Your Online Account(s) Got Hacked & You Are Locked Out: What Do You Do!?

Online security is becoming increasingly critical as more of our daily lives move onto the internet. If you believe one or more of your online accounts have been hacked or compromised, it’s essential to act swiftly. If you are locked out of an account, the situation becomes even more urgent. Below are detailed steps you can take to mitigate damage, regain control, and enhance the security of your other online accounts.

*Note: One takeaway from my own personal "getting hacked" experience is that the new "Verified" model that most social media platforms use now is being leveraged to push users into paying for the verification, just to receive any kind of personal support if they happen to have any problems or issues with their account. Going forward I recommend (and will personally practice) that you verify ANY and ALL online social media accounts that are important or critical to your life/work. You can use the services for free, but if you have an issue like an account hi-jack/take-over, it can be next to impossible to get ANY help if you are un-verified.

1. Report the Incident Immediately!

Reporting the compromise to relevant authorities and service providers is crucial. This not only helps you recover control of your account but also aids in preventing further damage.

• Local Police: If you suspect identity theft or fraudulent activity, file a report with your local police department. Keep copies of the report for further use.
• Websites or Software Providers: Contact the customer support teams of any websites or services involved in the breach. Most platforms like Google, Facebook, and financial services have processes in place to assist users in recovering hacked accounts.
• IC3/FBI: If the incident involves significant financial loss or cybercrime, file a report with the Internet Crime Complaint Center (IC3), which is a division of the FBI focused on internet-based crimes.

2. Recovering a Locked-Out Account:

If you are locked out of an account, follow these steps (and see further details at the end of the blog):

• Use Account Recovery Options: Most services offer account recovery options like email or phone verification, but this may not be safe if these are compromised. Prioritize recovery methods like trusted devices or backup codes (which many services provide when setting up 2FA).
• Contact Customer Support: If recovery options fail, reach out to the service provider’s customer support. Be prepared to verify your identity through personal information or past account details.
• Keep Documentation: If you’ve filed reports with the police or the IC3, share these reports with the service provider, as this may help speed up the account recovery process.

3. Secure Any Associated Payment Services

If you're completely locked out of an account, especially one that’s linked to financial services, take immediate action by logging into any associated payment services and removing access to the hacked site or account. For instance:

• PayPal
• Venmo
• eBay
• Banking apps or credit card accounts

This helps to stop any unauthorized transactions that could stem from the compromised account. Be sure to carefully review recent activity on these services to identify any fraudulent activity and report it to your payment service provider.

3. Change Passwords on Any/All Online Accounts You Have!

Once you've safeguarded your payment methods, it's essential to change your passwords across all your online accounts. Start with the most important and sensitive accounts first:

• Email Accounts: Your email is often the gateway to all your other accounts, so this is the highest priority.
• Financial Accounts: Banking, credit cards, PayPal, Venmo, CashApp, Zelle, etc.
• Shopping Platforms: Amazon, eBay, and any other sites where your payment information is stored.

Use strong, unique passwords for each account. Consider using a password manager to generate and securely store complex passwords, reducing the chances of reuse or weak password issues.

4. Monitor and Secure All Other Online Accounts

Even if only one account was compromised, hackers may have attempted to access other accounts through the use of the same password or linked email addresses. Take the following additional precautions:

• Review all recent account activity for suspicious logins or transactions.
• Revoke access to any suspicious devices or apps that are connected to your accounts.
• Update security questions and answers, ensuring they aren't easily guessable or derived from public information.

5. Setup, Use, and/or Check Any Credit or Data Monitoring Services

If you use any sort of data monitoring or ID monitoring service(s), this would be the time to check on them or even ask the provider to run an up-to-date check of your personal information.

• Guardio: We do use and recommend Guardia as an "Umbrella" service to not only monitor your personal information but also look for password leaks and even provide email/web filtering and monitoring. The service is not free, unfortunately. But their products and services have GREATLY helped us with similar issues in the past.
• Free Credit Monitoring such as Experian, Equifax, Credit Karma, the FTC, and other resources.

