-Security questions: You should make fake questions and fake answers for security challenges on for your online accounts. No one can guess something that isn’t part of your personal information.
-Should you contact the police: If you are concerned about fraud and are considering contact the police don’t expect them to solve the hacking. However, filing a police report is probably a good step for documentation if the bad guy begins identity and/or bank fraud. This way if you need to work with your bank to get money back you have the police report as documentation even though the police may not be able to do squat to stop this person. The hardest thing for people to realize is that their information is attainable online so a lot of “security questions”, your ssn and contact information are completely useless for protection against a motivated bad guy.
-Two Factor protection:
-Enable the two factor authentication on everything that supports it so someone can’t just access your account with a password reset. They could be intercepting your text messages so temporary passwords via text messages aren’t enough. I suggest using an Authenticator app and possibly a U2F key. There are Authenticator apps for Apple, Microsoft and Google. They act like an RSA key fob that you get issued by banks and large companies and work by giving you a temporary numeric key that changes every 30 seconds.
-Two factor (Apple): https://support.apple.com/en-us/HT204915
-Two factor (Google): https://www.google.com/landing/2step/
-Two factor (Microsoft): http://windows.microsoft.com/en-us/windows/two-step-verification-faq
-Two Factor Auth (U2F key) – An additional step is to also use a U2F key to authenticate with your password manager and even many websites like Dropbox and google allow the use of a U2F key in Google Chrome browser. Firefox is not yet supported.
-Two factor: make sure you changes his email passwords as well and sets up two factor authentication on those email accounts as described above.
-Banking: Get an RSA key fob. They are often free from your bank or broker. Also ask about other forms of two factor authentication. If they do not offer an RSA key ask what options are available. Also ask how they protect your account when someone calls them. Often the biggest security risk to your account is customer service.
-You should change the passwords for your cellular wireless carrier in case the bad guy is calling your wireless carrier to get access to your phone. Once again use fake questions and passwords and a secret pin if available. You should keep those security questions private. For now don’t keep them electronically on your devices or computers. Just keep them on piece of paper at home, not on the computer you suspect.
-Never* use your work computer or public computer to access any sensitive accounts in case it’s a coworker or hacker has gained access through your work systems. The same logic extends to public wifi. Don’t ever login to your accounts on a free wifi without a VPN to encrypt your wireless information. One VPN service is privateinternetaccess.com for your computer and phone, it’s around $40 a year. There are a lot of VPN service o ptions out there.
-Check the email addresses that are linked to your account. You should only have the ones you intend associated and no more. If you have addresses you don’t use or don’t recognize then remove them.
*Always have your computer up to date on security updates.
*For checking for malware on my computer i often use MalwareBytes, it is free for basic stuff.
Look, I know this is a *lot* of information for the average person, but getting someone out of your systems can be a pain if they are motivated and know what they are doing. These are all steps I would consider in this situation and I do them regularly. A lot of this stuff may sound like overkill but it really isn’t anymore. The bad guys are really clever and the techniques are constantly evolving.
MY THOUGHTS ARE MY OWN AND NOT THAT OF MY EMPLOYER. THERE IS NO GUARANTEE THAT THE STATEMENTS ABOVE WILL WORK. I PROVIDE NO EXPRESS OR IMPLIED WARRANTY.