Passwords are a popular target for cybercriminals. These are usually stolen using phishing or malware. However, large numbers of passwords also regularly fall into the wrong hands when there are large data leaks from internet platforms. Unfortunately, people usually only notice that their password has been stolen once it is too late and they are suddenly unable to access online services such as emails, webshops or social media accounts. Sometimes there are less obvious signs that a password might have been stolen. Watch out for logins or login attempts from unfamiliar locations or at unusual times. Large companies like Apple, Google or Microsoft will send you an alert. Other signs that something is wrong with your account are changes to the settings or messages sent from your email account that are clearly not from you.
The iBarry website allows you to check whether passwords for internet portals linked to your email address have been leaked: https://www.ibarry.ch/en/security-checks/
Should you suspect that your account has been hacked, you should act fast and take the following steps:
- If you still have access, change your password immediately. Comply with the current minimum requirements on strong passwords.
- If you no longer have access, try to reset the password using the "Reset password" function. In most cases, the password can also be sent to a second email address, provided you have already defined such an address in your account's security settings.
- If the attackers have also changed this alternative email address, you will have to contact the relevant provider. Many providers offer a procedure for regaining control of the account. The procedure requires you to answer a series of security questions to prove that you really are the account owner. This does not always work the first time. If the reset does not work the first time, we recommend repeating this measure.
- If possible, install two-factor authentication. This offers an additional layer of protection to prevent your account from being hacked in future. Many well-known online service providers offer this option. You can find more information on the relevant providers' websites.
- Update the operating systems and applications on the devices you use. Then run a scan with up-to-date antivirus software.
Hacked email account
Follow the rules on using email. This will help you reduce the risk of having your password stolen.
- Once you have regained control, check the email filters and forwarding rules. Often, unauthorised third parties will set up an email rule that automatically forwards them a copy of all incoming mails.
- Also reset all passwords for internet service providers that are linked to this account.
- Get in touch with all the individuals and companies in your email contacts list and inform them that your email account has been hacked. This will prevent your contacts from falling victim to fraud attempts.
- If you do not manage to regain control of your email account, you will have to set up a new email address. As soon as you have done so, inform your contacts of the new address. Make sure that your financial institution as well as webshops and Internet service providers receive your new details and that online services using your old email address are deactivated.