How can you tell if your computer or phone has been hacked_

Today’s cyber threat landscape has become more complex and challenging.  The number of cyberattacks and data breaches has skyrocketed in the last few years, both in size and scope. It has become cheap and easy to hack computers and mobile devices, thereby giving cybercriminals unauthorized access to your personal devices and data.

The primary goal of security is to protect the confidentiality (data not stolen), integrity (data not modified) and availability (service remain uninterrupted) of computer systems and data. Anytime a system is hacked, data is leaked, an account is hijacked, or any other security incidents occur, you can be certain that one or more of these principles has been violated. Most hacking incidents take place undetected. Sometimes it takes a long time before the victim realizes what happened. But there are certain signs to look out for that might just save you some serious trouble if spotted early enough. We will show you 10 clear signs you can use to tell if your computer or phone has been hacked.

1. Denial of access to your device, key system settings, or data

If you suddenly observe that you have been denied access to your computer or phone, it’s possible your device has been hacked. Denial of access can mean that you can no longer login to your device because your password has been changed by the intruder, you can no longer access key system settings such as factory reset or system restore options, or you had a ransomware attack.

Ransomware is a type of malware that prevents users from accessing their computer device or personal files, and demands ransom payment in order to regain access. Since 2012 ransomware attacks have seen a global exponential increase. In 2019, the FBI’s Internet Crime Complaint Center (IC3) received 2,047 ransomware complaints that cost victims over $8.9 million.  Figure 1.0 shows a typical ransomware message display.

If access to your device is denied as a result of password change, you stand a chance to benefit from available password recovery options for your device. If you have multiple accounts setup on the affected device, you can use one of them or preferably the Admin account to regain access to the system. If you’re denied access to factory reset or system restore settings, get the system boot to Safe Mode (with networking) and clean it up with a good anti-malware such as Malwarebytes.

If it’s a ransomware attack, the best option is to format or flash the affected device and restore lost data from previous backups. If you don’t have a reliable backup you may have to gamble with paying the ransom, although there is no guarantee that you’ll get your data back. The good news is that there are some cybersecurity firms that have figured out a way to reverse-engineer many ransomware strains. They can help you recover your files without paying the ransom.

Figure 1.0 Wanacry ransomware message display

2. Appearance of unknown applications you did not install

If you notice unknown programs, apps and/or processes running on your device, it is often a sign that an intruder has gained access to your device. Those unknown programs or processes may even appear legitimate to fool a user into thinking it’s harmless.

A typical example is malware that masquerades as an antivirus product that automatically scans your device and claims to find dozens of malware infections on it (please see Figure 2.0). If you’re using a Windows machine, you can tell you’re infected when you notice that your computer’s antivirus program, firewall, task manager and/or registry has been disabled or changed. Malware may disable these applications to help cybercriminals block response options or any warnings that would appear while they are on your device.

If you find yourself in this situation, your best bet is to get rid of the malicious application by all means. Go through your list of installed apps and uninstall any suspicious application you can find. If you’re using a Windows machine, you can easily achieve this by booting to Safe Mode, and uninstalling suspicious programs. You also need to identify and terminate suspicious processes from the Task Manager. In addition, Malwarebytes is an excellent tool you can deploy to help you get rid of malicious applications on your machine.

Figure 2.0 fake anti virus application

3. Strange cursor movements and mouse clicks

It’s possible for a malicious third-party to remotely control your device and execute programs that you have the privilege to run, without your permission. If you see your device behaving as if someone else is controlling it, barring any known technical issues, your system is likely being exploited remotely.

If the mouse cursor is making orderly movements and clicks and opening applications–not just some random movements with no clear path of direction; you can be sure that someone else has full control. This kind of attack is dangerous and requires immediate action.

Unless you are really interested in knowing what the intruder is looking for, it is advisable to immediately disconnect the affected system from the internet or LAN. Use malware removal tools such as Malwarebytes to clean up the machine as a short term measure, change the Admin and other password access to the device, and get a professional to take a deeper look at the device.

