What is the best thing to do when you get hacked?

What to do when you get hacked: $1,200 impact

Knowing exactly what to do when you get hacked minimizes the severe financial and personal risks associated with digital security breaches. Understanding the proper recovery steps protects your digital identity and prevents further unauthorized access. Read on to discover the essential recovery actions to secure your compromised accounts effectively.

What is the best thing to do when you get hacked?

Experiencing a security breach involves many variables, so there is no single solution for every situation. However, the immediate priority is understanding what to do when you get hacked: secure your primary email account, change critical passwords from a clean device, and disconnect infected machines from the internet.

Many people focus on financial accounts first. However, it is equally important to review account recovery settings and email security, as attackers often use these to maintain access even after passwords are changed.

Victims typically spend around $1,200 and 15 hours recovering from identity theft. ^[1] Time is your most critical asset. Automated scripts can hijack linked accounts and change recovery emails within 15 minutes of the initial breach. You need to act methodically, not out of panic, and follow the immediate steps after being hacked.

Phase 1: Immediate Triage and Containment

The first step is stopping the bleeding. Disconnect your compromised computer or phone from Wi-Fi and cellular networks immediately. This severs the connection to the attacker.

A compromised device may contain malware that captures new passwords as you enter them. For that reason, begin account recovery from a trusted device that is not affected by the breach whenever possible.

Avoid making rushed changes from a potentially compromised device. Pause, verify which devices are safe to use, and begin recovery from a trusted system.

Lock Down the Master Key

Your primary email - and this is the terrifying part - acts as the master key to your digital life. If hackers control your inbox, they control every password reset link. The first thing you should change if you are hacked is your email password, then force a sign-out of all active sessions in your account settings.

Phase 2: Damage Control and The Rogue Rules Mistake

Once your email is secure, move to your banking, financial, and password manager accounts. Freeze your credit cards and alert your bank's fraud department. Let's be honest - dealing with bank phone menus during a crisis is exhausting. But you absolutely must do it.

Here is that critical mistake I mentioned earlier: failing to check your email forwarding rules. Hackers often set up hidden filters that automatically forward any email containing words like password or reset to their own address, and then automatically delete the original message. You can change your password ten times, and they will just reset it again.

Go into your email settings right now. Look for the Filters and Blocked Addresses or Forwarding tabs. Delete anything you did not create.

Phase 3: Deepfakes and Social Engineering

Modern hackers do not just steal your money; they steal your identity to scam your network. AI voice cloning and deepfake social engineering scams have become increasingly common recently.^[3] Unexpected account behavior can be one of the signs your computer is hacked. Attackers will use your compromised email or social media to message your contacts, claiming an emergency and asking for funds.

Post a warning on your social channels and text your close family immediately. Tell them to ignore any weird requests for money or crypto, even if it sounds exactly like you.

Choosing Your Two-Factor Authentication (2FA) Method

After regaining control, you must lock the doors. Hardware keys and authenticator apps block a very high percentage of automated account takeover attempts.^[4] Here is how the options compare.

SMS Text Messages

1. Low. Vulnerable to SIM-swapping attacks where hackers port your number to their phone.
2. High. Works on any mobile phone without installing extra apps.
3. Low-risk accounts or services that do not offer better alternatives.

Authenticator Apps (Recommended) ⭐

1. High. Generates local codes on your device, immune to SIM swapping.
2. Medium. Requires downloading an app like Authy or Google Authenticator.
3. Email, social media, and banking accounts.

Hardware Security Keys

1. Maximum. Physical USB/NFC devices that physically cannot be phished.
2. Low. You must carry the physical key with you to log in.
3. High-value financial accounts, crypto wallets, and password managers.

The Infinite Lockout Loop

A freelance designer noticed unfamiliar login activity on his primary email account. He immediately changed his password from a device that was later found to be compromised, but unauthorized access continued despite multiple password resets.

The frustration was intense. He had client deadlines approaching and no access to his portfolio or emails. He assumed Google's security systems were just glitching and locking him out protectively.

The breakthrough came when a colleague suggested he use his cell phone on mobile data, not Wi-Fi. David logged in, went straight to his Gmail settings, and found the culprit. The hacker had created a rogue filter auto-forwarding all Google security alerts to a temporary email.

After deleting the filter, changing the password from the clean phone, and running a deep malware scan on his laptop, the account stabilized. He lost about 12 hours of work time, but learned that changing locks does not help if you leave the backdoor wide open.