Tomcat
Professional
- Messages
- 2,695
- Reaction score
- 1,072
- Points
- 113
I have conducted many security seminars for different organizations, and the most asked question to me is: "How to recover compromised accounts that are used at home?"
A client called me and said that the home computer of one of the employees had been compromised, and he did not know what to do in this situation. I wanted to help. Of course, there are many articles already written on the Internet that I could send by mail. However, there are very few materials that satisfy all the requirements. Either the articles are very detailed for the average user, or the point is missed. Therefore, this post was written.
Fraud, phishing, email hacking, bank emptying, online extortion can happen to anyone. Especially unpleasant emotions arise when you lose money. However, the key point is not to panic. And then take steps not only to restore accounts, but also to prevent similar situations in the future.
How bad is it?
First you need to assess the current situation. What actually triggered your suspicions of being compromised?
Did a friend receive a letter on your behalf? Has one of your social media accounts or your email been hacked?
These incidents are by far the most common and require immediate action.
A less common occurrence is computer compromise. Sometimes it is enough to visit a website to get malware on your computer. Is this your case?
... or is it your first time hearing about a declined payment because your bank account is empty or the payment went wrong?
How is it going?
Basically, compromising occurs after theft of accounts (credential stuffing). Do you use the same passwords on different accounts? Hackers break into websites, obtain a password and email address, and then immediately check if the same password is correct for your email.
Receiving spam cannot be classified as compromising. It can be annoying, but it won't have a significant impact. At the very beginning, it is optimal to look at all accounts with the time of the last login and understand whether you or someone else was authorized.
However, it is not always possible to track the time of the last entry. Some services notify by e-mail if authorization occurred from another place, and not from where you usually login. In general, check your email - provided that this account has not been compromised.
Although this method is unlikely to help, try using the excellent site https://haveibeenpwned.com and see if you have already become a victim of compromise. If the answer is yes, change the password on the compromised site and in other places where the same password is used.
In some cases, law enforcement agencies need to be involved. One of these incidents can be a push payment fraud, when you unknowingly and unknowingly send money to a stranger. Especially when it comes to large amounts.
In addition, if someone has stolen and actively uses your personal data, you should also contact the law enforcement agencies, since the consequences of such a crime can hang on you.
Putting things in order
The following eight steps will help you resolve any hacked and compromised account issues that you encounter.
1. Contact support
First, contact the support team of the service where the hack occurred. For example, in the case of Facebook, there is a corresponding page. Large network services do not always have a phone, but they always have tools to restore access to an account (for example, a feedback form).
2. Check your insurance
You might want to check your home insurance coverage as some insurance companies reimburse for cyber fraud.
3. Inform the bank / credit institution
If money is stolen from your bank account or credit card, immediately call the company for additional security measures and possibly a refund. Moreover, you should call in general to all financial institutions where you have accounts in case you are not 100% sure that you have not used the same accounts in different services.
4. Check passwords
The next step is to change the password in the compromised service and in other services that used the same account and password.
Passwords must be unique for each site in order not to fall victim to credential stuffing attacks. In addition, it will be useful to revise passwords in other important services: mail, social networks, online stores, Apple ID / GoogleID, telephone company, and so on. Even if there was no compromise.
5. Start using a password manager
Managing passwords from all services manually is very difficult or even impossible, since all passwords must be long and unique.
A password manager makes your life much easier and increases your security. We strongly recommend that you start using applications of this kind.
KeePass is free, LastPass has a free plan, 1Password and Dashlane have to be paid for to take advantage of all the features you need.
Each application has its own pros and cons, but it is better to use one of the above, so as not to engage in sabotage yourself.
It is possible that reimbursement of losses from cybercrime insurance will become the norm, but only if you take all the necessary measures to keep yourself safe.
6. Set up two-factor authentication
After changing passwords in the same services, where possible, set up two-factor authentication. At least in the postal service, AppleID / GoogleID and other places where personal or financial information is indicated.
The site https://twofactorauth.org/ has a huge database where it is indicated what are the options for secure authentication, as well as links to articles on configuration. Find the site that you need, and if available in the database, a link to the corresponding article will be issued. There are usually several types of authentication. Try to avoid SMS as this method is not very reliable. But, of course, SMS authentication is still better than a regular password.
7. Use antivirus and install updates
On your home computer, use the update service and make sure that the most recent version of the operating system is installed with all patches. Install and / or update your antivirus (including the one used on Mac). Use the products of trusted and well-known companies Kaspersky / Symantec / Sophos // McAfee / FSecure and so on.
You should also update any applications already installed, such as Adobe Reader or Java from Oracle. If you use a variety of programs, updating can be time-consuming, but updating is critical. In addition, there are utilities to make it easier to manage updates and patches.
For example, "Patch my PC Updater" is free for regular users, while "Ninite updater" costs $ 9.99 per year.
It is also worth checking your antivirus for a built-in update tool.
8. Set up credit monitoring services
This step is very important because attackers can steal your passport in the future. There are services that alert you when you ask for your credit history. Some of them allow you to view this information for free.
Preventing re-compromising
Besides the password manager and two-factor authentication discussed above, consider installing browser extensions.
Advertising is annoying, but more importantly, it is one of the channels for installing malware. You can prevent the problem in advance by installing ad blockers, which, moreover, are free. Therefore, there is no reason not to establish.
- Chrome https://chrome.google.com/webstore/detail/adblock/gighmmpiobklfepjocnamgkkbiglidom?hl=en-GB
- Edge on Windows 10 https://www.microsoft.com/en-gb/p/adblock/9nblggh4rfhk
- Firefox https://addons.mozilla.org/en-GB/firefox/addon/adblock-for-firefox/?src=search
- Safari https://apps.apple.com/us/app/adblock-for-safari/id1402042596
Make sure your phone has the latest updates using the built-in feature. Phones, as well as stationary computers, have vulnerabilities that can be fixed with patches. EVERY update fixes bugs. Even if it looks like adding "dark mode" or "adaptive lighting", there are many fixes under the hood.
New features are rare in newer versions of Android, and if you are using a phone or tablet with this operating system, install an antivirus from a reputable company. You may even have the option to install a free mobile version if you buy an antivirus on your desktop. Unfortunately, there is no antivirus available for iOS.
Another measure to improve the security of your phone is to install a strong passcode. Even if you are using biometrics to unlock, there will be a spare password, preferably 4 or 6 digits in size.
The advantages of biometrics allow you to set a stronger password because you will rarely enter that password. Use a long number for the pin, or better yet an alphanumeric word.
Future attacks
Finally, keep in mind that you are still on the list of potential targets, and with a high degree of probability, attacks can be repeated, for example, through spam or phone calls. Accordingly, you need to be on the lookout.
Try to be as knowledgeable about security issues as possible. You may receive spam in order to compromise your accounts, you may receive calls from scammers, or someone may try to hack your accounts on popular online services.
Trust but verify
Stick to a simple principle: "Trust but verify." For example, if someone calls you on the phone, introduces themselves as an employee of Microsoft or another well-known company and reports a virus on their computer, do not think like "well, I guess I was hacked, so they tell me the truth. "
Your answer should be something like, “Thank you for the information. I will consult with a specialist I know. "Then hang up and ask a friend or local company for help. When you receive phishing links, instead of clicking on the links, open your browser and go directly to the site. If the site is authentic, you will immediately know what to do ...
I want to wish you all the very best. Not understanding what was and was not hacked is one of the most difficult stages. Follow the tips above and you can solve your problems and move on.
Author: Tony Gee
