How to know if your account has been compromised

If your account has been hacked, it is not guaranteed that you will find it quickly. Much depends on the goals of the scammer. It happens that it does not disconnect you from the server immediately after logging into your account, does not change passwords, but simply continues to be in your account, collecting data and periodically sending malware to your friends.

However, there is an opportunity to detect unwanted presence.

• Go through the correspondence, make sure that they do not contain suspicious messages like sending information from you or complaints from friends.
• Check your mail, if you have notifications configured, then for sure you will receive messages from the security system about suspicious actions in your accounts: login (attempt to log in) from someone else’s IP or device.
• View the status of your account. It may be penalized for spam or other violations.
• Check your wallets, bank accounts for suspicious transactions or invoices issued for orders that you did not make.
• Check your account settings to see what devices and apps are connected to your account. Look for this information in the section responsible for security. For example, on Facebook, you can see this in the “Security and Authorization” → “Active Sessions” section. You should be alerted in the list of both devices through which you did not enter, and “Unknown device types”.

How to remove a scammer from your account and what to do next

1. Remove all unknown devices from your accounts. Sign out of all sessions on other devices. If this option is not available in the settings, write to the service support.
2. Change your password immediately. Make it as difficult as possible. Let it contain letters in different cases, special characters and numbers.
3. Set up two-factor authentication where possible. The most secure option is to set up using OTP passwords or security keys. Only today such opportunities are not available in all services. But on Facebook, Google and Twitter — the most popular sites — there is.
4. Turn on security alerts if they were turned off.
5. Check social media links to other apps. To the maximum, unsubscribe from all suspicious communities. Try, if possible, not to register using social networks on little-known or unverified sites. There are situations when a platform with a multi-million audience has vulnerabilities. By hacking it, the scammer can gain access to your social networks.
6. Delete suspicious files on the computer, including from the bootloader.
7. Turn on your antivirus. Check for updates to your antivirus program.
8. Check other accounts — of mail services, stores that are linked to social networks. They, too, can be compromised.

How to secure your account in the future

It is noteworthy that in almost 40% of cases, hackers “visit” hacked accounts again. Therefore, if you managed to remove the attacker or restore access, do not relax.

First, let’s figure out how a scammer could get access to your data.

• Password. In the first place of all hacks is the brute-force attack method, that is, password guessing. Think about how complex your password is, whether it contains a phrase from your status or the name of your loved one. Another common user error is using the same password on different services. Then the scammer, having learned one password, will get to the rest of your accounts.
• Registration using social networks. We understand that there is no time, or you don’t want to come up with passwords during a new registration, so there is a desire to go through the procedure by pressing one button. But this, unfortunately, is not always safe. Try not to register in this way on sites where there is no way to set up two-factor authentication — they are easier to hack. Of course, the scammer will not have direct access from a third-party service, but the application will have access to your contacts, name, and profile link. Further, knowing which service you use, the hacker can send you a phishing site where you compromise the rest of the information: passwords.
• Phishing. Often scammers use phishing sites to steal passwords. At the same time, they can send any messages, even about supposedly hacked accounts, saying that you need to enter a password to restore them. But in no case should you follow the links in such messages, and even more so enter data, otherwise you will compromise them.
• Malicious programs. With the help of spyware or keyloggers that transmit information about what keys you press on the keyboard, scammers easily steal your passwords. And the distribution of malware can be carried out through infected links and files. 
• There is no additional protection. As a rule, if an account has two-factor authentication, it will be more difficult for a fraudster to hack it. And if you use security keys, it’s next to impossible.

In total, our defense will be based on the following steps:

• Complex passwords. Security experts recommend creating 16-20-character passwords for accounts using complex characters, numbers, and letters in different cases. They must be changed at least once every three months, since technical means are constantly being improved, and it is possible that even complex passwords will be cracked by scammers in just a few weeks. If remembering passwords is difficult, use password managers or security keys.
• Two-factor authentication. Given the weak strength of passwords, it is imperative to activate two-factor authentication in your accounts. This can be entering a secret phrase, a one-time password from mail, SMS, or an application, confirmation through a notification on your phone, or connecting a security key.
• Caution in correspondence. Do not trust provocative messages. Fraudsters often use people’s weaknesses to provoke them into doing what they want.
• Website check before registration. It is better to first register on the service, check what opportunities it has to protect your account, and only then link it.
• Antivirus protection. Even if you accidentally download unwanted files, reliable antivirus protection can save you. The main thing is to monitor the timely updating of antivirus programs.

Types of malware

• Computer viruses — are programs that can copy themselves and can extract, delete, replace or distort the original data.
• A botnet — is a network of computers infected with bots that execute certain commands: sending spam, guessing passwords, DoS attacks.
• Cryptojacking — or hidden mining.
• Network worms — are malicious programs that slow down device performance, delete files, and disable certain programs.
• Rogue antiviruses — are computer programs that pretend to be an antivirus by downloading malware or downloading data from a computer.
• Spyware — is a program that monitors user activity and can connect remote control of a computer.
• Trojans — are malicious programs that appear on computers under the guise of legitimate software.

Protection. To protect yourself from malware, use licensed antiviruses. Also be sure to enable additional protection in your accounts: two-step or two-factor authentication. Use USB keys.

What are application vulnerabilities

Unfortunately, not all applications are made with high quality, and vulnerabilities can lead to serious consequences, up to loss of control over the device. An up-to-date list of vulnerabilities is available on the OWASP website – a tool for developers. We list only a few for the understanding of ordinary users.

• Access Control Violation — Insufficient restriction of rights for registrant users. This results in unauthorized disclosure of information or deletion of data.
• Insecure data storage — storing data on a local server, and not on a secure one. As a result, unauthorized persons can access it.
• Insecure communication — the use of insecure protocols in instant messengers, chats. In this case, messages may be intercepted.
• Incorrect security settings — unlimited number of login attempts. This is fraught with hacking accounts by guessing passwords.
• Lack of additional protection — there is no possibility of connecting two-factor authentication. This threatens to hack accounts.