The Practical Guide To Mac Security: Part 8, Handling Account Break-Ins

Check out the rest of the videos in this special course: The Practical Guide To Mac Security.

If one of your online accounts has been compromised, you need to take action immediately. Those accounts, and all of your others, need to be checked carefully and you will need to contact banks and other services to protect yourself.



Check out The Practical Guide To Mac Security: Part 8, Handling Account Break-Ins at YouTube for closed captioning and more options.
Video Transcript: Hi, this is Gary with MacMost.com. This is Part 8 of my course The Practical Guide to Mac Security. This course is brought to you for free thanks to my great Patreon supporters. To become a contributor and support MacMost go to MacMost.com/patreon.
What to do if one or several of your accounts have been compromised despite your best efforts. Perhaps you're a victim of social engineering and you notice that you can no longer log into one of your accounts because your password no longer works or you can login and notice unusual activity like somebody else has been there. So what do you do?
Well, first don't wait! Now this may seem obvious but a lot of times people have had accounts broken into and they think, well the damage has been done. I will get to this after dinner or tomorrow morning or Monday morning. I'm going to research it and figure out what to do. But you have to treat this as an emergency that needs to be dealt with immediately. Like if you came home and found your house had been broken into and locks are busted, windows are broken, and you need to secure your house. So don't wait. You need to treat this with the upmost urgency because damage may not have been done yet. As a matter of fact you may be able to get away with very little damage if you take immediate action. But if you wait things will get worse and worse.
So first you need to secure the accounts. So start with the accounts that you know that are compromised. Now in the case of an account that you can't get into you need to use whatever recovery actions there are. Sometimes getting sent an email with a new password or having to call a phone number or getting a text message, some sort of recovery thing. It depends on the site. You have to try to login and look for links that say, Lost my password. Need to reset my password. That kind of thing. But start with the accounts that you know are definitely broken into. Get in there and change those passwords.
But don't stop there. If one major account has been broken into you have to assume that your other accounts may have been compromised as well. So you want to look at your list perhaps in a Password Manager or take out a piece of paper and start making a list of all of the bank account websites, credit card websites, sites like Amazon and eBay and then all of the tech sites like iCloud, maybe you have a Dropbox account, a Microsoft account, a Goggle account. All of those. Go through them one-by-one and change the password. So you login and do whatever the site requires to change the password. Every site is a little different so it does take time but you've got to go through and change all those passwords. Make sure you're pretty complete. Obviously start with the ones that come to mind first, that are major ones. But then don't stop until you've changed even minor sites. Sites that aren't really that important but could be compromised because one of your accounts was. Remember that if an email account is compromised that it is very easy for somebody to request password resets and then get them through an email account. So that's all it takes. An email account is compromised and all of your accounts can be compromised.
Don't forget to look at things like security questions. So say you have a site that you're not using two-factor and it asks you a question like, What is the name of your first pet. Well, somebody could have left a backdoor in there. You could go in and change your password and now you've secured the site with a password. But what you didn't realize is that they went and changed the name of your first pet to something else. Now three months from now they could try to get into the site again and say, oh I lost my password but I know the name of my favorite pet and they've changed that. So make sure that you change any security questions. I've suggested in a previous video that you change them to things like numbers or random numbers and letters. So just change it to a new set of random numbers and letters and then record those so you have the new security question answers and any backdoor has been sealed off.
Also, sometimes sites have email addresses or backup email addresses. You know if you lose access to your email address or lose access to this account, you know, you could provide another email address. A backup one. Maybe one you don't use very often but it's just this way to have another way to get into your account if you lose access. Well, somebody breaks into your account may have actually changed that to be theirs or more likely some sort of random account on a free service like gmail or something that they could get access to the account again. So you seemed to have secured everything but they add their strange email address to the list of backup email addresses in the profile for that account. Now, three months from now they can get back into the account pretty easily. So look out for those things in different accounts as you go through and change those passwords.
Then after you've done that, and hopefully at that point you've locked whoever was in your accounts out, now you have to do damage control. So go back into each account and look at your profile and see if anything has been changed. Name, address, all of that. In sites that have multiple addresses like an Amazon account or something make sure there's nothing new that's been put in there. Look for bio information. Other things. Anything that's in your profile. Go through that and look through it. For an account like Facebook that's a lot of stuff. But for an account like a bank account there's probably very little in a profile there except, you know, the basic information. If it's a website where you order things, a shopping site, check your order history. Make sure nothing was ordered during that time and if something was, of course, do whatever the site suggests for stopping that order. Say a bank account or a credit card account check your transactions. But continue to check those transactions for the next several days or even weeks because it could take awhile for them to show up. If it's an email account check your Sent email to see if any email was sent from that account particularly to other services that they may have tried to break into. But to anybody, really. See what went on there and look at Sent email. But also check Received email too because you might find clues to other activity. For instance you may have received, during that time when your account was compromised, a password reset link to another account. So, you know, your email account may be compromised and then you look there and say, oh wow while it was compromised I got this link to a password reset for eBay. So now I know that they tried to use my email address to get into my eBay account and double check your eBay account then.
Another thing is that if this does involve back accounts or credit card accounts then make sure they know about it. I mean even if you sealed it off, you know, you've changed the password and you've looked everything over carefully and it looks like nothing has been compromised. If anybody gained access to these accounts you want to call the bank or credit card company and let them know about the problem. They may want to issue you a new credit card number, a new back account number, change those to be safe. So definitely call them. Don't leave that open there. Just find out what their procedure is when an account has been compromised. You could also consider a credit lock too since these are financial things, credit locks. You can go to these various companies and basically alert them, the credit companies that is, to the fact that your accounts were compromised. That way if something does show up on your credit report later, there's a little bit of a paper trail there. You can say, yes my account was compromised and I reported that. They can see that is indeed the case and that will make things easier for you.
Now if you're locked out of accounts and can't get back in you can usually go to the website for that service and they have information there in their Help section about how to get in touch with them. Here are some links but there's no magic to any of these links if you started at Apple or Facebook or Goggle and went through their Help and Support sections. You would find these pages here to help you reestablish your account or fix any damage that is done. So you want to use these if all else fails. For more help the FCC in the United States maintains some good pages here. Lots of information about what to do and how to recover accounts and how to deal with identity theft. So this is another good resource that I wanted to include. Related Subjects: Security (106 videos)
Related Video Tutorials:
The Practical Guide To Mac Security: Part 5, Security Questions ― The Practical Guide To Mac Security: Part 7, VPN ― The Practical Guide To Mac Security: Part 1, Introduction ― The Practical Guide To Mac Security: Part 2, Passwords