Sure sign of system compromise No. 10: Your bank account is missing money
I mean lots of money. Online bad guys don't usually steal a little money. They like to transfer everything or nearly everything, often to a foreign exchange or bank. Usually it begins by your computer being compromised or from you responding to a fake phish from your bank. In any case, the bad guys log on to your bank, change your contact information, and transfer large sums of money to themselves.
What to do: In most cases you are in luck because most financial institutions will replace the stolen funds (especially if they can stop the transaction before the damage is truly done). However, there have been many cases where the courts have ruled it was the customer's responsibility to not be hacked, and it's up to the financial institution to decide whether they will make restitution to you.
If you're trying to prevent this from happening in the first place, turn on transaction alerts that send text alerts to you when something unusual is happening. Many financial institutions allow you to set thresholds on transaction amounts, and if the threshold is exceeded or it goes to a foreign country, you'll be warned. Unfortunately, many times the bad guys reset the alerts or your contact information before they steal your money. So make sure your financial institution sends you alerts anytime your contact information or alerting choices are changed.
Sure sign of system compromise No. 11: You get calls from stores about nonpayment of shipped goods
In this case, hackers have compromised one of your accounts, made a purchase, and had it shipped to someplace other than your house. Oftentimes, the bad guys will order tons of merchandise at the same time, making each business entity think you have enough funds at the beginning, but as each transaction finally pushes through you end up with insufficient funds.
What to do: This is a bad one. First try to think of how your account was compromised. If it was one of the methods above, follow those recommendations. Either way, change all your logon names and passwords (not just the one related to the single compromised account), call law enforcement, get a case going, and start monitoring your credit. You'll probably spend months trying to clear up all the bogus transactions committed in your name, but you should be able to undo most, if not all, of the damage.
Years ago you could be left with a negative credit history that would impact your life for a decade. These days, companies and the credit reporting agencies are more used to cyber crime, and they deal with it better. Still, be aggressive and make sure you follow every bit of advice given to you by law enforcement, the creditors, and the credit-rating agencies (there are three major ones).
Malware vector trifecta to avoid
The hope of an antimalware program that can perfectly detect malware and malicious hacking is pure folly. Keep an eye out for the common signs and symptoms of your computer being hacked as outlined above. And if you are risk-adverse, as I am, always perform a complete computer restore with the event of a breach. Because once your computer has been compromised, the bad guys can do anything and hide anywhere. It's best to just start from scratch.
Most malicious hacking originates from one of three vectors: unpatched software, running Trojan horse programs, and responding to fake phishing emails. Do better at preventing these three things, and you'll be less likely to have to rely on your antimalware software's accuracy -- and luck.
- Download: 11 signs you've been hacked -- and how to fight back
- 7 sneak attacks used by today's most devious hackers
- True tales of (mostly) white-hat hacking
- 14 dirty IT tricks, security pros edition
- IT's 9 biggest security threats
- 9 popular IT security practices that just don't work
- 10 crazy IT security tricks that actually work
- Website Malware Deep Dive Report
- Data Loss Prevention Deep Dive Report