Your email client dings, sending you the worst news you've seen in days: A message from Evernote, informing you that they've been hacked. Suddenly, the phone rings. It's your sweetheart in tears, asking why you changed your status to “single” on Facebook. Are you moving to Grimsby? Facebook says you live in Grimsby. Then, Twitter messages arrive from your friends inquiring about the 140-character endorsements for Canadian Viagra you've been sending out.
Face the facts – you've been hacked. It's an awful feeling, but you can recover.
How did it happen?
While it's conceivable that a cyber-criminal mastermind targeted you personally for an attack with specially crafted "spear-phishing" email messages using your personal information, it's inexpressibly unlikely. You're special, of course, but you're not that special. It's much more likely that you just weren't careful, or weren't lucky.
Perhaps a valid website that's been compromised by injected malware infested your system with a data-stealing Trojan. Or more likely, you reused a password for a website which was compromised. It's so hard to remember a multitude of passwords, some people just use the same one (or the same few) over and over. Is your Facebook password the same as your Twitter password? How about the password for your bank's website? Now, some digital ne'er-do-wells have all or part of your login information, and any site where you reused it is now open to them.
Regain the reins
Many secure websites include a mechanism to reset a forgotten password by sending a special link to your email account of record. A malefactor in control of your email could submit a lost password request to dozens of banks and other sensitive sites, hoping for a few hits. If your email is compromised you need to change the password immediately – if you can.
You may find that the hacker has already locked you out by changing the account's password. In that case you need high-level help from your email provider. You'll have to prove to the provider that you're the real account owner. Depending on your provider, the process may be easy or difficult. Stick with it no matter what. If you don't regain control of your email, anything else you do towards recovery can be undone just as easily.
Purge your passwords
Even if the hacker didn't use your email account to reset passwords, all of your password-protected secure sites are potentially in danger. In a perfect world you'd change the password for every secure site as soon as possible. That can be tough; you may not even remember all the sites that you've signed up with. Start with financial sites and other important sites, then rack your brain to come up with as many others as you can.
And please, don't change all your accounts to the same new password! Get a password manager utility like LastPass, and let it generate random, very secure passwords like 3F&bqV;&tbMMn; or F*a6@Wv5jJF%. For the master password, the one that protects all the others, pick something that's both very secure and very memorable. For advice on doing so, see our guide to making up very strong passwords.
Report the event
Some websites have event reporting built right into the system. For example, you can report a Facebook hack at www.facebook.com/hacked. If there's no official form to report what happened, it's still a good idea to drop a note to tech support or customer service. The site may have resources to help you deal with fallout from the hack.
Repair the PC
There are those who advise that the only proper way to recover a compromised PC is to reformat and start over. If you have the time and ability to do that, it's certainly not a bad idea. For those who shudder at the thought, there are alternatives.
First, double check that you have the very latest updates for your OS and for all installed browsers, as well as for essential browser add-ons like Flash and Adobe Reader. Wherever possible, enable automatic updates.
Double check that your antivirus or security suite is fully up to date, and run the most thorough scan it offers. Don't assume, though, that your antivirus will root out all problems. After all, it didn't stop the initial hack. Get a second opinion. Temporarily disable your installed antivirus's real-time protection and run a scan using one or more of the available free antivirus tools. Focus on those that specialise in clean-up.
Change your habits
Now that you've got control of the situation, don't let this happen again! Be sure to keep using your password manager, and don't slip back into the habit of recycling the same handful of passwords. If a website you use offers two step verification, be sure to turn it on.
Check periodically to ensure that your OS, your antivirus, and all installed browsers and browser add-ons are getting updates as they should. Take extra care when using public computers. And never, ever, ever give your passwords to anybody.
Lastly, keep your eyes open for suspicious behaviour on your online accounts, and your friends' accounts. If your friends are posting nonsensical links, or sending you unprompted PDF attachments with strange names, take a minute to check that they really meant to send that file over to you.