Select Page

Hacking and Cyber Defense Tips

Help, I’ve been hacked is a common call I receive. Unfortunately, being hacked is a widespread occurrence, and there are many ways it happens and plenty of myths about hacking I’ll tackle later too. Scamming, infected devices, and being hacked are different things to me as a computer tech, but it gets lumped together as I’ve been hacked.

I have had my Instagram and yahoo email hacked, and it will likely happen to you in time. There are some steps you (or I) can take to secure your accounts but first, what are the signs that you were hacked in the first place.

If you don’t have time to go through everything on this page, the best thing you can do is change your passwords. I created this page for your free benefit but you can hire me if you need an onsite in-person assistance or advance cyber defense.

Common Signs You Have Been Hacked

  1. There are posts, photos, or messages posted to your social media, and friends are reporting strange messages from you that you didn’t send.
  2. People report getting an email, often with strange links from you that you didn’t send.
  3. Frequent pop-up windows saying your computer has been hacked, locked down, infected and telling you to call a number itself is adware, but it can lead to being scammed
  4. The most common signs of a device being compromised are that the battery gets drained faster than usual, you might experience spikes in your internet data usage although your browsing habits haven’t changed and your device may be hot with no logical explanation.
  5. Search results auto redirects to unwanted Websites, you want to go to google.com but it sends you somewhere else
  6. A pop-up window asks for a “ransom” to unlock your data. Ransomware is a growing problem and often have few recovery options if this were to happen. Sometimes it is just a pop-up window and your files are actually not encrypted.
  7. Randomly moving mouse pointer can be a sign you are hacked. If it is randomly going all over the place, it can be a technical glitch or a defective mouse. Your device could be comprised if it is opening up files or seems to be a user on the other side.

What To Do If You Have Been Hacked

  1. Change your passwords regularly. Most people who are hacked use the same password for everything. I used to have the same password for almost everything, and when I was hacked, I was getting multiple notifications within seconds that accounts were accessed from China. Change your passwords to be more complex, and don’t use the same one for everything.

    Use a password keeper program like KeePass, LastPass, Dashlane, or many others to store your passwords securely. One way to make a complex password is by turning a meaningful sentence into a password. For example, “This little piggy went to market” turns into “tlpWENT2m.” Notice that not only does this password use the letters from the sentence, but it uses both uppercase and lowercase characters and replaces “to” with “2.

I personally use Dashlane for my own password management. https://www.dashlane.com/cs/pzgpTMwsxInq

With so many different passwords to keep track of, it is easy to lose your track of each password, so having a program that securely saves your passwords is great. Also, Dashlane alerts me when my password has been compromised and was found in a data breach on the dark web.

Make your password at least 12 characters. Making a password longer is one way to make it stronger. Consider using random words to make your password more memorable, but avoid using common words or phrases, maybe using the first letter in each word in a phrase. If your service doesn’t allow long passwords, you can make your password stronger by mixing uppercase and lowercase letters, numbers, and symbols. And don’t reuse existing passwords from other accounts.

Have a password/pin on your computer and phone as well.

  1. Use two-factor authentication, also called multi-factor authentication (MFA). They do this by sending a code to your phone or email that needs to be entered. More sites are allowing this or even require this. So a hacker would need access to your phone to the time-sensitive code. After so many minutes pass, the code will expire. However, you need to enter that code in order to proceed to your email. This makes hacking very difficult to achieve. I personally have two-factor authentication set up on Amazon, my bank, Gmail, Facebook, and a few others after I was hacked one. I haven’t been hacked since enabling two-factor authentication.

    Also Enable login notifications so you know when someone signs into your account from new computers and locations. Gmail and Apple do this by default, and it is becoming more common.

  2. Data Breach. You can check if your email or phone number has been in a data breach at haveibeenpwned.com and https://www.dehashed.com/. These websites will let you know your information was in a data breach and what company had the breach and when.

    Password Checkup, is a free add-on for Chrome released in 2019 in an attempt to boost users’ online security. It scans known databases of usernames and passwords that have been stolen from websites by hackers and made available online.

  3. Have good security, like a good firewall. Though McAfee and Norton are not good programs in my view for adware and malware detection, their firewall is still decent. I like to use hitman pro and Malwarebytes on a Windows computer. Malwarebytes, Sophos and Onyx on a Mac computer. Run malware scans such as Malwarebytes if you think your computer is compromised.
  4. Biometrics – Enable touch ID or fingerprint for computers, FaceID for phones, or Windows Hello allows face recognition to log in to your computer, so unless I have your finger or face, I’m probably not getting in. Also, set up a passcode, four digits at least or more. So a hacker would need to have your phone or computer in person, and even with that, they would need your finger or face.
  5. Check for Email Rules or Filtering. Many people who had their email hacked have a rule/filter setup where all the new emails are forwarded to another email address. Say you are Jennysmith@yahoo.com , a hacker might put a filter that all new emails get forwarded to jennsmith419@gmail.com, which is really the hacker’s email address. I have also seen it where there will be a hidden folder with just a dot. A folder named “.” Which is easy to miss, and maybe all password reset emails are sent to that folder. One lady had her amazon emails going to a “.” Folder. So every time she did a password reset from Amazon, nothing would show up in her inbox and she found that the emails were being redirected to a hidden folder. I delete any filters or rules that I can find.

