Secure a Compromised Account
- If an unwanted person has access to one of your online accounts, we say
it is compromised.
- They can use your email or social media to scam your friends or
perpetrate further crimes.
- As well as changing your password, you need to check for settings that
could allow the attacker back in.
Finding out
If it’s your email or a social media account that’s been compromised, you
might hear from a friend who’s received a suspicious message purporting to
be from you.
If it’s an account with an online shop, the first you might know is when
you receive a receipt for an item you didn’t buy, or spot an unfamiliar
transaction on your bank statement.
Or you might be alerted directly by the account provider. Larger companies
in particular are getting good at spotting potentially fraudulent behaviour,
for example if your account is accessed from another country.
How it happened
If one of your accounts is compromised, the attacker almost certainly
learned your password by tricking you with a phishing email (see
Recognise Social Engineering).
It’s very unlikely that the attacker has actually accessed your computer,
tablet or phone. Instead, they are simply logging into your account from
their own computer.
Change your password
Log into the website or app and look for a section like ‘My Account’ or
‘Settings’, then use the option to change your password.
If you can’t log in because the attacker has changed your password
themselves, you’ll need to use the ‘forgotten password’ facility
instead.
The new password should be one you have never used before on any account.
Ideally, let your browser or password manager generate a password for you
(see Use Strong, Unique Passwords).
With your password changed, the attacker can no longer log into your
account using the old, stolen password. However, they might have changed
your security information — for example, substituting your
phone number with theirs – meaning they can now use the ‘forgotten password’
facility and have a recovery code sent to their phone.
So, check the security information on your account. You should recognise
all phone numbers and email addresses.
Log out other sessions
If the attacker still has your account open in their browser, they might be
able to go on causing problems for a while after you have changed your
password. If your account has a facility to forcibly log out all other
devices, use it.
Special considerations for email
If an attacker breaks into your email account, they might make some
additional and more sinister changes.
One is to switch on mail forwarding, meaning that any
emails people send you from now on will not reach you but will instead be
rerouted to the attacker.
Another is to establish blocked senders so you no longer
receive messages from particular people or companies. Similarly, the
attacker may create rules or filters that
move certain incoming emails into folders so you won’t find them in the
inbox.
And they might enable an autoresponder so that anyone
emailing you immediately receives a pre-written reply from the attacker.
You should check for all these things when dealing with a compromised email
account.
Finally, most major email providers let you create app
passwords, different from your main password, for compatibility
with older software. Check the relevant section in your account settings and
delete any app passwords you find.
Note that you cannot use an email app like Outlook, Thunderbird,
or the Mail app on your phone or tablet to change your email password or
check your security details and other settings. Instead, use a browser like
Chrome, Edge, Firefox or Safari to visit the website of the company that
operates your email.
Prevention is better than cure
The single best thing you can do to reduce the likelihood of your account
getting compromised again is to enable two-factor authentication
(see Use Two-Factor
Authentication).
This is particularly important on your email account. If your email
provider does not support two-factor authentication, consider switching to
one that does.