Rememberance Day Flyover Chatham, ON
Rememberance Day Flyover Chatham, ON Sharon Drummond

What To Do When You're Hacked

Rob Tacey Rob Tacey

Here's the directions I give to my coworkers when they're hacked.  I know it's not terribly original. It's been cobbled together from a variety of sources (as well as some hard lessions discovering malfeasance after the fact).  For sure there's lots of these guides on the Internet but I like to keep this one available on whatever knowledge base is available where I'm working.

There's a couple of reasons why I crib this kind of thing together rather than just pointing someone at a link:

  • Links change, move, or become obsolete.  If you point one of your coworkers at this blog in a year's time it may not even be here.
  • Many of these kinds of posts are tied to a security product and they spend some of the time pimping the product that they're selling.  So for example, if I pointed them at a post on an AV site it'd recommend that they run whatever AV software they sell.  That's not always an option available to my coworker because might be using a different AV provider. 
  • Along those same lines, I don't want to confuse my coworkers by making them need to distinguish between marketing content and actual tasks that they should complete.

Hence this guide.

If I've missed anything, I'd love to hear it.

What To Do When IT Looks Like You've Been Hacked

​When your email or social media accounts start behaving oddly, chances are you've been hacked. It's better to err on the side of caution so take the immediate steps... immediately.

Here's what you need to do ASAP when you think you've been hacked:

​Immediate Steps

​The following are steps that should be taken as soon as you're aware that your account may have been breached.

​Reach out to IT

​Whether it's your personal accounts/computer or your business account, send an email to <whatever the IT email address is> or reach out to Rob Tacey on Teams.  I will help you. Specifically I need to know if it's your business account because there are some steps that'll need to be done on the back end to secure our network.

Change the Password

​It's important to change the password so that the attacker cannot continue to use the account.  I recommend generating a strong password using Dinopass.com​.  Passwords generated with this site are extremely difficult to guess and will not be a variant of a password you've used in the past.

Check Email Forwarding and Email Rules

​A common tactic that attackers use is to set an auto forward rule on your account and/or other rules to help hide their activity and obtain access to other accounts you have.  At Global Vehicle Systems we do not allow global forwarding rules to email addresses outside of our domain but that is probably not the case on your personal accounts.

​​​​​​The attacker does this so that a) you won't see what they're doing and b) they can get access to your password recovery emails even if they lose access to your email account.  They'll then use this information to breach other accounts.

​Change Passwords on Finanical Accounts

If any of your financial accounts were tied to the affected email, immediately change the passwords.  I include PC ​Optimum, Air Miles, Banks, investing accounts, CRA.  Anything that deals with money.

​​​​Run Anti Virus on your devices

​Since it's hard to necessarily pin down how the attacker was able to get your credentials, eliminate one possibility by running a full scan on your devices.

Next Steps

​​Change the password on other accounts

​Many people use the same password for multiple accounts.  If you've used the same password, or a variant on another account those should be changed at your earliest convenience.  In this context, a varient is something like, robtacey1 and robtacey11.  Any password that is pretty close should be changed.

Report the Breach to the Service Provider

​If this has happened to one of your personal accounts, please take the time to report the breach to your provider. They can use this information to further protect accounts in the future.  This is not necessary if it is your business account as your IT team will take care of the necessary notifications.

Contact Financial Institutions & Credit Bureaus

​Without knowing the ultimate goal of the attacker, assume the worst.  Let your financial institutions and credit bureaus know that your email was breached and to be on the look out for possible fraud attempts.

​​Monitor

​Over the next several weeks you'll want to monitor all of your accounts for suspicious activity. If you detect anything amiss you'll need to start this list over. ​

Secure your online accounts

​This is a good time to review how you secure your online identity.  There'll be another article on this as the topic is pretty dense.

This article was updated on February 23, 2021

Rob Tacey

Rob is the IT Systems Manager for a manufacturing automation company in Southwestern Ontario. It's great. He's a technologist focusing on information technology, IT security, and customer satisfaction. With over 20 years of experience in various IT roles, it might actually be worth reading some of his stuff.

You should also read:

Comments