How do I know if my phone or email has been hacked?

Common signs include password reset emails you didn't request, apps or programs you didn't install, friends receiving strange messages from your accounts, unexpected charges on your bank statement, your phone running unusually hot or slow, and being locked out of accounts. If you notice any of these, act immediately.

What should I do first if I've been hacked?

Change your email password immediately — your email is the master key to every other account. Then enable two-factor authentication, check for unknown email forwarding rules, change your banking passwords, and call your bank. Do this within the first 30 minutes.

Can I check if my data has been leaked in a breach?

Yes. Visit haveibeenpwned.com and enter your email address. It will show you every known data breach your email has appeared in. You should also run Google Security Checkup (myaccount.google.com/security-checkup) or Apple's Safety Check (Settings > Privacy & Security > Safety Check).

Where do I report being hacked in Australia?

Report to ReportCyber at cyber.gov.au/report (Australian Cyber Security Centre). For scams, report to Scamwatch at scamwatch.gov.au. For identity theft support, contact IDCARE at idcare.org or call 1800 595 160. If money has been stolen, also contact your bank and local police.

How to Tell If You've Been Hacked — What to Do Next

If you think you've been hacked, stop what you're doing and read this now. The next 30 minutes matter more than the next 30 days. Every minute you wait is a minute the attacker has to do more damage. We'll walk you through exactly what to do, step by step.

Something feels wrong. Maybe you got a password reset email you didn't ask for. Maybe a friend texted asking "did you really send me this?" Maybe your bank just sent a notification for a purchase you didn't make. Your gut is probably right. Here's how to know for sure, and exactly what to do about it.

The Warning Signs You've Been Hacked

You don't need to be a tech expert to spot a hack. Most compromises leave obvious traces if you know what to look for:

Password reset emails you didn't request If you're getting "reset your password" emails from services you use, someone is actively trying to break into your accounts — or already has.

Locked out of your own accounts If your password suddenly doesn't work on email, social media, or banking, the attacker has already changed it. This is urgent.

Friends got strange messages "from you" If people are receiving messages, emails, or social media posts that you didn't send, your account is compromised and being used right now.

Apps or programs you didn't install Unknown apps on your phone or software on your computer can be spyware, keyloggers, or remote access tools giving someone else control.

Unexpected charges or transactions Strange purchases on your card, small "test" charges, or transfers you didn't authorise mean your financial details have been stolen.

Phone running hot, slow, or draining fast Malware running in the background consumes processing power and battery. If your phone is suddenly sluggish with no explanation, investigate.

Browser redirects or pop-ups If your browser keeps redirecting to strange sites, your home page has changed, or you're seeing pop-ups you never used to get — something has been installed.

Two-factor codes arriving unprompted Receiving 2FA codes you didn't request means someone has your password and is actively trying to get past your second layer of security.

If even one of these applies to you, don't wait. Don't "keep an eye on it." Act now. Hackers work fast — they know they're on a clock once you notice something is off.

The Critical First 30 Minutes: What to Do Right Now

This is your emergency action plan. Do these in order. Don't skip steps. Don't get distracted looking up who did this or how — that comes later. Right now, you're locking down.

Change your email password first — it's the master key. Your email is connected to everything: banking, social media, shopping, government services. If a hacker controls your email, they can reset the password on every other account you own. Go to your email provider (Gmail, Outlook, iCloud) right now and change your password. Make it long — at least 16 characters. Don't reuse an old one.
Enable two-factor authentication (2FA) on your email immediately. Once your password is changed, turn on 2FA. This means even if someone gets your new password, they can't get in without your phone. Use an authenticator app (Google Authenticator, Microsoft Authenticator) rather than SMS if possible — SMS can be intercepted via SIM swapping.
Check your email forwarding rules. This is the step most people miss, and it's critical. Hackers often set up a forwarding rule that silently sends a copy of every incoming email to their own address. You won't notice because the emails still arrive in your inbox — but they're getting a copy of everything. In Gmail: Settings > Forwarding. In Outlook: Settings > Mail > Forwarding. Delete any forwarding address you don't recognise.
Change your banking passwords and call your bank. Don't just change the password online — actually call your bank. Tell them you believe your accounts may be compromised. They can flag your account, freeze cards, reverse unauthorised transactions, and issue new card numbers. Do this even if you haven't seen suspicious charges yet. The charges might be coming.
Check what apps have access to your accounts. Over time, you've probably granted dozens of third-party apps access to your Google, Apple, Facebook, or Microsoft accounts. A compromised app is an open door. Go to your account security settings and revoke access for anything you don't recognise or no longer use.
Check for unknown devices logged into your accounts. Every major platform shows you which devices are currently signed in. In Google: myaccount.google.com/device-activity. In Apple: Settings > [Your Name] > scroll down to see devices. Sign out anything you don't recognise. Sign out everything if you're unsure — you can sign back in on your own devices.

