Welcome to part 3 of our series on getting hacked and identity theft. If you missed part 1, you can click this link to listen to our story of being hacked and having our identity stolen.
Today we're talking about what to actually do after you've been hacked. We'll walk through everything from financial and personal information to safeguards you need on your website and online business.
Make sure you have all your data backed up on the cloud, so if you do have to wipe your computer or you have any type of hardware failure your files are safe. One of the things we’ve learned is that external hard drives simply aren’t enough.
Although you might think that this is just a minor issue make sure to let the authorities know so you have a paper trail in case you need it in the future. Also make sure to start talking with the Secret Service, FTC office, FBI, and state police; although it seems like overkill it will help you in the long run.
If strange things start coming up on your homepage or ads start appearing on your blog posts, take it seriously. We thought it wasn’t a big deal at first when in reality we should have seen it as a huge red flag.
The very first thing to do when noticing your website is hacked is to figure out how the hackers are getting into the backend of your site. Start with updating old plugins and bringing on a developer to look at the code to see if anything looks out of place.
You will learn
- How do know if you’re the victim of identify theft or if you’ve been hacked.
- Where you might be at risk.
- Warning signs to know if someone has tried to log into your account.
- Actions that could lead to problems on Facebook.
- How to change passwords when you are hacked.
- What to do if you see issues with your bank account.
- Why you need to reach out to credit bureaus.
- How to recognize when your website has been hacked.
- Why slow load times might mean your data has been breached.
- Be backing up your websites at least once per day.
Links and resources mentioned in today’s show
- Episode 1 on Identity Theft and Hacking
- Episode 2 on Identity Theft and Hacking
- Chalene Johnson on being hacked
Enjoy the podcast; we hope it inspires you to explore what’s possible for your family!
Click here to leave us an iTunes review and subscribe to the show! We may read yours on the air!
Can't Miss Moments
Each week Jocelyn and I share moments that we might have missed if we had not started our online business. We hope these moments inspire you to see the possibilities and freedom online business could provide for your family.
Thank you for listening!
Thanks again for listening to the show! If you liked it, make sure you share it with your friends and family! Our goal is to help as many families as possible change their lives through online business. Help us by sharing the show!
If you have comments or questions, please be sure to leave them below in the comment section of this post. See y’all next week!
Can’t listen right now? Read the transcript below!
JOCELYN: Hey y’all! On today’s podcast, we’re going to tell you what to do if you get hacked or become a victim of identity theft.
SHANE: Welcome to the Flipped Lifestyle podcast where life always comes before work. We're your hosts, Shane and Jocelyn Sams. Join us each week as we teach you how to flip your lifestyle upside-down by selling stuff online. Are you ready for something different? All right, let's get started.
SHANE: What’s going on guys? Welcome back to the Flipped Lifestyle Podcast, you are listening to part three in our series of online security. We are going over our recent hack and identity theft event in our own lives and I thought we would share everything that we learned during this process for you to maybe keep you and your online business or just yourself safe when you are using the internet. For those who may not know us, we are Shane and Jocelyn Sams of Flippedlifestyle.com. We are former teachers who started our own online business about three years ago. We started my money online and our business grew very fast. We started making more money in a month than we were making in a year in our teaching jobs. So we decided to quite our jobs and work full-time and we now earn our entire income online. We like to say that online business flipped our world upside down but in a very good way and now we run this website, flippedlifestyle.com where we help other families start online businesses and flip their lives as well.
JOCELYN: If you’re new to our show, welcome. We’re glad you’re here. Our subject today is what you should do if you just got alerted that you data online has been compromised or what to do if you suspect that you have been hacked. We are hoping by sharing this and everything that we have learned that other people might be able to avoid some of the stress that we found ourselves in throughout this hacking event. We really hope that you help us get this important message out to anybody that you care about who is out there who uses the internet who has a website. You don’t even have to have an online business just if you are out there and you have accounts online that you need to keep safe we want to help you to keep them safer. So if you know someone like this, please share this podcast with anybody that you care about who uses the internet, people who are on social media and especially they do run an online business. So the introduction is out of the way, let’s jump straight into today’s content.
