Steps to take if you suspect your online accounts are hijacked.
- Get back control of your account
- Confirm if your account has been hijacked
- Deal with being locked out of your account
Brenda receives an email from her service provider alerting her that her social media account password has recently changed. She suspects her social media account has been hijacked.
She needs to know if she still has access to the account, and if not, who she can reach out to for help. Brenda is worried that if she doesn't regain control, her social media account will be used to hurt her reputation.
Move to a different computer that you believe to be safe or uncompromised. If you continue using an unsafe computer, you risk putting yourself and others at harm.
Log into your account from the new computer and change the password on your account. Changing your password is the fastest way to regain control of your account.
Change the passwords for all your other online accounts that are linked to your hijacked account. For example, if you are looking at an email account and it is the recovery address for another account, change the password for that account as well.
Now time to confirm if your suspicions are founded? The next instructions will help you determine if your account has been hijacked.
Until you better understand the situation we recommend you stop using this account for sharing sensitive information.
Change your password
For some platforms (e.g. Facebook, Gmail), it is possible to review connection history and account activity. This will let you know if your account has been accessed by someone else.
Check to see if your account was accessed at a time when you were not online or if your account was accessed from an unfamiliar location or IP address.
Be mindful that if you are using the Tor browser or a VPN service, it is possible that the location or IP address may differ from the location you have accessed the platform.
Review our account activity
Check for suspicious addresses which your email might be automatically forwarding your emails to.
Also check email addresses or phone numbers listed when you're resetting your password (this might be called password recovery settings).
Also look at the settings for the synchronisation to your phone, permissions to applications or other account permissions.
If you cannot log into your account, use the password reset or recovery link.
Some providers will send a link to change your password to your recovery email address, while other platforms reset it to your last password.
If these steps do not work and your account is being abused, contact the platform provider directly. Most providers have a "Support" page where you can find out how to do this.
There are a number of organisations who can help you with this process.
What is gitbook used for?
Is it quiz?
- en/topics/practice-1-emergencies/0-getting-started: Find out about other types of emergencies
- en/topics/understand-2-security/0-getting-started: Dig deeper on various aspects of security
- en/topics/understand-3-opsec/0-getting-started: Find out about what operational security or opsec means
- en/topics/understand-4-digisec/0-getting-started: Learn more about important concepts of digital security
- en/topics/pratice-4-safe-social-networks/0-getting-started: Find out more about social networking platforms.
To learn more about dealing with emergencies, see also: