Cyber SecurityHacking Protection 101

Have I Been Hacked? Find Out and Protect Yourself

It seems like everyone is getting hacked these days. You may be feeling left out if you haven’t been!

The reality is that you have likely been hacked in some way… even if you don’t know it. In fact, a study by Michael Cukier from the Clark School of engineering reports that hackers attack every 39 seconds!

If you’re the owner of a business, preventing hacking should be one of your top priorities. Did you know that 60% of businesses that get hacked close within 6 months!

That’s right, 60% within 6 months. We don’t want your business to be another statistic.

With that goal in mind, we’re exploring how to tell if you’ve been hacked, what to do if you’ve been attacked online, how you might be encouraging the attacks and how to protect yourself.

How to Tell if You’ve Been Hacked

Have you been hacked? Sometimes, it’s obvious… your phone won’t start or your computer is missing files. Other times, it’s more subtle.
Here are a few indications you’ve been hacked:

  • Your email has been sending messages you didn’t create
  • Your passwords have changed without you knowing
  • Your device is installing software you didn’t authorize
  • You get fake antivirus messages asking you to install
  • Your personal data is leaked

Since there are almost endless indications of being hacked, it might be worthwhile to know what types of hacking are out there.

Types of Hacks

Email Hacks

In your Apple or Google email settings, you’re able to check the physical locations where your account has been logged in. If you check the locations and see someone logging in from another state or country, that likely means you’ve been hacked.

In some instances, the usernames and passwords of a large number of accounts will be shared online. Websites like HaveIBeenPwned.com and BreachAlarm.com let you search for your email address to see if your account info is listed among these hacked profiles

Social Media Hacks

Social media accounts reveal hacking through sign-in locations. If your social media account password or email changes without your knowledge, you’ve almost certainly been hacked.
Same goes if:

    • Your name or birthday changes
    • Friend requests were made to people you don’t know
    • Messages have been sent from your account that you don’t recognize
    • Your account published posts you’ve never seen before

Mobile Device Hacks

Your mobile device might be hacked if you start to see unfamiliar apps installed. If your phone dies too quickly, that might indicate malware running in the background and using up your battery.
Or, you may get unexpected packages sent to your home. All of these symptoms suggest mobile device hacking.

Computer Hacks

It’s virtually certain that your computer has been hacked at one point or another without your knowledge. PCs, in particular, have been attractive targets for viruses and malware for at least two decades.

How do you know your computer has been hacked? Sometimes, it’s clear. Maybe it won’t start or your files are frozen by ransomware.

Other times, computer hacking is more subtle. For example, say your computer seems sluggish. You might have malware on your system that’s slowing you down but still enabling you to use the machine.

Examples include crypto-currency “mining” software and various forms of spyware that watch where you browse in order to send you spam messages.

Banking Hacks

Banking systems are typically harder to hack, but it certainly still happens.
Signs of bank hacking include unknown charges and fund transfers, but there are other early warning signs. If you don’t receive a statement in the mail on its expected date, that is a cause for alarm.

What to Do If You’ve Been Hacked – In 4 Steps

So you’ve been hacked. There are several steps you should take to mitigate the attack and get your devices back on a safe track.

1. Reinstall your operating system

If you have been hacked, you need to reinstall your operating system (OS).
Backup services like Carbonite can be extremely valuable in this scenario. If you have to start over, they will have a fresh copy of your data ready for download. Along with hacking protection, backup services are also useful for basic computer crashes that can disrupt your life.

2. Change your passwords

Another crucial step to take is to change your passwords…. all of them. Hackers usually need continued access to your accounts, so cut them off while you still can.

When changing your passwords, varying passwords between accounts and devices is a good practice. This can be tedious to do, but it’s worthwhile.
Passphrases can also work well.  With a passphrase, you create a long, hard-to-guess password out of a phrase.

For example, if the Beatles is your favorite music group, you could have a password like “herecomesthesun”. You can make that passphrase even stronger by using combinations of letters, numbers and punctuation marks… like “herec0me5the5un!”

Some people start with a basic passphrase for one account and add characters so it’s different for each additional account. For instance, if your passphrase is “herecomesthesun”, maybe you would make it “fb$herecomesthesun” for Facebook, “tw$herecomesthesun” for Twitter, and so forth.

This helps protect you from brute force attacks and random guesses.
Try using a password vault like LastPass. LastPass allows you to store all of your different passwords in one vault for easy account access.

When changing your passwords, varying passwords between accounts and devices is a good practice. This can be tedious to do, but it’s worthwhile.

3. Regularly scan your computer

It’s a good practice to scan your computer regularly for malware or viruses. This won’t catch everything, but it can help a lot. Similarly, it’s wise to keep an eye on financial accounts.

With new passwords and a new system, you can get your accounts back to normal.

4. Enable two-factor authentication

There are many options out there for two-factor authentication. This allows for your passwords to be double protected. Google uses this, for example, they’ll ask for your email and password and then send a notification to your iphone or other device.

If you’re interested in two-factor authentication, you can check out software like Okta or Duopush.

What Does “Being Hacked” Actually Mean?

One problem with hacking is the overly dramatic image that’s been built around this activity in the media.

The idea is that hackers are “bro” dudes in hoodies banging away at keyboards in dusty basements. When they use their evil genius minds to breach our defenses, their monitors light up and the timer on the nuclear warhead starts counting down… 10, 9, 8, 7…

In reality, hacking is a lot less glamorous. In fact, the very best hacks are so skillfully done that the victim doesn’t even know they’ve been compromised.

