Lock the Door! There are Hackers around!

I get this question a lot: "I got scammed by a hacker. Help! How do I prevent this in the future?" This is a loaded question but here is helpful information.

I get this question a lot: I got scammed by a hacker. Help!  How do I prevent this in the future? This is a loaded question, and googling brings up many irrelevant answers.  I found answers that direct you to install a Firewall and a great antivirus.  Well, that is not helpful.  First of all, there are two types of Firewall, a hardware firewall that is built into the router, and a software Firewall that is well-regarded in Windows, and you don’t need to set it up or install it.  And what is a “great” antivirus anyway? How can I trust the rest of the article now?

Most google results are written by people like you: Journalists.

First, you need to understand the terminology.  The person who calls claiming a hacker got into their system got scammed.  Their computer was not hacked behind the scenes; they may not even have viruses.  They have scammer anxiety.  

The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.
Gene Spafford 


Yes, protecting your equipment also protects you, but it is not nearly as helpful as user distrust.  YOU are the ultimate vulnerability, but you cannot reasonably work in a block of concrete. Also, keep in mind that your accounts are the most vulnerable, and scammers get their money from stealing your identity just as much as stealing your money directly.  

The painful part: 

There are steps that you can take and things that you can be conscientious about in order to help protect yourself. While this are a pain in the butt to do all the time, it will help you and is good practice.

1) Make a point of checking for updated or new extensions/add-ons in your web browser.  That icon you click on to access your email or google is a web browser. Most people use chrome (the colorful beach ball icon) or Edge (the blue E icon).  

  • Click on the 3 lines at the top right of chrome, select More, then select Tools and Extensions
  • Delete any you don’t recognize. Scan 
  • Call us to help you if you are unsure; Quickfix can be quicker and answer questions.

2) Use a password manager.  It may seem complicated, but which is worse: knowing a couple of passwords or hundreds?  Plus, a password manager will help you in finding old sites with user logins you don’t use that could be stolen. 

  • There are a number of password managers: 1Password, LastPass, Dashlane, Bitwarden, etc.  Any password manager should state how super-secure it is, and that they cannot help you if you forget your master password.  
  • I always also remember my icloud/Apple ID password, and my email password, just in case the world falls apart and I need to reset every password I have used (been there; it was painful!).
  • While you are setting it up, import the passwords saved in chrome, Edge, or Firefox if it allows.  The password manager is more secure.  No virus can log the keystrokes of an automatic fill of a web form.  But it can extract saved, unencrypted passwords in the web browser. 
  • Then look at the list of websites and close any accounts you set up that you no longer use.  This will take time, but if hackers actually break into any of those old sites and steal a list of email addresses, you will find your email receiving thousands of spams a day in the future, or your identity stolen once they match the email address with facebook data, linked-in data, twitter feeds, etc.  
  • Change any passwords that you reused.  Use long passwords that exceed 12 characters long.  That password manager can create some you cannot pronounce, but they won’t be reused on other sites. 

3) Consider phone verification (2FA) for any websites that offer it: Facebook, Amazon, and your bank could store sensitive information about you.  You have to download an authenticator app like Google Authenticator on the phone, then turn it on in the account settings of the website, which is not easy to find, and then follow the directions.  It is a pain, but it protects your identity.  

4) Be very suspicious of those email links.  Even if you are expecting a package delivery, the scammers are so good now that if they really want to they will watch social feeds to send you that fake lookalike email just when you expect a package delivery or response from a customer.  If you can avoid clicking in the email by going to the website directly, log into the website.  If you receive an email stating that your computer was hacked and the email has personal data in it, it is still a scam to get you to respond.  Don’t do it.  They may have found something on a public Facebook page to put in the email.  Call us instead.  Call your bank if it is bank-related.  Just don’t allow some “certified Microsoft tech support” into your computer.  

5) Be very suspicious of random phone calls, too.  If you did not call them first, they are probably scammers.  Besides, who do you trust more, a local tech person or someone who randomly calls you?  These calls and emails are similar to the guy in a roofing repair truck that pulls up to your driveway and offers a fantastic discount to replace your roof.  They point out supposed leaks, dents, whatever, in your roof.  You should take time to research any support personnel who contact you.  Is that company legit?  Do they have a web presence, or do they have a string of complaints a mile long on the BBB website? 

The Not-so-painful part: 

1) If your router is older than 2018, it was built with firmware that has vulnerabilities hackers can exploit.  At minimum, firmware updates can put a band-aid on the insecurity.  Updating the firmware may slow your internet down slightly.  Replacing the modem or router is better because they were built more secure. 

2) Email: having a paid business email is always going to be more secure.  Paying for email gets you a faster response and possibly direct phone support if you get hacked. QuickFix can set up business email for you.  

3) Antivirus: paid antivirus is more secure than free antivirus.  However, research the one you are considering.  Check av-test.org or av-comparatives.org for this year’s protection ratings.  Some antivirus programs are more trouble than they are worth, since they might slow down the computer or spew advertisements or unnecessary services that you don’t need.  If you are in a sensitive industry, you might also need an antivirus based in North America.  If you desire personal help, our QuickWatch antivirus is quiet and has tech support by people based in Charlottesville. 

4) If you get scammed, you still should have the computer checked for viruses.  Viruses can steal data and send personal details that scammers use later when they contact you or attempt to log into sites in your name.  They can steal address lists and spam your email contacts.  You should also go through your passwords and change any reused passwords, any passwords for email accounts and other sites you were on while the hacker was on your computer. Most importantly: call your credit card companies to notify them about the scam and check your credit history for a year.  Calling is painful; losing your bank account and access to email even more painful.  

Time and money are less important than safety, especially right now.  When in doubt, call someone you trust for answers.  

Cheers. 


Check out our services: