If you're asking "have I been hacked?"—trust that instinct. Hackers rarely announce themselves. Most victims don't find out until accounts are drained, credentials land on the dark web, or a colleague reports getting phishing emails "from you."
This guide covers 12 concrete warning signs of compromise, how to verify them with free tools, and exactly what to do if you've been hacked. Whether it's your computer, phone, email, or bank account—here's how to know.
12 Warning Signs You've Been Hacked
1. Your passwords suddenly stop working
If a password that worked yesterday is now rejected—and you can't get through the password reset process either—someone has likely changed your credentials to lock you out. This is one of the clearest signs of account takeover. Act immediately.
2. Your accounts show changes you didn't make
Look for: a new recovery email or phone number you didn't add, unfamiliar login locations (another country or device), deleted two-factor authentication, or changed security questions. These signal that an attacker has already accessed your account and is quietly maintaining it.
3. Your device is slow or overheating for no reason
Malware—especially cryptominers and keyloggers—runs silently in the background, consuming CPU and battery. If your laptop fan runs constantly, your phone drains faster than usual, or your machine is sluggish without a clear cause, a hidden process may be the culprit.
4. Software you didn't install appeared
Unexpected programs appearing on your device—especially anything that launches on startup or tries to connect to the internet—is a serious red flag. Ransomware, spyware, and RATs (Remote Access Trojans) all arrive uninvited. Check your installed apps and startup list regularly.
5. Your email or social accounts sent messages you didn't write
If contacts report receiving suspicious messages from you, or you find emails in your Sent folder you don't recognize, your accounts have been compromised. Hackers use this access to run phishing attacks against your contacts—who are more likely to trust a message from someone they know.
6. Your mouse cursor moves on its own
If your pointer makes purposeful, deliberate movements—navigating menus, selecting files—while you're not touching the mouse or trackpad, you almost certainly have a RAT installed. This means someone is actively controlling your computer in real time. Disconnect from the internet immediately.
7. Fake antivirus or security pop-ups appear
Legitimate antivirus software doesn't appear out of nowhere demanding urgent action. If pop-ups warn about infections you never scanned for—especially ones that look slightly off or pressure you to click to "fix" the problem—these are malware prompts trying to get you to install more malware. Don't click them.
8. Your browser has new toolbars or redirects you unexpectedly
Browser hijackers modify your homepage, swap your default search engine, and install toolbars without your permission. If typing a URL sends you somewhere unexpected, or searches redirect to unfamiliar sites, your browser—and likely your device—has been compromised.
9. Your security tools were disabled and you didn't do it
Sophisticated malware disables Windows Defender, firewalls, and other security software immediately after installation—to avoid detection. If Task Manager, Registry Editor, or your antivirus is suddenly inaccessible, that's a strong indicator of active compromise. Don't ignore it.
10. You see a ransomware message
This is the most unambiguous sign: a full-screen message demanding payment to unlock your files or restore access. Do not pay. Disconnect from the network immediately, notify your IT team, and contact a cybersecurity professional. Paying rarely works and often marks you as a target for repeat attacks.
11. Unauthorized financial transactions appear
Unknown charges, wire transfers you didn't authorize, or missing funds signal that your banking credentials or payment data have been compromised. Hackers often wait weeks before using financial data to avoid triggering fraud alerts. Monitor your statements closely—especially after any other signs of compromise.
12. A third party notifies you of a breach
Often you don't discover the hack yourself. Your bank flags a suspicious transaction, a friend reports receiving a phishing email "from you," or a service sends a breach notification. These external alerts should never be dismissed. Treat every one as legitimate until confirmed otherwise.
How to Check if You've Been Hacked (Free Verification Tools)
Check HaveIBeenPwned.com
Go to haveibeenpwned.com and enter your email address. This free service checks whether your credentials have appeared in known data breach databases. If your email shows up, change passwords for all affected accounts immediately—starting with email and financial accounts.
Use Chrome or Apple's built-in password monitor
Both Google and Apple now include password compromise detection natively.
On Chrome: Settings → Privacy and Security → Password Manager → Check Passwords. Chrome will flag any credentials that have appeared in known breaches.
On iPhone: Settings → Passwords → Security Recommendations. Apple will list every saved password that has appeared in a known data breach.
Review account login activity
Google, Apple, Microsoft, and most social platforms let you review recent sign-in activity—including device type and geographic location. A login from a country you haven't visited, or a device you don't own, is a red flag. Revoke access immediately and change your password.
Run a malware scan
Download a trusted anti-malware tool—Malwarebytes offers a reliable free version—and run a full system scan. If you suspect active compromise, disconnect from the internet before running the scan. This prevents malware from communicating with external servers during the process.
Review installed programs and startup apps
On Windows, open Settings → Apps and look for anything you don't recognize. Also check Task Manager → Startup for programs that launch automatically. On Mac, check System Settings → General → Login Items. Anything unfamiliar that you didn't install should be investigated before removal.
What to Do If You've Been Hacked — Step by Step
Step 1: Quarantine the compromised device
Disconnect from WiFi and disable Bluetooth immediately. If it's a work device, unplug from the corporate network. Isolating the device stops attackers from continuing to exfiltrate data or spreading to other devices on the same network.
Step 2: Change your passwords — from a clean device
Don't change passwords from the compromised device—keyloggers may be capturing every keystroke. Use your phone or another unaffected computer. Start with your primary email account (which controls password resets for everything else), then financial accounts, then all other services.
Step 3: Enable two-factor authentication on all accounts
Once passwords are reset, add 2FA to every account. Use an authenticator app (Google Authenticator, Authy) rather than SMS for critical accounts—SIM-swapping attacks can intercept text message codes. Enable 2FA on email and banking accounts first.
Step 4: Alert relevant parties
Notify your bank immediately if financial data may have been involved. Alert your IT department if a work device was compromised—they need to check if other systems were affected. Let contacts know not to click links from your accounts. If personal data was exposed, consider placing a credit freeze with Equifax, Experian, and TransUnion.
Step 5: Document everything and report
Screenshot the signs of compromise—unusual logins, unauthorized changes, ransom messages. Report financial fraud to the FBI's Internet Crime Complaint Center (ic3.gov). If you're a business, review your breach notification obligations—most US states and many countries require notifying affected individuals within a specific timeframe.
Device-Specific Warning Signs
Signs your computer has been hacked
- Unfamiliar programs in the installed apps list or startup queue
- Sudden, unexplained slowdowns or fan activity
- Files modified, moved, or deleted without your action
- Antivirus or Task Manager suddenly inaccessible
- Mouse cursor making autonomous, purposeful movements
- Browser redirecting to unexpected sites
Signs your phone has been hacked
- Battery draining far faster than usual
- Phone running hot even when idle
- Unfamiliar apps installed
- Unexplained spikes in mobile data usage
- Calls or texts you didn't send appearing in your history
- Strange behavior from apps — camera or microphone activating without use
Signs your email account has been hacked
- Login activity showing unfamiliar locations or devices
- Contacts receiving messages you didn't send
- Recovery email or phone number was changed
- Emails in the Sent folder you don't recognize
- New filters or forwarding rules you didn't create (attackers use these to silently forward emails)
Signs your social media account has been hacked
- Password or email address changed without your action
- Profile details (name, birthday, profile photo) altered
- Friend requests sent to people you don't know
- Posts published from your account that you didn't write
- Messages sent from your account to your contacts
Signs of banking compromise
- Unrecognized charges or transfers on your statements
- Statements arriving later than expected (attackers sometimes update the mailing address)
- Alerts from your bank about login attempts or unusual activity
- Credit cards declined without explanation
The Consequences of Getting Hacked
The damage from a hack extends well beyond the initial breach. Common consequences include:
- Identity theft — Personal data is used to open new accounts, take out loans, or commit fraud in your name
- Financial loss — Drained accounts, fraudulent charges, and wire transfers you can't reverse
- Reputational damage — Hackers using your accounts to send spam or phishing attacks damage relationships and professional credibility
- Data exposure — Sensitive files, credentials, and customer data may be sold on dark web marketplaces or used for extortion
- Business disruption — For organizations, ransomware or data theft can halt operations and trigger regulatory penalties
For businesses, the stakes are especially high. Data breach response—legal fees, notification costs, regulatory fines, and reputational recovery—typically costs far more than the preventive measures that could have stopped the breach.
How to Prevent Being Hacked: 8 Security Practices
1. Use strong, unique passwords for every account
Never reuse passwords. A password manager (Bitwarden, 1Password, or Dashlane) generates and stores unique, complex credentials for every site. This ensures that one compromised password doesn't cascade into a full account takeover.