    You may check your email in Outlook and that might be fine but the email account itself might have been hacked so youremail@comast.net might be ok in outlook but if you login online at Xfinity or Gmail or yahoo, you might find an email filter has been set up.

  6. Update your software. The older the software or device is, the more likely security flaws will be discovered. What is easier to hack, software made a week ago, or software you had eight years to find holes in? It should be no surprise that the people who get hacked often have outdated computers, many with Windows 7 and outdated software, and outdated phones too. They also haven’t updated their passwords in many years as well. It is best to get a new computer or phone at least every 3-5 years, keep the software updated with the latest security updates, and regularly change your password.
  7. Subscribe to an identity theft and credit monitoring service. For example, I’m signed up with Norton LifeLock, and it can be helpful in preventing identity theft.
  8. Protect your social media accounts. Avoid posting information such as an address, phone number, place of employment, and other personal information that can be used to target or harass you. Some scam artists use this information, along with pet’s name, first car, and streets you lived on, to figure out answers to account security questions. Limit access of your information to “friends only” and verify any new friend requests outside of social networking as many friend requests are spammers, scammers, or bots.
  9. Disable the save password feature that allows websites or programs to remember passwords, such as Google Chrome. If they hack your google account, they could have access to all your saved website passwords. Many online sites make use of password recovery or challenge questions. To prevent an attacker from leveraging personal information to answer challenge questions, consider providing a false answer to a fact-based question, assuming the response is unique and memorable.
  10. Keep work and home on separate computers. The exchange of information between home systems and work systems via email or removable media may put work systems at an increased risk of compromise. Ideally, use organization-provided equipment and accounts to conduct work while away from the office. Also, consider having separate computers for you and kids as they might download and accept something that could compromise your computer without your knowledge.
  11. Remove malicious Chrome extensions or Firefox plugins, it is a very common find.

Advanced Options If You Are Hacked

  1. Wipe the device back to factory defaults and start over fresh
  2. If you still feel unsafe, you can get a new laptop, phone, new phone number, new email address, new router, etc.
  3. Get a legit, boxed firewall such as a Sonic Wall. They can be labor-intensive to set up but a $500-1,000 firewall will examine all the packets coming into your network and leaving it. It can stop hacking attempts dead in their tracks. Most businesses could be looking at $1500-2,000 for a decent firewall with setup, and then the firewall will have annual security update charges. If you are convinced you are being hacked, an actual firewall is your best defense. This is much better than just Norton’s firewall because a firewall can protect your entire network and wireless devices, not just a computer. It can block everything, and it does by default. This is like a metal detector scanning everything coming and going out of your business or home.
  4. An apple device is probably the hardest device to hack, though they do get adware, malware, and viruses nowadays. To actually hack your phone or computer is worthy of an 1.5 million dollar bounty if they can really do that. So after a factory reset to make sure they are no trackers or spy apps and follow my list of recommendations, I can say with certainty that you won’t be getting hacked by some random person. It would take some very high level and probably a team of people or even a government to get into your device remotely. Windows and Android are more susceptible to hacking. Most involve trojans leaving a back door.
  5. Remove all programs and apps that you don’t use, and be careful what you download. Spyware can often come as a free game or a “cleaner” program and cause more damage.
  6. A VPN will protect your connection to the Internet from being spied on and compromised; you can still get hacked when using a VPN if you bring the malware in yourself or allow someone to find out your username and password. A VPN service can help protect you from snooping and malicious connections and compromised websites from collecting data on you.
  7. Secure your Wi-Fi network and your digital devices by changing the factory-set default password and username, also change the Internet-provided cable modem/router password. You can also change the local IP DHCP range and work with your internet provider on changing the public IP address. Also, consider configuring your router to use OpenDNS or Google DNS for greater protection.
  8. To minimize ransomware threat, backup data on online and external drives and/or portable media. Disconnect external storage when not in use. Disable or disconnect printer and fax wireless and phone lines when not used. Power down access points overnight or when not in use. Turn off the computer, instead of leaving it in sleep mode. Disconnect a desktop’s Internet connection when not in use.
  9. Disconnect digital assistants when not in use. Limit conversation near baby monitors, recordable audio toys, and digital assistants. For toys, laptops, and monitoring devices, cover cameras unless in use. Disable wireless for entertainment devices unless in use. Disconnect internet access if a device is not commonly used.
  10. Upgrade to a Modern Operating System and Keep it Up-To-Date. The most recent version of any operating system (OS) inevitably contains security features not found in previous versions, which is why many people who hacked have out-of-date systems. Many of these security features are enabled by default and help prevent common attack vectors. Increase the difficulty for an adversary to gain privileged access by utilizing the latest available and supported OS for desktops, laptops, and other devices. Enable automatic update functionality inside the OS. If automatic updates are not possible, download and install patches and updates from a trusted vendor minimally on a monthly basis.
  11. Limit usage of the admin account. The highly-privileged administrator account can access and potentially overwrite all files and configurations on your system. As a result, malware can more effectively compromise your system if executed while you are logged on as an administrator since it can access more files. Create a non-privileged “user” account for normal activities such as web browsing, email access, and file creation/editing. Only use the privileged account for maintenance, installations, and updates.
  12. Avoid opening attachments or links from unsolicited emails. Exercise cyber hygiene; do not open unknown emails and don’t click on their attachments or web links. Check the sender’s identity via secondary methods (phone call, in-person) and delete the email if verification fails. For those emails with embedded links, open a browser and navigate to the website directly by its well-known web address or search for the site using an Internet search engine. Instead of clicking on link you think is paypal, open the browser and go to paypal.com directly.

