Everyone is vulnerable to the threat of cybercriminals or hackers getting access to your information, but the threats aren’t equal for everyone.
The average person will likely face fewer sophisticated threats than, say, a senior politician, activist, or CEO. High-profile figures may be targeted with phishing emails that are looking to steal secrets from corporate networks or initiate the transfer of large sums of money. You, your friends, and your family will likely face different threats: from people you know seeking revenge or, more likely, crime groups using automated tools to scoop up credentials en masse.
Understanding the threats is key. Everyone has their own threat model that includes things that matter most to them—what’s important to you may not be equally important to someone else. But there’s a value to everything you do online, from Facebook and Netflix to online banking and shopping. If one of your accounts is compromised, stolen login information or financial details can be used across the web.
While Facebook, Twitter, Instagram, and other social networks are less likely to contain your credit card details, there are other types of risk. Hacked social media accounts can be used to post compromising messages that could embarrass or defame somebody, be used for harassment, or to build up a picture of who you are and everyone you know.
The clearest sign that you’ve been hacked is when something has changed. You might not be able to access your Google account using your regular username and password, or there may have been a suspicious purchase charged to one of your bank accounts. These are fairly obvious indications that you’ve been compromised in some way—and hopefully banks will detect any suspicious payments before things spiral too far.
However, before any of your accounts are compromised, there may be warning signs. The account that someone is trying to break into may warn you about unusual attempts to log in. For instance, Facebook and Google will send notifications and emails alerting you to attempts to access your account. This will usually be if someone has tried to get in and failed, but alerts can also be sent when someone has successfully signed in from an unfamiliar location.
Once you know your account has been hacked, that’s when the hard work begins. Regaining control of an account may not be straightforward—depending on who has access to it—and there’s a good chance it will involve a lot of admin: anything from telling everyone you know that your email has been compromised to dealing with law enforcement.
Account recovery through the company where you’ve been hacked is the first step in taking back control. You should make sure that all apps and software you use (on phone and desktop) are up-to-date. What other action you take is specific to what was compromised. For instance, if you can get back into a hacked email account, it is worth checking the settings to make sure they’ve not been manipulated. A setting to automatically forward all your emails to another account may have been turned on, for example.
The best way to reduce your chances of being hacked is to limit your personal attack surface. The better your online hygiene is to begin with, the less chance you have of being compromised. (Although some attacks will always happen; particularly those from sophisticated actors who are going after specific targets).