9 SIGNS YOU'VE BEEN HACKED AND WHAT TO DO

Paul Oyelakin Author

Malwares have now become so discreet and complex that they can get past the most advanced anti-malware software unnoticed. Security software can......

Hello,
This month we will be discussing the 9 signs that show you have been hacked and how you can protect yourself.

Malwares have now become so discreet and complex that they can get past the most advanced anti-malware software unnoticed. Security software can and do miss malware when the malware signature is not in their database. This is especially the case when a new malware is less than 24 hours old. It is within these moments a lot of harm and damages can be done by attackers.

If you are worried that a file might contain malware, scan it on VirusTotal first by uploading the file. Virustotal.com has over 60 antimalware scanners, hopefully one will be able to detect the malware.

So how do you know you have been hacked and what can you do to protect yourself from it?

Below are 9 signs that shows you have been hacked and suggestions on how to remediate (aka fix) them.

1. Your Friends Get Messages You Did not Send:
   This is a common issue with email accounts and in recent years, it happens more often with social media accounts; hackers deceive people with fake accounts to scam others. Sometimes your actual account password is cracked because it is easy to guess or you unknowingly give out your credentials by clicking on a malicious link.

   Do you have an old social media account that you created a long time ago? That is a perfect target to use because it’s your genuine account and you are not even aware that it is being used for fraudulent activities. Hackers often use these compromised email/social media accounts to send malicious messages to your social media friends requesting help or information from them.

   Most of your friends would believe it's you who sent the message and some might fall prey to the attacker by doing what is asked of them.

   What to do?
   If you find out your account have been compromised or an evil twin account was created, the first thing you want to do is to warn all your friends about the incident and clearly let them understand the messages weren't from you. After this, if you still have access to the social media site, quickly change your password and set up two-factor authentication. Uninstall apps you don't use often, cancel old accounts you no longer use and update your apps every time there's a new update. If you find an account impersonating your profile, most social media platforms have a way for you to report them. Here are links for reporting fake Facebook and Twitter. A quick google search should show you how to report fake accounts on other social media platforms.
   

   
          Get 1Month FREE on our online cyber security course. Use Cyber2020 as the coupon code to Register.
   

2. Fake Anti-virus Message:
   It often happens when your computer get compromised or an attacker is waiting at the doorway for you to take an action and fall victim of the attack. It is a pop up on your screen that “warns” you about malware that have been detected on your computer. The prompt suggest you click on a link or install a software but the catch is you were not in fact infected, instead you are being lead to install malware.

   What to do?
   If you are able to, close the tab and restart the browser which should be enough if the malware has not been downloaded onto your machine locally.
   In case your computer already got compromised, shut it down and restore to a time before the malware was installed. It will be important that you have system restore enabled on your machine so that you can restore if you should need it.
   Here is a quick video that shows you how to verify and easily create restore point.

   While system restore help you to reverse your mistakes, remember, don't click or install any program if the source look suspicious.

3. Unwanted Browser Toolbar/Redirects and Pop ups:
   Unwanted toolbars might sometimes appear on your browser which are unknown to you.
   Sometimes you intend to access one web page and are redirected to another. A lot of times, this is due to a bogus toolbar app.
   Random web browser pop ups is a good sign that your computer may have  been infected, especially if your web browser was closed when the pop up appear.

   What to do? 
   Inspect your favorite web browser(s) for toolbar apps that do not seem familiar to you. If this happens, delete the unwanted toolbars or close the browser and restart. A right click on the application will usually do the trick (at least that’s the case with Google chrome extensions).

4. Ransomware Messages:
   This malware allows hackers to make your computer inaccessible. They encrypt your hard drive and restrict you from doing anything on your computer. The attacker then asks for payment in the form of bit coin/gift cards in order to receive the encryption key. Pay attention to fake ransomware notice, some web pages will pop up pretending to be ransomware and all you need to do is simply close out your web browser.

   As shown in the image above, with a real ransomware message, attackers ask for a “ransom” to unlock your data. In this example, they demanded $300 worth of Bitcoin as payment. Also, a timer, located in the box on the left shows a count down. If you do not pay the ransom, the hackers will permanently delete all your data - which is often unrecoverable.
   One of the most recent ransomware attacks was WannaCry.

   What to do?
   The FBI recommended that ransoms should not be paid so the attackers do not profitable from their unethical and illegal behavior. If people continue to pay the ransom, more people will become victimized because the attackers are profiting. The bad news is there really isn’t a way to remove the ransomware and retrieve your data. Your only other option is usually to wipe your machine and restore your operating system. Antimalware software like Malwarebytes is a great way to prevent ransomware from claiming your machine. And it is always good to have your critical data backed up somewhere (i.e. cloud) as an insurance policy in case you need to restore from it.

5. Invalid Password:
   If suddenly your login details start becoming incorrect despite being sure that it is correct and you are not missing anything nor the website has technical issues, it means your account may have been hacked. You might have unknowingly given your details either through phishing (clicking a link to a look-a-like website and entering your account details) or other means.

