According to the research carried out amongst nearly 500 users of the SpotTheSpy application, almost 60 per cent of the Internet users who have been hacked in the past, failed to report it to the police. Statistics also show that a large percentage of Internet users did not know how to effectively secure their Internet accounts once they had been hacked. As much as 41 per cent of the respondents admitted that they had not secured their accounts properly or that they couldn’t tell for sure.
Securing the account and further reporting the attack to the police – this should be a model action each Internet user should take once the user finds that they have been hacked. The research, carried out amongst almost 500 users of the SpotTheSpy application, shows, however, that such model action is taken by only part of the Internet users.
59.0% of the respondents declared that they had successfully secured their Internet accounts once they had been hacked in the past. However, a significant group of users encountered some problems with it. One in three (32.9%) Internet users declared that they were not sure whether the measures they had taken were successful and almost one in ten (8.1%) concluded that the actions taken were unsuccessful.
Users who declared that they failed to secure their accounts explained that they did not know how to do it, did not have enough funds and even stated that their security attempts were pointless, says Ole Brockhuus, founder of SpotTheSpy.
In the case of users who suspect that they have been hacked in the past, the issue with securing the account is even bigger. Only every fourth (26.8%) user stated that they managed to secure their profiles on the Internet. At the same time, half of the respondents (50.0%) were not so sure about it, while every fourth (23.2%) of them declared that they did not know how to do it.
Cybercriminals Go Unpunished
According to the SpotTheSpy research, only 41.0% of the respondents have reported hacker attacks to law enforcement authorities. The majority of the victims have not done it so far. A little more than 30 per cent (30.1%) of the respondents plan to report it to the police in the future, while less than 30 per cent (28.9%) does not plan to do so at all.
The research shows that law enforcement authorities may not be aware of the majority of cybercrimes committed. When we become a victim of burglary or an assault by beating, what we think about in the first place is to report it to the police. However, as it turns out, when it is a cybercriminal who attacks us, our behaviour is entirely different. Our reluctance to use the help of the authorities, makes criminals feel safe, says Ole Brockhuus.
The victims of hacker attacks who declared that they would not report it to the police explained that the reason behind their decision was the fact that they did not believe that the authorities would act effectively, that they were not familiar with the procedures and that they suspected that the person responsible for the attack was someone they knew – for example a colleague from work or a family member.
Persons who only suspect being hacked are even more reluctant to use the help of the authorities. Over half of them (50.7%) declared that they would not report it to the police. Over 40 per cent (40.8%) replied that they had not done it so far, but intended to do it in the future, while approximately 9 per cent (8.5%) used the help of the authorities.
How to detect a hacker attack?
Typically, it should not be particularly difficult to tell that your account has been hacked. Most frequently, you will not be able to login to the given service. However, offenders will not always be willing to risk blowing their cover. The signs which should alert you include the following:
- an email informing that your login data have been changed (absolutely);
- suspicious activity that is not yours, like for example posting likes on websites and under posts, comments, new friends;
- spam emails sent from your account to other users (e.g., emails to your friends requesting them to lend you some money – obviously, by means of sending a bank transfer to the account stated).
The criminal who intercepts your account may also inform you about it directly, requesting from you a “ransom” in exchange for returning your account and/or not using it for wicked purposes.
I have been hacked. What to do? Four-step procedure
Once you have realised that you had been hacked, you should start by limiting your loss. What’s important, is that you should act as quickly as possible.
Step 1. Password change
What you should do in the first place – if possible – is to change your password, you use to login to your account. Ideally, you should choose a good, strong password including capital and lowercase letters, as well as special characters and digits. You should not use passwords which you have already used in other places. If possible, you should do it on a different computer than the one you normally use – as it may be infected with malware.
Step 2. Logging out from other sessions
Some social media, like Facebook, for example, allow you to open multiple sessions on different devices. Thus, you may simultaneously use Facebook, both on your computer and smartphone. Facebook also allows you to get insight into active sessions (https://www.facebook.com/settings?tab=security). You can see which devices and the location from which they are currently logged in to your account, and consequently logout of them. You may also do it on your phone, using the SpotTheSpy application.
Step 3. Two-step authorisation
Currently, most social media and email accounts offer you the possibility to increase the security level by means of additional authorisation, e.g. by sending a text message to your phone the moment you login or by linking a token-generating application. If you have not yet used this option, do it straight away, regardless whether your account had been already hacked or it would happen in the future.
Step 4. Verify your data and activity
Check in the first place, whether the person who has logged in to your account, has not changed your data and password reset method (e.g., an email which is used to reset your password). This trick could help the criminal reset your password and login to your account once again. Secondly, check the activity on your account. Especially, whether there have been any emails sent to your friends requesting them to lend you some money or including a link to a malicious website infecting you with malware. Check also your likes, comments and friends as well as messages sent from your email account.
The situation gets more complicated if you cannot login to your service. Most servers and Internet services meet the standards, including standards concerned with the possibility of account interception by an unauthorised person.
In most cases it is possible to retrieve the intercepted account, however, it will require you to confirm that you are the legitimate owner of the account, e.g. by resetting the password via email that was used to create your social media account – information about such an address is frequently stored in the database even if, in the meantime, you have changed the email address associated with the account into a different one (or if a criminal has changed it). The only condition is that you still need to have access to the mailbox. Once you have retrieved the possibility of logging in to the account, you should follow all the steps described above.
How to Report the Attack to the Police?
Cybercriminals may cause a lot of harm. They can steal money, hack your email box and steal your documents or threaten that they will distribute compromising photos to your friends. Regardless of the type of harm suffered, victims should definitely seek the help of the police.
Remember that when notifying the police about suspected crime, we do not have to know the legal grounds for prosecution. Moreover, we do not have to worry about the form of our report. We just need to go to the nearest police station and describe the case, indicating what harm we have suffered. Our testimony will be recorded and we will be informed about further steps, says Ole Brockhuus.
The report may help us get our money back or catch the fraud. We will do the right thing for others too. Most probably, law enforcement authorities will be able to stop further practices of the criminal.
To help law enforcement authorities, we should document the case as thoroughly as possible. We should note the most important facts and dates. Let’s describe the first symptoms of the attack and when we have noticed them. If possible, use screenshots of a suspicious link, for example, which we have clicked on or a message in social media. Further, let’s focus on describing the actions we have taken to secure or retrieve our account.
All types of information, which will complete our description and confirm it, may prove helpful: screenshots, messages and emails sent from our account without our knowledge (also the email informing that our login data have been changed), messages from the criminal in which he/she blackmails us.
The research was carried out amongst the group of 457 users of the SpotTheSpy application for smartphones, who declared that they had been attacked by a hacker in the past or suspected that they had been hacked. The users replied to the questions via the application in January 2020, just after downloading the app.
Company Name: SpotTheSpy
State: Capital Region