Signs You've Been Compromised
- Unexpected password reset emails
- Unfamiliar account activity
- Slow device performance
- Strange pop-ups or programs
- Files encrypted or missing
- Friends receiving messages you didn't send
Immediate Steps
incident-response
[1] DISCONNECT from internet
[2] Don't turn off device (preserve evidence)
[3] Change passwords from CLEAN device
[4] Enable 2FA everywhere
[5] Check for unauthorized access
If Email Compromised
- Change email password immediately
- Review sent folder for malicious emails
- Check forwarding rules (attackers add these)
- Review connected apps and revoke suspicious ones
- Change passwords on all accounts using this email
If Financial Data Stolen
- Contact your bank immediately
- Freeze your credit with bureaus
- Monitor accounts for unauthorized transactions
- File police report if significant
- Consider identity theft protection service
After the Incident
Learn and Improve
Every incident is a learning opportunity. Document what happened, how, and implement measures to prevent recurrence.