15 signs you've been hacked—and how to fight back (2022)


Redirected internet searches, unexpected installs, rogue mouse pointers: Here's what to do when you've been 0wned.

By Roger A. Grimes

Columnist, CSO |

15 signs you've been hacked—and how to fight back (2)

In today's threatscape, antimalware software provides little peace of mind. In fact, antimalware scanners are horrifically inaccurate, especially with exploits less than 24 hours old. Malicious hackers and malware can change their tactics at will. Swap a few bytes around, and a previously recognized malware program becomes unrecognizable. All you have to do is drop off any suspected malware file at Google’s VirusTotal, which has over 60 different antimalware scanners, to see that detection rates aren’t all as advertised.

To combat this, many antimalware programs monitor program behaviors, often called heuristics, to catch previously unrecognized malware. Other programs use virtualized environments, system monitoring, network traffic detection and all of the above to be more accurate. Still they fail us on a regular basis. If they fail, you need to know how to spot malware that got through.

How to know if you've been hacked

Here are 15 sure signs you've been hacked and what to do in the event of compromise.

  1. You get a ransomware message
  2. You get a fake antivirus message
  3. You have unwanted browser toolbars
  4. Your internet searches are redirected
  5. You see frequent, random popups
  6. Your friends receive social media invitations from you that you didn’t send
  7. Your online password isn’t working
  8. You observe unexpected software installs
  9. Your mouse moves between programs and makes selections
  10. Antimalware, Task Manager or Registry Editor is disabled
  11. Your online account is missing money
  12. You’ve been notified by someone you’ve been hacked
  13. Confidential data has been leaked
  14. Your credentials are in a password dump
  15. You observe strange network traffic patterns

Note that in all cases, the number 1 recommendation is to completely restore your system to a known good state before proceeding. In the early days, this meant formatting the computer and restoring all programs and data. Today, it might simply mean clicking on a Restore button. Either way, a compromised computer can never be fully trusted again. Follow the recommended recovery steps listed in each category below if you don't want to do a full restore. Again, a full restore is always a better option, risk-wise.

1. You get a ransomware message

One of the worst messages anyone can see on their computer is a sudden screen take-over telling them all their data is encrypted and asking for a payment to unlock it. Ransomware is huge! After a slight decrease in activity in 2017, ransom-asking programs have come roaring back. Billions of dollars in productivity is being lost and billions in ransom are being paid. Small businesses, large businesses, hospitals, police stations and entire cities are being brought to a halt by ransomware. About 50% of the victims pay the ransom, ensuring that it isn’t going away anytime soon.

Unfortunately, according to cybersecurity insurance firms who are often involved in the payouts, paying the ransom does not result in working systems about 40% of the time. Turns out that ransomware programs aren’t bug free and unlocking indiscriminately encrypted linked systems isn’t as easy as putting in a decryption key. Most victims end up with many days of downtime and additional recovery steps even if they do pay the ransom.

(Video) 12 Signs Your Computer Has Been Hacked

What to do: First, if you’ve got a good, recent, tested data backup of the impacted systems, all you have to do is restore the involved systems and fully verify (officially called unit testing) to make sure the recovery was 100%. Sadly, most companies don’t have the great backups that they thought they had. Test your backups! Don’t let ransomware be the first time your company’s critical backups are being tested.

The best protection is to make sure you have good, reliable, tested, offline backups. Ransomware is gaining sophistication. The bad guys using malware are spending time in compromised enterprise environments figuring how to do the most damage, and that includes encrypting or corrupting your recent online backups. You are taking a risk if you don’t have good, tested, backups that are inaccessible to malicious intruders.

If you belong to a file storage cloud service, it probably has backup copies of your data. Don’t be overly confident. Not all cloud storage services have the ability to recover from ransomware attacks, and some services don’t cover all file types. Consider contacting your cloud-based file service and explain your situation. Sometimes tech support can recover your files, and more of them, than you can yourself.

