- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
Email hacked solutions
Posted on 7/1/26 at 8:46 am
Posted on 7/1/26 at 8:46 am
Friends email hacked. Yes they clicked a link, in their defense it was pretty clever.
Regardless, Got email all changed back with sending in photo id etc, 2 factor auth set up then they just changed it all again. Its tug o war of constantly changing the password, 2 factor and recovery email.
Do we wipe the device and start over?
How are they able to keep doing this? Are they in the device?
Regardless, Got email all changed back with sending in photo id etc, 2 factor auth set up then they just changed it all again. Its tug o war of constantly changing the password, 2 factor and recovery email.
Do we wipe the device and start over?
How are they able to keep doing this? Are they in the device?
Posted on 7/1/26 at 8:50 am to rattlebucket
Does your friend have a good backup?
Posted on 7/1/26 at 8:56 am to Cimarron
She says no. I want to get in the device but not sure I have that access being I would get to see all her info. Just trying to point her in a starting direction since she was able to do enough to change it back.
Should she do a back up now and then wipe it or should she just let them have the email account at this point and create a new one? Just sucks for her because its tied to her banking, private small business etc
Should she do a back up now and then wipe it or should she just let them have the email account at this point and create a new one? Just sucks for her because its tied to her banking, private small business etc
Posted on 7/1/26 at 9:03 am to rattlebucket
My guess is that when they clicked the link they installed a program that sends screenshots to the hacker.
What kind of phone/device is it?
The first thing she should do is put the phone in offline mode, disconnect any wifi, etc, and check permissions. People tend to grant access to everything. It sucks, but she needs to go through her phone with a fine tooth comb.
If it's auto-backed up to the cloud she needs to make sure there aren't suspicious apps/contacts there too.
What kind of phone/device is it?
The first thing she should do is put the phone in offline mode, disconnect any wifi, etc, and check permissions. People tend to grant access to everything. It sucks, but she needs to go through her phone with a fine tooth comb.
If it's auto-backed up to the cloud she needs to make sure there aren't suspicious apps/contacts there too.
This post was edited on 7/1/26 at 9:08 am
Posted on 7/1/26 at 9:18 am to Ricardo
^^^^^^
Good advice.
This sounds like a wipe and restore to factory mode.
It it's a laptop, make sure you have a good DNS tool that will check all links you click on. Open DNS has long been the defacto standard in that area. The Cisco version isn't available to consumers (Cisco owns it now), but there is a consumer version for consumers.
Good advice.
This sounds like a wipe and restore to factory mode.
It it's a laptop, make sure you have a good DNS tool that will check all links you click on. Open DNS has long been the defacto standard in that area. The Cisco version isn't available to consumers (Cisco owns it now), but there is a consumer version for consumers.
Posted on 7/1/26 at 9:36 am to Cimarron
The factory wipe is looking more like what she’ll need to do. Just learned she clicked on the link on apple laptop too.
She was able to reset pswrd, add 2FA, recovery email etc and they reversed all that. Theres got to be an active session still somewhere right?
She was able to reset pswrd, add 2FA, recovery email etc and they reversed all that. Theres got to be an active session still somewhere right?
Posted on 7/1/26 at 9:56 am to rattlebucket
They usually put a filter on your inbox so any new recovery emails that come in go back to the threat actor and they get all the resets codes etc. friend needs to sign out of everything electronic and change passwords everywhere to something new. Also get try and use password managers with auto generated passwords. Get password app on every device you use so that friend does not go back to bad password management.
If you dont change your password every so often they get leaked into DB's on the dark web. If it was stale password its easy to get into an account.
Also there is no defense, they fricked up. Learn the lesson or repeat it.
If you dont change your password every so often they get leaked into DB's on the dark web. If it was stale password its easy to get into an account.
Also there is no defense, they fricked up. Learn the lesson or repeat it.
Posted on 7/1/26 at 11:12 am to rattlebucket
A factory reset should solve it, but if they loaded the payload on her laptop and she uses iCloud, they'll still be in both devices.
I'm a network guy. Someone with more desktop knowledge might be of more help.
I'm a network guy. Someone with more desktop knowledge might be of more help.
Posted on 7/1/26 at 11:59 am to Cimarron
Can also check contacts in icloud and sort by date added. She may have a new one that she doesn't recognize.
Basically, she needs to go over everything and delete anything that looks suspicious. Any "shared" logins, etc.
Basically, she needs to go over everything and delete anything that looks suspicious. Any "shared" logins, etc.
Popular
Back to top
3






