Close up of hands typing on a computer keyboard

4 steps to take if your account has been hacked

Picture this: You’re going about your day when you receive an “urgent” direct message telling you to verify an online account before it’s “suspended.” Or, you’re scrolling through your phone and notice an unfamiliar text (or call) sent from your device. Both scenarios are examples of phishing, a fraudulent activity designed to steal your confidential information—from passwords and other login credentials to social security numbers and bank account numbers.

In recognition of Computer Security Day (Nov. 30), The Daily connected with Mark Herron, chief information security officer for University Technology ([U]Tech) at Case Western Reserve, to learn more about cybersecurity and how to stay safe online. If you believe that your email, social media, bank or other online accounts have been hacked, read on to learn four steps Herron advises you take.

1. Download and update your device’s security software.

It is best to begin with this step, especially if you’re unsure who hacked your account. Whether you have Norton 360, McAfee Total Protection, Symantec Endpoint Protection or another effective antivirus software, you can update it by going into your settings, checking for an update notification, and navigating to the install (or similar) button. Once the software’s updated, run a scan of your computer or smart device to check for malicious software (known as malware). Delete any suspicious software indicated by the scan, then restart your device.

2. Change your passwords.

Typically, hackers use passwords and other personal information they obtain to access your other accounts. If you have access to your online account, immediately change your password(s) to something that’s not easy to guess or the same (or even similar) to ones used across different accounts.

3. Strengthen your login process.

Most online accounts currently offer a two-factor authentication option, which requires a password and a second method to verify your identity (i.e., a one-time code sent to your email or phone). Enabling multiple verification methods helps decrease the risk of someone hacking your account. 

4. Review recent account activity. 

Once you’re back in your account, check for unknown activity, such as deleted and sent messages and folders or changed account information. Depending on your situation and what personal information has been compromised, visit to determine further steps to take. 

To learn more ways that you can protect your online identity, visit [U]Tech’s website.