Lastly, several websites may be able to help you recover your files without paying the ransom. Either they’ve figured out the shared secret encryption key or some other way to reverse-engineer the ransomware. You will need to identify the ransomware program and version you are facing. An updated antimalware program might identify the culprit, although often all you have to go on is the ransomware extortion message, but that is often enough. Search on that name and version and see what you find.

2. You get a fake antivirus message

You get a popup message on your computer or mobile device that it is infected. The pop-up message pretends to be an antivirus scanning product and is purporting to have found a dozen or more malware infections on your computer. Although this isn’t near as popular as it used to be, fake antivirus warning messages are still a situation that has to be dealt with in the right way.

They can occur because of two reasons: Either your system is already compromised or it is not compromised beyond the pop-up message. Hope for the latter. These types of fake antivirus messages usually have figured out a way to lock up your browser so that you can’t get out of the fake message without killing the browser and restarting it.

What to do: If you get lucky, you can close the tab and restart the browser and everything is fine. The fake message doesn’t show back up. It was a one-time fluke. Most of the time you’ll be forced to kill the browser. Restarting it sometimes reloads the original page that forced the fake ad onto you, so you get the fake AV ad again. If this happens, restart your browser in incognito or inprivate mode, and you can browse to a different page and stop the fake AV message from appearing.

The worse scenario is that the fake AV message has compromised your computer (usually due to social engineering or unpatched software). If this is the case, power down your computer. If you need to save anything and can do it, do so before powering down. Then restore your system to a previous known clean image. Most operating systems have reset features built especially for this.

Note: A related scam is the technical support scam where an unexpected browser message pops up warning that your computer has been compromised and to call the toll-free number on your screen to get technical support help. Often the warning claims to be from Microsoft (even if you’re using an Apple computer). These tech support scammers than ask you to install a program, which then gives them complete access to your system. They will run a fake antivirus, which not surprisingly, finds lots of viruses. They then sell you a program to fix all your problems. All you need to do is give them a credit card to start the process. Luckily, these types of scam warnings can usually be defeated by rebooting your computer or closing your browser program and avoiding the website that hosted it upon you. Rarely has this type of malware done anything to your computer that requires fixing.

(Video) How to Check If Your iPhone Has Been Hacked and How to Remove Hacks

If you fall for one of these tech support scams and you gave them your credit card, immediately report it to your credit card company and get a new credit card. Reset your PC as instructed above if you give the imposter tech support person remote access to your computer.

3. You have unwanted browser toolbars

This is a common sign of exploitation: Your browser has multiple new toolbars with names that seem to indicate the toolbar is supposed to help you. Unless you recognize the toolbar as coming from a well-known vendor, it's time to dump the bogus toolbar.

What to do: Most browsers allow you to review installed and active toolbars. Remove any you didn't want to install. When in doubt, remove it. If the bogus toolbar isn't listed there or you can't easily remove it, see if your browser has an option to reset the browser back to its default settings. If this doesn't work, follow the instructions listed above for fake antivirus messages.

You can usually avoid malicious toolbars by making sure that all your software is fully patched and by being on the lookout for free software that installs these tool bars. Hint: Read the licensing agreement. Toolbar installs are often pointed out in the licensing agreements that most people don't read.

4. Your internet searches are redirected

Many hackers make their living by redirecting your browser somewhere you don’t want to go. The hacker gets paid by getting your clicks to appear on someone else's website. They often don't know that the clicks to their site are from malicious redirection.

You can often spot this type of malware by typing a few related, very common words (for example, "puppy" or "goldfish") into internet search engines and checking to see whether the same websites appear in the results — almost always with no relevance to your terms. Unfortunately, many of today's redirected internet searches are well hidden from the user through use of additional proxies, so the bogus results are never returned to alert the user.

In general, if you have bogus toolbar programs, you're also being redirected. Technical users who really want to confirm can sniff their own browser or network traffic. The traffic sent and returned will always be distinctly different on a compromised computer vs. an uncompromised computer.

