So I've been hacked - what do I do about it?

While the majority of the Web Safety Guru training focuses on prevention, there are situations where you need to know how to react after a problem has arisen. In this article I will focus on two pieces of advice. Firstly, panicking only makes things worse, this is why cybercriminals use panic as one of the tools of their trade. Secondly, you should already have a plan in place for what to do if the worst ever happens. You should know what to do, and what not to do, if you are hacked or infected. Indeed, constructing this plan may well lead you to making vital security improvements such as organising your passwords better or implementing a more regular virus checking schedule. And when you have a plan to cope with a particular disaster this can reduce the feeling of panic when one comes.
Hacker stealing

What to do once you've been hacked

It was the great philosopher Homer Simpson who said "It takes two to lie. One to lie, and one to listen".

In the same vein, computer crime requires both a miscreant and a victim. The chances are that if you have fallen foul of some computer skullduggery in the past, that the miscreant didn't manage this without your help.

Web Safety Guru computer training cannot prevent criminals from trying to attack you but it can help you reduce the chances of an attack succeeding and it can help limit the damage if you do get unlucky.

The tuition I provide will help protect you in many ways. You'll learn about stronger passwords, spotting scam emails, viruses and malware, cookies and privacy, safety on social media and more.

In this article I'll discuss the approach you should take if you are unlucky and fall victim to some form of computer crime.

Let's start with two pieces of advice which are useful in most situations in life: 1. Don't Panic. 2. Have a plan.

Don't panic

Scam emails often try to induce panic in their intended victims. They may threaten severe consequences: your bank account may be frozen, your insurance may expire, you may be prosecuted. This will be combined with a really tight deadline which is designed to reduce your time to think. A classic of the genre is the blackmail email which threatens to send out a compromising video of you to all of your contacts unless you pay a ransom in bitcoin within 48 hours.

On almost every occasion you can rationally deduce that the email is not genuine, so long as you have time to do so, and are not panicking.

Panic toilet roll

Panicking rarely solves anything

Always have a plan

In my web safety training, I'll be conveying the idea that you should work to a plan for each type of threat you face.

For example. You have discovered that one of your passwords has been compromised. What do you do first?

Many people would immediately say "change the password" however the answer really depends on how the password came to be compromised. For example, if your password was stolen because your device was infected with a keylogger, changing the password would achieve very little because the keylogger would then have access to your new password as well.

So the first step should be working out how the password came to be stolen. There are many possibilities: somebody guessed your password because it was too weak; you fell victim to a phishing attack; your computer was infected with malware; you gave away relevant information on social media; you were intercepted while logging in on a public network; the password was stolen not from you but from the server you logged into. Until you know otherwise you should make the assumption one or more of your devices is infected. Kick off a virus scan on all your relevant devices. If you wish to change your password ASAP, fine but change it to something temporary and be prepared to change it again once you have completed your investigations. Make sure this new password is not used by any other account you own.

If it turns out you do have a keylogger, you must remove this before setting your long-term password. You may need to review your anti-virus strategy. You should also attempt to discover how you got infected with the keylogger so you can avoid the situation repeating itself. Your plan should also include points like not logging onto any other sites until you've established that your computer is uninfected (otherwise you are risking more of your passwords falling into enemy hands).

It's vital to know which of your other accounts are at risk (i.e. that have the same password as the one that's been stolen) and make preparations to update those also. You may need to inform contacts that you have been hacked, for example if it was your Facebook account you will want your friends to be on the lookout for suspicious activity coming from 'you'. You won't want your friends suffering the same fate as you.

I used this example as it demonstrates that everything I cover in the Web Safety Guru security tuition is linked. There's more than one way of getting hacked and there's more than one way of getting a virus.

The key to minimising the damaging effects of a security breach is in keeping a cool head and being methodical in sticking to a plan for each situation.


Select the course you are interested in

Select how and when you would like your first session.

Make an appointment for your session then make your payment.

To make an appointment Contact Us or visit our Booking Page.
We'll deliver your first Web Safety Guru session.

You'll receive your training at home via Zoom or in person as per your selection.

I will be happy to answer any questions you may have about the course content, your options and how to pay.

Please get in touch via the website or phone 07846 763197.


Web Safety Guru offers one to one computer training designed to keep you safe online.

We'll discuss: passwords and security, email scams, viruses and malware, cookies and privacy, safety on social media and safety on public networks.

Visit the homepage to learn more about the options for Zoom courses and home tuition.