How To Tell If Your Computer Has Been Hacked

14 Signs That Your Computer Has Been Hacked

The percentage of companies hit by ransomware cyberattacks more than doubled between 2022 and 2023 [*]. Over that same period, attacker motivations also shifted from simple money grabs to stealing sensitive data.

In most cases, the quicker you spot a hack, the better your chances are of fighting it. Unfortunately, the signs your computer has been hacked can be obscure.

1. Unknown devices have access to your accounts

When cybercriminals break into your Google account or Apple ID, they can access and control many of your online accounts and personal data. For protection, both Google and Apple send warnings when an unknown device tries to log in, letting you sign out intruders and block them.

Find devices with account access:

• On your Google account. In your account Security menu, select Manage all devices under Your devices [*].
• On your Apple ID. In your device Settings, choose your profile and scroll down to see and manage all signed-in devices [*].

2. Your friends or family members receive messages from you

Hackers can use email and social media accounts to reach and scam the people on your contacts list. In Maryland, a woman realized her Facebook account was hacked when people she knew kept asking her for information about a cryptocurrency investment scam that she appeared to be promoting [*].

Spot online account hacks:

• Check your sent messages. Look out for undelivered email notices or unfamiliar messages in your Sent folder.
• Pay attention to your feed. Social media feeds mimic your activity and engagement. If you notice strange new content, someone else might be using the account.

3. Unprompted password reset or 2FA messages

Hackers may request a password reset to change your login information and lock you out of an account. Recently, Facebook users were hit with a flurry of password reset requests — possibly large-scale brute force attacks — as hackers tried many different password combinations to break in [*].

What these messages might mean:

• Password reset requests. In some systems, passwords can be reset by answering security questions, which hackers may be able to guess by using publicly available information [*]. 
• 2FA/MFA codes. Two-factor authentication (2FA) and multi-factor authentication (MFA) codes are sent to your device after a successful login, which means someone likely has your password.

{{show-cta}}

4. Changes to your browser

Malware can pose as an app or extension to make changes to your browser toolbars, homepage, or searches and search engine.

The worst hacks can even steal your credentials and personal data — like the Raccoon infostealer that stole over 100,000 ChatGPT credentials in 2023 [*]. 

Check for suspicious browser extensions:

• On Chrome. Click on the three dots Menu icon, select Extensions, and click on Manage Extensions [*]. 
• On Safari. Open your Safari Settings (or Preferences) and click on Extensions [*].

5. Unauthorized charges in your bank account

Hackers can empty your bank and credit card accounts before you even notice they have access. After hackers used a Utah family's account to withdraw $65,000, the bank held the family liable for $53,000 in overdrawn funds [*].

Detect unauthorized bank account activity:

• Set up account alerts. Many banks allow you to set alerts for low balances, large transactions, unusual activity, or profile changes. 
• Sign up for financial account monitoring. Companies like Aura can track your accounts and notify you of suspicious activity and transactions right away.

6. Locked out of your accounts

When hackers muscle into your accounts, they can lock you out and use them for their own needs. For a Chicago family, a single hacked device led to a cascade of unauthorized access. The hack affected five phones, banking and investment apps, as well as Amazon and social media accounts [*].

How to know if you're locked out:

• You can't log in. The most straightforward clue is that your passwords, security questions, and recovery options no longer work.
• Missed notifications. We get used to seeing semi-regular notifications from our online accounts. Take note if these suddenly drop off; it could mean the alerts are going elsewhere.

7. Unfamiliar apps open upon startup

Malicious software on your computer can activate whenever your operating system boots up. These programs and apps may open in an obvious way or run silently in the background.

Malware-laden apps tend to ape cleaner apps that can find and delete junk apps. The HiddenAds malware, for example, could rename itself and change its icon to parrot Google Play or Settings [*].

Look for auto-starting malware:

• On a Windows PC. Open the task manager via the Start menu or by pressing Ctrl+Alt+Delete.
• On a Mac. Open the Activity Monitor app in the Utilities folder [*]. 

