So, You Got Hacked. Now What?

Weak website security and poor personal cybersecurity hygiene have made getting hacked these days just as common as losing your wallet.  It has happened to me, it has happened to my family and it will most likely happen to you.

I knew I’d been hacked when I looked at my bank statement and realized there were $75 worth of charges for fast food restaurants in a city I didn’t currently reside in or had ever visited. At first, I completely panicked. My money was quickly depleting and I had no control over it.

Thankfully, the logic side of my brain kicked in and I was able to rectify the situation and dispute the charges with my bank, which completely refunded me the lost money.

So, in case you have just been hacked, or just wanted be prepared for if it ever happens to you, I asked some cybersecurity experts what you should do in case your personal information is stolen. Here’s what they had to say.

Understanding the Scope of the Breach

There are many different ways that you can be hacked. You can have very sensitive information stolen, or just a few passwords and users names tied to accounts you no longer use. The first step is finding out how much information a hacker may have.

“If an account you have has been compromised then you may be more impacted than you realize,” security researcher at Tripwire, Travis Smith said. “Re-using passwords is common, so if an attacker steals your password to a forum for gardening, they will use those same credentials against popular social media and banking sites as well in an attack known as password stuffing.”

If your banking accounts have been made vulnerable then try to track down the source of the breach. From there you can decide what passwords or information has been stolen.

Immediately Freeze Your Accounts

If you have noticed suspicious activity on your banking accounts, notify your bank as soon as possible and freeze your account. Have them disable your current card information and send you a new debit card in the mail. It may take a few days to receive the new card, but you’ll be glad you cut off the hacker before they use your account information for more purchases.

If it is one of your credit accounts that has been hacked, cybersecurity experts advise that you close the account immediately and freeze your credit altogether.

“Once your personal information has been stolen, you should immediately notify all your credit card providers,” Director of Marketing for NuData Security, Lisa Baergen said. “The best thing to do is shut down your credit cards and apply for new ones. Freeze your credit immediately with the top three credit bureaus – Equifax, Experian, and Transunion.”

Change Your Passwords

Once you freeze all your banking accounts and know that the hacker no longer has access to your money, the next step is to secure all your online accounts where you might be storing payment information.

“Once consumers’ information is out there, cybercriminals will use it to steal your identity or parts of it for years,” Baergen said. “The information is used to create a synthetic identity that uses parts of many peoples’ identity or to create a completely fabricated identity to take out lines of credit or to buy goods and products online in the name of someone else.”

The goal is to cut off the hacker’s payment and access to all of your online accounts so they no longer have contact with all your most valuable information. It would not be beneficial to change your bank account numbers if you just replace the old numbers with new ones in a vulnerable account for a hacker to steal again.

Invest some time in creating strong passwords for each of the websites you use. I suggest using a password manager that will keep track of and even create strong passwords for you so you don’t have to remember what password matches with what account.

If an online account provides two-factor authentication to access the account, take advantage of that. By using two-factor authentication, you are making it that much harder for a hacker to gain access to your information.

Usually if an account uses two-factor authentication, they will send a text or email to you with a code for you to fill out in order to verify that you are the authentic user of the account. This ensures the security of your account because the chances a hacker would have access to your account’s login information and your email login or mobile phone are very slim.

Dispute the Charges with Your Bank

While getting hacked doesn’t always mean your payment information is taken, a hacker’s end goal is to get money. In the case that your money is used to pay for something you did not receive, you can dispute the charges with your bank.

Every bank is different, so reach out to your Customer Service department and ask who you should talk to about disputing charges that were made on your account without your permission. They will most likely direct you to someone who can help.

Be sure to keep detailed records of the charges you are unfamiliar with, such as dates the charges were made, where and for how much. Have this information handy when you talk to the representative from you bank in order to speed up the process.

Set Up Transaction Notifications

In order to ensure you know exactly what is on with your personal banking accounts, sign up for payment notifications. Usually banks will let you sign up to be notified every time your account is used to pay for something.

If the transaction was made by you, then everything is fine! But if someone does have your information, you will know exactly the moment when they try to use your card. By doing this, you can hope to stop the hacker before any more purchases are made.

Be Preventative

After you’ve finished those steps, work to be preventative from future cyber attacks. Implement and actually use your password manager and consider using a money sharing application like PayPal to pay for things online rather than giving your payment information to every online shopping boutique you purchase items from.

When paying with your card in person, make sure that the device you are paying through hasn’t been tampered with. Many credit card thieves use devices known as “skimmers” that look like real payment devices but are used to lift your information. These devices often go undetected at gas pumps.

“If an attacker used a skimming device to steal your credit card data, be conscious that this is a popular attack vector and inspect any device which will come in contact with your credit card,” Smith said. “Wiggle the device and look for anything that may be out of ordinary. It may seem silly doing this, but it’s a quick win in detecting some skimmers.”

Getting hacked is violating and inconvenient at best, but it doesn’t have to ruin your life. There are steps to take to get everything back on track and to ensure it doesn’t happen again.

Posted by Sydny Shepard on Jun 08, 2018