Have you been hacked?

If your computer or other mobile device has been hacked or illegally accessed, how would you know? The sooner you realize you have been hacked, the better your chances are to minimize the damage.

Why should you care?

Cybercriminals hack computers and other devices for various reasons. A major concern, for you, is identity theft. Once your device is compromised, hackers can gain access to personally identifiable information (for example, password, email and physical address, social security numbers, and account information) to perform nefarious acts in your name that might jeopardize your employment, your finances, and even your school work.

How will you know?

A few tell-tale signs can reveal your device has been hacked. It is important not to ignore these signs and address the problem without hesitation:

  • Your default browser changes to a search engine you have never heard of.
  • Your browser takes you to one or more websites you don’t want to visit.
  • Your friends notify you they’ve received emails you never sent, possibly asking for money. This, however, isn’t necessarily evidence of a hack, per se. Email spoofing is incredibly easy to do with no access to the account you are spoofing.
  • Your password doesn’t work even though you know it’s correct.
  • There are charges on your credit card or withdrawals from your bank account that you did not authorize.
  • Your antivirus software alerts you that your system is infected. Be sure it is not the virus tricking you, posing as antivirus software. To be sure, open your antivirus software directly from the start menu instead of clicking any pop-up notifications.

How should you handle a hack?

If you think you have been hacked, act fast to minimize the damage to yourself and others.

If you are hacked on a work computer, report it immediately to your local IT staff or email security@help.ncsu.edu; do not try to fix it yourself.

If you are hacked on a personal computer, here are some steps you can take:

  • Use another machine to change all of your passwords: Hackers can capture your keystrokes, so you’ll be best protected by getting away from the hacked computer. Start with your most important accounts such as banking and email. Do not use any given password for more than one account. Once a hacker knows one of your passwords, the hacker will use it to attempt access to your other accounts.
  • Use a password manager: Use a password manager software app or application to manage all your passwords. Some browsers, like Chrome, have a convenient, built-in password manager; however, all browser password managers are vulnerable to malware. The best password managers are LastPass and 1Password. Both are free, but you can pay a premium for additional features.
  • Enable two-factor authentication (2FA): To protect your online accounts and especially to protect a password manager installed on your laptops, computers and smart devices, enable 2FA. Google 2-Step and Duo are both available and required for NC State employees. It is much more difficult for a hacker to access your data if you use 2FA. In addition to knowing your password, the hacker must also have the physical device you use as your second type of authentication, such as a USB security key; a code delivered via text, voice call or mobile app; a printed backup code; or a push notification on your smartphone. Do not share your second type of authentication, such as codes, with anyone.
  • Report fraud: If your bank has not contacted you already about suspected fraud, call and report it right away. Put a freeze on all your credit cards as well.
  • Update your antivirus: Follow the steps your antivirus software recommends.
  • Check for new accounts: Check your Inbox, Spam, Trash, and Sent email folders for evidence that your email was used to set up new accounts — such as emails with subject lines that say, “Your account was successfully created,” or “Please verify your email.” If you do find such evidence, try logging in to those new accounts and use the reset password feature to gain access and delete the new accounts.
  • Reinstall operating system and back up files: Reinstall your operating system, wipe your hard drive clean, and retrieve your backup files. If you don’t feel comfortable doing this, enlist the assistance of an IT professional you know and trust. It is absolutely worth your time.

Remember, it’s better to play it safe!