SHANE: A lot of the questions that we have been asked since we had made public that we were hacked and we were the victims of identity theft is like how did you know that this was happening. What were the keys, what were the clues that alerted you that this was taking place? So we’re going to talk about that today. We’re going to tell you how to recognize if you’re being hacked, how to recognize if you’re the target of identity theft, the warning signs that let you know if someone is trying to get into your bank accounts trying to hack into your Facebook account or emails. We’re also we’re going to cover exactly what to do when you realize that you have become a victim. This was a very overwhelming process for us. We didn’t even know where to start when this first happened, how to tell the authorities, who should we alert, who should we even contact. So we are going to try to go over that today and kind of put it in a place, in a process, or even like a checklist kind of a how to kind on what to do if you become a victim of identity theft. We are also going to share some tips for setting up alerts and protection ahead of time so that you cannot only recognize a breech faster but you might be able to mitigate some of the damage before it gets too bad.
JOCELYN: We actually realized that we were hacked when we were in vacation a few weeks ago. We were down in Florida at Disneyworld and when we realized that we were hacked we kind of panicked because we just didn’t know what to do. We were hundreds of miles away from home. We were there with our kids and all of the sudden our websites have been overtaken and we are starting to get fraud alerts like from the bank and these different types of emails saying that someone is trying to log into your account and they were unsuccessful. That’s just a little bit scary and we really didn’t know what to do.
SHANE: It was so bad that I remembered Jocelyn’s eyes. I had never seen Jocelyn’s eyes get as big as when she looked at me and said someone is trying to log into our bank. Actually got an account and Jocelyn as we were walking into Disney that I think I said this in the first podcast on this topic. She wasn’t hyperventilating but she was breathing, her eyes were closed when she was pushing the stroller and she was breathing very deeply. So panicked is the calm word to describe what we were feeling at the time.
JOCELYN: It was a very scary time and this podcast is really what we wished what we have known at this time to know what to handle this and what we should do as far as reporting it. So let’s go ahead and start with your online identity and basically if you have an email account, if you have a social media account, if you have other types of accounts, anything that you do on the internet, if you have an Amazon account, if you have a Walmart.com account, anything that you have that is part your online identity and even if you are a person who is like I don’t have any of those accounts but you probably won’t be listening to this podcast but if you think that you’re safe, you’re not. No one is safe because there is electronic information on every person who lives in the United States for sure and probably in most places in the world. There is electronic information on you so even if you think, Well I don’t use Facebook so I’m probably safe well that’s not necessarily true. There are some warning signs to know if someone has logged into one of your accounts. The first way to know that is if you lose access to your account, if you try to log in and you’re not able to do that, maybe it’s says that you have too many logged in attempts, and if you go in and say okay well I forgot my password let’s start over again and you fix the problem and it starts happening again well that could be a sign that someone is trying to put in a wrong password over and over again. If you know that you’re typing in the right password, maybe you have it I a password vault or a notebook or something like that and it’s just not working then that’s another sign that maybe someone has taken over your account.
SHANE: They might have changed your password. I mean if you know the password and you have got a simple password, and you’re using it and it’s not working, that might be saying that someone has went and changed your password on you. So not being able to log in is a huge sign that someone may have compromised your accounts.
JOCELYN: If you have a website or a social media account and you noticed posts that you didn’t create, if somebody starts putting out Ray Ban ads on your Facebook page that’s probably not you.
SHANE: Or saying bad things that you would never say. I have heard a couple other people on our Flip your Life Community have said that someone got a hold of their Facebook account and they were actually like posting as if it was them but it wasn’t really them so then they started saying like rude things to people on their accounts and it wasn’t even them, they were just messing around.
JOCELYN: Usually the social media hacks that I see are people who I have not spoken to in maybe years and they will send me a message and say like hello. And then like—hey.
SHANE: Yeah, click this link to check out my new blog or something like that.
JOCELYN: Yeah so if you got one of those, then--
SHANE: Don’t click that link.
JOCELYN: --probably don’t click it. If it’s somebody you haven’t talked to in 15 to 20 years there is probably a reason why they are saying something to you and it’s probably because they have been hacked. Not necessarily but just be careful in that situation.
SHANE: But in your own accounts if you see posts on your website, you can’t log in and you check your Facebook profile and there is a post there that shouldn’t be there, that’s a good sign that you have had some kind of compromise.
