Online accounts are vulnerable to hacking. It's a baked-in risk when you have a service that is accessible via the internet. If you experience an account hack, it can be shocking, confusing, and infuriating. You may not know what to do and may react without thinking first. This is a dangerous space to be in because it can cause you to do things that only make things worse. In this article, we'll give you the steps to take when you suspect someone has hacked one of your online accounts. Let's first cover how hackers typically operate when deploying an account takeover.
How Do Accounts Get Hacked In The First Place?
Phishing is the primary method that hackers take advantage of in these types of breaches. One common phishing ploy is an email stating, "There has been suspicious activity on your account," including a link to log in to a spoofed site that looks like the brand's regular login page. This is a classic trick to steal your login credentials. Thankfully, many people are now wise to these kinds of scams; unfortunately, that also means people tend to get numb to these emails because they get so many of them. Hackers take advantage of this, hoping you'll ignore the real ones that warn you of actual suspicious logins. These days, it is not uncommon for hackers to lay low and wait for you to receive a few more of these emails, and if everything goes to plan, you'll completely ignore them. Then they attempt a takeover. Accounts hacks can go in various ways. Here is an example walkthrough of a hack of a Netflix account:
- The account owner gets an email about a suspicious login. Often it will be from a different country.
- They may log into their Netflix account to see if there are any unknown devices logged in. Usually, none will show yet. The hacker logs back out. The goal is to get you to check and see that nothing is wrong and assume the real notice is phishing.
- This same scenario may happen 2-4 more times in the span of a month.
- Once the hacker feels the user is ignoring the Netflix warnings, they'll make their move.
- They add their credit card to your account. This is so they can call Netflix and give them a method of verification.
- They may increase your subscription plan to a higher level.
- They also usually replace any user profile names on your account with numbers (1, 2, 3, etc.)
- At this point, the account owner will typically receive an email. It will note a change in account information. This could be the account email, password, phone number, etc.
- The hacker is now trying to lock the account owner out of their account.
What Do You Do If Someone Has Hacked Your Account?
1. Try to log in.
If you suspect a hacked account, visit the account's primary site directly from your browser. Do not go through a link you received via email, DM, or SMS. See if you can log in using your password. You may be able to if you caught the hacker before they've locked you out. If not, then skip to Step 4 below, calling support.
2. If you can log in, change your password immediately.
Ensure it's a strong password that is at least 10-12 characters in length and includes a combination of letters (upper and lowercase), numbers, and symbols. Do not use a variation of the breached password to create the new one.
3. If you can log in, remove any strange payment methods
Go to the payment methods area and double-check what is saved there. Often hackers will add another payment card to your account that they can use to verify the account to support when making changes to lock you out. Remove any strange payment method that is not yours. But if you remove your own payment method, you will need another way to verify your account, so you may want to call before you do that.
4. Call the services support department. (Don't skip this step)
Contact support whether you have or have not succeeded in logging in. There may be things the hacker has done that you aren't aware of, such as changing the subscription information. Let the support representative know you think you're the victim of an account hack. They'll walk you through the process of undoing what the hacker has done.
5. Watch your bank statements.
Continue to watch your bank statements for any unusual charges. You should do this after any account hack.
6. Change the password for other accounts that used the same one as your hacked account.
People often use the same or nearly the same password for several accounts. Make sure to change the password for any accounts that used the one that was just hacked.