To help us provide you with free impartial advice, we may earn a commission if you buy through links on our site. Learn more

How to recover an online account and prevent further damage

We've teamed up with BullGuard to find out what you can do if the worst happens and your online accounts are compromised

With news of data breaches and cyber attacks ever more common, you should be concerned about online security. With massive attacks hitting websites, banks, dating websites and celebrity email addresses, it’s more important than ever to be proactive when it comes to securing your sensitive data. However, what should you do if you are targeted by hackers and the worst case scenario happens – you lose access to one of your online accounts? By the time you realise a hack has occurred, it’s probably too late to stop it. But don’t panic – if you act quickly and follow these steps there’s a good chance of not only minimising the damage caused but also staying better protected from the similar attacks in the future. 

Get that account back

If you find that you are suddenly locked out of your account the first thing you need to do is report the incident and start the process of getting your access reinstated. With so much information online now – be it social media, email or banking accounts – each service will have its own established reporting procedure forms for hacking cases. Time is of the essence here and the quicker you start this process the better chance you have of limiting the damage done. If you’ve kept your contact details up to date, such as your phone number, it may be quick to recover your account; in other cases, you may need to prove your identity.

Change all your passwords

Once the hack is reported and the tech-savvy people online are working on a fix to your problem, it’s time to start the healing process by changing all your passwords on all of your accounts that haven’t been hacked. This is especially important if you are using the same password on different accounts.

Don’t simply add an extra number or letter to your old password either. If the hackers don’t simply guess what you have done, ‘brute force’ password attacks will destroy your effort in no time at all. Instead, each password should be unique, long and difficult to guess. It should use a mixture of upper and lower case text alongside numbers and symbols and preferably more than 11 characters long. For each account that you alter, check for any signs of tampering or fraudulent activity as you go. Even better, if the service gives you the option of bulking up security with the use of two-step verification, make sure to take it. This will allow you to add a second layer of security onto the account by joining it up with a mobile, text or email code. This is becoming an increasingly effective way of curbing unwanted malicious logins.

Determine your security weaknesses

Once your related accounts are safe from attack with a fresh new passphrase it’s time to determine how you were successfully breached. Was it a spear phishing attack via email that took hold after you clicked a dodgy link? Was it a macro-based attack sent via a malicious document or attachment? Did you leave your account open in public? Or maybe you were a victim of nation-state espionage (yes, it does happen!). It’s important to retrace your steps so you can effectively stop future attacks. If you were caught completely unaware and have no idea how the hack occurred, the best bet is to make sure all software is updated to its latest available version to make sure you are not being exploited by a known security vulnerability. In recent months the number of flaws discovered in Adobe Flash, for instance, have multiplied, making it particularly vulnerable to attack. Of course, you should have proper internet security software installed, such as BullGuard Internet Security. This will protect you against spear phishing attacks and malicious code hiding in attachments or on websites by flagging up suspect links and stopping malicious code from infiltrating your system.

Check your mobile security

So much data is being sent through mobile applications these days that hackers are increasingly focusing on mobile-based malware as a method of compromising accounts. Be it Apple or Android, cybercriminals have developed ways of targeting the vast amount of sensitive information that resides in your pocket. To stay protected, only download applications from legitimate sources, stay away from third-party apps that could potentially be used for malicious purposes and ensure your operating system (OS) is kept updated. Also consider protection, such as BullGuard Mobile Security for Android. If you’re an Android user this will keep you safe from mobile malware, which is rapidly growing. 

Tell your friends about the problem

Often, the first time someone finds out they have been hacked is when they are told by a friend or family member that they have received a suspicious email, message or social media posting purportedly from you. Indeed, hackers will sometimes intentionally hack your account to either target your contacts or steal as many of your contacts’ details as possible before they are found out. It’s important to let people know you have been hacked or they may also be caught up in the cybercriminal’s schemes.

Scan your computer for bugs

There are so many cybercrime tools available to hackers these days including adware, spyware, ransomware and malware, that it’s more important than ever to have a good security foundation in place. Strong software programs like BullGuard Internet Security 2016 will not only protect against malware attacks and unwanted applications but will also allow you to conduct a deep scan of your computer system to make sure there are no nasty virus or infections lurking on your machine.

For the person affected, there’s no happy or ‘best’ way to be hacked. It really is the nightmare scenario – especially because of the sheer amount of personal and sensitive data now flowing online. However, if it happens, perhaps it’s faint reassurance to know that you’re not alone. From the email accounts of CIA directors to the iCloud backups of pop-stars, everyone is a target and everyone is vulnerable. It’s how you handle the fallout of the attack that will set you apart, and if you follow these steps you should be back online in no time – older, wiser, and with a lesson learned.

This is an independent guide from the Expert Reviews editorial team. This content was produced to the same impartial standards as the main content on our site but paid for by BullGuard.

Read more