JOCELYN: if you start getting forgot password emails from your accounts that you didn’t request, that could be a sign that somebody is trying to log in to your social media or to whatever account that you have. Just keep in mind it can happen accidentally sometimes, maybe somebody accidentally typed in the wrong email and it went to you. I mean there are instances where there isn’t necessarily a red flag but it could potentially be if you start getting a lot of these then that could mean that someone is trying to log in to one of your accounts. If you start getting a lot of spam messages you start getting random friend request. Don’t answer those because they can be phishing scams. I actually gotten two of these recently on Facebook. I have received two friend requests from, one from a person who is now deceased, so I don’t they are friend requesting me.
SHANE: Yeah that’s not probably the right person.
JOCELYN: And another from one of my relatives who already has a Facebook account.
SHANE: But that’s not their Facebook account, is it?
JOCELYN: It is not. They are using their name but it’s not actually their account. So if you see something suspicious like that don’t accept that friend request.
SHANE: And don’t accept friend request form strangers. This is for all the guys out there. I’m sorry but hotgirl21 is not really trying to get your phone number randomly. She didn’t just stumbled across your profile page. It doesn’t happen like that guys. I hate to tell you. So please do not accept that friend request. Because what they usually when you do that is they start sending you links. The links have viruses they start phishing for information, and all of the sudden, before you know it, they have stolen your identity. So I hate to tell you that guys. I hate to break your hearts but it’s not happening for real. Sorry.
JOCELYN: The next thing that you can look for is a URL. So just make sure that whenever you go to a URL of a social media page or anything like that, just make sure that it is the correct one. Just be careful because they can make these look really similar and the way that I got around this just to make sure I am always going to the right site is I actually use Google to search for that website. Usually it’s the very first one that comes up and that way I know for sure that I am not mistyping something and then typing my password into a phishing scam.
SHANE: I would say the most important warning sign in that last part that Jocelyn was talking about is you get the forgot password email. I mean if you can’t log in that’s a pretty huge sign that someone might had changed your password but what happens is people will click that forgot password over and over and keep typing in the wrong password until Facebook or Twitter or whatever says are you having trouble logging in, let’s answer a secret question or two. And then they’ll go in and say what’s your mother’s maiden name, what street you grew up on, all those question that you set up that you think keep you secure are actually vulnerabilities and they don’t even need your password. They have collected enough information about you on social media. All they want to do is get to those hints so that they can start answering those questions they get in and then they change your password. So if you start getting those email you requested a forgot password for Facebook and if it wasn’t you then you need to pretty much assume that someone is trying to compromise you. They have done social hacking like we have talked about last week in episode and they think they have enough information to get into your accounts.
JOCELYN: A lot of these services now have kind of figured this out I guess and their emails that says forgot password, it will say if you did not request this click here and let us know. So they made it is easy to go in there and say I didn’t really request this, this is not me and then stop who is ever trying to get into my account.
SHANE: As soon as you realize someone may be logging into your social media, emails or they are trying to get into their online accounts you need to take some immediate steps. If you think that you have had a compromise, if you think there is a problem, there is no real way to know where the compromise is right away. So we recommend if something happens, someone changed your password or someone hacked you, you need to go to a fresh computer, one that you never used before on any network that is away from your house, you know go to a coffee shop, go to the library, go somewhere else for in task and you need to change all of your passwords. You can use the guidelines from our last podcast episode 57. That’s flippedlifestyle.com/podcast57 where we talked all about how to create safe and secure passwords. But it is really important that you use a fresh machine and network to do this because if your machines have kind of a keylogging software or they have someway gained access to your information through your network, then changing it at home is not going to solve the problem because they are just going to get the new password. That’s what was happening to us every time we would change our password, they would log in directly with our own password because they were taking it and when we typed it in it was sending them a message with the new password. So it’s really important that you use a fresh machine that you go in, use a fresh network and once you have changed everything at a new location, then you need to go back to your machine and you need to run an antivirus program to look for bugs and malware what’s the Kentucky version of that?
JOCELYN: I would say malware.