There are many types of hacks, some are personal and targeted (your own devices and information only), others can be widespread and are caused by data breaches. If a company that holds your information unintentional leaves their data vulnerable, it can lead to a data breach, which opens your information to hackers.

In our experience, we see a few broad types of hacking that you should understand if you want to stay safe:

  • Espionage Hacking

Many hackers work for governments (either directly or indirectly). Their activities are intended to steal information that might be valuable from an espionage point of view. Examples include Chinese Intelligence’s theft of American weapons designs and the breach of the US Government’s Office of Personnel Management.

  • Disruption hacking

A hack is often designed to interrupt the activities of life. This can occur at the personal level, where someone makes your phone go dead or in corporate or government spheres. The Sony Pictures Hack offers an example. In this case, North Korean agents caused embarrassment and business disruption at a movie studio that was releasing a film they considered insulting to their country.

  • Crime related hacking

Hacking for profit is one of the biggest threats we all face. Typically, a criminal hacker is trying to steal data that is valuable enough to be sold on the “Dark Web,” which is a sort of global online black market. Hackers can sell personal information, credit card numbers, corporate system log-ins, trade secrets and so forth to other criminals who use them to make money.

One distinction worth making is between hacks that target your personal devices versus those that target your data when it’s situated elsewhere. Chances are, you’re subject to both, but the motivations and consequences are different.

Personal device hacks

Your personal devices are likely riddled with malware. It is invisible and may not even interfere with your life very much. Malicious actors might be using your device to mine for cryptocurrency or to serve in a botnet.

In some cases, the hacker is after you, specifically, perhaps to impersonate you or find out confidential data about you. Or, they could target you (and many others) with ransomware. In this type of attack, the hacker implants malware that locks up your files until you pay a ransom, usually in Bitcoins.

Personal account hacks

In another scenario, an account you control gets hacked, even if it’s not on your device. This can happen with banking, email and social media accounts, where hackers take over your account to send spam emails or trick your friends into sending them money or divulging personal information.

Data about you sits on innumerable computer systems, vulnerable to breach. If you’re an American adult, your data was stolen in the notorious Equifax breach. Your personal data was also probably stolen in hacks against Target Stores, Home Depot, and others.

As James Comey, then head of the FBI, once said, “There are two kinds of corporations in the United States: Those who have been hacked by the Chinese and those who don’t know they’ve been hacked by the Chinese.”

Foreign intelligence services have been vacuuming up data about Americans for years. The only reason it isn’t a more serious problem for consumers is that the data is being used for intelligence, not criminal purposes.
people working computers and mobile

Bad Habits that Lead to Hacking

Here’s what not to do if you’d like to prevent a future hack. Bad habits include:

  • Using the same passwords across multiple accounts
  • Overusing a single email
  • Being overly trusting of public Wi-Fi

You can get yourself into cyber trouble by downloading strange email attachments, clicking on unsafe links (or links that look normal but are actually traps), downloading free software that seems too good to be true, and shopping on unsecured sites.

All of these behaviors expose you to risk, as does not encrypting your data or storing credit card information online.

6 Ways to Prevent Future Hacking

You have the ability to stop hackers, or at least make things a lot harder for them. To do this, keep in mind the following steps:

1. Prioritize email and password security

Use strong passwords or phrases. Make sure your security questions are not easily guessable. We also recommend having some sort of password manager that is reliable and highly protected. This can allow you to have access to passwords and create difficult passwords that are not easy to guess. We recommend LastPass.

2. Update your software regularly

Developers add security features and patches over time, so make sure your apps and software is up to date.

3. Be careful about your online behavior

Secure browsing practices are recommended, like looking for the “Secure” indication on sites that you visit and especially sites where you shop (On Chrome, it looks like a little green padlock).

4. Don’t trust Public Wi-Fi for sensitive work

Using public WiFi opens you up to a multitude of threats – yet 75% of people admit to checking their email on a public connection.
To avoid threats, never use public Wi-Fi to shop, use your credit cards, log in to banks or financial institutions, or any other sensitive sites.
Also, monitor your Bluetooth connection when in public places.

5. Monitor what you share on social media

Social sharing can expose you to risk. When hackers can learn details of your life, they can impersonate you.

For example, what’s your mother’s maiden name? Some Facebook profiles literally spell this out for hackers to steal. Physical safety is also a consideration here… if you post about your vacation, you could be telling burglars you’re not at home.

Careless oversharing on social media can also increase your risk of being the victim of a social engineering attack. These attacks might involve a hacker impersonating a friend or coworker in order to manipulate you into disclosing private information, login credentials, or even sending money.

6. Be aware of “grandparent hacks”

Older people are frequently targeted in so-called “grandparent” hacks.
In a grandparent hack, the hacker identifies a younger person’s age and name on social media. They use this information to contact their older family member, claiming to be the grandchild. The hacker will make a claim like mentioning they are stuck in a foreign city and need a wire transfer to get home.

Be aware of attacks like these and be careful about the information you share on social media.

Takeaways

You will be unable to avoid some hacks, but your level of vulnerability much of the time depends on how well you secure yourself. The trick is to adopt strong security habits and avoid situations where you open yourself up to risk.

By learning to prevent what’s avoidable, you can mitigate most of what’s inevitable.

data loss
About the author

Hugh Taylor

Hugh Taylor is a Certified Information Security Manager (CISM) who has written about cybersecurity, compliance, and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google, and Advanced Micro Devices. He has served in executive roles at Microsoft, IBM, and several venture-backed technology startups. Hugh is the author of multiple books about business, security, and technology