Sadly, almost everything can be hacked today: e-mail, an account in a payment system, on a website, on a social network. Sometimes this is due to the loss of money or important information. Unfortunately, not everyone knows what to do to the victim, and how to protect themselves from similar situations in the future.
Actually, what to do?
The range of actions of the owner of the stolen is very limited. He can:
- try to regain the lost control on your own;
- contact the technical support service for help;
- contact the attacker for negotiations;
- contact other crackers to steal back (this is also possible);
- create a new account.
If the theft of an account is associated with the loss of a large amount of money, it makes sense to contact the police in order to find and punish the culprit. All these actions do not guarantee success, so it will be useful to prevent similar incidents in the future.
Magic word
The password for the resource must be complex so that it cannot be cracked by brute-forcing (brute force). It is desirable that it consist of 8 characters or more: numbers, lowercase and uppercase letters. The password should not be any word in any layout. Otherwise, it will be easy for an attacker to perform a so-called "dictionary attack". The numbers from the password should not add up to any date.
The password cannot be stored on your own computer. Otherwise, an attacker who has connected to it via telnet, or an unscrupulous service worker performing repairs or preventive maintenance and having direct access to the resource, will be able to read it and use the information.
It is best to store the password in your head (if your memory is good) or somewhere on paper, and not next to the computer. You should not click on the "remember password" button so that it cannot be hacked by an outsider who has gained access to the computer. At the end of using the resource, you should always press the "exit" button. This is especially important if the work was not done on your own computer.
Secret Question
Sometimes, when registering, you are prompted to enter a secret question and an answer along with the password. From a security point of view, this is a rather vulnerable way to recover data if the answer is too simple. If possible, it is best to choose your own version of the question, one in which you can enter a random combination of characters (not forgetting to write it down somewhere). Let a random combination of symbols be the answer too.
Cell phone binding
Ideal solution in terms of reliability. If you lose control over your account, you just need to start the recovery procedure. The necessary data will come in the form of a short sms message to the specified phone. You should protect the device from possible theft, and if it did happen, you must immediately block it, and then restore the SIM card from the operator and report it to the police.
Remember data
The personal data provided during registration must be true, otherwise, in the event of a hack, it will be difficult to prove ownership of the stolen account. You should also remember the following information: the IP address from which the registration was made, and the IP from which the last login was made. In addition, it is necessary to control the number and names of the folders of letters on it, data on the message of the last addressee, the list of mailbox contacts.
After registration in the payment system, you will need to track the movement of money in the account or in the wallet, remember or write down the details of the last transactions (date, addressee or addressee, amount). A screenshot will also not hurt - a snapshot of the desktop at the time of registration on any resource. You also need to be prepared for the fact that in order to obtain a certificate or restore access, you will have to send scans or paper copies of your passport or other identity document.
Antivirus and other security wisdom
The working computer must be reliably protected by a good (not free) antivirus program with frequently updated databases and correct security settings. You should beware of suspicious sites on the Internet - with dubious content and "crooked" design, and also do not download unverified programs.
You do not need to specify your username and password anywhere other than the login page for the resource being used. If somewhere the password is requested repeatedly, it is highly likely that this is a so-called "fake", specially created, similar to a real, fake page to steal the password from the account. You should urgently leave this site, clear cookies, fix the system hosts file, check your computer with an antivirus.