SHANE: I think the word that you all people listen probably be I my word, I would go with malware because I think that’s how would we say it in Southeast Kentucky. I am just saying. Once you changed everything, make sure you look at your systems and that’s there is no compromises. Check your router, check your machine and as soon as we realize that we were hacked, we knew that this was definitely outside not something we were screwing up. We just turned our machines off, we got in the car, we drove to Walmart literally. We were in Ashville, North Carolina at this time because right after Disney we had to go over to Ashville and we just shut off our computers off completely, went to Walmart, bought to little cheap computers. Only connected to public connections or our cellphone networks and we changed all of our passwords on brand new machines because that way we knew for sure that there was nothing compromised on them and everything we changed will stay that way. Once we did that, that blocked everybody out for a while until we got back home and got on our router because that was one of our breaches was our router. That stopped the problem for us. It was to go get a new machine, a new network and change all of our passwords. We have MacBook Pros for all of you guys out there and girls who like to argue Mac versus PC. I hate to tell you this but we got hacked on Mac. That’s just the way it is. They are all vulnerable if you’re not safe so it’s not just a Mac-PC issue here. But we took our Macs to the Mac store and we have them scanned for malware and then we had them erased, completely erased. What did they tell us to do? A deep—it wasn’t just a reboot. They actually erased the entire hard drive and reinstalled everything for us to make sure that they were completely clean. When you change your password, do it from a clean location, clean machine and then go back and analyze your device and see if you can find where the hackers got in.
JOCELYN: When you do these things, this means that it’s much, much harder for them to get back into your information. If they are hacking you from your home network, which is what was happening to us and we did not realized it, then everything that you typed into that home network is being transmitted to them. So when you take these precautions and you use different machines and different networks, that protects you that much more if you’re having an internal type hacking. This helps you make sure that once you get the hackers out, they can’t get back in through the same ways that they used to hack in the first place. An important thing you need to remember here is that you need to make sure that you’re backing anything up somewhere out in a cloud. You can use iCloud, Dropbox, Google Drive, any of those are just fine just to store that information and back it up so it’s not just stored on your own computer.
SHANE: I mean that would have been awful. Like we had to erase all of our computers and if we were not using some kind of cloud storage we would have lost everything. But it was cool because once we rebooted our computers we were able to just connect back to Dropbox or Google Drive or whatever and get our information back.
JOCELYN: A lot of people well, have an external hard drive. Well, that won’t always protect you. We had one of those a few years back and somebody that I know, won’t mention any names, kicked it over and it stopped working.
SHANE: Who did that? Why would someone do just kick the external hard drive?
JOCELYN: It was an accident or so he says. It fell over--
SHANE: That guy said it was an accident whoever it was.
JOCELYN: The funny thing is about that though like it didn’t even fall that far. It was maybe like six inches that it feel and it never worked again. Luckily I had the foresight to back up all of our pictures and videos on DVDs too so I was like super old school. We even have like DVDs. Because at the time, there was cloud storage but it wasn’t like really widespread like now.
SHANE: The bottom line is hardware failure is very possible and also if you keep connecting that external hard drive to your machine and there is a compromise on your machine, you might have a virus or something on that hard drive and you put it right back on your computer as soon as you clean it.
JOCELYN: So it’s a really good idea to make sure you’re backing everything up in the cloud. One of my greatest fear is someone would get hold of my pictures and videos and that’s something that you can never get back. I mean the pictures and videos of my kids when they were babies, I’ll never get that back if that gets gone. So make sure that you’re backing that up somewhere, preferably on the internet and I am even going to start doing mine in two different places because I am actually that paranoid.