Do NOT use the compromised device to do these steps if you suspect it has malware. Use a different phone, a family member's computer, or visit a library. If the hacker has a keylogger on your machine, they'll capture every new password you type.

After the First 30 Minutes

Once you've locked down email, banking, and active sessions, work through these:

Change passwords on all important accounts — social media, shopping (Amazon, eBay), government services (myGov), cloud storage, and any account that stores payment details
Check for unauthorised purchases — review your bank and credit card statements for the past 30 days, look for small test transactions (hackers often charge $1-2 first)
Update your phone and computer — install all pending operating system and app updates, as these patch known security holes
Run a malware scan — use Malwarebytes (free) on your computer, and check your phone's app list for anything unfamiliar
Change your phone's lock screen PIN — if someone had physical access to your device or has been watching you via spyware

How Hackers Actually Get In

Understanding how this happened helps you prevent it from happening again. Most hacks aren't sophisticated — they exploit human behaviour, not technical flaws.

Phishing emails and texts

The most common method by far. You get an email or SMS that looks like it's from your bank, Australia Post, myGov, or Netflix. It asks you to "verify your account" or "update your payment details." The link goes to a fake website that captures your login. These are getting extremely convincing — some are nearly indistinguishable from the real thing.

Data breaches

A company you have an account with gets hacked, and your email and password are stolen along with millions of others. If you use the same password on multiple sites (most people do), the attackers try that email/password combination everywhere. This is called credential stuffing, and it's automated — they can try thousands of sites in minutes.

SIM swapping

The attacker convinces your phone provider to transfer your number to their SIM card. They now receive your calls and texts — including those two-factor authentication codes your bank sends. This is why app-based 2FA is safer than SMS-based 2FA.

Public WiFi

Connecting to free WiFi at cafes, airports, or hotels without a VPN can expose your traffic. Attackers can set up fake hotspots with names like "Westfield_Free_WiFi" that look legitimate. Anything you send over that connection — logins, emails, banking — can be intercepted.

Malware and spyware

Malicious software installed through dodgy downloads, email attachments, or compromised websites. On phones, this often comes from installing apps outside the official app store, or from clicking links in suspicious texts. Spyware can log your keystrokes, read your messages, access your camera, and send everything back to the attacker.

Tools to Check If You're Compromised

Use these free tools to assess the damage and find out what's been exposed:

Have I Been Pwned Enter your email to see every data breach it appeared in. If your password was leaked, change it everywhere you used it.
haveibeenpwned.com

Google Security Checkup Reviews your Google account for compromised passwords, suspicious sign-ins, and third-party access. Essential if you use Gmail.
Google Security Checkup

Apple Safety Check On iPhone: Settings > Privacy & Security > Safety Check. Reviews who has access to your location, photos, and data.
Built into iOS 16+

Australian Resources for Reporting and Recovery

You're not on your own. These are the official Australian organisations that handle cybercrime, scams, and identity theft:

ReportCyber — Australian Cyber Security Centre The official government channel for reporting cybercrime including hacking, ransomware, and online fraud. cyber.gov.au/report

Scamwatch — ACCC Report scams and find information about current scam trends in Australia. They track and investigate scam operations. scamwatch.gov.au

IDCARE — Identity & Cyber Support Australia's national identity and cyber support service. Free help from case managers if your identity has been stolen. Call 1800 595 160. idcare.org

ACSC — Stay Smart Online Alerts and advice from the Australian Cyber Security Centre on current threats and how to protect yourself. cyber.gov.au

When to Get Professional Help

Some situations are beyond what you can fix with a password change. You should bring your device to a professional if:

You can't remove the malware yourself — some spyware and remote access tools are designed to survive factory resets and hide from antivirus software
You've been the victim of a scam — if you've given remote access to someone claiming to be "Microsoft support" or "your bank," your device needs to be forensically cleaned
Your identity has been stolen — if someone has opened accounts, taken out loans, or filed tax returns in your name, you need professional help navigating the recovery process
You suspect someone is monitoring your device — stalkerware and spyware designed for surveillance require careful removal to avoid alerting the person who installed it
A business account has been compromised — if you run a business and customer data may have been exposed, you have legal notification obligations under the Notifiable Data Breaches scheme

There's no shame in asking for help. Hackers do this for a living. You don't have to fix it alone, and the sooner you get expert help, the less damage they can do.

Think you've been hacked?

We help Central Coast residents recover from hacks, scams, identity fraud, and malware every day. Book a session and we'll assess the damage, secure your devices, and walk you through recovery.

Book a Security Assessment

How to Tell If You've Been Hacked — And What to Do in the Next 30 Minutes