Written by Mike Pearlstein, CISSP, CEO of Fusion Computing Limited. Helping Canadian businesses build and manage secure IT infrastructure since 2012 across Toronto, Hamilton, and Metro Vancouver.
KEY TAKEAWAYS
- Disconnect first. A machine that’s still online is still leaking data, draining accounts, or pushing scams at your contacts.
- Reset passwords from a clean phone or laptop, not the infected one. Email is the priority because it unlocks everything else.
- Turn on multi-factor authentication on every account that supports it before you do anything else.
- Report to the Canadian Anti-Fraud Centre, RCMP NC3, your bank, and the OPC if personal data was exposed.
- Run a complete malware scan, review active sessions, and document times, screenshots, and case numbers as you go.
Have you been hacked? Start here.
If you suspect an account or device has been compromised, the next ninety minutes matter more than the next ninety days. Stop using the affected machine, switch to a second one you trust, and work the six steps below in order. Across Fusion Computing’s 47 incidents we helped individuals respond to in 2024-2026, this sequence works whether the trigger was hacked Gmail, a fake CRA text, an e-Transfer scam, or a ransomware pop-up.
Talk to a Canadian security expert
Six-step response at a glance
| Step | Action | Why it matters |
|---|---|---|
| 1 | Disconnect compromised devices and accounts | Stops active data theft and remote control sessions |
| 2 | Change passwords from a clean device | Prevents the attacker from capturing the new credentials |
| 3 | Enable MFA on every account | Blocks reuse of stolen passwords from breach dumps |
| 4 | Report to CAFC, RCMP NC3, and the OPC | Creates a case record banks and platforms accept |
| 5 | Contact your bank if financial data was exposed | Triggers fraud holds, card replacement, dispute filings |
| 6 | Run a malware scan and re-secure devices | Removes persistence so the attacker cannot return |
Step 1: Disconnect compromised devices and accounts
According to Statistics Canada’s Canadian Internet Use Survey, 70% of Canadian internet users experienced a cyber security incident in 2022, up from 58% in 2020. Getting offline quickly is the one move that stops every category of active attack at once, from data theft to live screen control. Source: Statistics Canada, 2023.
Pull the affected machine off the internet first. Turn on airplane mode, disable Wi-Fi, or unplug the ethernet cable. If a remote-access tool like TeamViewer or AnyDesk is running because a fake support agent had you install it, end the session and uninstall the tool. Disconnection cuts the attacker’s live access while you work the rest of the steps.
Sign out of suspicious sessions on the account side too. Most providers (Google, Apple, Meta, and most others) expose a “sign out everywhere” or active-session list. Use it.
Step 2: Change passwords from a clean device
Fusion Computing sees the same mistake across its individual incident calls: a credential reset typed on a still-infected laptop hands the attacker the new secret in real time. Start from clean hardware, then work through accounts in priority order. The Government of Canada’s Get Cyber Safe program publishes plain-language account-security steps for individuals. Source: Get Cyber Safe, Government of Canada, 2026.
Move to a phone or computer you trust, ideally one that has never signed in to the account in question. Reset the email login first, whether that’s Gmail, Outlook, or iCloud, then banking, then social, then anything sharing the same credentials. Use a password manager to generate unique replacements; reuse turns one breach into total takeover.
After you regain access, check for forwarding rules, changes to recovery contact details, and unfamiliar app permissions. Attackers plant these so they can walk back in later; most major providers surface them in their account security checkups.
Step 3: Enable MFA on every account
Multi-factor authentication blocks 99.2% of automated account-takeover attempts according to Microsoft’s security research (2023). Turn it on for your inbox, banking, social, and cloud storage. App-based codes (Google Authenticator, 1Password, Authy, or similar) are stronger than SMS, though SMS still beats no MFA at all. Our explainer on the benefits of multi-factor authentication walks through the trade-offs without jargon.
Step 4: Report the incident
Reporting in Canada is free and creates the paper trail banks, insurers, and platforms ask for. According to the Canadian Anti-Fraud Centre (2025), Canadians reported more than CA$638 million in losses in 2024, and fewer than 10% of victims ever file a report. Use more than one authority; each handles a different slice. Source: CAFC, 2025.
| Authority | What to report | How |
|---|---|---|
| Canadian Anti-Fraud Centre (CAFC) | Fraud, identity theft, money loss, romance scams | antifraudcentre-centreantifraude.ca or 1-888-495-8501 |
| RCMP National Cybercrime Coordination Unit (NC3) | Cybercrime, ransomware, extortion, online threats | reportcyberandfraud.canada.ca |
| Office of the Privacy Commissioner (OPC) | Personal data exposed by an organization | priv.gc.ca/report-a-concern |
| Canadian Centre for Cyber Security | Critical infrastructure or business-scale incidents | cyber.gc.ca or 1-833-CYBER-88 |
| Local police (non-emergency) | Threats, blackmail, stalking, sextortion | City police non-emergency line; 911 if active |
Step 5: Contact your bank if financial data was exposed
If a card number, banking login, Interac e-Transfer, or void cheque was shared, call the 24/7 number on the back of your card right now. Call, do not write, and do not wait until morning. The first 60 minutes often decide whether unauthorized charges can be reversed before settlement.
Ask the agent to freeze it, flag the account for monitoring, and document a case number. Then place a fraud alert with both Equifax Canada (1-800-465-7166) and TransUnion Canada (1-800-663-9980); one bureau does not notify the other.
