Chances are that you or someone you know has fallen victim to a phishing scam or had an account hacked. These incidents can leave the targeted individuals feeling frustrated, overwhelmed, and confused about what to do next. If you haven’t encountered this before, we recommend having a recovery plan in place in the event it occurs to you or someone you know.
Here’s a step-by-step guide on what to do if you’ve been targeted and impacted by a phishing scam or hacked account.
1. Stay Calm and Assess the Situation
The first step is not to panic. Take a moment to understand what may have happened. Determine the extent of the breach:
- Did you click on a phishing link?
- Is your social media account inaccessible or showing unusual activity?
- Are you receiving or sending spam from your email or other accounts?
Staying calm in order to identify the extent of the problem will help guide your next steps so that you can resolve the issue quickly.
2. Secure Your Accounts
If one of your accounts has been compromised, then it’s possible your other accounts may also be at risk.
a. Change Your Passwords
Immediately change the passwords of the affected accounts, linked accounts, or any others that share similar login information. Use a strong, unique password for each account:
- At least 12 characters
- A mix of letters, numbers, and special symbols
- Avoid reusing old passwords
If possible, use a password manager (such as LastPass or 1Password) to generate and store complex passwords securely.
b. Enable Two-Factor Authentication (2FA)
Add an extra layer of security by enabling 2FA on all your accounts. This ensures that even if someone has your password, they’ll need a secondary code (often sent directly to your cellphone or email) to access your account.
3. Scan for Malware and Viruses
Approximately 90% of phishing attempts start with a suspicious email, and almost 75% are from links directly embedded within an email’s body. If you suspect a phishing link or malicious file was involved, scan your devices for malware immediately:
- Use reputable antivirus software to detect and remove threats.
- Update your operating system and apps to patch any vulnerabilities.
4. Notify the Platform or Service
Once you’ve identified the source of the attack, then it’s time to contact customer support. Report the breach to the affected platform so that they can take further action:
- Social Media Accounts: Most platforms, like Facebook, Instagram, and Twitter, have tools to report hacked accounts. Follow their recovery process steps to avoid continued spam efforts.
- Email Accounts: Contact your email provider for support if unauthorized access occurred, which could indicate a major security breach of the company.
- Banking or Payment Apps: Alert your bank or financial service provider if personal or financial information may have been compromised, so that they can monitor your accounts and reissue you new cards if appropriate to do so.
The sooner you report the issue, the faster they can help secure your account and mitigate further damage to you and other users.
5. Warn Your Contacts About the Breach
Hackers often use compromised accounts to target your friends, family, or colleagues by scanning your contact lists.
- Send an email or post a message on social media (or another contact method) to inform them of the breach.
- Warn them to not click on suspicious links within messages that are sent from or posted from your account. If they are unsure, encourage them to contact you directly to confirm.
- Share what you know about the attack to inform others of the scammer’s tactics.
6. Monitor for Identity Theft or Fraud
If personal information was compromised, closely monitor your accounts for suspicious activity:
- Credit Monitoring Services: Enroll in a service that alerts you to unusual activity.
- Bank Statements: Review transactions daily for any unauthorized charges.
- Social Security Number: Contact credit bureaus to freeze your credit if sensitive information is at risk.
7. Reflect on the Experience
Understanding how the breach occurred is essential to preventing future attacks. Don’t beat yourself up about it, but do the following:
- Recognize Phishing Scams: Be cautious of emails or messages that ask for sensitive information, especially if they come from unknown sources.
- Avoid Public Wi-Fi for Sensitive Transactions: Use a Virtual Private Network (VPN) when accessing accounts on unsecured networks.
- Regularly Update Security Settings: Stay informed about new security features on your accounts and devices.
8. Educate Others
Sharing details of your experience can help others avoid falling victim to similar attacks. Write a post on social media, share tips with friends, or even report the scam to organizations like the Federal Trade Commission (FTC) or your country’s cybercrime division. Awareness is the key to protecting yourself, friends, and family from a future phishing scam or hacked account scenario.
Empower Yourself Against a Future Phishing Scam or Hacked Account Threat
Becoming the victim of a phishing attack, hacking, or spam effort can be unsettling, so it’s important to empower yourself. Bookmark this blog for when you or someone you know may need it. With rapid action and preventative measures, you can recover your accounts, protect your sensitive data, and guard against future threats. Additionally, by sharing your first-hand experience, you can help others protect themselves against attempts that they might encounter in the future.