What to Do If Your Online Account's Been Hacked
Dylan Valade owns a Web design and software business. As part of his business, he deals with Web and network security issues every day.
One day, Valade received a confirmation email from a brokerage account letting him know that a trade had been made. That would have been fine, except for one thing.
"In this case, a stock had been sold that I did not sell," Valade said.
Recognizing that the account had been compromised, Valade changed all of his passwords immediately.
"My brokerage account was closed and a new one was opened," he added. "The equities were transferred to the new account, with a new login and password."
Valade's experience happened on a brokerage site, but any online account can be a target.
"The most valuable targets are financial services like PayPal, online bank accounts and investment accounts," explained Morgan Slain of Los Gatos, Calif.-based SplashData. "Facebook, LinkedIn, and other social networking sites are increasingly common targets. Online email accounts, including Gmail and Yahoo! Mail, are often hacked too."
The most sophisticated hackers actually don't target individual accounts, but instead go after repositories of account data on servers owned by large organizations, which is why companies such as Sony and Epsilon, a major email forwarder, are targeted.
What the hackers are looking to steal depends on the type of account they are hacking into. When banks or financial services such as PayPal are targeted, the objective is to steal money.
"But often the hacker has a larger objective than attacking one individual," said Lance James, director of intelligence at New York's Vigilant. "In most cases, they're gaining access to email or social network accounts specifically to enable further distribution of their activity, or to steal information that will give them access to other places — potentially more valuable places. For example, a hacker might conduct a series of intrusions with the aim of getting into an employer's payroll system."
If one of your online accounts has been hacked, it compromises the overall integrity of your computer, James added. This comes with two primary manners of impact.
"First, if there [was] personal or confidential information on that system, the owner must assume it has been hijacked by criminals," he explained. "This could have long-lasting effects including identity theft, credit fraud, bank account theft and misplaced trust between friends and associates.
"Second — in some ways more detrimental in terms of reach — that compromised computer can be used to launch attacks against others, expanding the sphere of impact geometrically," James said. "It is therefore the responsibility of organizations and every individual to take precautions wherever they can."
The surest sign that your account has been compromised is unusual activity.
"For a financial account like PayPal, the most obvious sign that your account has been compromised are suspicious transactions," said Kevin McNamee, security architect at Kindsight of Mountain View, Calif. "You should regularly check your account to look for any unauthorized transactions and report them immediately.
"For social networking services like Facebook," McNamee added, "you may notice unusual activity on your wall, but the most likely indication that something is wrong is when your friends ask why you’ve been sending them unusual links and email messages."
Some things to look for, according to Chris Boyd, senior threat researcher at GFI Software of Cary, N.C., include:
— Friends are asking you about random requests for money or messages that you've apparently sent them, claiming that you're stranded somewhere – for example, messages saying you got mugged in London. Scammers use this tactic for financial fraud. This is an especially popular tactic where compromised Facebook accounts are concerned, due to exploiting the trust of friends and family.
— Strange messages are posted from your Twitter account promoting websites and offers that you're unaware of.
— You find you're selling items on eBay that you didn't list.
If you find that one of your accounts has been compromised, the first step is to ensure that no additional damage can be done, McNamee suggested.
If you still have access to the account, change the password immediately. And then change the passwords to other online accounts, especially for any accounts that share an email address and/or a password with the compromised account.
Also, said McNamee, contact the organization that operates the service and let them know that your account has been compromised.
"Their website will provide information on how to report a problem and regain control over your account," he said.
If the account that was compromised held any financial data or credit/debit card information, James said it's best to contact the financial institutions and cancel the cards.
Even the most vigilant computer user is at risk for an attack. But Asaf Greiner, vice president of products at Sunnyvale, Calif.'s Commtouch, provided the following tips that will keep your accounts less vulnerable to a hacker:
— Use different passwords for different accounts, so if you lose one, you don't lose them all.
— Use strong passwords (e.g. ones that are hard to guess), especially with more valuable resources, such as bank accounts. When possible, use multiple-factor authentication, as with a code-number-generating token. If you find passwords hard to remember, use a password vault application to remember them for you.
— Install all recommended software patches and updates – and anti-virus software – on machines you manage.
— Don't log into valuable accounts from public machines or from unencrypted Wi-Fi networks.