What to Do If You Suspect You’ve Been Hacked

30 January 2026

Imagine this: You’re casually scrolling through your emails, and suddenly, you notice something off—an email you don’t remember sending or a login notification from halfway across the world. Panic sets in. Have you been hacked?

If you’ve ever had that sinking feeling in your gut, you’re not alone. Cybercrime is more rampant than ever, and hackers are getting craftier by the day. But don’t worry! This guide will walk you through the exact steps to take if you suspect you've been hacked.

Spotting the Signs of a Hack

Before you can take action, you need to confirm the hack. Here are some telltale signs that something isn't right:

- Unusual Account Activity – Logins from unfamiliar locations, password reset emails you didn’t request, or settings changed without your knowledge.
- Strange Emails or Messages – If friends tell you they got weird messages from you, that’s a red flag.
- Unauthorized Transactions – Strange charges on your banking or shopping accounts? A hacker may have access.
- Slow or Unresponsive Devices – Malware could be running in the background, slowing things down.
- Antivirus Warnings – If your security software flags a threat, don’t ignore it.

If any of these seem familiar, it’s time to take action—fast!

Step 1: Disconnect From the Internet

The first thing you should do? Cut off the hacker’s access. Disconnect your device from Wi-Fi or unplug your Ethernet cable. If you're on a public network, switch to airplane mode immediately.

This prevents further data from being sent or stolen while you figure out what’s going on.

Step 2: Change Your Passwords (Immediately!)

Most hacks involve stolen credentials. If you can still access your accounts, change your passwords ASAP—especially for critical ones like:

- Email
- Banking and financial accounts
- Social media
- Work accounts

How to Create a Strong Password

A strong password is your first defense against hackers. Follow these tips:
- Use at least 12-16 characters (longer is better).
- Mix uppercase and lowercase letters, numbers, and special characters.
- Avoid obvious info like your birthday or pet’s name.
- Use a password manager to generate and store complex passwords.

Step 3: Enable Two-Factor Authentication (2FA)

A password alone isn’t enough. Enable two-factor authentication (2FA) on all important accounts.

2FA requires a second confirmation (like a code sent to your phone) before logging in, making it way harder for hackers to get in—even if they have your password.

Step 4: Scan for Malware and Viruses

Hackers often install malware on your device to steal data or spy on you. Run a full system scan using a trusted antivirus or antimalware program.

Some great tools for scanning:
- Windows Defender (built-in for Windows users)
- Malwarebytes
- Bitdefender
- Avast or Norton

If anything suspicious pops up, quarantine it and remove it immediately.

Step 5: Check Your Email for Unauthorized Access

Email is often the gateway to all your other accounts. If someone has access to it, they could reset your passwords and lock you out.

Check your email login history for unusual activity. Most email providers (like Gmail and Outlook) show recent login attempts. If you see anything sketchy:
- Log out of all devices
- Change your password
- Enable 2FA if you haven't already

Step 6: Notify Your Bank and Credit Card Companies

If you notice unauthorized transactions, contact your bank immediately. They can freeze your card, issue a new one, and help prevent further damage.

Also, keep a close eye on your statements for the next few weeks. Hackers sometimes withdraw small amounts first before going for larger transactions.

Step 7: Check for Data Breaches

Hackers often get your info from data breaches. Use a site like Have I Been Pwned to check if your emails or passwords have been leaked.

If you find your data in a breach:
- Change your passwords right away
- Monitor your accounts for unusual activity
- Be extra cautious of phishing scams (hackers may use stolen info to trick you)

Step 8: Secure Your Devices

Now that you’ve taken immediate action, it’s time to strengthen your device’s security.

Keep Your Software Updated

Hackers exploit outdated software full of security holes. Make sure your:
- Operating system (Windows, macOS, etc.)
- Browser (Chrome, Firefox, Edge)
- Apps and software
- Antivirus software

…are all up to date.

Remove Suspicious Apps and Extensions

Hackers sometimes use malicious browser extensions or apps to steal data. Go through your browser and device, and delete anything unfamiliar or unnecessary.

Enable a Firewall

A firewall acts like a security guard for your device. Keep your built-in firewall enabled (both on your computer and router) to block unwanted connections.

Step 9: Be Wary of Phishing and Social Engineering

Now that you've secured your accounts and devices, it’s time to stay vigilant.

What is Phishing?

Phishing is when hackers trick you into giving them your info—like sending fake emails pretending to be your bank or a popular service.

How to Spot a Phishing Email:

- Look for typos and grammar mistakes. Hackers make sloppy mistakes.
- Check the sender’s email address. An official company won’t email you from a sketchy address.
- Hover over links before clicking. If it looks suspicious, don’t click!
- Don't download unexpected attachments. They could contain malware.

If something feels off, don’t risk it.

Step 10: Notify the Authorities (If Necessary)

If your bank account was accessed, identity stolen, or you lost sensitive data, consider reporting the hack to the proper authorities.

- For financial fraud: Contact your bank or credit card company.
- For identity theft: In the U.S., report to the FTC’s Identity Theft website.
- For cybercrime: Check your country’s cybercrime division.

The sooner you report, the better chance you have of recovering any lost data or funds.

Final Thoughts

Getting hacked is scary, but how you respond makes all the difference. The key is acting fast, securing your accounts, and putting safeguards in place to prevent future attacks.

Think of it like locking your doors after a break-in—you wouldn’t leave them open again, right?

Cybersecurity is an ongoing practice. Stay cautious, use strong passwords, enable 2FA, and trust your gut if something seems off.

Stay safe out there!