Help – I think I’ve been hacked!

Clicked on an unsafe file in an e-mail, logged into a suspicious website or received threats about leaking private photos?

First of all – lower your shoulders and take a breath. It doesn’t help to panic as this happens to the vast majority of people once or more in their lifetime.

In fact, more than half of all Norwegian companies are hacked at some point. Let’s rather look at what you should do now and what measures should be taken.

“I clicked on something I received by e-mail and suspect I’ve been hacked. Fraudsters may have obtained passwords, card information or given me viruses.”

• The first step is to change passwords on all accounts associated with you or the company to limit the scope of damage if you believe that passwords have been leaked or someone has gained access to an e-mail account. The hacker may not have taken action yet, so check if the person has leaked your password online.
• If it concerns sensitive information related to payment, accounts and banking, you must immediately call your bank on the 24-hour emergency line to stop potential transactions. Remember that you should never have to provide your PIN or the card’s CV2 to the bank when you call.
• Enable two-step authentication! Everyone should do this regardless of whether they have been hacked or not. If you have to use your mobile phone to log in, it suddenly becomes much more difficult for hackers to get into one of your profiles. Ask us in the chat if you need help to activate.
• Check whether you have approved the SSL certificate in your e-mail settings. Access the mail client, e.g. Outlook, and examine the configurations. Also, make sure you have an encrypted connection. If you are already a  Microsoft customer at Arribatec, you are guaranteed to have an encrypted SSL certificate on your e-mail.
• Scan your PC for viruses and malware. The IT provider who operates their IT can help identify and remove the virus. Also, check that the antivirus is running – Microsoft Defender is included with the Office package, but double-check that it is activated on your PC.

“I received an e-mail saying that they have hacked my webcam, and I have to pay a ransom so they won’t spread my video and photos.”

This is a typical fraud attempt and often simply a  false threat. It is doubtful that they have managed to hack your PC without further ado and are only engaging in scaremongering.

You can see from the design of the e-mail whether this is a chain e-mail without any personal content sent out to thousands of people every day. Never pay ransom in such a situation.

It may also be that they have obtained your password, which they prove in their e-mail, but they still cannot access your webcam or private photos if they only have the password to your e-mail or LinkedIn profile. Follow the steps in the first example in this article.

Otherwise, general advice might be to do like Mark Zuckerberg; attach a piece of tape over the webcam when not in use. Then you can sleep safely at night without worrying about someone spying on you.

“Someone has hacked me and encrypted all my files – now they demand €7,000 in ransom to give me the encryption key.”

This can happen if you download content on unsafe pages, open content in e-mails and click on links from unknown senders.

• Disconnect from the internet and turn off your PC immediately  – encryption takes a long time, and this can help interrupt or delay the encryption of your files.

• Immediately contact your IT provider, who can restore your files from the backup if the backup files are stored elsewhere. This shows the importance of having a  proper backup before such things happen. Never store backups in the exact physical location as the rest of the files – your backup will also be encrypted, and you will get nowhere.

General advice is never to pay a ransom – talk to professionals first. Therefore, you should contact us before doing anything else so that we can confirm whether the threat is real and investigate whether we can decrypt the files without an encryption key. In some cases, companies have had to fork out because they did not have a good enough backup beforehand.

“Collegues say they have received e-mails from me that I never sent – someone is sending viruses on my behalf.”

• Again –  change your password immediately and enable multi-factor authentication so that a potential hacker loses access to your account. Contact customer service directly to stop more chain e-mails with viruses being spread to your contacts.
• Notify those who have received mail from you to delete the mail(s) so they do not spread malicious software themselves. You can see who has received virus mail from you under the “sent mails” folder from your e-mail account.

If you have received inappropriate e-mails sent from your e-mail, it is natural to think that you have been hacked. Fortunately, this is not always the case.

It doesn’t necessarily mean that someone has taken over your account but is pretending to be you. Access Google’s sender tracking tools, scan the e-mail header and reveal where the e-mail was sent from.

If you find out that the email was sent from e.g. the server bb_dyn_pb-96-30-64-30.violin.co. th  and search for  .th  in the browser, you see that the email is actually sent from a server in Thailand.

If this is the case, and no acquaintances have reported receiving the same e-mail; you know it’s not real. Just delete the e-mail, and by all means – do not click on links and files attached.

Especially those who use  @online.no and experience these forms of spam mail. The domain provider does not block spam automatically; you must buy an additional service to avoid this scam. It can be helpful to switch to Office 365 with better security, encryption and your domain.

“Is my password leaked?”

Remember that you can check at any time whether you are exposed to a password leak, something you should do regularly. If your password is leaked, you should change the password for all users and add multi-factor authentication to prevent someone from buying your password and taking over your account.

Do you need help? Contact our security team.