  13. Avoid using the out-of-office message feature unless necessary. Make it more challenging for unknown parties to learn about your activities or status.
  14. Always use secure email protocols, mainly if using a wireless network. Configure your email client to use the TLS option (Secure IMAP or Secure POP3). Att, BellSouth, yahoo and Gmail allow for secure mail app passwords, which are passwords just for Outlook or email programs which make your emails more secure.
  15. Many establishments such as coffee shops, hotels, and airports offer wireless hotspots or kiosks for customers to access the Internet. Because the underlying infrastructure of these is unknown and security is often weak, these hotspots are susceptible to malicious activity. If you need to access the Internet while away from home, avoid direct use of public access and use your own hotspot. Avoid logging into any personal accounts when using public hotspots.

Government Resources

Once you discover that you have become a victim of cybercrime and you changed your passwords, immediately notify your local authorities to file a complaint. Keep and record all evidence of the incident and its suspected source. Below is a list of the government organizations which you can file a complaint with if you are a victim of cybercrime. If you or someone else is in immediate danger, please call 911 or your local police.

US-CERT.gov

Report computer or network vulnerabilities to US-CERT via the hotline (1-888-282-0870) or the website (www.us-cert.gov). To report phishing attempts to US-CERT, forward phishing emails or websites to US-CERT at phishing-report@us-cert.gov.

FTC.gov

ReportFraud.ftc.gov is the federal government’s website where you can report fraud, scams, and bad business practices.

Report fraud to the Federal Trade Commission at www.ftc.gov/complaint, if applicable. Report identity theft at www.IdentityTheft.gov, the government’s free, one-stop resource to help you report and recover from identity theft.  

IC3.gov

 If you are a victim of online crime or extortion, file a complaint with the Internet Crime Compliant Center (IC3) at www.ic3.gov. IC3 is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C). Internet crime includes any illegal activity involving one or more components of the Internet, such as websites, chat rooms, and/or email. Internet crime involves the use of the Internet to communicate false or fraudulent representations to consumers. These crimes may include, but are not limited to, advance-fee schemes, non-delivery of goods or services, computer hacking, or employment/business opportunity schemes.

SSA.gov

 If you believe someone is using your Social Security number, contact the Social Security Administration’s (SSA) fraud hotline at 1-800-269-0271. For additional resources, visit the SSA at http://oig.ssa.gov/report-fraud-waste-or-abuse. 

Frustrating Limitations

There are some things I can’t do for you simply because I don’t have access. I often get calls with people who had their facebook, Instagram, Gmail or some online account that was hacked. Then the hackers changed the recovery email and/or phone number on file. This means the password reset code gets sent to the hacker and not to you. Without that code, I can’t reset the password on your account and in essence, “unhack” you. As much as I would love to have that authority to change passwords and accounts everywhere, if it were possible, the hackers would have that ability, too, and it would be mass chaos. Can you imagine if every computer geek is changing people’s passwords and email and phone numbers for accounts, it would be insanity. Every computer tech would be taking over accounts all over the place, and they have no way to determine good tech or a bad tech.

If Facebook has been compromised, the official Facebook method to recover your account is https://www.facebook.com/hacked

For Instagram: https://help.instagram.com/368191326593075/?helpref=hc_fnav

I don’t work for any of these companies, and ultimately, only they have the power to help you. However, many of them don’t have phone support. Yahoo has paid premium phone support, and they were able to help me once get into an email account that was hacked. However, social media places don’t have that kind of service…yet. So it isn’t that I’m holding out on you. I really can’t do it. Contrary to what people might think, I can’t hack the hacker’s account to get the security code and change it all back.