4. Bogus browser toolbars and search redirection

You should be alarmed if you notice that your browser has strange new toolbars and plugins. Although it’s not unusual to have new toolbars in your browser after installing software from a known source, but unsolicited toolbars can mess with your browser settings (default homepage, search engine, etc.), and open the door to other malicious applications (such as keyloggers, Trojans, etc.), websites, and search redirection without your permission.

Redirecting users to particular websites for the purpose of generating traffic is a rewarding business for cybercriminals. They use bogus toolbars (as shown Figure 3.0 below) and other hidden programs to subtly interrupt your regular browsing, forcing you to other websites, or to download or purchase something regardless of what you searched for or the URL you clicked. It is so stealthy done that even the trained eye can easily be fooled.

You can easily avoid malicious toolbars by applying caution when downloading free software that often bundles these toolbars alongside, and unchecking them when spotted. The first thing to do if you suspect a toolbar is to quickly uninstall it before they get the chance to wreak havoc.  The longer they stay in your browser, the higher the risk of damage.

Figure 3.0 Bogus browser toolbars

5. Your credentials and data exposed in a data breach

A data breach occurs when a cybercriminal gains access to a computer (personal or business) and steals your data. Determining whether or not your data has been breached can be a challenging task. Most go undetected for years before the victim realizes what happened. Your systems may have already been compromised by cybercriminals. You probably just don’t know it yet. In many cases, you never get to find out until the cybercriminals decide to dump or put the data up for sale somewhere in the dark web.

Nevertheless, there are reliable online services that allow you to check whether your personal data has been compromised in a data breach. The most popular being Have I been Pwned? Others you can make use of are Identity CheckerBreachAlarm and DeHashed. These services collect and analyze hundreds of database dumps containing billions of leaked personally identifiable information, and allow users to search for their stolen data. Users can also sign up to be notified if their credentials appear in future dumps. When you find your personal information in the data dumps made available on those sites, you need no further proof that your data has already been hacked or compromised.

Once you have determined that your data was compromised, you also need to figure out what data was taken and how it can be exploited. Take action immediately by resetting all your compromised passwords before someone can exploit them. Contact your bank company if your payment card information was also stolen, and place a fraud alert on your name in a credit-reporting bureau.

6. You get locked out of your account

Cybercriminals love stealing passwords for obvious reasons, perhaps they know that most people are predictable and will reuse the same password in different accounts. In many cases, after a computer or online account is hacked, cybercriminals change the password to enable them to take over the account. If the login password to your online account has changed, barring any technical glitch, it is a pointer that something has gone wrong – it’s highly likely that someone stole your login details and changed the password.

Phishing is one of the popular techniques used by cybercriminals to steal user login credentials. They attempt to obtain login credentials by disguising themselves as trustworthy entities to deceive the user into believing that the request is legitimate. Such scams usually redirect you to a look-a-like page where you unknowingly provide your account details to cybercriminals on a platter of gold.

Again, the first thing to do in this instance is to quickly regain control of your account by attempting to change your passwords and security questions where applicable using a different device. Similarly, consider changing your passwords with other online accounts, especially if you are fond of reusing passwords. It is also a good idea to inform your service provider, business associates, friends and family members on your contact list that you’ve been hacked, as the criminals may attempt to defraud your connections. Reporting a hack to service providers helps them track cybercrime and improve their security.

7. Your friends receive messages from you that you didn’t send

This is one of the easiest ways to tell you have been hacked. A friend was sleeping one night and was intrigued by the large number of missed calls and Whatsapp messages he received concerning an email purported to have been sent by him. He became curious and decided to check his email and realized there was a big problem – he has been hacked. Someone had gained access to his email account and has been making attempts to defraud everyone in his contact list.

There are also instances of folks receiving friend’s requests from someone already in their connection on Facebook. Do not ignore complaints from friends about emails or social media messages or connection requests they believe to have come from you. Keep a close watch on your “sent” folder, Instant Messages, or social media posts. If you notice emails, posts or unauthorized activity that you don’t recognize, it’s likely that you have been hacked.

