How can you tell if you've been hacked? Here's how to determine that and how to fix it.
Cybercrooks are busier than ever these days, sending us fake text messages “from ourselves,” impersonating the IRS and exploiting our humanity with fake Ukrainian war-relief charities. Cybersecurity firms around the world report an increase in fraud attempts, cyberattacks, identity theft and all kinds of flat-out dreadful hackery.
These days everyone – and every internet-connected device – is a target. This time last year, I wrote about my mom losing $2,000 to a fake tech support hack. Heck, even my own passwords have been exposed – more than once – in major security breaches.
The faster you find out about these issues, the quicker you can fix them. A few simple tech tools can tell you if you’ve been hacked and help you fix it.
TALKING TECH NEWSLETTER: Sign up for our guide to the week's biggest tech news
Find out if you’ve been hacked
If your devices start acting ‘funny,’ that could be the first tell-tale sign that you’ve been hacked. This includes:
- Your device gets sluggish or glitchy .
- You get barraged with fake warnings and other browser pop-ups .
- You get redirected to websites without initiating it.
- You get a message that your files have suddenly been encrypted.
- X-rated pop-ups start showing up while browsing.
- Your friends get social media invitations or messages from you that you didn't send.
- Your online password doesn’t work.
- Your smartphone battery drains much faster than normal or you start burning through data.
What’s not often a sign that you’ve been hacked though, is a message that you have been. A whole lot of cybercrooks call, text, email and target you with popups saying your computer or phone’s been hacked. Then, if you call them or click on a link they provide, they try to make you pay them, often through Zelle, Venmo or gift cards for a “fix.” If you get an unsolicited warning that you’ve been hacked, don’t fall for it.
HEADS UP: Beware of 10 Russia-Ukraine scams via email, phone and social media
Even if you haven’t noticed anything off, one of the easiest ways to keep track of potentially compromised accounts is to let your browser do it for you.
Google Chrome added an automatic checker for compromised passwords not long ago. Find it on Google’s Password Manager page or follow these steps:
On a PC, go to the three dots at the upper right-hand side and click Settings > Privacy and Security > Check Now.
This will show you if you have any weak or compromised passwords and tell you whether your browser’s up to date and walk you through a fix if you need it. The latter is important because just last week, Google released an update based on a targeted hack.
GETTING SPAM FROM YOUR OWN PHONE NUMBER? Don't click on that link
Firefox has a similar feature called Firefox Monitor and you don’t even have to be a Firefox user to benefit from it. It works a little bit differently than Google’s version in that it compares your email address against known data breaches to see if your accounts may be involved, rather than comparing your password. If you sign up for alerts, Mozilla will send you an email if it detects your email address in future data breaches.
RUSSIAN CYBERATTACKS: 8 ways you can protect yourself right now
Have I been pwned?
You’ve probably heard of Have I Been Pwned and with good reason; It’s one of the most trusted ways to find out if you’ve, well, been hacked. All you do is drop your email address or phone number into the search tool and boom! You’ll get a list of every confirmed data breach that includes your personal info. Sign up with the “Notify Me” option and get alerts when your data shows up in a new data dump.
DeHashed is like Have I Been Pwned on steroids. It searches for your email address, but it also looks up IP addresses, names, physical addresses, phone numbers and even car VIN numbers. Cross-referencing all that data with known data leaks reveals if you or your data found its way into a breach and then leaked out onto the web. The one drawback to DeHashed and its uber-powerful search tool, is that you’ll have to fork over at least $5.49 a month for an account.
The biggest weakness of either of these tools is that you don’t know what specific passwords were compromised, since you only get a rough date estimate of when the data was leaked. Your personal data might be at risk… or it might not be, but you should always go ahead and update your logins to new passwords anyway, just to be safe.
Yes, updating every password is both time-consuming and crazy making. If you haven’t enlisted the help of the password manager by now, it’s time to do it. There are several good options and once you get it set up, it’s one less tech-related to-do to check off your list, hopefully for good.
Stepping up security
For high-level hack detection, paid services are the next step up. Bitdefender works with businesses and large companies but also with individuals to lock down your digital identity. For roughly $75 for the first year, Bitdefender beefs up your security on up to 10 different devices. It works in the background of your smartphone, desktop or laptop, hunting for threats. An online hub keeps you up to date and shows you where your data has found its way online, whether it was part of a data breach or a hacker seeding your private info to the public.
Bitdefender is a more proactive defense than a clean-up service after the fact, but it’ll still let you know if your personal information ends up somewhere it doesn’t belong.
PROTECT YOUR SMALL BUSINESS FROM HACKERS: What your business should do right now.
When it comes to your personal blog, website or business, it might be time to step it up even more. For that, run a scan with a tool called Sucuri. Sucuri actively checks websites for outdated security protocols, malware injections, spam links and countless other site issues that you might not even know existed. There is a paid monitoring service here, too, but a quick website scan is free and it can give you some peace of mind while you decide whether you need some additional protection.