If a hacker has changed the email and phone number, then they have basically won. You have to create a new email or social media account. Every time I have tried to deal with Facebook / Instagram and tell them the person was hacked, they say sure we can help you, we will send a code to the email or phone number on file. I’m like no, it needs reset to the email and phone number it used to me, the current info is the hacker. Facebook has thus far always sided with the hacker and said we couldn’t help you.

I know people expect a computer tech to be a magician, but my wand can’t do it all. I have even gone to California to the headquarters of some of these companies, and they told me in person they couldn’t help me since I wasn’t the account owner, which makes sense, but it was worth the try. This is frustrating for you and me both. If I come out and spend a few hours and am still not successful, then you will be mad at me for paying me for nothing. So I like to avoid that and just assume it is lost and start over. However, if the email and phone number haven’t been changed, then resetting your password should be easy and straightforward, and you probably won’t even need me for that.

Computer Forensics is the Last Resort

If you seriously believe you are being hacked or bugged and nothing so far has been able to help. You need to contact a forensic specialist who has very expensive forensic tools to determine if you are being hacked. This is a specialized field very few people can do. I investigated forensic software, and some of the programs are $5,000 alone, let alone the expertise of how to do digital forensics and bug tracking.

Computer Forensics is the use of specialized techniques for the preservation, identification, extraction, authentication, examination, analysis, interpretation, and documentation of digital information. Computer forensics comes into play when a case involves issues relating to the reconstruction of computer system usage, examination of residual data, authentication of data by technical analysis or explanation of technical features of data and computer usage. Computer Forensics requires specialized expertise that goes beyond a computer tech’s abilities, normal data collection, and preservation techniques available to end-users or system support personnel. 

It is typical for hourly rates to be around $350 an hour and for a complete analysis of a single hard drive to be around $7,000 and have over 200,000,000 pages of electronic information and can take 15-100 hours to examine.

In my experience, almost no one wants to pay me even a few hundred to check things out, change passwords, reset devices, etc. Thousands of people over the years who believed they were being hacked despite all efforts, only one person in 16 years has paid a forensic company, and they determined she was not being hacked.

If you want serious help for a serious hacking problem or if you have a legal case with either civil or criminal proceedings you should contact the following people.

My CFI – https://www.mycfi.co/ | 931-432-6857 or 931-261-6857

Technical Resource Center  – https://computerforensicsnashville.com/ | 800-839-2088

Private Digital Investigations Nashville, TN  615-645-0100 – https://digitalinvestigation.com/locations/tn/nashville  

Diana Hutson at 615-336-2808 or visit their website at https://www.covertresults.com/

The Jacobs Group, Private Investigator – http://www.jacobsinvestigations.com/ |615-367-3659 or 615-506-3597

Common Ways People Are Hacked

We often imagine a hacker to be some hooded guy in a dark room surrounded by screens, but the most likely people to hack you are people who know you, a partner, spouse, family and friends.

Using suspicious apps / software or clicking on links in text messages, emails or facebook messages are common ways people’s information is hacked/compromised.

Data Breaches

Contrary to common assumptions, your computer or phone itself was most likely not hacked. We naturally assume since we use our computer or phone to access social media or emails then our devices themselves have been hacked. In reality, a hacker can access your email, your bank, social media anywhere in the world with internet access as long as they have your login details. So I can check your email in Canada from a hotel computer while you are in Nashville with your username and password, all without “hacking” your personal computer or phone to do it. We assume if yahoo has been compromised, then my computer must be as well because I use this computer or phone to access my yahoo emails. This is why many people have a hard time understanding how something got hacked but their computer could be fine.

Data breaches are where most hacks come from. Hackers go for large volume, they most likely have no idea who you are personally and are just going for as many accounts as they can. They often will purchase usernames and passwords on the dark web so years after a data breach your email or social media account could be hacked.

Not all data breaches are quickly made public as many companies know it looks bad on them so it is not unusual for your data to be compromised, hacking take place over the next couple of years before a data breach is even publicly disclosed.

In my experience with people who have been hacked, Yahoo,  ATT emails, and Facebook / Instagram are overwhelming the majority of calls I get.

Real-life examples of large data breaches

Yahoo Data Breach – Largest data breach to date in August 2013

All three billion user accounts were compromised, your name, phone number, date of birth and passwords were part of this data breach. If you haven’t changed your password since this data breach you have or will likely suffer a hack eventually. All of my yahoo accounts were hacked, and emails were sent to my contacts so I have seen this firsthand.

Facebook Data Breach – 533 million accounts were hacked in 2019 but wasn’t publicly revealed until 2021. It included your phone numbers, Facebook IDs, full names, locations, birthdates, bios, and in some cases, email addresses.

Equifax Data Breach – 147 million people had their social security numbers, addresses, names and more in September 2017.

Ebay Data Breach – 145 million Ebay users had ttheir usernames and passwords compromised in early 2015

Linkedin Data Breach – 117 million passwords were compromised in June 2012

Twitter Data Breach – 330 million users may have their passwords compromised in May 2018

Heartland Payment Systems – 130 million credit card numbers were stolen in January 2009. Albert Gonzalez was convicted in this hack as well as credit card hacks of TJX, Office Max and Barnes & Noble in 2010.