8. Persistent pop-ups

Ransomware and malware infections can flourish random pop-ups that are intrusive and malicious. Most often, however, pop-ups are simply scareware or phishing attempts. A popular hacked computer pop-up scam cost one Pennsylvania man $55,000 [*].

Identify fake pop-ups:

• Compare it to the real thing. Many fake pop-ups pretend to come from your browser, ISP, or antivirus software, but they usually differ from authentic alerts.
• Look for other signs. Malware pop-ups appear frequently, and use urgent language and fear mongering tactics.

Artificial Intelligence (AI) has also only made it easier for scammers to create longer, more complex prose. In short, misspellings and mangled grammar are less common inside phishing now.

📚 Related: How To Stop Pop-up Ads on Android Phones and Tablets →

9. Device is slow or keeps crashing

Malware and spyware can tax your devices by running extra programs and using up processing power when stealing and sending out information.

If your device batteries drain faster than normal, or if the device itself tends to overheat, run sluggishly, or crash unexpectedly, this should raise alarms.

Check your apps and processes:

• On a Windows PC. Open the Task Manager to review power usage, data consumption, and network activity for apps and processes [*].
• On a Mac. Open the Activity Monitor app and click on Network to see packets and data sent and received [*] or Energy to see energy consumption [*].

10. Computer security has been disabled

Hackers can override your computer security with stealthy trojans or by tricking the computer into verifying and allowing malware into the system with zero-day exploits or “bring your own vulnerable driver” (BYOVD) attacks [*]. Some attacks even disable your security system altogether.

Check your security software:

• Microsoft Defender: Open Settings and click on Privacy and Security and Windows Security. Click on Firewall & network protection, choose a network, and turn on Microsoft Defender Firewall [*].
• Mac security. In your Apple menu System Settings, click on General and Software Update, and turn on Install Security Responses and system files [*].

11. You notice signs of remote access

By having remote access to your computer, hackers can spy on you, steal your data, or commandeer your device.

They can gain remote access by exploiting system vulnerabilities or by masquerading as tech support. Last year, the FBI warned seniors about such “phantom hackers” [*].

These scammers claim ad nauseam that the victim’s funds are unsafe. Should victims oblige and move funds over to an “alias” account for safeguarding, they lose their money.

Check for remote access hacks:

• On a Windows PC. In your device Settings, click on Remote Desktop or Advanced System Settings and disable the remote desktop function.
• On a Mac. In the System Settings of the Apple menu, click on General and Sharing. Disable screen sharing, remote logins, and remote management options [*].

12. You receive a ransom message

After hackers stole patient data from a California plastic surgery clinic, they sent the clinic a ransom note threatening to release the photos if payment wasn't received [*].

These notes may come by email or direct message (DM) or they can pop up, take over your entire screen, and freeze your device. They can also be fakes.

Identify fake ransom messages:

• No specifics used. Real ransom messages often send "proof of life" examples of what's been stolen, while fakes use generalizations and threats.
• Exit full-screen mode. Try to minimize the window by clicking on F11 on a Windows PC, and press Control+Command+F on a Mac.

13. External or connected devices behave strangely

When devices have been hacked, mice can move and cameras and microphones can record by themselves. Hackers can take over your smart devices and security cameras [*]. Some even connect to your router and spy on your network traffic.

Find intruders on your network:

• On a Windows PC. Type CMD into the search box, and select Run as Administrator. Enter net view to see network devices and arp -a to inspect their ID addresses.
• On a Mac. Open the Utilities folder, and click on Terminal. Enter arp -a to see the IP address and Mac address for each connected device.

14. Your information has been leaked

In 2023, about one in every three Americans was affected by a healthcare data breach [*] — leading to identity theft, unplanned medical bills, and hacks.

When these leaks occur, you should receive a data breach notification from the organization, but you can also find out in other ways.

Learn about data breaches:

• Run a free Dark Web scan. A free Dark Web scanner checks if your email address and passwords have been leaked to the Dark Web. 
• Sign up for Dark Web monitoring. This will monitor Dark Web marketplaces for your email addresses and other personal information, including your phone number, financial data, and Social Security number (SSN).

