What to Do If You Think You've Been Hacked
Discovering you may have been hacked is a horrible feeling — but acting quickly and methodically makes a real difference to the outcome. Here's exactly what to do, in order.
Step 1: Don't Panic — But Act Fast
The natural instinct is either to freeze or to start clicking around frantically. Try to do neither. The most important thing in the first few minutes is to disconnect the affected device from the internet if you suspect active malware (turn off WIFI, unplug the ethernet cable). This stops an attacker from continuing to access your machine or exfiltrating data in real time.
If you think it's just a compromised account (email, social media) rather than malware on your device, you don't need to disconnect — go straight to Step 2.
Step 2: Secure Your Email Account First
Email is the master key — most other accounts can be reset through it. If an attacker has your email password, they can reset everything else. So:
- Log into your email from a different, unaffected device if possible
- Change your password immediately to something strong and unique
- Enable two-factor authentication if it isn't already on
- Check your account settings for forwarding rules — attackers often set up a hidden rule to silently forward copies of all your emails to themselves
- Check which devices and apps have access to your account and revoke anything unfamiliar
Step 3: Change Passwords on Important Accounts
Work outward from email. Change passwords on:
- Online banking and financial accounts
- Any accounts that use the same password as the compromised one
- Social media accounts
- Any work systems or Microsoft 365 / Google Workspace accounts
Use a password manager to generate strong, unique passwords for each — this is the moment to start if you haven't already.
Step 4: Check Your Bank and Card Statements
Look for any transactions you don't recognise — even small ones. Fraudsters often test stolen card details with a tiny charge before making larger ones. Contact your bank immediately if you spot anything suspicious. Most banks have 24/7 fraud lines.
If you think card details have been compromised, ask your bank to cancel and reissue the card even if you haven't spotted fraudulent transactions yet.
Step 5: Scan Your Device
Once you've secured your accounts, turn your attention to the device itself. Run a full scan with Windows Defender (Windows Security → Virus & threat protection → Full scan) and also run Malwarebytes (free download) as a second check. If malware is found, follow the prompts to quarantine and remove it.
If you're not confident dealing with an infection yourself — or if the malware keeps returning — bring the device in. Some infections are stubborn and need professional removal, or in serious cases a full reinstall of Windows.
Step 6: Report It
- Action Fraud (UK's national fraud reporting centre): actionfraud.police.uk or 0300 123 2040
- Your bank — if financial information was involved
- ICO (Information Commissioner's Office) — if you're a business and customer data may have been exposed, you may have a legal obligation to report within 72 hours
- Your IT team or us — if it's a work device, notify whoever manages your IT immediately
Step 7: Understand How It Happened
Once things are stable, it's worth trying to understand the root cause — not to assign blame, but to prevent it happening again. Common causes include:
- Reused passwords (one breach exposes many accounts)
- Clicking a link in a phishing email
- Downloading software from an untrustworthy source
- No two-factor authentication on important accounts
- Outdated software with unpatched vulnerabilities
Need help cleaning up or securing your devices?
We deal with virus removal, compromised accounts and security setups for homes and businesses across Hyde and Tameside. Call us — we'll get you sorted.