.png)
Hello ladies.
I'm shaking right now because this week, I've had a number of attempted logins and successful logins by someone or some people. I got alerts saying that someone was trying to log in to my account and my account was locked, while I got numbers sent to me to input if I want to log in. In some cases, I was told that I was logged in and an email was added to my account. I just woke up to an email that said that a random email had been added to my LinkedIn account. I was logged out and had to upload a form of ID in order to be able to log in again, change my password and remove the email.
I think this may have happened because I made the error of wanting to download a computer program and clicking on a supposedly "safe" link.
I've spent so much time having to change passwords and regain access to my account.
Can anyone please let me know if there's a tool I can use to search my browser for any malware? I use Google Chrome and Norton 360 and have seen that the Norton 360 Chrome extension doesn't work well. When I run Norton 360 on my laptop, it says that I have no issues.
I'd been notified months ago, by Google, that a lot of my passwords were compromised and had been slowly changing the passwords. I don't know if a cyber criminal got access to my passwords and was having a field day logging in or attempting to log in to my accounts.
I also wanted to say, please be careful where you browse and what you click on.
I'd appreciate it if you can give me all your best IT advice. I'm a good IT person typically and am afraid there is worse to come.
Check all your email IDs on https://haveibeenpwned.com/ to see if they have been involved in data leaks or password pastes anywhere
If they've gotten as far as your Linkedin account, do they know who you are? This is looking kind of like a police matter to me. I was facing targeted online harassment when my father first left my mother. Finding all my accounts, commenting disgusting shit everywhere, etc. I strategically leaked to his side of the family that I was compiling evidence for a police report, so said websites could be subpoenaed for the IP that accessed them and the person be tracked down and arrested. It all magically stopped immediately, imagine that. Idek if that's what the police would/could do, I just knew it would rattle the person doing it.
As another comment said, you likely need to nuke your entire current online presence and start fresh, awful as that sounds. I think they're correct in that once they compromise something they keep at it.
Many websites have 2FA, did any of the emails you received allow you to report it as suspicious activity or verify it wasn't you attempting to login? I see you were able to regain control of your linkedin.
If they've added an email to your accounts, I'd give this email to law enforcement. I'd also sign that email up for so many spam mailing lists it becomes unusable. If this all started from clicking a link they're maybe professional scammers targeting many others.
Before you abandon your accounts, I'd change/falsify all the other information. If they get in after you've abandoned it, they have no pertinent info to gain.
The have I been pwned website is good too.
I'm not in IT or cybersecurity so don't take this all as expert advice but it's the best I can offer. Fuck the people doing this to you! I'm so sorry for the stress it's putting you through. I've been there. I'll watch this thread and add any other suggestions I can think of.
Another thought: A factory reset of your computer will be able to wipe everything out if your anti-virus can't find anything. (Remember to back everything up)
The best security in the market now is the yubikey. It will be your last line of defence for your google and other compatible accounts.
A yubikey is a 2FA method that uses a physical device to give authentication instead of a code from an app. It is technically safer as it is near impossible to hack a hardware device.
Hence even if the hacker can guess your password - they still wouldn't be able to log in if they don't physically have the Yubikey in their hand.
Just remember to protect your iPhone and not let anyone know your passcode as anyone can use the code to deactivate the yubikey (If you are using an iPhone).
Goodluck!
Always assume anything is an unsafe link online. Almost all legitimate correspondence will not contain a link. E.g., If my bank sends me any email, I call to discuss it with them. If I receive anything unexpected, or worse, expected, I login to a separate browser to see my account and perform any requested action without clicking any links. Never open any attachments not first verified with the supposed sender.
Multi-factor authentication for everything. Sounds like you have this, so good job.
The longer your passwords, the more difficult for hackers to guess them. You can string several words together tossing in numbers and symbols at random, pick codes and symbol strings that mean nothing to you but that you can memorize and remember, add on a word that is meaningless to you or is something you detest (hate the color yellow? Harder to guess - add that) to a password you like, or make up a poetic line (the sun on my face in the morning brightens my day) and turn that into a password with symbols/use part of it as an acronym. The goal is to make these passwords difficult but in a way you can remember them.
I would bring your laptop to the manufacturer to run their own malware scan and then reinstall everything from scratch. You don't want anything remaining on your laptop. Be very careful about trying to trust anyone not affiliated with a known brand. Good luck!
Seconding the recommendation to download malwarebytes and run a scan. Every workplace I've been in has used malwarebytes as a trusted tool, so even though the name sounds scary it's legit. If you're using a Windows PC, the default Microsoft Defender program is actually pretty decent and you can run a full system scan too. Otherwise, just keep doing what you're doing by changing all passwords and enabling 2-factor authentication. If you don't use one already, I highly recommend a password vault (example: 1password, bitwarden, nordpass) so you can store long, complicated passwords for all your accounts.
Ultimately all you can do now is damage control by changing all passwords and enabling all security measures. If it helps, I once got an awful virus where my only option was a complete wipe and factory reset. And this was before cloud storage was common so I lost everything! Now I never keep anything important on my computer without it being backed up in other places.
Oh, and don't listen to anyone who tries to say they can get your accounts back for a small fee. Scammers look for people in your situation and will DM them, offering to hack back into your account. If you pay them, they just take the money and run.
I just want to thank everyone for their advice. Your tips have really helped!
I found that a lot of my passwords had been exposed due to data leaks on several websites where I have accounts. I use Google Password Manager and I was able to see how many passwords were exposed.
Thank you all for your help! It's much appreciated!!
time for digital witness protection.
change everything.
at least you know you’re on the right path…you’re really getting to someone!