What to do: Follow the same instructions as for removing bogus toolbars and programs. Usually this is enough to get rid of malicious redirection. Also, if on a Microsoft Windows computer check your C:\Windows\System32\drivers\etc\hosts file to see if there are any malicious-looking redirections configured within. The hosts file tells your PC where to go when a particular URL is typed in. It’s hardly used anymore. If the filestamp on the host files is anything recent, then it might be maliciously modified. In most cases you can simply rename or delete it without causing a problem.

5. You see frequent, random popups

This popular sign that you've been hacked is also one of the more annoying ones. When you're getting random browser pop-ups from websites that don't normally generate them, your system has been compromised. I'm constantly amazed by which websites, legitimate and otherwise, can bypass your browser's anti-pop-up mechanisms. It's like battling email spam, but worse.

(Video) Eight True Bigfoot / UFO Stories

What to do: Not to sound like a broken record, but typically random pop-ups are generated by one of the three previous malicious mechanisms noted above. You'll need to get rid of bogus toolbars and other programs if you even hope to get rid of the pop-ups.

6. Your friends receive social media invitations from you that you didn’t send

We’ve all seen this one before. Either you or your friends receive invitations to “be a friend” when you are already connected friends on that social media site. Usually, you’re thinking, “Why are they inviting me again? Did they unfriend me and I didn’t notice, and now they are re-inviting me.” Then you notice the new friend’s social media site is devoid of other recognizable friends (or maybe just a few) and none of the older posts. Or your friend is contacting you to find out why you are sending out new friend requests. In either case, the hacker either controls your social media site, has created a second near-look-alike bogus page, or you or the friend has installed a rogue social media application.

What to do: First, warn other friends not to accept the unexpected friend request. Say something like, “Don’t accept that new invitation from Bridget. I think she’s hacked!”. Then contact Bridget some other way to confirm. Spread the news in your common social media circles. Next, if not first, contact the social media site and report the site or request as bogus. Each site has its own method for reporting bogus requests, which you can find by searching through their online help. It’s often as easy as clicking on a reporting button. If your social media site is truly hacked (and it isn’t a second bogus look-alike page), you’ll need to change your password (refer to the help information on how to do this if you don’t).

Better yet, don’t waste time. Change to multi-factor authentication (MFA). That way the bad guys (and rogue apps) can’t as easily steal and take over your social media presence. Lastly, be leery of installing any social media application. They are often malicious. Periodically inspect the installed applications associated with your social media account/page and remove all but the ones you truly want to have there.

7. Your online password isn’t working

Page 1 of 2


What is the first thing you do when you get hacked? ›

Step 1: Change your passwords

This is important because hackers are looking for any point of entry into a larger network, and may gain access through a weak password. On accounts or devices that contain sensitive information, make sure your password is strong, unique—and not easily guessable.

What are 4 things to do when you get hacked? ›

If you do still have access to your account, make these changes right away:
  • Get a new username and password. Choose a strong password. ...
  • Change your security questions. The hacker may have gotten access to your account by guessing the answers to security questions. ...
  • Turn on two-step verification.
Aug 15, 2022

Can you Unhack your phone? ›

If you've recently sideloaded apps on Android, they might be to blame for the hack. Therefore, to unhack your phone, delete all recently-downloaded apps from it.

When you get hacked what happens? ›

If hackers get into your device or accounts, they could access your money and personal information and you could become a victim of identity theft or identity fraud. Identity theft is when your personal details are stolen and identity fraud is when those details are used to commit fraud.

What do I dial to see if my phone has been hacked? ›

Use the code *#21# to see if hackers track your phone with malicious intent. You can also use this code to verify if your calls, messages, or other data are being diverted. It also shows your diverted information's status and the number to which the information is transferred.

Can someone hack my bank account with my phone number? ›

With your phone number, a hacker can start hijacking your accounts one by one by having a password reset sent to your phone. They can trick automated systems — like your bank — into thinking they're you when you call customer service.