6. Enable Two-Factor Authentication (2FA)

Where available, always enable two-factor authentication (2FA) for your accounts. However, be cautious with the type of 2FA you use:

• Do not rely on 2FA through SMS or email, as these can be intercepted through SIM-swapping attacks or email compromises.
• Use an authenticator app such as Google Authenticator, Microsoft Authenticator, or Authy.
• Security Keys: For the highest level of protection, use your security key for 2FA on any accounts that support it.

Make sure to set up both security keys on all accounts that support them for redundancy in case one is lost or stolen.

7. Implement Security Keys for Two-Factor Authentication (2FA)

Using a security key (like a YubiKey) is one of the most effective ways to protect your accounts. Security keys provide an extra layer of security beyond traditional passwords by requiring physical confirmation for account access.

• Buy Two Security Keys: Setting up two keys ensures that if one is ever lost, stolen, or damaged, the backup key can be used to regain access to your account.
• Register Both Keys: Set up both keys on every account that supports their use (e.g., Google, Dropbox, Microsoft, social media, financial services, etc.).

8. Ongoing Protection and Monitoring

After recovering your accounts and enhancing their security, adopt good online security practices going forward:

• Use a Password Manager: This helps you create and store strong, unique passwords for all your accounts.
• Monitor Credit Reports: If financial information is compromised, regularly monitor your credit report for unusual activity. You can also consider placing a fraud alert or credit freeze.
• Watch for Phishing Attempts: Be especially cautious of phishing emails or texts that may follow a breach, as hackers may try to gain further information by impersonating legitimate companies or services.

By following these steps, you can effectively respond to an account compromise and significantly reduce the chances of future breaches. The key is to act swiftly, report incidents, and continuously improve your security practices.

How To Protect Yourself From Scammers

How To Protect Yourself From Scammers

Scammers are versatile in their tactics, posing as various entities, including banks, real estate agencies, utility companies, and even family members or government agencies. They often employ pressure tactics to create a false sense of urgency, leading to rushed decisions and financial losses. To safeguard your interests, it's essential to be vigilant and take proactive steps to prevent falling victim to scams. This article offers insights and tips on how to protect yourself from scammers.

Question Too-Good-To-Be-True Offers

Scammers often dangle tempting promises of high returns, low risk, and "golden" opportunities. If something sounds too good to be true, it probably is. Take your time to ask questions, verify claims, and conduct due diligence before making any financial commitments. This cautious approach can help you avoid falling prey to fraudulent schemes.

Be Wary of "Grandparent Scams"

One common scam involves imposters claiming to be family members, especially grandparents, seeking financial help. If someone purports to be a family member, independently verify their identity by calling them directly. In cases where you suspect a family member needs assistance, reach out to them through a trusted phone number or in-person contact. Avoid responding to such pleas via email, social media, or text, and always consult with the person's parents before sending money to a potential scammer.

Guard Your Passwords and PINs

Your passwords and PINs are the keys to your online security. Never share them, even with close friends, family, or relatives. Keeping this information confidential is vital for safeguarding your financial and personal data.

Protect Against Phishing Emails

Phishing emails are a favored tool among scammers. Pay close attention to any email that appears as a bill or a security alert. Be cautious if you notice misspelled words, your name is absent, the links seem suspicious, or if you're asked to "verify" your account or personal information. In such cases, delete the email and promptly report it to the relevant authorities.

Implement Security Best Practices

• Be Cautious with Money Transfers: 
• Avoid sending money to individuals you don't know in real life, particularly through third-party services like Zelle, Venmo, and Cash App. 
• Refrain from using gift cards to settle bills; legitimate businesses do not request payment via gift cards.
• Ignore Unsolicited Messages: 
• Delete random texts and emails that ask you to click a link or provide personal information.
• Never click on links from untrusted sources.
• Regularly Monitor Your Accounts: 
• Stay vigilant by regularly monitoring your financial accounts. 
• Respond promptly to fraud alerts and report any unauthorized transactions.

Enable Multifactor Authentication

For added security, enable multifactor authentication (MFA) for your accounts whenever possible. MFA provides an extra layer of protection that can thwart account hacks or hijacks even if a malicious actor obtains your login information.

Understanding Fake Websites and How Scammers Exploit Them

Fake websites are tools scammers use to deceive individuals into divulging sensitive information, downloading malware, or making purchases from non-existent products. Scammers often employ these websites as part of phishing attacks.

