What should I do if my device is lost or stolen, if I had malware/a virus on my computer, or if I have fallen victim to a scam?

If one of your devices (computer, phone, tablet, network attached storage, server, etc.) was stolen due to a break-in of your home or office, was lost, or if it was compromised (such as falling victim to a scam and you let someone remote in to your computer or if it was infected with malware/a virus), you should assume someone with malicious intentions now has control over any information stored on that device.  We don't often plan for a device to be lost or stolen nor do we often think about what we should do if we fell victim to a scam (such as a fake tech support scam) or were infected with malware/a virus, but think about that device for a second.  What information is currently stored on it?  Income tax returns with your social security number, date of birth, etc.?  What about pdf files with your bank account information or retirement account numbers?  Have you purchased a home recently and had to scan and email documents to your lender?  Do you have a file on your computer with passwords to your various accounts?  Did you allow your web browser to save passwords to websites?  Have you ever downloaded personal, private information from a website (such as medical records, bank statements, school transcripts, military records, etc.)?  Any of this information could be used to steal your identity, money, etc.  

If you fell victim to a scam or your device was lost or stolen, but then recovered:

  • If you have a backup of all the files on the device, I would proceed to the next major step.

    • If you do not have a complete backup of the files on your device, only save files you are 100% sure are yours.

    • If there are any files you aren't positive about, do not save and transfer them to your new device. They could be a piece of malware/a vrius.

    • If there are any files with dates after your device was lost or stolen, I would not save them. Even if you remember the file name, because it could be someone updated it with false information or worse it is now infected with malware/a virus. You can save the files off to have them analyzed later, but do not install them on your new device. If it is a file you absolutely must have, think about if you ever emailed it to someone. If you have, check your email account and recover it that way.

  • I always suggest re-imaging a machine if it was outside of your control and you believe it may have been accessed (used) by someone else. If you aren't sure, it's always best to re-image it. If you aren't familiar with the term "re-image", it means to erase everything on the hard drive and re-install your operating system (Windows, macOS, etc.) from scratch. If you haven't done this before, you can always take your computer to a local IT store (Best Buy, Microcenter, Fry's, Staples, computer repair store, etc.) and have them do it. If it is a cell phone or tablet running Android or iOS, it is a little different. You will want to restore the device back to it's original factory settings to ensure everything, including documents and applications, have been erased. A local computer store or cellular store can assist with this as well.

Thinking about the information stored on on your devices (computer, phone, tablet, server, network attached storage, etc.) consider these additional recommendations:

  • If it was a mobile device that was lost, stolen or compromised, such as an Apple or Android device, change your Apple and/or Google passwords immediately. Changing these should at least make it to where the person who stole or found the device can't use the email or possibly even the device to gain access. Changing your online Windows/Microsoft account password would be advised too if using a newer version of Windows (8.0 or later), since these versions will allow logging in with your online Microsoft account.

  • If possible, see if there is a remote wipe capability (remote ability to erase or factory reset the device). Android definitely has this, but you must enable it. Some anti-virus software/apps also have the ability.

  • If you do not recover the device (computer, cell phone, tablet, etc.) or you sold/donated it, look at your various accounts and revoke permissions for that device. For example, let's use a Google account. After signing in, go to "My Account" by clicking on your picture in the top right of your web browser. Then go to "Sign-in & security". Scroll down to the section labeled "Device activity & security events." Click on "REVIEW DEVICES". Select the device that was lost, stolen or sold/donated and revoke access.

  • If you saved any passwords for websites, such as when a browser asks if you want to save this password or if you had a file on one of your devices with your passwords, I would change the passwords on your various accounts immediately. Especially the important ones such as your bank, email, retirement accounts, medical accounts, etc. Even if you stored passwords in a password protected/encrypted file on your computer, I would recommend changing your important passwords. Using a password manager can definitely help. Speaking of which, if you used a password manager on the lost, stolen or compromised device, I would suggest changing the master password. Also, if you had a local copy of your password vault, I would change passwords on the important websites (bank, retirement accounts, email, etc.) stored in that vault ASAP. Personally, I would change passwords regardless of if I could remember or not, since a skilled hacker could actually recover quite a bit of information from the device. Even if it was just a "smash and grab" theft, hackers often look through online auction or for sale sites and local pawn shops to purchase cheap devices they could possibly recover private information from.

  • On the same note, if you stored answers to security questions, change those on your various accounts as well.

  • I would enable 2-step or 2 factor authentication to your accounts, especially your most trusted logins/websites such as your bank, email, retirement accounts, etc. You should also enable alerts on those accounts, if possible, to alert when any strange logins are detected. Not knowing all the accounts you may have, here are example instructions for Google/Gmail. Most accounts have similar features though.

  • If you stored personal documents on the device containing private information, like your SSN, date of birth, bank account information, etc., again I would assume that information is now in the hands of someone with malicious intentions. Here are some steps you can take to protect yourself. I haven’t performed these myself, so not sure what all is involved or any inconvenience they may cause, so I can’t recommend one way or the other. Just wanted to pass along the options available to us:

  • If you stored any credit card information, I would reach out to your bank and explain the situation along with monitoring your accounts to see if you notice any fraudulent charges.

  • If you stored account numbers for any of your other accounts, would reach out to those institutions to see what they recommend.

If someone broke into your home or office, especially if you own a business, here are some steps I recommend:

  • Have someone familiar with the devices in your office look around and see if there are any suspicious devices plugged in to any other computers, printers, network outlets, network switch, router, etc. If someone wanted to compromise (or “hack”) the network, they could plug in a keylogger, wi-fi enabled thumb drive, a new network adapter, etc.

  • On the same note, look for any new or different devices. An attacker could leave their own wi-fi router behind or switch out your wi-fi router to something different/new so computers will connect to it instead of your network.