Secure a Compromised Account
Despite your best efforts, there may come a day when one of your online accounts is compromised. For example, you might be tricked by a phishing message into giving your password to a nefarious third party who will then log into your account from their own computer.
If it’s your email or a social media account that’s compromised, you might hear from one of your friends telling you they received a suspicious message purporting to be from you. If it’s an online shop, the first you might know is when you receive a receipt for an item you didn’t buy, or spot an unfamiliar transaction on your bank statement.
You might also be alerted directly by the company in question. Larger companies in particular are getting good at spotting unusual behaviour in online accounts, and flagging it as potentially fraudulent. For example, if your account is accessed from a different country, that might trigger an alert.
Consider that an attacker using your account must have learned your password for that account. The first and most obvious remedy, therefore, is to change the password. Log into the website or app and look for a section like ‘my account’ or ‘settings’.
Typically, you’ll be asked to supply your existing password in order to create a new one. In the event that the attacker has changed your password, you’ll need to use the ‘forgotten password’ facility instead.
With your password changed, the attacker can no longer log into your account. However, they might have changed your security details — for example, substituting your phone number with theirs. This means that although they no longer have a valid password, they can use the ‘forgotten password’ facility because a security code can be sent to their phone.
So the next step is to check the security details on your account. You should recognise all phone numbers and email addresses. If the account holds more details about you, like your date of birth, you should check too that those have not been tampered with.
If an attacker breaks into your email account, they might make several additional and more sinister changes. One is to switch on mail forwarding, meaning that any messages people send you from now on will be rerouted to the attacker. Another is to selectively block senders so you no longer receive messages from those people or companies. Yet another is to enable an autoresponder so that anyone emailing you immediately receives a pre-written reply from the attacker. You should check all these things when dealing with a compromised email account.
Note that you cannot use an email app like Outlook, Thunderbird, or the Mail app on your tablet or phone to change your email password or check your security details and forwarding settings. Instead, use a browser like Chrome, Edge, Firefox or Safari to visit the website of the company that operates your email.
Prevention is better than cure
The single best thing you can do to reduce the likelihood of your account getting compromised again is to enable two-factor authentication (see Use Two-Factor Authentication).
This is particularly important on your email account. If your email provider does not support two-factor authentication, consider switching to one that does.