Google Data Breach – The most recent Google data breach occurred in December 2018, when a bug exposed the data of 52.5 million Google+ users. This came just two months after another Google+ data breach came to light. In response to these two incidents, Google closed down Google+ in April 2019.

These are just a few of the larger data breaches that have occurred. Data breaches are the most common way hackers can get into your accounts. Noticed I didn’t say your actual computer or phone but your online accounts. It is no surprise that many callers said their computers were hacked and some online accounts were compromised.  They didn’t get on your computer, they got your login details from the data breach but since you use your computer or phone to get on Facebook or your email, it is natural to assume your device itself is hacked. 

Phishing Scams

Phishing is a type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware. Phishing is a type of online scam that targets consumers by sending them an email that appears to be from a well-known source – an internet service provider, a bank, or a mortgage company, for example. It asks the consumer to provide personal identifying information. For example, it might say your Facebook or Netflix account is locked and please “verify” your account. Then a scammer uses the information to open new accounts, or invade the consumer’s existing accounts.

Many people are tricked into signing into fake websites and logging in with their real account details and then maybe months later those accounts are hacked. Fake paypal might say http://paypal.payments.com but the real paypal is https://www.paypal.com

Scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts. Scammers launch thousands of phishing attacks like these every day — and they’re often successful.

Scammers often update their tactics, but some signs will help you recognize a phishing email or text message.

Phishing emails and text messages may look like they’re from a company you know or trust. For example, they may look like they’re from a bank, a credit card company, a social networking site, an online payment website or app, or an online store.

  1. Phishing emails and text messages often tell a story to trick you into clicking on a link or opening an attachment.
  2. They may say they’ve noticed some suspicious activity or login attempts
  3. They claim there is a problem with your account or your payment information
  4. Say you must confirm some personal information or verify your account
  5. include a fake invoice to get you to call to “cancel”, this is a “refund scam”.
  6. Asking you to click on a link to make a payment
  7. They say you’re eligible to register for a government refund
  8. They offer a coupon for free stuff

In my experience, it is more so businesses that are targeted with phishing scams, and it depends on what business they are, the bigger and more profitable the business the greater the chances hackers will spend the time to try access to your computers. In some cases, their emails were hacked and they had thousands of dollars wired to accounts overseas. In situations like this, the FBI needs to be involved not your friendly neighborhood computer tech. One of the most common ways a hacker will achieve access to your computer is via email attachments. They will say a package was not delivered and open this attachment and fill out the form for a refund or they will impersonate the CEO and get a lower employee to listen to this voicemail from the CEO about a job promotion. One client had his email hacked, and they emailed his bank to send many thousands of dollars via bank wire to an overseas account. Since he emailed his banker regularly with these types of requests, it wasn’t discovered right away. They are very crafty in how they trick you into clicking on things, but in and of themselves, they don’t just hack into your system.

How To Report Phishing

If you got a phishing email or text message, report it. The information you give can help fight the scammers.

Step 1. If you got a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org.

If you got a phishing text message, forward it to SPAM (7726).

Step 2. Report the phishing attack to the FTC at ReportFraud.ftc.gov.

Double check the URL

When you go to a site that uses credit cards or needs you to log in with a username and password, make sure it is secure. In Chrome is shows secure with a lock and will have https:// the s stands for secure. Also look at the domain. https://www.paypal.com is real but http://paypal.payments.com is not real.

Browser extensions – browser extensions in Google Chrome or Plug-ins for Firefox are where many bad things happen to people like adware infections. For Google Chrome you can use HTTPS Everywhere, Privacy Badger and an AdBlocker . There are being good security-minded extensions. I would say most people’s infections nowadays are tied to malicious Chrome extensions. These extensions can see what you are searching for, and what you type in, and they can alter your search results and redirect you to something else.

Scammed:

There is a big difference between someone hacking into your network, computer system or phone and a scam where you let a fake tech on to your computer via remote control software such as TeamViewer, any desk, ultra viewer, LogMeIn, etc.  Once a scammer has access to your computer, they often will install alternative remote control programs on your computer so they can access your machine. Their endgame is to get money from you, either from disabling your device or making you think you were hacked when you weren’t, and then you pay them “to get rid of hackers” that they made up or, at worst, they cause damage to your machine so they can get you to pay to fix it.

Refund scams are really common as well, where they send you a fake invoice or fake amazon receipt, then you call to cancel the fake order, they want to remote to your computer to “refund” you. Then they will claim they sent you too much money, and you owe them thousands in gift cards to pay them back. So if you allowed a scammer to get on your computer remotely, you are being scammed rather than hacked. 

