Been Hacked or Scammed? Start Here.
Written by Mike Pearlstein, CISSP, CEO of Fusion Computing Limited. Helping Canadian businesses build and manage secure IT infrastructure since 2012 across Toronto, Hamilton, and Metro Vancouver.
KEY TAKEAWAYS
- Disconnect first. A device that’s still online is still leaking data, draining accounts, or sending fraud to your contacts.
- Reset passwords from a clean device, not the compromised one. Email is the priority because it unlocks everything else.
- Turn on multi-factor authentication on every account that supports it before you do anything else.
- Report to the Canadian Anti-Fraud Centre, RCMP NC3, your bank, and the OPC if personal data was exposed.
- Run a full malware scan, review device sessions, and document times, screenshots, and case numbers as you go.
Have you been hacked? Start here.
If you suspect an account or device has been compromised, the next ninety minutes matter more than the next ninety days. Stop using the affected device, move to a trusted second device, and work the six steps below in order. Across Fusion Computing’s 47 incidents we helped individuals respond to in 2024-2026, this sequence works whether the trigger was hacked Gmail, a fake CRA text, an e-Transfer scam, or a ransomware pop-up.
Get help from a Canadian security team
Six-step response at a glance
| Step | Action | Why it matters |
|---|---|---|
| 1 | Disconnect compromised devices and accounts | Stops active data theft and remote control sessions |
| 2 | Change passwords from a clean device | Prevents the attacker from capturing the new credentials |
| 3 | Enable MFA on every account | Blocks reuse of stolen passwords from breach dumps |
| 4 | Report to CAFC, RCMP NC3, and the OPC | Creates a case record banks and platforms accept |
| 5 | Contact your bank if financial data was exposed | Triggers fraud holds, card replacement, dispute filings |
| 6 | Run a malware scan and re-secure devices | Removes persistence so the attacker cannot return |
Step 1: Disconnect compromised devices and accounts
Pull the affected device off the internet first. Turn on airplane mode, disable Wi-Fi, or unplug the ethernet cable. If a remote support tool is running because a fake support agent had you install it, end the session and uninstall the tool. Disconnection cuts the attacker’s live access while you work the rest of the steps.
Sign out of suspicious sessions on the account side too. Most providers (Google, Microsoft, Apple, Meta) expose a “sign out everywhere” or active-session list. Use it.
Step 2: Change passwords from a clean device
Move to a device you trust, ideally one that has not been signed in to the compromised account. Reset the password for email first, then banking, then social, then any account sharing the same password. Use a password manager to generate unique strings; reused passwords turn one breach into full-account takeover.
After you regain access, check for forwarding rules, recovery email or phone changes, and unfamiliar app permissions. Attackers plant these so they can re-enter after the password change.
Step 3: Enable MFA on every account
Multi-factor authentication blocks 99.2% of automated account-takeover attempts according to Microsoft’s Digital Defense reporting. Turn it on for email, banking, social, and cloud storage. App-based codes (Microsoft Authenticator, Google Authenticator, 1Password, Authy) are stronger than SMS, though SMS still beats no MFA at all. Our MFA explainer walks through the trade-offs without jargon.
Step 4: Report the incident
Reporting in Canada is free and creates the paper trail your bank, insurer, or platform will ask for. Use more than one authority; each handles a different slice.
| Authority | What to report | How |
|---|---|---|
| Canadian Anti-Fraud Centre (CAFC) | Fraud, identity theft, money loss, romance scams | antifraudcentre-centreantifraude.ca or 1-888-495-8501 |
| RCMP National Cybercrime Coordination Unit (NC3) | Cybercrime, ransomware, extortion, online threats | reportcyberandfraud.canada.ca |
| Office of the Privacy Commissioner (OPC) | Personal data exposed by an organization | priv.gc.ca/report-a-concern |
| Canadian Centre for Cyber Security | Critical infrastructure or business-scale incidents | cyber.gc.ca or 1-833-CYBER-88 |
| Local police (non-emergency) | Threats, blackmail, stalking, sextortion | City police non-emergency line; 911 if active |
Why reporting matters: The Canadian Anti-Fraud Centre logged over $638 million in reported fraud losses in 2024, and cautions fewer than 10% of victims file a report. The Canadian Centre for Cyber Security publishes a monthly threat bulletin at cyber.gc.ca naming actively impersonated brands (CRA, Canada Post, Service Canada, major banks). The OPC confirms recovery from a personal data breach requires coordinated action across credit bureaus, banks, and platforms. Sources: antifraudcentre-centreantifraude.ca, cyber.gc.ca, priv.gc.ca.
Step 5: Contact your bank if financial data was exposed
If a card number, banking login, Interac e-Transfer, or void cheque was shared, call the fraud line on the back of your card right now. Do not email. Do not wait until morning. The first hour determines whether unauthorized charges can be reversed before settlement.
Ask the agent to freeze the card, flag the account for fraud monitoring, and document a case number. Then place a fraud alert with both Equifax Canada (1-800-465-7166) and TransUnion Canada (1-800-663-9980); one bureau does not notify the other.
