Security IncidentHome Users8 min read · Updated June 2026

Am I Being Hacked? Signs, What to Do Right Now, and How to Stay Safe

If something feels wrong — your accounts are behaving strangely, your devices are slower than usual, or you've received an unexpected security alert — it's natural to worry. The good news is that most potential hacking incidents are either manageable or not as serious as they first appear. This guide will help you work out what's happening and tell you exactly what to do about it.

If you already know something has happened and need to report it, go straight to our How to Report a Cyber Attack guide.

Common Signs You Might Be Being Hacked

1. You Can't Log In to Your Accounts

One of the most common signs that an account has been compromised is that your password suddenly doesn't work — because someone else has changed it. If your email, social media, or any important account is rejecting your usual password without explanation, treat it as urgent.

What to do: Use the "Forgot password" option immediately, using your registered email or phone number. If you can't access the recovery options either, contact the platform's support team directly.

2. Unusual Activity on Your Accounts

Strange emails appearing in your Sent folder that you didn't write. Posts on Facebook or Instagram you didn't make. Purchases you don't recognise. Friends telling you they received an odd message from your account. These are signs that someone else may have access to your accounts.

What to do: Check the "recent activity" or "login history" on your account — most platforms show this in Security settings. Look for logins from locations or devices you don't recognise.

3. You've Received a Data Breach Notification

A company has emailed you saying your data may have been involved in a breach. Or you've been told by a service like Have I Been Pwned that your email has appeared in a known data leak.

What to do: Change your password for that service immediately. If you used the same password on other websites, change those too. Enable two-factor authentication if you haven't already.

4. Your Device is Running Unusually Slowly or Getting Very Hot

Malware can run silently in the background, consuming processing power and battery. If your phone or computer is suddenly and unexpectedly much slower than usual, or running hot without an obvious cause, this is worth investigating.

What to do: Run a malware scan. On Windows, use Windows Defender (built in, free). On Android, use Google Play Protect. On iPhone or iPad, malware is very rare — a slow device is more likely a software update or storage issue.

5. You're Seeing Unexpected Security Alerts or Pop-Ups

Genuine security warnings from your device, browser, or installed software are worth taking seriously. However, pop-up messages appearing on websites — especially ones that ask you to call a phone number or install software — are almost always scams. Do not call those numbers.

What to do: If a security warning appears in your device's notification system (not a website pop-up), investigate it. If it appears as a pop-up while you're browsing, close the browser tab or the browser entirely.

6. Strange Charges or Transactions

Unrecognised transactions on your bank account, credit card, or payment services such as PayPal are a serious sign that your financial credentials may be compromised. Pay attention to small charges (£1–£2) as well as large ones — attackers often test cards with small amounts before making larger transactions.

What to do: Contact your bank or card provider immediately using the number on the back of your card. Report the charges. They can freeze your card and investigate.

7. Your Browser is Redirecting to Unexpected Websites

If your web browser is sending you to websites you didn't navigate to, showing unexpected or intrusive adverts, or your homepage has changed without you changing it, your browser or device may have been infected with malware.

What to do: Review and remove recently installed browser extensions. Run a malware scan on your device. Consider resetting your browser settings to their default state.

What to Do Right Now — A Step-by-Step Guide

Step 1: Stay Calm

Most hacking incidents are recoverable. Acting quickly and working through clear steps will be more effective than panicking or doing things in the wrong order. Work through the steps below in sequence.

Step 2: Change Your Most Important Passwords Immediately

Start with the accounts that matter most: your email, online banking, and any account where you've used the same password. Use a new, strong, unique password for each one — a mix of letters, numbers, and symbols, at least 12 characters long, not used anywhere else.

Start with your email. Your email account is the master key to almost everything else online — if an attacker controls your email, they can reset passwords for your bank, PayPal, Amazon, and everything else.

If you're not sure how to create strong passwords or manage them, a free password manager (such as Bitwarden) can handle this for you — you only need to remember one master password.

Step 3: Enable Two-Factor Authentication

Two-factor authentication (2FA) means that even if someone has your password, they still can't get into your account without a second verification step — usually a code sent to your phone or generated by an app.

Enable 2FA on:

Your email account (Gmail, Outlook, Apple Mail)
Your online banking (if your bank offers it)
Social media accounts (Facebook, Instagram, Twitter/X)
Any cloud storage (Google Drive, iCloud, Dropbox)

Step 4: Check Have I Been Pwned

Go to haveibeenpwned.com and enter your email address. This free, legitimate service (created by a security researcher and supported by the NCSC) checks whether your email address has appeared in any known data breaches. If your email appears: change the password for that service immediately. If you used the same password on other sites, change those too.