Hacking Myths And Why Some People Are Actually Not Hacked

All the protection in the world can’t protect you from yourself. It can’t stop you from opening links, and downloading pirated software over and over again despite the fact that your computer is infected over and over again. Software can’t protect you against scams. If you give out your personal information to people, all the protection in the world can’t stop you from compromising yourself.

I’ve been doing computer repair for 16 years and I don’t have the skills or the ability to hack into a random computer on the Internet. Hacking is complex, even in person and much more challenging remotely, it can be time-consuming. TV shows and movies give a false impression of how easy it is, on the shows they make a couple of clicks and they are inside a computer and copying the data over. It drives me crazy because people think that is reality. Even sitting at a computer in person, without your password I’m limited in what I can do. My password reset programs are limited in what they can do as well. In order for me to offer remote support, I need people to download Teamviewer. I can assign Teamviewer to my paid business account but it takes a few minutes. It just isn’t a simple process that I can do without either your computer in my hands or without walking you through the process of doing it for me.

I get frantic calls from people regularly who truly believe they are being hacked but they can’t offer evidence that they were. I’m told they cloned the cloud and they can see and hear everything I do with evidence for it. I’m not sure how they clone the cloud.  

After 16 years of computer work, I would say 90% of the hacking calls will be a female in their 50’s who is convinced they are being hacked, often by her ex or some computer tech she used years ago is hacking her. They usually have apple devices.

I’ve had one person have 4 iPhones, 5 MacBook Pro laptops, and 3 ipads and they were convinced they were all hacked by her ex husband who doesn’t even work in tech. This person paid $7,000 to a forensic security company to determine if she was truly hacked and they determined her devices were fine and never hacked. She has called the police so many times they refuse to come out anymore. She has gone through all the local tech companies and said no one will tell her the truth that she is being hacked. The truth is she wasn’t being hacked, nothing was unusual to me but some people are so convinced that they just want someone to valid them. All I could find was she was creating new apple ID’s with each new device, and since apple ties your contacts, email and calendar to the apple ID when you create a new one, you start over. She was convinced when she used a new apple ID and none of her contacts were there, then she must have been hacked. Not true, you start fresh with a new apple ID so you lose all the contacts, emails, etc tied to your apple ID. Not a hack at all. It is self-inflicted in that people can be so convinced they are hacked they keep creating more reasons to think they are hacked.

I’ve had people want me to create new email addresses, new logins and then in a few days they want it all undone because they feel more unsafe than ever because it is new. Change scares people and some people don’t like the higher security and new emails and want to go back to the old stuff but then go right back to saying they have been hacked again. I’m not sure how to help in these situations if everything I do to help your security will just be undone.

I’ve had one person who was convinced his computer was hacked because all his emails were off by an hour. He was convinced a hacker was altering his emails. He has two homes one on central time and one on eastern time and he kept saying his emails were hacked as the time was off by one hour. He said it was fine when he was home in TN but got to Florida and now everything is off. No matter how much I tried to explain the one hour time zone difference and how noon in florida is 11am in Nashville and so it saying 11am is accurate even though it is noon when you are because your laptop time zone was still on central. Sometimes people want there to be a hacker so much that nothing you say sinks in.

I’ve had people who have moved across the country, threw their old computer and router in the trash, moved states away, got a brand new computer, new phone and phone number, new router, new email addresses, new passwords never used before and still in the first day they are convinced they are hacked already despite I find no evidence of it. Everything looks and behaves normally to me.

Most people will want someone out asap to check everything out, they seem to be desperate for help but often they cancel the appointment when they realize this is not a quick nor a cheap request. I’ve literally had people say they want me to secure all their devices and guarantee they can’t be hacked but don’t want to spend more an hour.  

Keep in mind companies and the government with multimillion-dollar cyber defense and full time tech people get hacked. I’m often asked over the phone before I have been onsite to guarantee they are safe in one visit but most don’t want to spend over $200, very few want to spend over $500. No honest company can guarantee cybersecurity at any price, I can say with enough investment, you are much safer than you were initially. At a minimum, you should plan on $1,000 for the time to research your situation. If you need a firewall, VPN to secure the network you can expect an additional $2,000 or more.

Most likely, you are not being hacked or at least your phone or computer isn’t directly being hacked.
Exploit broker Zerodium announced that its bug bounty for zero-day (previously undisclosed) exploits now tops out at $1.5 million for Apple. One team of hackers claimed a $1 million dollar prize. Andriod is $200,000. So your ex or some random person is hacking your phone when they could be getting 1.5 million if it was an iPhone? Surely they would take that money over just messing with you unless you really believe someone would give up that kind of money just to harass you. I fail to understand how an ex is smarter than most people on the planet and is able to hack your phone when they could be making real good money by proving to Apple their skills.

