What to do if someone tries to hack you

You’ve interacted with scammers or visited a phishing site. What steps should you take to avoid being hacked?

What to do if you’ve clicked on a phishing link or talked to scammers

We often write about how to prevent cybersecurity hazards and have given advice on more than one occasion about what to do if your account is hacked or your mobile phone is stolen. Today, let’s tackle a more complex situation: someone is trying to hack or deceive you, but you’re unsure about the extent of the problem. For example:

  • You clicked a website link in an email or ad, but then had second thoughts and became suspicious about said link.
  • Someone claiming to be from Microsoft called to remove a virus from your computer.
  • You received an erroneous bill, called customer support, and they sent you a helpful link to solve the problem and avoid overpayment.

What should you do to prevent hacking?

Don’t give any more information

This is the first and most fundamental rule that you can apply without hesitation. If you get bad vibes from a website asking for your name, email, phone… or bank card information — close it immediately.

If you’re talking to someone on the phone — even if they claim to be from your bank or tech support — and the conversation seems even just a little strange, hang up immediately and don’t answer if they call back. Scammers often employ elaborate schemes; they might call from a different number or contact you through an instant messenger — perhaps pretending to be someone else or from a different organization. Ignore them.

If you’re communicating through video conferencing tools like Zoom, end the meeting and close the application.

Disconnect your device from the internet

This is an essential point if you’ve installed any applications at someone’s request, or someone’s done something on your computer using remote control tools — including Zoom, Skype, MS Teams, or Google Meet. If this is the case, there’s a high probability that malware has been installed on your computer or smartphone. To prevent the criminals from controlling your device remotely, immediately disconnect your computer/phone from the internet by turning off Wi-Fi and cellular data. The simplest and fastest way to do this is to activate Airplane Mode on your phone, or unplug the Ethernet cable if your computer is connected to the net via one.

Think about what the hackers might have learned

If you’ve visited a suspicious website or talked on the phone, try to remember any information you entered on the site or shared with the caller. Address and name? Phone number? Bank card number? Password?

If you only shared your name, address, and phone number, no further action is required, but stay on your guard — most likely the scammers will try to attack again based on your data, possibly using a different scam.

The situation is worse if you’ve shared more sensitive information, such as passwords, photos of personal documents, or banking information: in this case, follow the advice in the next two sections.

Change your passwords

Quickly log in to all services where the compromised password was used and change it to a new one — unique for each service. If you disconnected your device from the internet, use another device rather than plugging in the potentially infected one. Don’t hesitate to ask your neighbors or co-workers for help if you don’t have another device. Time is of the essence here — every minute counts. When accessing any services, enter the site address manually or open it through your browser bookmarks rather than clicking on links in recent emails.

If the password you entered was for an online banking platform, a payment system, or any account containing money, simply changing the password is not enough — take the following steps to save your funds.

Contact your bank, credit bureau, or service provider

If you provided bank card numbers or other financial information, contact the bank immediately. You can usually block cards through a dedicated hotline, as well as through the mobile application and your personal account on the website. For other types of data, such as bank account details, consult with specialists from the bank or online service about protective measures to take. Don’t wait for a call from the bank – they could be scammers; call the number listed on the bank’s website or mobile application yourself.

If you’ve shared extensive personal information or photographs of documents, malicious actors may use this data fraudulently, such as to apply for loans. To prevent this from happening, contact the credit bureau and inquire about available protective measures you can take. These measures vary from country to country — see these examples for the U.S.A., Germany, and Russia — but typically include setting up notifications for any inquiries about your credit history (checking your credit history is the first step in applying for a loan), blocking new inquiries, or self-banning credit issuance — making it impossible to obtain a loan in your name.

Check your computer

If you followed our advice and disconnected your computer from the internet due to potential infection, thoroughly check it for malware or potentially unsafe software before reconnecting to the network. If you already have a comprehensive protection system installed, such as Kaspersky Premium, ensure that the protection databases have been updated recently and all protection and scanning technologies are enabled, and then run a full scan. It’s crucial to run the deepest possible scan, applying settings that can detect not only malware but also potentially dangerous software such as remote control tools. Remove any detected malware according to the instructions of the security application.

What should you do if your computer lacks protection or if the protection databases are outdated? Use another computer to download protection from the manufacturer’s official website, then transfer the installation files across using a USB flash drive.

Check for any suspicious activity

After taking all the steps described above, make sure that the attackers haven’t managed to do anything harmful with the potentially compromised accounts. If these are online store or bank accounts, check your recent purchases. If you see any purchases you didn’t make, try to cancel them by contacting the online store/bank.

On social networks, check recent posts, new friends, photo album content, and so on. In messaging apps, check your recent chats to make sure no fraudulent messages were sent from your account.

For all accounts, verify your contact information, name, profile picture, address, and payment information. If you notice any changes, it means the account has been compromised; change your password and, if possible, secure the account with two-factor authentication.

Be sure to check the information about which devices are linked to your accounts with online services, social networks, and messaging apps. Having hacked an account, attackers try to maintain access to it — for example, by linking their device to it. Depending on the service, this connection might persist even after you change your password. Therefore, it’s crucial to ensure that you recognize all devices and active sessions listed in the “Security” section (this section might be called “Devices”, “Connected devices”, “Recent sessions”, and so on, depending on the specific service). Next to the name of the connected device, there’s usually a button to “Disconnect device” or “End session”, allowing you to kick out any strangers. If you cannot identify any devices and/or sessions listed, disconnect them after making sure you remember your updated password. You’ll have to re-log-in to your accounts with the new password (you changed the password, didn’t you?) — but now the attackers won’t have access.

The hardest thing to deal with is the consequences of an email hack. Firstly, besides all the above, you’ll have to check the mail forwarding rules. Make sure that neither your mailbox settings nor your message processing rules have forwarding of your emails to third-party addresses enabled. Secondly, if any other service accounts are linked to your email, attackers can hack into most of them. If you find any signs that your email has been tampered with, you’ll need to check for suspicious activity and change the password on all services linked to that email address.

Prevention is better than cure

Following the advice above requires a significant amount of time, effort, and patience. To minimize the risks of fraud as much as possible, it’s best to take precautionary measures in advance.