What to do When a Hacker Comes After Your Accounts

Hacking and identity theft are as prevalent as ever. At some point, don’t be surprised if one or more bad guys come looking for your sensitive information to criminally exploit.

New scams pop up constantly. You know this if you’ve ever gotten one of those “potential data breaches” emails or letters which I suspect most people have by now. Nobody is 100% safe in a digital environment, but there are several things you can do to make it harder for hackers in advance of an attempted breach and actions you can take after an attempted hack.

What to do Before an Attempted Hack Occurs

If you haven’t done so already, the easiest and smartest thing to do is turn on two-factor authentication for your financial accounts. Hackers may try to get around this by going after password manager systems instead.

That means that you could be contacted by text or email that you’ve been targeted by a hacker trying to steal your information. However, don’t automatically assume security protocols have kicked in due to an attempted breach. Some people are contacted repeatedly by hackers who appear to be administrators. Before you give up sensitive password change information, it’s best to reach out to the institution supposedly requesting the change to verify they have actually done so.

After you verify, start the process of changing your potentially impacted passwords. While it’s unsettling that a hacker obtained at least one of your passwords, be thankful that virtually every financial institution now has red flags and warning systems to alert you to suspicious activity.

You should also know that there are multiple types of two-factor authentication. Biometric data is one of the more secure ways to protect your accounts. Two-factor authentication via text is secure, but it is susceptible to hacking. Criminal activity is why the industry is slowly moving away from passwords. Hackers long ago learned how to defeat almost any password system.

If you have the option, switching your two-factor authentication from SMS (text message) to an authenticator app is not a bad idea.

If you suspect a hack is taking place, another way to lock out criminals is to freeze your credit. Freezing your credit at the three major credit bureaus makes it difficult for anyone to open accounts in your name with your Social Security number. You can easily unfreeze your credit if you want to open a new account or other similar reasons.

You’ll need to go through Experian, Equifax, and TransUnion separately to freeze your records.

What to do After a Hack

Here’s the #1 rule you must follow after being hacked.

Act fast!

Do not let data breaches or hacks of any kind go into your “I’ll get to it eventually” stack of things to do. Treat the breach urgently to minimize damage to your accounts and online identity. Don’t be surprised if you start getting notifications after a breach from your banks, credit card providers, Google, online merchant accounts, and other places where your identity lives.

Not every hack is large or steals information from millions of accounts. Some hacks also take a while to uncover, meaning that your data may be compromised over a long period. Many hacks are small such as your credit card information being compromised by a crooked online merchant, a credit card skimmer at a local gas station, or just about anyone you hand your card to while shopping and dining.

You may not notice anything unusual until you get your next statement. Always read those bills and figure out what every line means, even the smallest of the charges that appear. Card thieves sometimes put through a few small purchases just to make sure the card is “live” before making a big purchase.

An identity thief can also use your personal information to open credit accounts without your knowledge. This could lead to months of charges until somebody spots the problem and notifies you. One way to limit the duration is to use AnnualCreditReport.com to request a free report from Equifax, Experian, and TransUnion once per year, spreading the requests out at four-month intervals.

Keep in mind that credit monitoring agencies are not immune from hackers either. A recent breach of Equifax went on for months and exposed sensitive data of millions of accounts. Equifax ended up paying $650 million in damages after the discovery.

Another way to monitor your credit is to use Credit Karma. This free service automatically pulls your credit from TransUnion and Equifax weekly to keep an eye on your credit. These are “soft” inquiries, not the “hard” inquiries that companies make when you apply for more credit. Soft inquiries have no impact on your credit score. Hard inquiries can degrade your score if there are too many in a short period.

There are several other credit monitoring services you should consider: 

• Avast BreachGuard and IDX Privacy  regularly monitor the Dark Web to ensure your personal data hasn’t come up for sale. 
• Norton 360 Deluxe includes a similar scan, powered partly by the company’s LifeLock identity theft technology.
• Some monitoring services such as Keeper and LastPass also include password manager tools which make it easier to change potentially hacked passwords to a strong, unique password you don’t use for any other site.

Hacked credit cards used by someone else are easier to recover from because you’re not responsible for the fraudulent charges, and once the bank has issued a new card, the problem is solved.

Regaining control of a hacked email account is tougher. You must contact the email provider and prove that you’re the true account holder. This is problematic if the hacker changes your password and you can’t use your regular email to contact the provider. To minimize this, have more than one email address and make each the alternate contact address for the other.

Also, if you used the password from your hacked email account at any other sites, those accounts are compromised too. A hacker who gets hold of your login credentials for one site may try the same username and password pair on many other popular sites.

Resetting your passwords can be a challenge too. When you forget a website password, the first thing you do is hit that “Forgot Password?” link to get a password reset link sent to your email address. A smart hacker who has control of the email account will quickly seek your other accounts, social media, perhaps, or worse, shopping and banking accounts. After a simple password reset, the hacker owns those accounts, exponentially compounding your problems.

When you recover from an email hack, visit every site associated with that email address and change your password.

When you’re out and about, shop at merchants accepting chipped credit cards, which secure in-person transactions. However, they can’t help with online transactions where the chip does not come into play.

Mobile-based payment systems like Apple Pay and Google Pay are more secure than physical credit cards. Each transaction uses a unique number, so hackers gain nothing by stealing existing transaction data. You can use the mobile payment system for online purchases as well. Be sure to protect your mobile device with a fingerprint or a strong passcode, and always keep it with you.

After you’ve done all you can to shut down the breach, you’ll still need to monitor your accounts closely for at least a couple of weeks and maybe longer to make sure all your breach bases are covered.

Another smart action you can take is to visit IdentityTheft.gov to report the theft and get help developing a recovery plan. The information you provide can help authorities monitor the latest trends and develop proactive deterrents to minimize impacts on other potential victims.