No one wants to be taken advantage of, yet threat actors make a living from cybersecurity attacks. If you think you may have been hacked, read these tips for telltale signs your device or account may have been compromised, and learn what you can do about it.
New programs installed
You may see new programs or files on your computer in some situations. If you are the only user on the computer and notice that new programs have been installed, or new icons appear on your desktop, it could indicate that it has been hacked. However, several legitimate reasons why a new program may appear on the computer include:
- Operating systems or other programs have received updates that included new programs or files.
- When you installed a new program, other programs may have been installed along with it. For example, it is common for plug-ins and other free programs to have a checkbox asking if installing a new Internet browser toolbar or antivirus program on your computer is ok. If you don’t uncheck these boxes, the additional new programs are installed.
- If you suspect someone may have used your machine, ask if they installed a new program.
A presence of these programs may indicate that a hacker has been on the computer:
- Backdoors and Trojans are the most common programs installed on a computer after it has been hacked. These programs can allow the hacker to access information stored on your computer.
- IRC clients are another common way for a hacker to get into a computer or remotely control thousands of computers. If you have ever participated in an IRC chat, your computer could have been hacked.
- Spyware, rogue antivirus programs, and malware might indicate a hacker. More commonly, however, they signify that your computer has been infected via download or by visiting a hijacked page while on the Internet.
Encrypted files by ransomware
You may see your files (like office documents or pictures) are no longer accessible; you cannot open them, and their icon and extension have changed. This is a sign that a hacker has encrypted your files and will probably require a ransom to return the files to you.
Tip: Never pay a ransom to hackers! The best solution against ransomware is to back up all of your files daily or weekly to an external drive or the cloud.
Computer passwords have changed
- Online passwords - Sometimes, after an online account is hacked, the hacker changes the password to one or more accounts. Try using the “forgot password” feature to reset the password. If your email address has changed or this feature does not work, contact the company who is providing the service. They are the only ones who can reset your account and give control back to you.
- Local computer password - If your password to log into your computer has changed, it may have been hacked. There is no reason why a password would change on its own.
- Lost or forgotten Windows password.
Email spam being sent
When an email account is taken over, the threat actor almost always uses that account to spread spam and viruses. If your friends, family, or coworkers are receiving advertising email from you, your email may be compromised. Log into your email account and change your account password.
Tip: Email addresses can also be spoofed without hacking the account. After changing the email password, if your friends continue to get emails you have not sent, someone is likely spoofing your email address.
Increased network activity
For a cyber attacker to take control of a computer, they must remotely connect to it. Your Internet connection will be slower when someone is remotely connected to your computer. Also, many times after the computer is hacked, it becomes a zombie to attack other computers.
Installing a bandwidth monitor program on the computer can help determine which programs are using bandwidth on your computer. Windows users can also use the "netstat" command to determine remote established network connections and open ports. However, there are multiple legitimate reasons why your Internet connection may also be slow, such as other users in the home or office, large file downloads, or site maintenance, among other things.
Unknown programs requesting access
Computer security programs and firewalls help restrict access for security purposes. If the computer prompts you for access to programs you do not know, rogue programs may be installed, or it may have been hacked. If you do not know why a program needs access to the Internet, we recommend blocking access to that program. If you later discover these blocks cause problems, they can be removed.
Security programs uninstalled
If the computer’s antivirus program, anti-malware, or firewall has been uninstalled or disabled, it can also indicate a hacked computer. A hacker may disable these programs to help hide any warnings that appear while they are on your machine.
Note: It is also possible for a virus to disable the antivirus program or for malware to interfere with the anti-malware program.
The computer is doing things by itself
If your computer has been deeply exploited, it’s possible for a malicious third party to control your computer remotely, executing any programs that you have the privilege to run. If they handle your current login session, they can even control the computer as if they were sitting at your desk, using your keyboard and mouse. For example, a mouse cursor could be moved, or something could be typed.
Another example is that you can see that the computer camera light is operating without you having turned it on. If you see the computer doing something as if someone else is in control, this can be an indication that your system has been exploited at the root level.
Internet browser home page changed, or a new toolbar
If you notice that your web browser configuration has suddenly changed, this may be a symptom of a virus or malware infection. Examples of sudden browser changes include your home page changing, a third-party toolbar being added, or your default search engine changing to something you don’t want.
Your computer has been hacked if you see frequent, random popups encouraging you to visit unusual sites. Examples include antivirus messages telling you to hurry and download new software, or links to gambling or inappropriate sites.
Learn how Rockwell Automation delivers complex industrial cybersecurity solutions across all types of manufacturing and industrial organizations, reducing risk to your organization and its customers.