A SIM swap attack, also called SIMjacking, is a popular type of account takeover technique usually employed by cybercriminals to intercept calls and SMS. Once the attack is successful, your phone will lose connection to the mobile network and the fraudster will receive all the SMS and voice calls intended for you. This allows them to intercept any one-time passwords sent to you via text, and thus circumvent any security features of accounts (email, bank accounts, social media accounts, etc.) that rely on two-step verification.

Once you have confirmed that your account has been hacked, that’s when the real work begins. Regaining control of an account may be as straightforward as following your documented incident response plan or by contacting a cybersecurity professional to help you regain control. Furthermore, consider securing your accounts with hardware-based two-factor authentication to minimize the chance of SIM swap attacks.

8. You observe anomalous network traffic, data consumption, and performance degradation 

Some cybercriminals are simply interested in stealing your computer or phone resources such as processing power, internet bandwidth, and SMTP capabilities, among others. By infecting thousands of computers around the world, they can create what is called a “botnet” (a network of compromised computers controlled from one center), which can be used to send spam mails, crack passwords, mine cryptocurrency, or launch distributed denial of service (DDoS) attacks, among others.

The cyber crooks may also infect your device with some other type of malware that causes an abnormal slowdown in your device performance, and/or sluggish or erratic internet connection. Your PC or phone may get unnecessarily hot, battery life drains faster than normal, and sudden spikes in bandwidth or data consumption occur even though your usage behavior hasn’t changed.

Your IP address might be blacklisted by web browsers and safe browsing plugins because it was found to be sending spam mails; and when you try to use a search engine such as Google or load a web page, it states there is unusual traffic from your IP and asks for recaptcha to confirm that you are not a robot.

You may also observe frequent repeated requests for login information when you access your Google, Apple, or Microsoft account. All these are clear pointers that your system has been hacked.

For the technically savvy, a packet analyzer such as Wireshark can help you see unusual traffic that is not associated with normal traffic from your system. If you see unexpected, strange traffic that you cannot explain, it’s probably best to kill the network connection and get a qualified network or security professional to begin an audit or incident response investigation.

Related post: Best Anti-Spam Tools

9. You receive strange debit alerts

If you suddenly notice strange transactions on your bank account or credit card, a criminal has likely stolen your information, hacked into one of your accounts, or hijacked your device. Most times the criminals make purchases online or transfer funds to an account they control.  Other warning signs to look out for include:

Strange transactions: Look out for debit of very small amounts from odd locations and time zones. Sometimes cybercriminals try to test the validity of your card with small purchases before making larger ones.

  • Denied card: If your account is compromised, your account could be emptied or your card could be frozen by your bank, leading to denied transactions.
  • Blocked card or login: If cybercriminals attempt to access your account from odd locations or try to guess your password too many times, access to your account may be blocked to keep it safe.
  • Data breach: Financial institutions affected by a known data breach or leak can open the door to unauthorized access to your account(s) on different websites, especially if you’re in the habit of using the same password across the board.

The first step you need to take is to attempt to quickly regain control of your account by calling your bank to report the fraud and changing your pins, passwords and security questions. In fact, your financial institution is in a good position to help safeguard your account and possibly recover funds to your account.

Get your computer or smartphone audited and cleaned up if you suspect it has been compromised. It’s also critical that you seek to understand the tricks and weak spots cybercriminals like to exploit to defraud users. Examples include: weak passwords, phishing links, public Wi-Fi, and data breaches, among others. This will go a long way in protecting you from future cyber heists.

10. You observe frequent random pop-ups and more ads

Spyware (spy software), trackerware (tracker software), hijackers, adware (ad software), and other related malicious software may not be as lethal as viruses, but they can be extremely annoying and disruptive. If you notice lots of ads appearing on your screen, it is an indication that your device may have been compromised.

These ads might appear as pop-ups or they can be injected directly into web pages on your browser.

Apart from causing a nuisance, interrupting and/or slowing down your device; they can also create spam messages that lure you to click. Spyware and the likes can also be used to launch further malware attacks, remotely monitor your PC or phone activities, or manipulated to modify the regular ads that you see in order to replace them with malicious ones.

Malwarebytes and Spybot – Search & Destroy are great detection and disinfection tools you can deploy on your computer or smartphone.