What To Do Next:

While running antivirus software can smote most malware threats, ransomware attacks in particular may require additional eradication and recovery steps.

Once you confirm that ransomware is present in your device, consider doing the following:

• Remove the device from the network. Isolate the device by disconnecting it from ethernet and Wi-Fi, turning off Bluetooth, and logging out of any remote sessions.
• Disable automatic maintenance tasks. To help with your investigation, ensure that automatic maintenance tasks won't delete any logs or temporary files. 
• Disconnect backups. Researchers have found that ransomware targets data backups in 93% of attacks [*], so disconnect any external storage or backups.
• Take a photograph of the ransom note. Ransom notes may appear on screen, via email, or in direct messages. They can also disappear or delete themselves when the device is shut down, so take photos to have on record for investigation and insurance purposes.
• Inform your IT security team. If your work device is affected, get IT security on the case right away. They should have a process in place for these matters.
• Avoid restarting infected devices. A 2019 survey found that 30% of ransomware victims restarted their devices [*]. But researchers warn against this; it may destroy evidence and any chances of recovery.
• Place affected systems into hibernation mode or safe sleep. This shuts down all processes and saves the current state of the device to the hard drive. Your device can then be opened in a read-only mode to investigate.
• Identify the ransomware variant. You can figure out the type of ransomware present by using free tools, such as ID Ransomware or No More Ransom. You may need the ransom note, an encrypted file example, and any contact information.
• Search for decryption tools. Once you know the variant, you can look for a suitable decryption method. The tools above may suggest a decryption solution, too.
• Remove the ransomware. Before decrypting, you need to remove the ransomware from the device. This may involve running antivirus or anti-malware software in order to quarantine and remove the infection; or you may need a professional to remove the malicious files manually.
• Reset passwords, set up 2FA/MFA. You should also add new, strong passwords and 2FA/MFA to any online account that allows it.
• Recover your data. With the help of a professional and an available decryption tool, you can now decrypt your encrypted files. If this isn’t possible, you may need to delete the affected files and restore them from a backup saved before the attack.
• Remove any suspicious apps or plug-ins. Run an antivirus scan, and perform a security audit to identify and remove or patch vulnerabilities.
• Update your OS and apps. Manually update your operating system and apps to get the latest and most secure versions to avoid future hacks.
• File a police report. If you received a ransom or extortion note, you should get the police involved. You can file a report with your local authorities as well as the FBI. 
• Review your bank accounts. Go through your financial accounts to ensure that the hackers didn't access them. Look for suspicious activity or unauthorized changes and charges. 
• Enable account, credit, and identity monitoring. Set up bank account alerts and credit monitoring. An all-in-one package like Aura monitors your finances, credit, and identity. Plans start a low as $3 a month.
• Consider a credit freeze. As an added precaution, freeze your credit with each of the three major credit bureaus (Experian, Equifax, and TransUnion). This way, no one can access your credit file for any reason.

How To Prevent Future Hacks

Most hackers are after money. In 2023, Verizon analyzed over 21,500 security incidents and data breaches and found that 97% were financially motivated [*]. But hackers also attack because … they can.

In order to prevent future hacks, consider doing the following:

• Device protection. Keep your computer secure by running regular antivirus scans and enabling automatic app and system updates.
• Network protection. Safeguard your network by configuring a firewall, keeping router firmware up to date, and using a virtual private network (VPN).
• Data protection. Enable regular automatic data backups with Apple's Time Machine or the Windows Backup and Restore tool.
• Account protection. Set up email filters to reduce spam and scams. Use secondary or burner email addresses for non-personal online services. Aura’s privacy-first plans also include email aliases.
• Security awareness. Practice good cyber hygiene by knowing the warning signs of common scams and hacks. Avoid suspicious links and attachments, and limit what you share online.
• Online security tools. Consider enabling Safe Browsing and using a password manager to store and remember your unique passwords.

For additional and professional support, see if Aura is right for you. Aura’s privacy-focused plans include advanced device safety tools, data monitoring, and identity and financial fraud protection.

Data broker removal, password manager, VPN, and more. See all Privacy plans.