Immediate Incident Guidance

Help, I've Been Hacked: What To Do In The First 60 Minutes

If your email, social, bank, or cloud account was compromised, speed matters. Use this checklist to contain the breach quickly and prevent follow-on fraud, impersonation, and wire transfer scams.

More Cybersecurity Help

1. Contain Access Right Away

Use a clean, trusted device.
Change passwords on compromised accounts first, then your recovery email.
Sign out of all active sessions and force re-authentication.
Enable or reset multi-factor authentication (MFA).

2. Remove Attacker Persistence

Delete suspicious inbox rules, forwarding rules, and mailbox delegates.
Revoke unknown app permissions and OAuth tokens.
Check alternate contact methods and recovery options for unauthorized changes.
Review trusted devices and remove unknown entries.

3. Protect Financial & Identity Exposure

Review banking, payroll, and payment accounts for unauthorized changes.
Place fraud alerts or credit freezes when identity data is exposed.
Document suspicious activity with timestamps and screenshots.
Notify critical contacts if phishing messages were sent from your account.

4. Recover Safely

Rotate passwords for all high-value services (email, banking, cloud, admin portals).
Update endpoint security and run malware scans.
Monitor sign-in logs and alerting for unusual location/device patterns.
Create a post-incident hardening plan to reduce repeat compromise risk.

Need Immediate Support?

If this involves business email, vendor payment fraud, or repeated suspicious sign-ins, contact Cyber Replay for guided triage and response.

Call (424) 625-4797 Request Rapid Response

Frequently Asked Questions

What should I do first if my account was hacked?

Change your password from a clean device, sign out active sessions, and enable multi-factor authentication immediately.

Should I remove suspicious email rules and app access?

Yes. Attackers commonly add forwarding rules and third-party app tokens. Remove unknown rules, tokens, and delegated mailbox access.

Do I need to notify my contacts after an account breach?

If the account sent phishing or wire transfer requests, notify contacts quickly so they can avoid further compromise.

When should I call a cybersecurity response team?

Call immediately if business email, financial accounts, payroll, or admin credentials are affected, or if you see repeated suspicious sign-ins.