2. Enable two-factor authentication everywhere
2FA stops most credential-based attacks even when your password is compromised. Use authenticator apps over SMS for critical accounts. Enable it now on email, banking, and any account that holds sensitive data.
3. Monitor for compromised passwords regularly
Set up breach monitoring so you know the moment your credentials appear in a new data breach—not months later. Chrome, Apple, and services like HaveIBeenPwned all offer alerts. Don't wait for signs of a hack to check.
4. Keep software and operating systems up to date
Unpatched vulnerabilities are one of the most common attack vectors. Enable automatic updates on your OS, browsers, and critical applications. Don't defer security patches.
5. Be cautious on public Wi-Fi
Public networks are easy for attackers to intercept. Avoid logging into bank accounts, email, or anything sensitive on public Wi-Fi. Use a VPN if you must work on untrusted networks.
6. Control what you share on social media
Attackers use social media to gather data for social engineering attacks—your company, your family members' names, your job title. The more visible your life, the easier it is to impersonate you or craft a convincing phishing message targeting you specifically.
7. Think before you click
Phishing emails remain the #1 delivery mechanism for malware. Before clicking any link—even one from a known contact—verify it's expected. Hover over links to see the actual URL. When in doubt, go directly to the site rather than clicking through the email.
8. Invest in breach monitoring for your organization
For IT teams and business owners, individual vigilance isn't enough. Endpoint monitoring tools can detect device compromise in real time. Dark web monitoring services scan for leaked corporate credentials before attackers exploit them—giving your team time to respond before a breach becomes a crisis.
Tools like Prey monitor your device fleet and can alert IT teams when devices are accessed outside normal patterns, remotely lock compromised devices, or wipe sensitive data if a machine is stolen.
Frequently Asked Questions
How do I know for sure if I've been hacked?
There's no single definitive test, but combining multiple checks gives a clear picture: run HaveIBeenPwned with your email, review account login activity for unfamiliar locations, scan your device with Malwarebytes, and check installed apps and startup programs. Multiple red flags together indicate compromise with high confidence.
Can a hacker access my computer when it's off?
No—a fully powered-off computer cannot be accessed remotely. However, some malware is designed to persist through reboots, so if your device was compromised while on, it may still be infected when you turn it back on.
What's the first thing I should do if I think I've been hacked?
Disconnect the affected device from the internet immediately (turn off WiFi, unplug Ethernet). This stops active data exfiltration and cuts off any remote attacker's connection. Then change your most critical passwords from a clean device—starting with your email account.
Can hackers see my screen?
Yes, if a RAT (Remote Access Trojan) is installed. This gives an attacker full view of everything on your screen and the ability to control your device in real time. Signs include: mouse moving on its own, programs opening unexpectedly, or the webcam light activating when you're not using it.
Will changing my password stop a hacker?
Not necessarily on its own. If malware is installed on your device, changing the password from that same device may not help—a keylogger will capture the new one too. Always change passwords from a clean device, and pair the change with a full malware scan and 2FA activation.
How long does it take to know you've been hacked?
On average, organizations take over 200 days to detect a breach. Individual users often don't notice for months. This is why proactive monitoring—breach notifications, regular password audits, and login activity reviews—matters more than waiting for obvious symptoms.
What if my phone was hacked?
Factory reset your phone after backing up critical data. Before restoring from a backup, verify the backup predates the suspected compromise. Change all account passwords from another device first. Check if your carrier has any unusual activity on your account, as some attackers perform SIM swaps.
Does being hacked mean my identity was stolen?
Not automatically. Account compromise, device compromise, and identity theft are related but different things. Being hacked increases the risk of identity theft, especially if personal documents, financial data, or SSN were exposed. Monitor your credit reports and consider a credit freeze if you suspect sensitive data was taken.
Takeaways
Hackers don't always announce themselves. The most dangerous compromises are the quiet ones—running in the background for months while credentials are harvested and data is slowly exfiltrated.
The warning signs are there if you know what to look for: performance issues, unfamiliar logins, accounts acting on their own, security tools going silent. The verification tools exist and most are free. The response steps are clear.
Staying ahead of hacks requires both reactive readiness—knowing what to do when it happens—and proactive habits: unique passwords, 2FA, regular breach monitoring, and for organizations, real-time device and credential monitoring.
The best time to set those habits up is before the next attack, not after.
