What to do If You’re Hacked?

[Sonny Bonds]

So a friend of a friend got hacked. Probably through phishing.

They changed the recovery email for the account and sent an email with her old password with demands to be paid in Bitcoin.

I told her to call customer service to see if they can recover the accounts. I’m not even sure which accounts the hacker got access to.

What else should she do?

 

[chargers31]

Ignore the bitcoin request and call support for that system/website

scan the computer for any possible malware.

Activate two factor authentication when issue is resolved.

If the account is money/bank related I’d Check the accounts for purchases.

 

[Sonny Bonds]

Ignore the bitcoin request and call support for that system/website

scan the computer for any possible malware.

Activate two factor authentication when issue is resolved.

If the account is money/bank related I’d Check the accounts for purchases.

This is what I thought too. But I don’t have ever much info. It seems like it’s multiple accounts, some of which are financial.

 

[Ayo]

She probably wasn't hacked directly. They probably just mined her email and password from one of the zillion database hacks that have happened over the last decade.

Have her check here
https://haveibeenpwned.com

if you don't want to read my long rant skip to the last paragraph.

It's literally just a numbers game with them. They write a script that crawls all of the email addresses, username and passwords from those databases then use them to brute force every popular email service, website, banking service, etc until they get in.

They get access to your email with a compromised password and with a few searches they can figure out every service your friend is signed up for. Search "Bank" in her email and all her bank statements or notifications come up. Same thing for Credit card, tax, utility bills. Every bit of information gives them access to more information. You can damn near sign up for anything with a utility bill with your address on it for proof. And since most people use the same password across multiple websites/services they now have access to a lot of the services/sites in your email. And those that don't work they can perform password resets since they have access to your email. The pros will take all of this information to the next level and use social engineering and calls to these companies to really fukk you.

This is why everyone should turn on code/key based 2 factor authentication (hardware is preferable but software is better than nothing). If they have access to your email, they might have access to your mobile phone service, which makes 2fa text message not all that secure.

Call all 3 credit bureaus and freeze all of her reports. This will prevent anyone from opening things in her name. Call all financial institutions and let them know what's going on and freeze/cancel all credit and debit cards. The rest is not guaranteed that she'll get them back. It's practically impossible for anyone to get Google on the phone or via support, even if you're a Google Workplace paying customer. The social media companies don't really help with stolen accounts. But if/as she gets back accounts have her turn on 2fa and change her passwords EVERYWHERE.