What to do if you’ve been hacked

There are a number of signs that your email account, social media account or bank account might have been hacked. They include being unable to log into your accounts, changes to your security settings, messages sent from your account that you don’t recognise, attempted log-ins from unusual locations, and unauthorised payments from your online accounts.

Being hacked is very stressful but there are a number of steps you can take to minimise the damage and regain access to your accounts. The exact steps will vary depending on the devices, operating systems and software you use.

1. Contact your account provider

For each account that’s been hacked, go to the website of the account provider and look for the help or support pages. These will explain the account recovery process for that account.

2. Check your email account

A common tactic used by cyber criminals is to set up a ‘forwarding rule’. This means they will automatically be sent a copy of all emails sent to your account, which would allow them to reset your passwords. You can check and switch off any unwanted forwarding rules in your email account settings.

3. Change your passwords

Once you’ve confirmed there aren’t any unwanted forwarding rules, you need to change the password for every account that’s been hacked.

If you use the same password for any other accounts or sites, you will need to change all of them, as cyber criminals will try the same ‘hacked’ password across multiple accounts.

If your passwords are made up of words and numbers that might be easy to guess, consider these top tips for improving password security.

4. Log out of your accounts on all apps and devices

Once you’ve changed your passwords, you need to make sure you log out of your accounts on all your apps and devices. Doing this means that you and anyone else attempting to use your account will be prompted to supply the new password, but now only you will have it.

To log out of most apps and devices, look for the Settings menu, Account or Privacy pages on the website or device.

5. Set up 2-step verification (2SV)

Many online accounts and services allow you to set up 2-step verification (2SV) which means that even if a criminal knows your password, they won’t be able to access your accounts. 2SV (also known as two-factor authentication or 2FA) usually works by sending you a PIN or code, which you’ll then have to enter to prove that it’s really you. It’s worth setting up 2SV on important accounts like email and banking, even if these are already protected using a strong password. It only takes a few minutes, and you’re much safer online as a result.

6. Update your devices

You should apply updates to your apps and device’s software as soon as they’re available. Applying these updates is one of the most important (and quickest) things you can do to prevent your account from being hacked. You should also turn on ‘automatic updates’ in your device’s settings, if available, so you don’t have to remember to apply updates.

7. Tell your contacts

Get in touch with your account contacts, friends or followers. Let them know you were hacked, and suggest they treat any recent messages sent from your account with suspicion. This will help them to avoid being hacked themselves.

8. Keep an eye on your bank statements

Even if only one of your accounts is hacked, for example your email account, be aware that this can lead to compromises elsewhere. Check your bank statements for unusual transactions and keep a look out for unauthorised purchases in online shopping accounts. If you think any other accounts have been breached, follow the steps above for each affected account. If you discover any fraudulent payments have been made, find out what to do if you’ve lost money.

Protect yourself from further fraud

If you’ve followed the steps above you should now be able to carry on using your accounts as normal. You should also take steps to protect yourself and others from fraud in future.

How else can we help?

What to do if you’ve lost money

Find out if you’ll be able to recover any money you’ve lost to fraud.

Support after fraud

Find out how to get support to deal with the practical and emotional impact of fraud.