   What to do?
   Report to the online services about the issue and they might help you get back into the account. If you are sure that you have been hacked, reach out to your contacts list on the account and warn them about the incident. It is possible the attacker sent messages to others and deleted the evidence in your sent box.

6. Surprise Software Installations:
   When you start seeing software you didn't install on your computer, most of the time these software programs can control or modify other software programs installed on your system. It could also modify or disable your antivirus, allowing other types of malware to invade your system.
   This type unwanted software sometimes come as complements from other software. The option to install them is in small prints so that it is hard to detect especially when you rush through an installation process.

   What to do? Uninstall programs you do not recognize and reboot your computer. If you find some programs are needed for other software to function properly, it may mean that you may have to stop using that software as well. If you are using a windows machine, you can uninstall unwanted programs from the settings menu. Click on the “Apps” icon to review programs installed on your machine.

7. Randomly-Moving Mouse Pointer:
   Sometimes your mouse will move randomly due to a technical issue.
   If it's flying randomly all over your screen without performing any actions, then it might just be a technical issue. If it's making clear movement and opening applications then you should suspect malicious software is at play. Someone else might have gained remote control of your computer

   What to do?
   When you are sure it's an attack, quickly disconnect your network and shutdown your device. Change all your online account login details using your mobile phone or another computer. It may help to Install a second or third anti-malware on your computer to scan. Make sure those anti-malware come with root kit defense… If your computer is infected with a root kit, it means the compromise is deep (registry/kernel level). It is difficult to detect if the rootkit has been completely removed, so as a precautionary measure, it may be a good idea to reinstall your operating system. On rare occasions the root kit can infect your machine at the bios level (which is an even deeper reach), if that is the case you may need to request professional help or re-purpose your computer into a door stopper. Once the issue has been remediated, be cautious of not clicking on the same thing that installed the malware on your computer in the first place.

8. Money Missing in Your Bank:
   If you lose money without carrying out any transactions then it means you have been hacked. If ALL your money is gone, then it is most likely a hacker at work because they normally aim to take almost everything. It's possible your accounts login details have somehow been exposed to the hacker.

   What to do?
   Report immediately to your bank to see if there's something that can be done. For preventative measure, It is best to turn on transaction alerts for unusual logins and transactions. Also, customers can set thresholds and block all international transaction while notifying the bank to stop any transaction exceeding a certain amount unless they give explicit permission.

9. Confidential Information Get Leaked:
   The media contact you to confirm classified information about your home/company. How did they receive this information? Possibly a breach of company’s data. What to do?
   First, confirm that the leaked information is yours and that you have been indeed hacked. If you have been compromised, start following the incident response plan immediately. If you are a company and other people’s personal data was compromised you will need to proceed with your states, data breach notification laws.

SECURITY ANALYST OF THE MONTH:TASHA!

Congrats to our security analyst of the month: Tasha!

⭐⭐⭐⭐⭐

Tasha is an extraordinary security analyst. She is the “Jackie” of all trades ensuring our policies and procedures are technically sound. She can manually assess technical security controls to ensure they meet compliance. Tasha recently stood up our second IPSec tunnel for our test environment to reach servers in Azure. She is an outstanding firewall admin/ISSO; I am very happy to have her on the front line of our network defense. She has hardened our clients network devices and drafted organizational policies to minimize risks.  Recently, she discovered a weakness with our network contingency plan and quickly set up an effective back up and restoration process for our client’s firewalls.

Tasha, Not only are you a talent in the field, you have the hard work and dedication to match. You recently secured your CEH and Sec+ certification and I know the CISSP is next on your list of conquest 😉. I am beyond proud to have someone of your caliber on our team. Cheers to you as you continue to aim to be the best in the game.

•  Certification Courses
  SEC+ (1 Month Class)
  CEH – (1 month Class)
  CISSP – (2 month Class)

  For Schedule visit PJCourses.com or email
  [email protected] | [email protected]
   Or call 301-576-2977

• Coming Soon!
  • Splunk App for Windows Infrastructure:
    This course will teach students how to configure the SPLUNK-app for windows infrastructure. This is an intuitive tool that will provide every security analyst with the visibility they need for their network.
  • PJ Cybersecurity Awareness Training Program:
    PJ Pros will soon release a comprehensive security awareness training course very soon. This will be a free course for employers to use to train their staff and meet their annual security awareness training requirements.
• Changes on PJ Courses:
  Courses on our learning platform, PJCourses.com is currently going through some re-organization. Some videos will be updated as needed and all online classes will be based on $10/month membership payments (no more single class payments). In addition, quizzes will now reveal correct answers, however you will only have one attempt at them instead of three. All quizzes will also come with 10 questions instead of 5. The questions have been redesigned to be more thought provoking. I think you all will like the re-organization as it will provide career seekers with a more modular and informative approach to learning.

Categories: Blog, Cyber basics, cyber security, How To Tutorials