Recognizing fake websites is becoming increasingly challenging. To ensure you're not dealing with a fraudulent website, remain vigilant and apply the aforementioned protection measures. By staying informed and exercising caution, you can significantly reduce your vulnerability to scams and safeguard your online security.

In conclusion, being proactive, skeptical, and informed is the best defense against scammers. Protect your personal and financial information by following these guidelines, and remember that it's always better to be cautious than to fall victim to fraudulent schemes.

We Also Recommend Reading:

11 Ways To Spot Fake Website

Pacific NW Computers

www.linktr.ee/pnwcomputers

www.pacificnwcomputers.com

Protect Your Comcast.net Email from Hijackers

How to Protect Your Comcast.net Email Account from Hijackers

If you use Comcast.net email, you may have heard of some cases where customers’ email accounts were hijacked by hackers. This can be a very frustrating and scary situation, as hackers can use your email account to scam your contacts, steal your personal information, or cause other damages.

In this blog article, I will explain how hackers can hijack your Comcast.net email account, what they can do with it, and how you can protect yourself from this threat.

How Hackers Can Hijack Your Comcast.net Email Account

There are different ways that hackers can gain access to your Comcast.net email account, but one of the most common methods is phishing. Phishing is when hackers send you fake emails or direct you to fake websites that look like they are from Comcast or other legitimate sources. They may ask you to enter your email address and password or click on a link or attachment that contains malware. If you fall for their tricks, they can capture your login credentials and use them to access your email account.

Another possible method that hackers can use to hijack your Comcast.net email account is through a data breach. A data breach is when hackers break into a database that contains sensitive information, such as email addresses and passwords. If the database belongs to Comcast or a third-party service that you use with your Comcast.net email account, hackers may be able to obtain your login credentials and use them to access your email account.

What Hackers Can Do With Your Comcast.net Email Account

Once hackers have access to your Comcast.net email account, they can do a lot of malicious things with it. Some of the common things that hackers can do are:

• Set up email redirection or auto-forwarding rules. This means that hackers can forward emails coming into your account to their own email account and continue their attack on those who are emailing you directly.
• Create a spoof email account that looks very similar to your actual email address but with a different domain name. For example, if your email address is johnsomeguy@comcast.net, hackers may create a spoof email address like johnsomeguy@outlook.com. They can then use the spoof email address to impersonate you and scam your contacts in various ways.
• Attempt to hijack and take over other various online accounts, as the hackers can now receive/redirect security and login authentication emails.
• Delete all contacts in your address book, storage folders in your email account, or incoming email messages. This can cause you to lose important data and communication.
• Send spam or malicious emails from your email account to other people. This can damage your reputation and expose others to potential harm.

How You Can Protect Yourself From This Threat

If you suspect that your Comcast.net email account has been hijacked by hackers, you should take immediate action to secure it and prevent further damage. Here are some steps that you can take:

• Change your password as soon as possible. Make sure that you use a strong password that does not use any common words or phrases. You can use a password manager or generator tool to help you create and remember a strong password.
• Check your email settings and rules. Look for any suspicious redirection or auto-forwarding rules that hackers may have set up and delete them. Also, check if hackers have changed any other settings, such as your signature, reply-to address, or recovery options.
• Scan your computer and devices for malware. Use reputable antivirus or anti-malware software to scan your computer and devices for any malware that hackers may have installed on them. Malware can compromise your security and allow hackers to access your email account or other accounts.
• Contact your contacts and inform them of the situation. Let them know that your email account has been hijacked and warn them not to open any emails or click on any links or attachments that they may have received from you recently. Also, ask them to report any suspicious emails that they may receive from the spoof email address that hackers may have created.
• Consider switching to a more secure email provider. Comcast.net email does not always offer some of the advanced security features that other email providers do, such as two-factor authentication (2FA). 2FA is when you need to enter a code or use another device to verify your identity when you log in to your email account. This adds an extra layer of protection against hackers who may have stolen your password. You may want to switch to an email provider that offers 2FA or other security features.

I hope this blog article has helped you understand how hackers can hijack your Comcast.net email account, what they can do with it, and how you can protect yourself from this threat. If you have any questions or comments, please feel free to leave them below.

Pacific NW Computers

www.linktr.ee/pnwcomputers

www.pacificnwcomputers.com