SHANE: We actually have a set up where you can connect your computer to Dropbox and Dropbox will back up your files so they are on your hard drive and they are on Dropbox and then you can use a service called IFTTT.com, If This Then That is what that stands for then you can link your Dropbox to your Google Drive. So what happens is every time you hit save it’s on your hard drive, there is a backup on Dropbox and it automatically makes a copy on Google Drive. You do have to pay for these services but a couple of hundred bucks a year like Jocelyn said is worth protecting the video of Isaac when he walked for the first time or Anna when she laughed for the first time. Those are things that you can’t get back. A lot of these hackers too, when I was studying all of these things that they do, sometimes they’ll just get in and delete everything. Someone, who was that? Shane Lyn Johnson. Shane Lyn Johnson just had a podcast about her recent experience with getting hacked. They got into her Instagram account and just deleted all of her pictures for spite. So this isn’t just lose your money and identity, theft, you had to protect your data as well or you might not get it back. So to wrap this section up, if you think your personal online identity, your online account were hacked, or you feel there is a problem, make sure you go through this process to get them back under control. Don’t use your machines again until they had been cleaned and you’re sure you’re safe. Check your router, make sure your firewall is on before you reconnect to the network, and that all your settings are set the way they should be. Probably your factory settings to be default and be secure and make the hackers can’t get back in and to prevent all these use two-step authentication for all of your online accounts and make sure that you’re backing all of your stuff up with something like Dropbox or Google Drive. That way if you do have to wipe your machines, you’re going to get all that information back again.
JOCELYN: Next we are going to talk about what you should do if you feel like your financial information might possibly have been compromised. The scariest part of all of these for us is when we started getting the bank alerts.
SHANE: It was awful.
JOCELYN: Most of us can deal like a Ray Ban ad on our Facebook wall or like a spamming Google ads on our website. But when you get an email saying that is someone is trying to log into your bank account it starts getting a little bit more real. That was just really scary and eye opening for me. The first thing you can do right now to prevent this from happening, if it has not happened to you yet and I hope it hasn’t is to set up alerts into your bank account. Most of the banks today have ways to let you know if there is any potential fraudulent behavior related to your account. Usually you can set it up. You can get text, you can get emails, or you can get both.
SHANE: You can get set the amount too, don’t you? Like if it’s 100 bucks, 500 bucks.
JOCELYN: The way that our bank is we can set up if your bank account, if there is a withdrawal, deposit, above X dollars you can get an alert. If something withdraws x dollars or more from your account you can get an alert. There is different types of alerts you can set up and if you don’t have these on your bank account right now, I really encourage you to go online and get these set up right away.
SHANE: You can even set it up I think location base. We live in Kentucky so if all of a sudden there is a charge in Montana or somewhere, North Dakota, some random location like that.
JOCELYN: Welcome to all of our Montana and North Dakota listeners.
SHANE: Yeah welcome everybody listening from Montana and North Dakota. If you are listening from Montana and North Dakota, go leave a comment on this podcast this is your one shinning moment. But if you get a random place from another location, then it will tell you that too, it may even deny it. Didn’t we go somewhere one time and it denied our--? We were out of town and we forgot to let the bank know and it froze or something.
JOCELYN: Yeah it happens all the time.
SHANE: Oh California, we were in San Diego, remember?
JOCELYN: Yeah we always forget when we travel to let out bank know and so we all the time will get an alert saying what’s going on.
SHANE: Someone is getting robbed and they are in California.
JOCELYN: Which is a good thing. I mean it does get sort of annoying sometimes, like right now we have alerts turned on for like any transactions over $1. So it is really super annoying sometimes because we get a lot of bank notifications but it does help me sort of going it through throughout the day or at the end of the day and just see what has been going in and what’s been coming out and that way you can just make sure that it’s nothing out of the ordinary.
SHANE: So what do you do if someone is trying to withdraw money from your account or have gained access to your account? You have seen this, you have got the alert set up and you’re like oh no something is going on. Well the first thing that you have to do is contact your bank. Don’t even mess around with it. Don’t think about it, find a way to get in touch with someone at your bank call your 1-800 number if there is 24 hours service. We highly recommend only using banks that offer 24 hour customer service because hackers like to hack bank accounts on the weekends when it’s hard to get a hold of somebody so make sure you check that when you’re choosing a bank. A lot of people will say well your money is protected in the bank, if someone steals it they will give it back to you or if it’s FDIC insure which is an FDIC is an American means that the federal government insures your money after a certain amount if something happens to it. You do get it back but it might take a while. You know if someone goes in and clear your bank account and it takes them a week or two to clear out the mess and make sure you didn’t do it and blah-blah-blah, then you don’t have any money. We have seen this happen to our family members to our friends where something happened and they have lost--somebody got their money out of their account and there was a mistake made and their mortgage is due and they didn’t have their money back yet or whatever. So that can happen to you so you have to be careful and not let this problem get out of hand. As soon as you think there is a problem any red flag with your bank accounts or credit cards you need to contact your bank immediately. You know a lot of people might say well I have got to be at work or I have got somewhere to go or like we were at Disneyworld and we didn’t say hey let’s just go on to the park and we’ll handle this at lunch where we come back for a nap or something like that. We stopped everything and said no. we went to an ATM, got a couple of hundred dollars in cash out and then called out bank immediately. That way we would have some cash at hand and we told them to freeze every account except from one card and look for strange purchases. We told them that we were in Orlando Florida and that we didn’t want anything to happen outside of Orlando, Florida with our money. We turned off online banking completely that way people couldn’t initiate any kind of transfers or anything like that. There was like 48-hour period where me and Jocelyn couldn’t even log in to our bank account or something like that.