The FBI sued Apple because they couldn’t access an iPhone from a terrorist, The FBI believed Apple should help it obtain information to investigate the terrorist attack. Apple believed that creating a back door into the phone would weaken security and could be used by malicious actors. The FBI sought a court order to compel Apple to help the government. If the FBI can’t access a phone in their hands yet, I am to believe your ex, or husband or the random guy from India is hacking your brand new phone with a new number and new email? In 2020 it was revealed it took FBI technicians months to unlock two iPhones in their possession. Knowing how much work the government works to get into an iPhone makes me think it is very challenging to hack an iPhone. I’ve never been successful at getting to an Apple device that has been locked or disabled without the correct pin number or apple ID. People lock themselves out of iPads and phones all the time and I’ve never been able to help them.

An iPhone is one of the most secure devices out there and that is also why they end up in the news when a security flaw is found. Most of the flaws are found by teams looking to win the bug bounty rather than a flaw that was actually used. They will often make an update that patches that flaw before they announce that bug existed in the first place. So I’m perplexed when people have all Apple devices and will even get new ones and say they are hacked within hours at times when nothing is wrong with the device.

Common ways people falsely convince themselves they are hacked

  1. They change their phone number itself, which means any website with two-factor authentication won’t work because the code gets sent to a number that has been changed, thereby locking yourself out of your own account. Many people had convinced themselves that they were hacked when it was an unfortunate self-inflicted problem.
  2. You create a new apple ID, new email address, new Microsoft account which means you lose everything tied to your old account. An apple ID stores your contacts, calendar, email and itunes purchases. When you create a new account you will lose all that information. Unfortunately, people will create a new apple ID or new email address and they are instantly convinced that they are hacked because the new email address doesn’t have my old emails. Correct it wouldn’t. My new apple id doesn’t have the 400 iphone contacts I use to have. Correct, it is tied to your old apple ID that you are convinced was hacked which is why you created a new apple ID. None of your stuff has been moved over.

    The problem so many people have is they want to “Start fresh,” but then they complain they lost all their files. Starting fresh means precisely that, you are giving up all your files and content to start over. When you start over and have no files, that doesn’t mean your new account was hacked. It literally means you are starting fresh on a new account. You can’t have your cake and eat it too in this situation.

  3. VPN’s (Virtual Private Network) Clicking on virus links or being a victim of phishing via email or social media won’t be protected by your VPN. While a VPN can help keep you safe and anonymous, it often backfires and people are more convinced then ever that they are being hacked. For instance a VPN lets you appear to be from another city, state or even country. So if you think hackers are attacking you, a VPN will make you appear like you are in New York City or Paris or London. Some VPN’s alternate between locations. It will throw off someone trying to connect to your computer. However, when you try to sign into your bank account, Facebook or gmail, it might say we don’t recognize you, we detect you are trying to sign in from London or New York City. People call me in a panic saying my bank account has been hacked, they think I’m in some other city or country. Not realizing it is the VPN. So the very thing that can make you safe also backfires so often and makes people more paranoid than ever so I don’t recommend VPN’s for that reason. If you are already paranoid about being hacked a VPN will keep you more paranoid and this is why I recommend it for more advance computer users who understand the VPN process already.
  4. Website says you are logged in a location that is states away from you. This is common with facebook but can happen with other companies. If you see a location that you don’t recognize, first check if it’s related to your mobile device. Often, when signing in through a mobile device, you’re routed through an IP address that doesn’t reflect your actual current location. Facebook grabs your most frequent login IP address. Many internet providers change IP addresses on a rotating basis, and your provider may have their main server installation many miles away. For instance, it is not unusual for people in Nashville who use Comcast for the Internet for facebook to say Mount Holly, New Jersey or somewhere near Marietta, Georgia. This isn’t because you are being hacked, it is because your internet provider has data centers / hubs in these locations. So when you sign in, the website looks at your IP address but the ip address location lookup isn’t always accurate. In order for you to access google, your traffic might be in 5+ different states to get to you from the google server so a website might say hey we detect your logging into facebook from New Jersey when you are in Nashville but your comcast might be going through New Jersey to get to Facebook. So it is technically both accurate and wrong at the same time but leads many people to falsely believe they are being hacked. This type of situation is tricky, most of the time there is nothing to worry about but legitimate hacking happens often too so it isn’t a bad idea to change passwords for good measure anyways.
  5. Computer or phone restarts on it’s own or you see the monitor or phone screen light up. I’ve heard this many times as evidence they are being hacked but after further analysis, I often find updates have been installed and the device restarted on its own. Windows machines do this quite often for big updates, especially around the middle of the month after “Patch Tuesday”, the computer will install updates and restart the computer in the middle of the night. People will say they saw their computer restart in the middle of the night, or they came back to their computer in the morning and it is at the login screen. This is common after updates are installed and automatically restarted the computer. As for phones lighting up on their own, most of the time, they are news alerts or some kind of notification that lights up the phone briefly before turning back off. This kind of situation is commonly assumed to be malicious when it isn’t.
  6. People believe their router is compromised, and so they get a new router. Routers often have a sticker on the bottom with the name and password for the network they are preconfigured with. People have in the past seen the new Wi-Fi name and believed their new router is hacked or believed the new router is the hacker. In one case, a lady said a guy from best buy had been following her across the country, and she never sees him. She said he is near her house because this new network “Netgear26” shows up now that didn’t before. She said I got a new modem and it was hacked immediately. In this case the modem is actually a router, a netgear router. On the bottom of the router is a sticker the said “Netgear26” I showed it to her, she didn’t believe me. I unplugged the router and netgear26 disappeared and she said the hacker knows you are here and turned off his network. She just couldn’t understand the “modem” she got was causing all her paranoia. There was no hacker, and her attempts to get a new router to protect her computers were only making her more convinced she was hacked.
  7. People can get so worked up they will look for everything as evidence of a hacker. People will find temporary files created by Microsoft office. Also many calls have been people who wipe their devices and say there is a “Public” and a hidden “Default” user directories under C:\Users. This is normal and all Windows computers will have those two user directories as well as your own user profile. You will find all kinds of hidden folders, files and strangely named files and extensions. While some files can be malicious, the vast majority of evidence people show me are normal files that I have on my machines as well.
  8. I’ve watched people in real-time, open programs or apps and just franticly click on things, I saw people accidentally click on download while I watch and then freak out that there is a program setup file in the downloads or truly believe they are being hacked in real time. Having been next to them and saw everything, sometimes the best thing to do is just stop, breath, slow down.

