I’ve been hacked: how do I get my account back?
When an account is hacked, its owner’s sensitive data can get into the wrong hands quite quickly.
The cybercriminals can then access online payment services such as PayPal, make purchases on your behalf, leak corporate secrets or carry out practices framed as click fraud.
In these cases the consequences can be really serious, but before panicking, it is best to stay calm and follow the steps of the “crisis plan” below. In many cases it is possible to recover the account before greater evils.
In principle, the most important measure if you want to protect an email account from hackers and misuse by unknown hands is, as always, prevention. This is why it is advisable to first find out how an account is hacked and how to protect yourself from it.
There are various methods by which cybercriminals of all kinds gain access to email addresses and passwords. Among these, attacks on the servers of large websites to steal users’ credentials, phishing tactics and malware are particularly widespread.
Data theft by attacking the server
Attacks by cybercriminals on large companies, in which millions of authentication credentials and personal data are obtained, make the front pages of newspapers.
Since many Internet users use the same password for different sites, cybercriminals only need to attack one web page to gain access to countless email and user accounts. How can you avoid this? By using a different secure password for each account.
The safest passwords are those composed of a combination, if it can be random, of letters, numbers and special characters. And, as it is most common to realize the attack when it is already too late, it is important to act quickly and change the passwords immediately.
Phishing with fake emails
The second way is to send phishing mail. This is a criminal practice by which large quantities of falsified emails are sent by so-called spambots with the aim of having the innocent recipient enter his or her registration credentials on a falsified website, for example.
These are often e-mails which, pretending to come from a known website, have to request the password for security reasons. The recipient of such an email is led to a fake website, often visually very similar to the original, but where the keys entered are not subjected to any security checks, but are sent directly to the criminal group behind this action.
It is worth knowing that serious websites, email providers, online payment services and digital stores never ask for passwords by email.
Therefore, be careful with your personal data, and if you have doubts about the authenticity of an email, consult the customer service of the page in question.
The third option that criminals on the Web have to access sensitive data is attacks via malware.
Typically, these malware programs reach the victim’s computer through a manipulated email to which an infected file is attached.
If this file is opened, the malware installs itself on the computer, as does the spyware or its derivative, the keylogger, running silently in the background and spying on sensitive data and passwords.
So-called keyloggers, for example, record the keys used to enter information on the infected computer and send the data to the cybercriminals, including of course the passwords.
The most effective protection against spyware is to have your firewall activated and to have an up-to-date antivirus installed on your computer, but you, too, as a user, must be careful: always remain healthily sceptical and check the authenticity of the emails you receive before opening the attachments.
My account has been hacked: now what?
If you suspect that an account has been hacked, the first thing to do is to prove it with certainty. In our guide, we discuss how to determine whether an email account has been the victim of a cracker, including a free evaluation tool that checks the address to be examined against a database of validated attacks. This allows us to find out if it has ended up on a dubious network or if it has been misused.