Does changing password stop hackers? ›

Yes, changing your password will prevent hackers from accessing your account. Updating your account password at the first sign of an attack limits damage. Changing your password regularly also improves security. Stolen credentials in data breaches are often old.

Should I delete my email if it was hacked? ›

If you have been hacked several times and your email provider isn't mitigating the amount of spam you are receiving, then consider starting afresh but don't delete your email address! Many experts do warn against deleting email accounts as most email providers will recycle your old email address.

Can hackers be traced? ›

Most hackers will understand that they can be tracked down by authorities identifying their IP address, so advanced hackers will attempt to make it as difficult as possible for you to find out their identity.

Can you be hacked without knowing? ›

Savvy digital thieves can target your smartphone without you even knowing about it, which leaves your sensitive data at risk. If your phone gets hacked, sometimes it's obvious. Ransomware, for example, will take over your phone and lock your entire system down.

How do I know if my IP is hacked? ›

Here Are Signs You Might Have Been Hacked
  • Someone used one of your credit accounts. Online identity theft is common. ...
  • You start receiving odd email messages. ...
  • New programs suddenly appear. ...
  • A trusty password doesn't work. ...
  • You notice strange browser activity. ...
  • You start losing control.

Does turning off your phone stop hackers? ›

Can a phone be hacked while turned off? The short answer is no, your phone cannot be hacked while it's turned off. Phone hacking, even remotely, only works if the device being targeted is on. That doesn't mean you're personally safe from hackers while your devices are off.

Who is accessing my phone? ›

To check your mobile data usage on Android, go to Settings > Network & Internet > Data Usage. Under Mobile, you'll see the total amount of cellular data being used by your phone. Tap Mobile Data Usage to see how your data use has changed over time. From here, you can identify any recent spikes.

Will reset phone remove hackers? ›

The majority of malware can be removed with a factory reset of your phone. This will, however, wipe any data stored on your device, such as photos, notes, and contacts, so it's important to back up this data before resetting your device. Follow the instructions below to reset your iPhone or Android.

What if my Iphone has been hacked? ›

If your iCloud or Apple ID is compromised, contact Apple directly at 1-800-275-2273 on a different device, or visit an Apple store in person.

Does changing your password get rid of hackers? ›

Does changing your password stop hackers? Yes, changing your password will prevent hackers from accessing your account. Updating your account password at the first sign of an attack limits damage. Changing your password regularly also improves security.

Should I delete my email if it was hacked? ›

If you have been hacked several times and your email provider isn't mitigating the amount of spam you are receiving, then consider starting afresh but don't delete your email address! Many experts do warn against deleting email accounts as most email providers will recycle your old email address.

Who should you contact first if a secret has been compromised? ›

Notify – immediately contact relevant institutions (e.g. banks) and providers so they can keep a watch on your accounts for any suspicious activity.


1. YouTubers are getting HACKED!!
2. Signs Your Phone Was Hacked - 15 Clear Signs That Your Phone Has Been Hacked
(everyday culture)
3. Tech Help: 3 Ways to Know If You've Been Hacked & Keep You Safe Online
(The List Show TV)
4. Signs Your Phone Has Been Hacked & What You NEED To Do
(Payette Forward)
5. 4 Ways To Check If Your iPhone Has Been Hacked (2022)
(How To Apps)
6. 15 Clear Signs Your Phone Was Hacked

You might also like

Latest Posts

Article information

Author: Moshe Kshlerin

Last Updated: 09/21/2022

Views: 6335

Rating: 4.7 / 5 (57 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Moshe Kshlerin

Birthday: 1994-01-25

Address: Suite 609 315 Lupita Unions, Ronnieburgh, MI 62697

Phone: +2424755286529

Job: District Education Designer

Hobby: Yoga, Gunsmithing, Singing, 3D printing, Nordic skating, Soapmaking, Juggling

Introduction: My name is Moshe Kshlerin, I am a gleaming, attractive, outstanding, pleasant, delightful, outstanding, famous person who loves writing and wants to share my knowledge and understanding with you.