Earlier this week, one of my online accounts was compromised. I still have no idea how it happened, or if there’s anything I could have done to prevent it. While there probably was some way I could have kept the account more secure, the only surefire, no-fail way to keep Internet accounts safe is to not have any accounts at all. The only way to make absolutely sure your computer is never infected with malware is to never connect to the Internet. That being said, this article will talk about what to do when the worst happens: when someone has gained access to your account. When the account is first compromised; it is rarely obvious.
More often than not you might not even realize it immediately. You might start noticing some suspicious activity on the account, or a friend might tell you that the account has been in use while you weren’t on it. Slowly, the confusion from the odd situation involving your account becomes fear when you realize just what’s going on. Once you know the account has been taken over, the first thing to do is take just a moment to calm down. The next few minutes could potentially be very important, especially if you happen to catch the intrusion swiftly. Take the time to collect yourself... but don’t take too long.
Do not waste any time at all in taking action. This seems at odds with the first step, but there is a difference between spending time calming tense nerves that could cause mistakes and spending time doing something that can wait until later. The next hour could make a huge difference, and you should be focused on limiting damage to the compromised account.
The steps you take to recover your account depend on a few things. First, can you still logon to the account, even though it has been compromised? If so, you should change the password immediately. Make sure the new password is very strong, use random numbers and letters.
If you cannot log-in to the account, the password has most likely been changed already. In this situation, the next step is to recover your password. Go to the log-in screen and find the “Forgot Password” option. The website should send your password to the e-mail associated with the account (check your spam folder if you don’t see it in your inbox). The processes for each website differ, but as long as the e-mail used with account hasn’t also been compromised, this should let you log-in to the account, where you can change the password.
If you don’t get the e-mail from the website after using the Forgot Password option, then it is possible that they have changed the e-mail address to one of their e-mail accounts (most websites will send the old e-mail a message when this happens, so keep an eye on your inbox). In this case, there is nothing you can immediately do to get control of your account back. Contact the people in charge of the website, and notify them of the situation.
The website most likely has a set procedure for compromised account recovery, find it in their help section and follow it. Be prepared to give information on the account that only the original owner should know.
Once you’ve either regained control of the account or are waiting to hear back from the website, there are a few other steps to take.
You should quickly notify friends and family that you are not in control of the account. The compromised account may be used to scam people you know; they should be put on guard until you have the account back.
After you’ve done this, there are a few simple things you can do to tighten the security on your computer. Make sure your web browser has been fully updated, since an older version could have vulnerabilities that have since been fixed. Run whatever antivirus software you have, you may have picked up malware recently and not known it.
Keep in mind that while it’s possible that your account information was phished or obtained through malware, it is also possible that it was just guessed through a brute force method. Methods like that are why it is crucial to have strong passwords; the stronger the password, the weaker such an attack is in comparison.
But remember, there is no way to reduce the chances of being compromised to nothing, so if it does happen just keep a cool head and act effectively and efficiently.
This article is the tenth in a series devoted to Internet security, and learning how to keep you and your information safe. Any questions, requests for clarifications, or comments can be sent to firstname.lastname@example.org.