There is a difference between your email or Facebook account being hacked and your computer being compromised. You could throw your computer in lava and someone still can hack your online bank, Facebook, or email. It isn’t tied to your actual computer. Oftentimes people will see attempts at someone getting to your email and think they must have a bug in their computer which isn’t true at all.

Remember, all things are hackable, even the government’s best computers are hacked, major companies hacked, Equifax was hacked, and had millions of social security numbers stolen. Trust me they have hundreds of thousands, if not millions of dollars in safeguards with firewalls and cyber defense, and if they can still be hacked then your $500 laptop running a $60 or less version of McAfee or Norton is not going to keep you from all things. It HELPS, but if a bad guy wants in, they will find a way…eventually.

Follow the steps I listed above and you will prevent 99.9% of all legitimate hacking situations. If you follow all the recommendations that I have offered and still feel you are hacked I might not be able to help you and I don’t know if any company can help you. Over the years I don’t know if I have ever gotten someone to feel they are not being hacked. Some clients spend thousands on top-notch gear, I got the top people I know, some who specialize in cybersecurity who said there was no evidence of being hacked and the client will still insist they are being hacked despite all reasonable precautions being taken.

I have to be careful because I have had situations where people will accuse me of either being the hacker or I’m working with the alleged hacker. How can I say this? As a computer tech I can’t fix paranoia. If every computer tech becomes a new hacker that follows you and then I become a hacker in your eyes I don’t know how to help you. I have heard it all, from the mafia is tracking me, hackers have a worker at UPS or FedEx who hacks into their new computer so when they get it delivered, it is already compromised. A Best buy employee from 20 years ago is hacking your computer and he moves around the country following you which seems like an expensive thing for a Best Buy worker to afford just to mess with a customer from 20 years ago. I also have heard Comcast had a hacker that came out and bugged their equipment.

Only a Private Investigator can do legit bug searches but most / all people don’t want to pay for real investigations. In fact, most people will cancel their appointments because they don’t want to pay over an hour, and a true security check and cyber defense plan will take time and money. It is good to assume a minimum of $2,000 for parts, software, and time. I will bring in an additional tech to do the firewall installation. This is often a multiday project, not a quick in and out.

I’ve been reluctant to go there but truth is some people don’t need a computer tech, they need a therapist. When anxiety or panic sets in or even dare I say mania, it is best to calm down and think logically. I feel bad for many of these callers. Most of the women who call me are having a meltdown, crying uncontrollably. They are scared and paranoid of everything. Even if I don’t believe they are being hacked, it is real to them and I have to approach it as they are seeking validation of being hacked, often by an ex. I feel a lot of pressure in these situations because they are convinced they are being hacked. People have cried, saying no one will believe them and if I validate them, I’m not doing any real favors. If I don’t think you are being hacked I will tell you, if I believe you are being hacked I will tell you and show you the evidence. I’m seeking the truth, too but I can’t in good confidence lie to people just because I know what they want to hear.

Ultimately, security is a feeling, not a reality. When you are hacked you feel violated, unsafe and that is understandable but as a computer tech I can’t sell you a feeling. I’ve had people who were secure from a tech stand point not feel secure. Even with a million dollars and a full time cyber defense person they still are convinced they are being hacked. While others who use the same password for everything, have no security software on the computer, they don’t want passwords or pin numbers on the phone or computer who feel they are hack proof actually get hacked and don’t care, change the password and move on. It is interesting how people react differently to being hacked.

Be safe out there, hopefully, this information is helpful but if you need additional help I can come out.