails from people you don’t know with suspicious-sounding subjects such as “Free Ten-Year Vacation!”
- Anything in your spam box that you’re not absolutely sure you can open
If, unfortunately, your friends may have been hacked as well, do the right thing and send them to this blog. It only gets worse before it gets better.
Scan Your Computer
Now comes the fun part. You’ll need to run a COMPLETE scan on your computer before doing anything else. You need to run a few scans to search for viruses, spyware, malware, and other nasty computer gobbledy-gook. If you have a favorite virus, spyware, and malware protection program, go ahead and use it. Of course, I have a few recommendations.
Antivirus: Windows Defender
I love Windows Defender. It’s a free program that’s built in to the later versions of Windows, which means you probably already have it. It scans programs before you open them, downloads updates automatically, and allows you to choose between quick and in-depth scans. Here’s my favorite part: it doesn’t force you to download “crapware,” or secondary programs that you don’t really want anyway.
However, some testers have claimed that Windows Defender doesn’t provide comprehensive protection for high-risk users. In case you were wondering, high-risk users download things willy nilly and install any plugin that winks at them. Have some modesty. Don’t be a high-risk user.
If you have an old version of Windows that doesn’t already come with Windows Defender, download the older version of this program. Then, run a full scan to search for viruses. While this scan is running, DON’T USE YOUR COMPUTER. You’ll only slow things down.
Close second: Avast Pro, the paid subscription. Download it here.
Malware Protection: Malwarebytes
This virus and malware protection software really does a great job of removing stubborn malware. Once installed, this program will scan your computer and quarantine any suspicious files. You can choose from a variety of protection options with varying price points. However, the free version works just fine in my opinion.
Once you’ve installed Malwarebytes (click here to download the free version) run a scan to check for malware. The program will quarantine any infected material so that you can delete it.
Spyware Protection: Avast (the free version)
Avast is a great program that offers virus and malware protection. However, it really shines when it comes to detecting spyware. You can get a paid version of this program or download it for free to get started.
Next, you need to run a boot scan. To do so, open the Avast user interface and select the “Boot-time Scan” option from the “Scan for Viruses” drop down menu. The program will ask to restart your computer; click yes. (Obviously, make sure all important documents are saved and closed before clicking yes.) Your computer will restart. While it’s restarting, Avast will run a comprehensive scan. Once finished, the computer will finish starting up. If you need to delete any infected files you will be prompted to do so.
- Run a scan of Windows Defender (or comperable Antivirus program.)
- Run a scan of Malwarebytes.
- Run a boot scan of Avast.
- Scream in frustation because your computer has been running scans for three hours.
Remember not to mess with your computer while it’s scanning for infected files. Go play on your phone or something.
Do Damage Control
“What?” you sputter. “There’s more STUFF I have to do? I just spent all morning running virus scans! Surely that’s enough!” And then you continue with your day, pretending that none of this happened. Well, I suppose this step is technically optional, and by optional I mean that if you don’t do it, you could potentially broadcast your credit card numbers, social security number, banking passwords, and auto-saved credentials. So, “optional.”
Unless you’re a hacking pro (you’re not, or you wouldn’t need to read this article) you probably have no idea how the email hackers got your information. That means that they could have access to ANYTHING. You need to do some serious damage control.
1. Change your banking passwords.
Even if you don’t think it’s necessary, do it for the peace of mind. Use a new, exciting, difficult-to-guess password full of random numbers, letters, and punctuation. The last thing you want is for all your money to disappear.
2. Comb through your email for usernames and passwords.
This is perhaps the most tedious step. If you’ve ever sent or received sensitive password information over email, you need to identify those passwords and go change them. Don’t simply delete the emails; the hackers may already have those passwords.
3. Monitor your various financial accounts.
If, heaven forbid, the hacker managed to get hold of your social security number, they may use it to open a credit account or sign you up for all kinds of fun things. For the next year (or always, really, you should always do this) keep an eye on your accounts for suspicious activity. Get a free credit report from Credit.com every year to monitor your credit. If you see anything strange, talk to a financial adviser or the friendly folks at Credit.com. They’ll be able to help you freeze your credit while you sort everything out.
You’re through! Time to open a beer and question your life choices. Happy browsing!