Do you Believe you Have Been Hacked?

Or better: what makes you think you have been hacked? When users call computer support, they often are confused on what really happened and they forget to take a screenshot of the incident. To make things even worse, users only report the end of the hacking process: the theft of money taken out of their bank account.

In these circumstances, it’s paramount to stay calm and try to remember what really happened with your devices. Questions I can ask to figure out what the issue is can be some of the following:

  • Did you click on an infected attachment sent to you via email?
  • Did you visit a website that has a lot of popups?
  • Do you have a good antivirus protection enabled?
  • Do you use Aol as Email provider and check your email on aol.com instead of using Outlook?
  • Did you click on a bogus text message that asked you to reset a password?
  • Did you download an app to your device that is not coming from the Google Play Store or the Apple Store?
  • Did you answer a phone call from a person who claims to be your bank and told you that you have to wire money to another place?

If some of those event happened, it is time to take action and to secure your devices.

If you have a PC or a laptop running Windows, do the following:

  • Run a scan on your computer with your installed antivirus
  • Install Malware Bytes Browser Guard and protect your browser by changing the DNS settings
  • Get educated about scams and security: this recent post from Brian Krebs shows how fake text messages are inundating mobile devices and what you should watch for
  • Remove programs you don’t use and reboot your pc
  • Run Windows Update
  • Do not use computers running unsupported operating systems, such as Windows 7 and Windows 8: backup your files and get a new computer with Windows 10 or, even better, with Windows 11.
  • If you do online banking on your pc, enable multi -factor authentication on all your accounts: from newspapers, to credit cards, banks, financial sites: everything that has an account under your name should have multi-factor authentication enabled.
  • Change the DNS on your router and use secure DNS such as Open Dns
  • Use a VPN: the benefit of a VPN is that it allows to send your traffic to secure servers.
  • If you have kids, don’t let them use your own computer but let them use ipads or secured Mac computers.

If you have an Iphone or an Android phone, you can do the following:

  • Remove the apps that you don’t use.
  • Keep your phone OS up to date.
  • Be suspicious about the text messages you receive: a genuine text message does not have links to reset or go anywhere on the Internet. It’s just simple text that informs you about something that has just happened or will happen.
  • Use a VPN on your phone: companies such as Malware Bytes and Norton sell security bundles that protect your computers and your mobile devices as well.
  • Backup your data frequently to Icloud and to Google.
  • Use authenticator apps to access accounts online.
  • If you work for a company and you use your device as a BYOD, ask the IT department of your company to manage your devices using Mobile Device Management policies such as those implemented by Microsoft Azure.

In a safe environment, the phone is never disjointed from the computer: if you have multifactor authentication enabled, your phone sits next to you and will send a text every time you access your machine or an online account so you know that it’s you accessing those resources and not an unauthorized entity.