Step 6: Run a malware scan and re-secure devices
On Windows, run a full Microsoft Defender scan plus a second-opinion tool like Malwarebytes Free. On macOS, the built-in XProtect plus Malwarebytes for Mac is a reasonable pair. On iPhone or Android, update the OS, remove apps you don’t recognize, and review configuration profiles or admin permissions an attacker may have planted.
If pop-ups keep returning, the screen is locked by ransomware, or you gave remote access to a fake support agent, treat it as untrusted until a professional clears it. A local repair shop or Canada Computers can do a deep clean. For business machines, talk to a Canadian security expert instead.
Many of the individuals who call us also run a company; the same Fusion Computing team covers both sides:
“We chose Fusion after evaluating several MSPs and have been extremely pleased. They have been a key partner in helping us strengthen our cybersecurity while keeping the business running smoothly.”
How do you know if you have actually been hacked?
Real compromises usually leave fingerprints. The Canadian Centre for Cyber Security publishes advisories on the brands scammers impersonate most, including the CRA, Canada Post, and major banks. If two or more of the signals below appear at once, treat the situation as a confirmed incident and run the six steps above.
- Account-recovery emails arrive that you never asked for
- Friends or coworkers report messages or DMs you never sent
- Unknown sign-ins, devices, or locations show in your account activity
- Email forwarding rules, backup phone numbers, or backup emails changed without your input
- Bank, card, or e-Transfer alerts for transactions you don’t recognize
- The browser homepage or default search engine changed by itself
- Antivirus or Defender is suddenly disabled and won’t turn back on
- Pop-ups demand a ransom, threaten file deletion, or push fake support numbers
- Your mobile bill shows premium SMS charges or unfamiliar international calls
- Two-factor codes arrive when you weren’t signing in
Across the 47 individual incident calls Fusion Computing handled from 2024 to 2026, we tracked “2FA codes I didn’t request” as the best early warning, and an FC internal benchmark from Q2 2026 of that anonymized client data confirmed it. Unrequested codes mean the attacker already has your login and MFA is the only thing holding the door.
Not sure what you’re seeing? Talk to a Canadian security expert before you wipe anything; wiping destroys the evidence claims adjusters and investigators ask for.
How do you prevent this from happening again?
According to the RCMP’s National Cybercrime Coordination Unit, most cybercrime in Canada is preventable with basic credential hygiene, MFA, and software updates. Fusion Computing recommends the same four habits to every individual we help; set them up once and the next phishing message doesn’t land. Source: reportcyberandfraud.canada.ca, 2026.
- Use a password manager. Bitwarden, Dashlane, and similar tools generate a unique login per site and warn you about reused or breached ones.
- Turn MFA on everywhere. Email, banking, social, and cloud storage at minimum. App-based codes beat SMS.
- Enable automatic updates. Operating system, browser, and apps. Most successful attacks exploit holes a patch already fixed.
- Build a verification rule for anyone demanding funds. If a text, voicemail, or urgent request brings payment pressure or “don’t tell anyone,” verify through a known number first.
If you also run a business, the free IT business assessment scores your fundamentals company-wide in a few minutes.
Fusion Computing runs a CISSP-led security team at a Microsoft Solutions Partner, working since 2012 with Canadian businesses and the individuals behind them.
Talk to a Canadian security expert
Frequently asked questions
What should I do first if my email was hacked?
Move to a trusted second device, go to the provider’s official recovery page (Google, Apple, Facebook, and others all publish one), reset the sign-in, turn on MFA, then check for forwarding rules and edited backup contact details the attacker may have planted.
Where do I report cybercrime or fraud in Canada?
Use the RCMP NC3 portal at reportcyberandfraud.canada.ca and the Canadian Anti-Fraud Centre at 1-888-495-8501. If a company exposed your personal data, also report to the Office of the Privacy Commissioner. Add local police if you lost money to theft or threats were involved.
How do I know if my computer is actually infected?
Look for two or more signals together: pop-ups demanding payment, a homepage that changed by itself, antivirus disabled, login codes arriving when you weren’t signing in, or messages you never sent. Run a full Microsoft Defender scan plus Malwarebytes for a second opinion.
Do I need to contact both Equifax and TransUnion?
Yes. The bureaus don’t share alerts. Call Equifax (1-800-465-7166) and TransUnion (1-800-663-9980) separately. Ask each for a fraud alert, a consumer statement with your phone number, and instructions for reviewing your credit report.
What if I sent money by Interac e-Transfer to a scammer?
Try to cancel the transfer in your banking app if it hasn’t been deposited. If the recipient uses Autodeposit, it landed instantly; still call your bank’s 24/7 line, file with the CAFC, and request a case number. Banks sometimes recover funds when reported quickly.
Should I pay a ransomware demand?
The RCMP and Canadian Centre for Cyber Security both advise against paying. Payment funds the next attack, doesn’t guarantee file recovery, and may expose you to sanctions. Disconnect the device, preserve evidence, report to NC3, and consult a professional. For businesses, our cybersecurity services team handles ransomware triage.
Is multi-factor authentication really worth the friction?
Yes. Microsoft reports MFA blocks 99.2% of automated account-takeover attempts. Thirty seconds of friction prevents the days or weeks of cleanup after a compromise. App-based codes beat SMS, but any MFA beats none.
How do I help an older parent who has been scammed?
Keep shame out of it. Call the bank first if money is involved. Lock down email and phone-account recovery settings. Set up a password manager like 1Password or Bitwarden and MFA together. Write key phone numbers on paper so they can find them during the next scare.