Step 5: Check Your Account Login History

Most major services let you see a record of recent logins — when your account was accessed and from where.

GmailGoogle Account → Security → Your devices / Recent security activity

FacebookSettings → Security and Login → Where You're Logged In

Apple IDSettings → [Your name] — scroll down to see your connected devices

Microsoftaccount.microsoft.com → Security → Sign-in activity

Remove any sessions, devices, or locations you don't recognise.

Step 6: Scan Your Device for Malware

WindowsStart Menu → Windows Security → Virus & threat protection → Quick scan

MacBuilt-in protection is strong; for extra reassurance, run a scan with Malwarebytes (free version available)

AndroidOpen Google Play Store → tap your profile icon → Play Protect → Scan

iPhone / iPadMalware on iOS is extremely rare. A slow or unusual device is more likely a software or storage issue. Check for unrecognised apps and remove them.

Step 7: Contact Your Bank if There Are Financial Concerns

If you have any reason to believe your banking credentials, card details, or payment account have been compromised, contact your bank immediately.

Call the number on the back of your card, or use the bank's official app or website. Do not use any phone number found in a suspicious email or text — it may be part of the fraud.

UK law generally protects you against unauthorised transactions — acting quickly improves your position.

Step 8: Report It

If you believe you've been a victim of fraud or cybercrime, report it to Action Fraud:

Online: actionfraud.police.uk — available 24/7
Phone: 0300 123 2040 (Monday–Friday, 8am–8pm)

For more on who to report to and what to expect, see our How to Report a Cyber Attack guide.

How to Know for Sure

If you've worked through the steps above and still aren't certain whether anything happened, these tools can help:

Have I Been Pwned (haveibeenpwned.com)

Checks your email address against known data breach databases. Free and trusted by the NCSC.

Your email provider's security page

Every major email provider shows recent login activity and security events. Check Gmail Security, Microsoft Account Security, or Apple ID settings. Any login from an unrecognised country or device is a strong signal.

Google Account activity

accounts.google.com → Security → Recent security activity. Shows every time your account was accessed and from where.

Your browser extensions

Open your browser's extensions or add-ons list and remove anything you don't recognise or didn't install yourself.

Your home router

Log in to your router's admin page (usually by entering 192.168.1.1 in your browser's address bar) and check the list of connected devices for anything unfamiliar.

Already know something's happened?

If you're certain your account has been breached or you've been the victim of fraud, our guide tells you exactly who to report it to and what to expect: How to Report a Cyber Attack or Data Breach →

Protect yourself before it happens again.

Your free Cyber Nova AI plan walks you through every important step — from strong passwords and two-factor authentication to securing your home network and devices. NCSC-aligned. Plain English. Free to start.

Get my free protection plan

Frequently asked questions

Can I tell if someone is remotely accessing my computer right now?

On Windows: open Task Manager (press Ctrl+Shift+Esc) and look in the Processes tab for unfamiliar programmes using high CPU or network activity. You can also check Settings → Privacy → Activity History. If you see something suspicious, disconnect from your Wi-Fi or remove the network cable immediately, then run a malware scan.

What's the most common way people get hacked?

By far the most common route is phishing — a convincing email, text, or phone call that tricks you into revealing your password or clicking a link that installs malware. The second most common factor is password reuse: if you've used the same password on multiple sites and one site gets breached, attackers try that password everywhere else. This is called credential stuffing.

Should I call the police?

For cybercrime in the UK, the correct first step is Action Fraud (actionfraud.police.uk or 0300 123 2040) — not your local police station. Action Fraud feeds reports into the National Fraud Intelligence Bureau, which coordinates investigations. Call 999 only if you are in immediate danger or the incident involves physical safety.

How long can a hacker have access before I notice?

It varies widely. Some account takeovers are noticed within hours — a text with a 2FA code you didn't request, or a friend flagging a strange message from you. Others, particularly credential stuffing attacks or quiet data harvesting, can go unnoticed for much longer. Checking Have I Been Pwned and reviewing your account login history regularly is a good habit.

I received a pop-up saying my computer is infected and to call a number — should I call?

No. This is a common scam called tech support fraud. Legitimate security software does not ask you to call a phone number via a pop-up in a web browser. Close the browser (or force-quit it if needed), restart your computer, and run a malware scan. If you were deceived into calling and gave any personal or financial information, report it to Action Fraud.

Get properly protected — free

Cyber Nova AI gives you a personalised cybersecurity plan based on NCSC guidance. Free to start. No technical knowledge needed.

Start my free security plan