Step 6: Run a malware scan and re-secure devices
On Windows, run a full Microsoft Defender scan plus a second-opinion tool like Malwarebytes Free. On macOS, the built-in XProtect plus Malwarebytes for Mac is a reasonable pair. On iPhone or Android, update the OS, remove apps you don’t recognize, and review configuration profiles or device-admin permissions an attacker may have planted.
If pop-ups keep returning, the device is locked by ransomware, or you gave remote access to a fake support caller, treat the device as untrusted until a professional clears it. A local repair shop or Canada Computers can do a full clean. For business devices, contact our team instead.
Field-Note
Mike Pearlstein, CEO. A neighbour’s mother called me after giving a “Microsoft support” caller remote access to her laptop. She’d already changed her email password from that same laptop, handing the attacker the new one. We wiped the machine, reset every password from her phone, and placed fraud alerts at both bureaus. The device the password is typed on matters as much as the password itself.
How do you know if you have actually been hacked?
Real compromises usually leave fingerprints. If two or more signals below appear at once, treat the situation as a confirmed incident and run the six steps above.
- Password-reset emails arrive that you didn’t request
- Friends or coworkers report messages or DMs you didn’t send
- Unknown sign-ins, devices, or locations show in your account activity
- Email forwarding rules, recovery numbers, or backup emails changed without your input
- Bank, card, or e-Transfer alerts for transactions you don’t recognize
- The browser homepage or default search engine changed by itself
- Antivirus or Defender is suddenly disabled and won’t turn back on
- Pop-ups demand payment, threaten file deletion, or push fake support numbers
- Phone bill shows premium SMS charges or unfamiliar international calls
- Two-factor codes arrive when you weren’t signing in
Across Fusion Computing’s individual incident calls, “2FA codes I didn’t request” is the best early warning. It means the attacker already has the password.
How do you prevent this from happening again?
Most repeat incidents trace back to four habits you can fix in an afternoon. Set them up once and the next phishing message doesn’t land.
- Use a password manager. 1Password, Bitwarden, or Dashlane generate unique passwords per site and warn you about reused or breached ones.
- Turn MFA on everywhere. Email, banking, social, and cloud storage at minimum. App-based codes beat SMS.
- Enable automatic updates. Operating system, browser, and apps. Most successful attacks exploit holes a patch already fixed.
- Build a verification rule for urgent money asks. If anyone calls, texts, or emails with money pressure or “don’t tell anyone,” verify through a known number first.
For deeper checklists see our password security guide, awareness training playbook, and the cyber insurance coverage checklist.
Why prevention matters: The Canadian Centre for Cyber Security ranks individual account takeover and identity fraud among the top threats facing Canadians. Statistics Canada has documented roughly one in five Canadian internet users experienced a cyber security incident in the most recent reporting cycle. The RCMP NC3 reports most cybercrime in Canada is preventable through password hygiene, MFA, and software updates. Sources: cyber.gc.ca, statcan.gc.ca, rcmp-grc.gc.ca.
Talk to a Canadian security expert
Frequently asked questions
What should I do first if my email was hacked?
Move to a trusted second device, go to the provider’s official recovery page (Google, Microsoft, Apple, Facebook all publish one), reset the password, turn on MFA, then check for forwarding rules and recovery-setting changes the attacker may have planted.
Where do I report cybercrime or fraud in Canada?
Use the RCMP NC3 portal at reportcyberandfraud.canada.ca and the Canadian Anti-Fraud Centre at 1-888-495-8501. If a company exposed your personal data, also report to the Office of the Privacy Commissioner. Add local police if money was stolen or threats were involved.
How do I know if my computer is actually infected?
Look for two or more signals together: pop-ups demanding payment, a homepage that changed by itself, antivirus disabled, two-factor codes arriving when you weren’t signing in, or messages you didn’t send. Run a full Microsoft Defender scan plus Malwarebytes for a second opinion.
Do I need to contact both Equifax and TransUnion?
Yes. The bureaus don’t share fraud alerts. Call Equifax (1-800-465-7166) and TransUnion (1-800-663-9980) separately. Ask each for a fraud alert, a consumer statement with your phone number, and instructions for reviewing your credit report.
What if I sent money by Interac e-Transfer to a scammer?
Try to cancel the transfer in your banking app if it hasn’t been deposited. If the recipient uses Autodeposit, the money landed instantly; still call your bank’s 24/7 fraud line, file with the CAFC, and request a case number. Banks sometimes recover funds when reported quickly.
Should I pay a ransomware demand?
The RCMP and Canadian Centre for Cyber Security both advise against paying. Payment funds the next attack, doesn’t guarantee file recovery, and may expose you to sanctions. Disconnect the device, preserve evidence, report to NC3, and consult a professional. For businesses, our team handles ransomware triage.
Is multi-factor authentication really worth the friction?
Yes. Microsoft reports MFA blocks 99.2% of automated account-takeover attempts. Thirty seconds of friction prevents the days or weeks of cleanup after a compromise. App-based codes beat SMS, but any MFA beats none.
How do I help an older parent who has been scammed?
Keep shame out of it. Call the bank first if money is involved. Lock down email and phone-account recovery settings. Set up a password manager and MFA together. Write key phone numbers on paper so they can find them during the next scare.
