How to know if you have been hacked

Jade Mansfield from Criterion Systems, advises how to take back control if you’ve been hacked, how to spot unusual behaviour and how to secure your accounts to leave them less vulnerable in the future

Hacking has been a constant threat when using the internet since its early days. Exploiting vulnerabilities is one of the central objectives of a hacker, so it’s no surprise that a global catastrophe can be seen as an opportunity to take advantage of people’s isolation and confusion. 

With even more online scams to be aware of and with so many people working from home, it can be difficult to be sure of what to avoid and what to do if the unfortunate does happen. Being hacked doesn’t always mean losing money and access to online accounts so it’s important to be aware of other signs of suspicious activity as well as ensuring that your online behaviour is as safe as it can be.

COVID phishing scams

With the advent of the coronavirus pandemic, the daily lives of everyone around the world changed rapidly, as countless countries went into lockdown and a majority of people began working from home. In the early months of the pandemic, hackers did as much as they could to exploit the uncertainty and vulnerability of these workers. Google claims that in mid-April, they were blocking over 18 million COVID-related malware and phishing emails. These come in many forms and will still be in circulation today, taking advantage of the continued economic, political and social upsets happening across the globe.

With so many people working from home, virtual meetings have skyrocketed, so hackers have taken to spoofing virtual meeting invites to encourage people to download malware. Many emails are inviting victims to attend job termination meetings, exploiting their anxiety and panic to gain access to their computers and personal information. As a general rule, don’t open these email invites unless you are expecting them and always double-check the email address of the sender, as well as confirm such meetings with co-workers through a different channel if in doubt.

In addition to any information about ‘cures’ for the virus, be suspicious of any download invites you aren’t expecting, for example, from sites/businesses you’ve used for years. If you are unsure whether a download invite is real, go directly to the website of the business named in the email to find out if there has been any official announcement and download the update directly from their website to be sure.

How to spot unusual behaviour

It isn’t always possible to avoid malware so knowing the tell-tale signs of malicious activity on your computer will help minimise the damage any successful hackers can do with your details or personal information. 

Suspicious activity to look out for:

• Notifications from software you don’t remember installing – sometimes malware will install spoof software on your computer which will then change your settings or prompt you to enter personal information.
• New browser add-ons or new homepage locations – any unfamiliar changes to your browser could mean that your internet behaviour is being monitored by hackers.
• Your internet searches are redirected – If you find you are being redirected to unsafe sites or seeing regular popups, this could also be an indication you have been infected by malware.
• Your online account is missing money – this is a more serious situation that could arise from accidentally giving out banking details. In this situation, it’s best to contact your bank by phone and restrict access to your account as soon as possible.

Should you discover suspicious activity on your computer on your online accounts, it’s always best to carry out a full restore to a known good state and secure your accounts with additional safety measures. 

How to take back control

The first step to taking back control from a hacker is to restore your computer to a safe back-up point. The best advice is to carry out a full restore but this isn’t always the most practical option. If you can’t complete a full restore, you’ll need to tackle the suspicious activity directly. For example, if you notice suspicious browser behaviour, try resetting your browser to its default settings to try and flush out the malware. If you notice unrecognisable software on your computer, uninstall it from your device and carry out a full antivirus scan of your computer

If the hackers were able to gain access to any of your online accounts, from your Netflix to your bank account, notify the business and follow their recovery procedures to best protect yourself against future breaches.

How to secure your accounts 

The best way to keep your online accounts secure is to use multi-factor authentication. This involves two or more steps to gain access to your accounts, making it more difficult for hackers to make use of any details you may have let slip. Many online banking systems already use multi-factor authentication, but for other, low-level accounts, it’s also a good idea to ensure nobody is taking advantage of the products and services you pay for.

Antivirus software isn’t always the most effective method of preventing malicious activity on your computer and it can often miss harmful software when carrying out scans. However, it does add an extra level of protection and acts as the first line of defence should you fall victim to a phishing attack or other malicious software exploitation.

Additionally, human error is to blame for around 90% of all online security breaches. Especially in such an uncertain time, it’s essential that we keep our guard up and maintain strong cyber hygiene. As so many people are working on personal devices for work, staying suspicious will help to protect both personal and professional information from the criminals who are attempting to use a period of such hardship for others to their own gain.

Hackers carry out thousands of break-in attempts every second across the globe, so it isn’t always the case that we can prevent them all. The safest practice is to avoid suspicious sites and files at all times, but knowing what to do should a hacking attempt be successful is equally important to mitigating the damage done.