It’s happening a lot right now.
More than ever before, we’re hearing from people — charity workers, business owners, even tech-savvy developers — saying something doesn’t feel quite right.
“I just got a weird email from my own account.”
“My inbox sent a message I didn’t write.”
“My customers are saying they got phishing emails from me — but I didn’t send anything…”
You’re not imagining it. And you’re not alone.
🔍 What’s Going On?
We’re in the middle of a massive spike in cyber-attacks, but unlike the flashy “nation-state” hacks in the news, these are quiet, sneaky, and personal.
Hackers aren’t targeting giant corporations (well, not just them). They’re going after regular people and organisations — through:
- Email accounts
- Saved passwords
- Trusted tools like email marketing platforms
- Old websites you forgot existed
It starts small — a single login reused from an old site, a tiny link clicked by accident — and then it spreads.
How to Tell if You’ve Been Hacked
Some signs are obvious. Others… not so much.
Here are things to watch out for:
- You’re locked out of an account unexpectedly
- Friends or clients say they got emails from you that you didn’t send
- You’re getting password reset emails you didn’t request
- Your sent folder has odd messages in it
- You see logins from unfamiliar places/devices
- Your website or email footer suddenly includes links you never added
If even one of these has happened to you, take it seriously. It might be nothing — or it might be the tip of the iceberg.
First, Don’t Panic
Yes, really.
The worst thing you can do is go into a frenzy, changing passwords on every device without a plan. If your machine is infected, you could be handing your new passwords over to the attacker immediately.
Let’s go step by step.
What to Do If You Suspect You’ve Been Compromised
1. Stop Using the Affected Device (If Possible)
If you suspect a laptop or phone is compromised, don’t use it for sensitive stuff until it’s been checked.
Use a different device to secure your accounts.
2. Change Your Passwords — Starting with Email
Your email account is the gateway to everything. If hackers can get into your email, they can reset your passwords for almost any other account.
🔐 Use a strong, unique password. Not one you’ve used before.
Bonus points if you use a password manager like Bitwarden or 1Password.
3. Enable Two-Factor Authentication (2FA)
This step alone stops most attacks in their tracks.
Even if someone gets your password, they can’t log in without the second factor — usually a code from your phone.
Do this for:
- Your email
- Your cloud storage
- Any payment platform
- Your social media accounts
4. Check for Suspicious Logins
Most platforms (like Gmail, Outlook, Apple, etc.) let you see where your account was accessed from.
Look for:
- Countries you haven’t been to
- Devices you don’t recognise
- Login times you weren’t online
If you see anything odd, log them out — then change the password again.
5. Scan Your Device for Malware
This one’s important.
Even if you change passwords, if there’s malware on your device (like a keylogger), the hacker can just watch you type in the new ones.
Run a scan using trusted tools like:
- Malwarebytes (free)
- Windows Defender (built-in)
- Bitdefender or Avast (paid)
6. Notify People Affected
If messages were sent from your account, let your contacts know.
Keep it short and honest:
“Hi — my account was compromised and you might have received a strange message from me. Please don’t click on any links or enter your password. I’ve now secured the account.”
They’ll appreciate the heads-up.
7. Review Your Accounts
Go through your bank, email, social media, and online services:
- Check for new users or permissions added
- Look at sent messages, scheduled posts, or billing history
- Revoke third-party app access you don’t use
Best Practices Going Forward
Even if you weren’t compromised this time, these tips will make you far harder to target:
- Never reuse passwords across platforms
- Use a password manager to remember the good ones
- Turn on 2FA everywhere
- Keep software and plugins up to date
- Limit who has admin access on your systems
- Backup your data, and test restoring it
Need Help?
If you’re unsure whether your systems are secure, or you’d like a second opinion, we’re happy to take a look.
We work with charities, businesses and individuals to help prevent attacks before they happen — or clean up the mess if it’s already too late.
📩 Reach out to us at [email protected]
Let’s make your digital life boring again — in a good way.
Final Words
You don’t need to be a tech genius to stay safe online. You just need a little awareness, the right habits, and a bit of healthy paranoia.
Don’t wait until something breaks. Prevention is much cheaper than repair.