Office of Information Technology

I've Been Hacked, Now What?

by OIT Staff October 18, 2024

Image depicts someone sitting at their computer, the screen displays text that says hacked

Hacking can come at anyone from many angles, from malware to phishing emails. In this blog post, we will be describing a scenario where the subject, who is you, is compromised via a download of malicious software. 

Now, imagine browsing the web, and downloading files for a video game you play or software needed for work or school. You try to open the downloaded file, but nothing seems to happen when you run the program. 

You pay no mind to this, redownloading it from a different site. This time, the program opens properly and installs the application. You continue what you were doing and are left to wonder what was wrong with the first program. Later, you start your computer and suddenly the mouse moves on its own, minimizing programs you were not running last time. The screen starts flashing, and everything stops and returns to "normal."

You decide to ignore the odd behavior and continue browsing the web. At some point, you log into your account and buy something from Amazon, inputting your credit card details. 

You go about your life and slowly forget about the weird computer activity. A couple days later, you can't access a few accounts, so you reset the passwords for them. Maybe you even saved the same password for the accounts in question, for convenience. A few weeks later, you are looking through your bank statements and notice strange charges you don't recognize. 

You realize you were compromised when you ran the program you initially downloaded. Then, a logger known as a keylogger was probably installed. This would make it easy for someone to steal login information and banking info. Suddenly, you are panicking and canceling all your bank cards, freezing your credit, and resetting all passwords. 

What could have prevented this from happening? Could better practices help this situation from ever happening? How should you react to being hacked?

Prevention

"An ounce of prevention is worth a pound of cure." Just as we lock the doors to our homes, maintain smoke detectors, and may even use security systems such as doorbell cameras to protect the physical spaces we occupy, there are tools available to protect your computer from unauthorized access and the potentially devastating consequences that can come from being hacked. Preventing an incident from occurring in the first place is easier than dealing with the damage after the fact.

  • Use a well-vetted and trusted antivirus
    • Built-in Defender on Windows systems, and XProtect on macOS are good options that are generally adequate for home users
    • Ensure these products update automatically, so that they can look for the latest threats
    • Ensure these products run as designed. For instance, do not turn them off as a way to speed up your computer
    • These products can scan all downloads for malicious data
    • These products can terminate suspicious programs
  • Only download data from trusted sources like the official website for that data
  • Accept web browser updates, even if it's several times a month
  • Recognize indicators of compromise
    • Inexplicably reduced performance
    • Flashing screen
    • Mouse moving with no input
    • Unexplained activation of camera or microphone indicator icons or hardware LEDs
    • Software unexpectedly running on its own
    • Frequent pop-up windows
    • Applications or the computer itself intermittently crashing or freezing
       

Better Practices

  • Use a password manager
    • For the password manager password, use a phrase that you can remember
    • Pick three-five random words
    • Use a delimiter between words (space, -, _)
    • Choose a number and a word to put the number with
      Example: Jumbo-Orange22-Turkey-Drive
  • Create a new password for every account, never reuse passwords
  • Set up alerts for bank accounts
    • Every charge that occurs on each card
    • Review the alerts routinely to make sure you recognize each charge
  • Consider freezing your credit until you know there will be a legitimate need for your credit to be checked
    • Call all three major credit bureaus (Experian, TransUnion, Equifax)
    • You will have to contact each credit bureau to remove the freeze if you need to have your credit run, but this is not difficult to do

How To Respond To Being Hacked

  • Reset passwords to all major accounts
    • Banking
    • Work/school
    • Anything linked to your bank account or identifying information
  • Call your bank and report the fraudulent charges
    • Cancel the cards that were used and have the bank issue you another card
    • Lock your account so no further purchases can be made until you unlock it
  • Report any theft to the local police department and the FBI's IC3 hotline
  • Observe if your computer or accounts have any odd activity
    • If so, reset your passwords again and report the issue to whichever organization the account is under

If you experience any odd activity with a PSU-owned computer, your ODIN account, or your PSU email, don't hesitate to email security@pdx.edu so the security team can address your report. Have a happy National Cybersecurity Awareness Month! Stay spooky out there!
 


 

Related content:

Return to blog