I clicked a phishing link – what now?
Immediately disconnect from the internet, run a full antivirus scan, and change passwords from a clean device. If you entered credentials, assume they're compromised. Enable 2FA after changing passwords.
Phishing sites often steal cookies too – clear all browser cookies after scanning.
What's the first thing to do when hacked?
1. Disconnect from the internet – stops remote access and data theft.
2. Change passwords from a clean device (friend's phone/PC).
3. Enable 2FA on all important accounts.
4. Check for backdoors – unknown users, forwarding rules, connected apps.
Should I pay the ransom?
No. Paying encourages criminals and doesn't guarantee you'll get data back. Report to local cybercrime units. Restore from backups if available.
How do I know if I'm still hacked?
Look for: unknown devices in account activity, strange emails sent from you, changed passwords, new forwarding rules, or security alerts. Use tools like haveibeenpwned to check for data breaches.
Hacker changed my Gmail recovery email – help!
Go to accounts.google.com/signin/recovery. Answer as many questions as possible: previous passwords, date created, emails you frequently contact. Google may take 3-5 days. If you have a backup code, use it.
What are email filters and why do hackers use them?
Filters automatically sort incoming mail. Hackers create rules to delete security alerts or forward them to their own email. Always check your filters after recovery.
In Gmail, check "Filters and Blocked Addresses". In Outlook, check "Rules".
Can hackers see my emails after I change password?
Yes, if they set up forwarding or delegated access. Always check:
- Forwarding settings
- Delegated accounts (Gmail: "Grant access to your account")
- Connected apps with mail access
What's a SIM swap and how does it affect email?
SIM swap = attacker convinces your mobile carrier to transfer your number to their SIM. They can then receive SMS 2FA codes and reset your email password. Solution: use authenticator app (not SMS) and set a carrier port‑out PIN.
Instagram video selfie – does it work?
Yes. Instagram uses AI to verify your identity via video selfie. Make sure good lighting, follow instructions. It's often faster than email support.
Facebook trusted contacts – how?
If you set up trusted contacts before being hacked, you can have them give you recovery codes. Go to facebook.com/login/identify and click "Trusted contacts". They'll receive codes to share with you.
Twitter/X locked me out after password reset
This often happens if Twitter detects suspicious activity. Wait 24h, then try again. Use support form at help.twitter.com. If you have a backup code from when you set 2FA, use it.
TikTok recovery takes forever – any trick?
Use the in-app report: Profile → Settings → Report a problem → Account issue → Hacked account. Provide username, original email, and a video selfie with a handwritten code. It's faster than web form.
Steam account stolen – no CD key?
You can use a screenshot of a purchase receipt (email from Steam) or provide the last 4 digits of a credit card used. Also, if you have a mobile authenticator, you might still have control.
Epic Games hacked – what's the first step?
Go to epicgames.com/account/password. If email changed, contact support and provide proof of purchase. Enable 2FA after recovery – Epic requires it for gifting.
Discord token steal – how to remove?
A token lets attackers bypass password. After recovery, go to User Settings → "Log Out of All Known Devices". This invalidates all tokens. Then change password and enable 2FA.
Twitch payout changed – what do I do?
Contact Twitch support immediately. Check "Affiliate/Partner Settings" → "Payout" for changes. Also check if a new email was added. After recovery, change password and revoke unknown extensions.
My bank account was hacked – what first?
Call bank's fraud line immediately. Freeze cards, dispute transactions. Do not use the app on infected device. Change online banking password from a clean device.
PayPal took money – can I get it back?
Yes, dispute unauthorized transactions via PayPal Resolution Center. Also call PayPal fraud hotline. After recovery, check "Bank accounts" and "Cards" for unknown additions.
Amazon account used for fraud
Call Amazon customer service. Check "Your Orders" for unknown items. Also check "Addresses" – attacker may have added a shipping address. After recovery, enable 2FA and remove unknown payment methods.
What's a port‑out PIN and why do I need it?
A port‑out PIN (or transfer PIN) prevents attackers from moving your phone number to another carrier without your permission. Call your mobile carrier and set one up. It stops SIM swap attacks.
What are canary tokens?
Canary tokens are fake files/credentials that alert you when accessed. Place them in your system (e.g., a fake password file). If an attacker opens it, you get an email. Great for detecting persistence.
How do I check for keyloggers?
Run a rootkit scanner (Malwarebytes, Sophos). Check running processes for suspicious names. Use Process Explorer (Sysinternals) to see hidden processes. Also check browser extensions.
What's the difference between 2FA and MFA?
2FA uses two factors (password + code). MFA can use multiple (biometrics, hardware key). Always prefer app‑based or hardware keys over SMS.
Should I use a password manager?
Absolutely. Password managers generate strong unique passwords and reduce reuse. Use one with 2FA (e.g., Bitwarden, 1Password). Change all passwords after a hack.