Realising you may have been hacked is a stressful experience, but acting quickly and methodically makes a significant difference. Whether it is a compromised email account, suspicious charges on a bank account, or devices behaving strangely, the steps below cover exactly what to do — in the right order.
Signs That You May Have Been Hacked
Before taking action, it helps to know what you are dealing with. Common signs include:
- You cannot log in to an account even though you know the password is correct
- You receive password reset emails you did not request
- Friends or colleagues receive strange messages from your email or social media accounts
- You notice purchases or transactions you did not make
- Your device is running unusually slowly, has new apps you did not install, or is behaving unexpectedly
- Your social media posts content you did not write
Step 1 — Secure Your Email Account First
Your email account is the master key to everything else. If an attacker controls your email, they can use the “forgot password” function to get into every other account that uses that email address. Securing it first is the priority.
- If you can still log in, change your password immediately to something long and unique.
- Enable two-factor authentication if it is not already active.
- Check your email settings for any forwarding rules, filters, or auto-responses you did not set up — attackers often create forwarding rules to silently copy all your incoming mail.
- Check the recent sign-in activity for your email account and look for logins from unfamiliar locations or devices.
If you cannot log in to your email because the password has been changed, use the account recovery option immediately. For Gmail, go to accounts.google.com/signin/recovery. For Microsoft, go to account.live.com/acsr.
Step 2 — Change Passwords on Affected Accounts
Once your email is secure, change passwords on any account you believe has been compromised. Start with the most sensitive ones: banking, Microsoft account, Google account, Apple ID, any account with stored payment details.
Use a different, strong password for every account. A password manager makes this manageable — it generates and stores unique passwords so you do not have to remember them all.
Step 3 — Enable Two-Factor Authentication
After changing passwords, enable two-factor authentication on every account that offers it — especially email, banking, and social media. Even if an attacker gets your new password, they still cannot get in without the second factor.
Step 4 — Check Connected Apps and Active Sessions
Many account hacks involve connecting malicious third-party apps that retain access even after you change your password. Check each account’s security settings:
- Google: myaccount.google.com — Security — Third-party apps with account access
- Microsoft: account.microsoft.com — Privacy — Apps and services
- Facebook: Settings — Security and login — Where you’re logged in
Remove any apps or active sessions you do not recognise.
Step 5 — Check Your Devices for Malware
If you suspect your computer or phone has been compromised, run a full scan with your antivirus software. Windows includes Windows Defender, which is a capable free option. For a second opinion, tools like Malwarebytes (free version) are widely trusted. Read our guide on how to tell if your computer has a virus for the warning signs and what to do.
Step 6 — Notify the Right People
Depending on what was accessed, you may need to notify others:
- Your bank — if any financial accounts were involved, call your bank immediately. They can freeze cards and investigate fraudulent transactions.
- Your employer — if you use work accounts or devices, inform your IT team so they can investigate and contain any impact.
- Action Fraud — if you have suffered financial loss, report it at actionfraud.police.uk.
- Friends and family — if your email or social media was used to send malicious messages, let your contacts know so they do not click anything.
Step 7 — Review What Was Exposed
Once the immediate situation is under control, assess what information may have been accessed. Check if your email address or passwords appear in any known breach databases using Have I Been Pwned. This helps you understand the scope and identify any other accounts that may be at risk.
How to Prevent It Happening Again
The most effective preventive measures are also the simplest: use a password manager so every account has a unique password, enable two-factor authentication everywhere it is offered, and stay alert to phishing emails — which remain the most common way attackers get in.