JOCELYN: Yeah we actually purposely locked ourselves out of our bank account so no one could log in just to make sure.
SHANE: The only way we could access is would by calling them to verify it was actually us.
JOCELYN: Yeah or going in to the actual branch.
SHANE: Exactly. So don’t mess around with your money. If they get in—I saw at Facebook or something else that’s embarrassing that’s bad but guess what, if they get a hold of your money, you’re in trouble, your livelihood is at stake. So as soon as you get any kind of red flag call your bank immediately. The next thing you should do when you think your financial information has been compromised is to immediately contact one of the three main credit bureaus those are Experian, Trans Union and Equifax. Those are the three big companies in America that manage everyone’s credit. That’s where you get your credit score. But you need to contact them immediately so that they know that there has been some kind of data breach and that someone could be out there, trying to impact our credit. There is a lot of different things that make up your financial portfolio. There is your actual cash in your bank but there is also your credit score, your credit report and like your credit cards. People might try to go in and might take a credit card in your name. You only have to report it to one of these companies because by federal law and this is mostly we are talking to our American audience here, there might be something similar in your country that manages this. But in America, by law the credit unions or the credit bureaus are required to notify the other two if you notify one. We actually called Equifax to let them know that something was wrong that we had data breach and that somebody had all of our information. They old us don’t worry about it, we will immediately contact Trans Union and Experian. This is really important because one of the easiest ways for someone to steal your identity is to take out a credit card in your name. They really don’t need much, social security number something like that. They will get a credit card and then what they do is they go and they’ll buy what they call gift cards from Target or Walmart or something as fast as they can as many as they can. That way if you cancel the credit card, or if you realized if something is wrong they had already bought $20,000 in untraceable gift cards and they are out spending that money basically. This happens every day all over the world, especially in America so it’s really important that you lock down your credit because you don’t want anyone to be able to take out a credit card in your name. You can actually turn your credit off when you call these companies to where you can’t go get alone, you don’t get anything but if you don’t need a mortgage or a car right now, there is no reason for your credit to be turned on. So as soon as you think there has been some kind of data breach, let the credit bureaus know so that they can stop your credit and that you don’t have to deal with the aftermath of someone taking out a loan in your name, taking a credit card in your name or somehow manipulating that.
JOCELYN: Putting a freeze in your credit, it can be a little bit in the pain in the neck. We went over because we had to get new phones and they went to do a credit check and our credit was frozen.
SHANE: Because we froze it basically.
JOCELYN: Yeah and they actually said, it’s saying that it’s fraud and we were like no, no it’s because we reported it as potential fraud.so anyway we had to sit there in the store and call Equifax and it is more steps and it is a little bit of trouble to do but it is worth it because you know for sure that no one is out there trying to open a bank account or credit card or cellphone or whatever it might be in your name. It’s definitely a lot less painful than having like $20,000 in credit card bills that someone else spent. We also signed up for service from Equifax that is about $20 a month and it actually lets you log into a website and you can turn your credit report on or off so people can’t even access it to do a pull on your credit unless you tell them that it’s okay. So that’s actually pretty cool. You don’t have to sit on the phone. You can just log in through Equifax or whatever credit bureau you choose and turn that on or off. I am sure the other two probably have these services also. It is a little inconvenient to have to call a credit bureau.
SHANE: But how often do you really go out and need your credit. I mean if you’re going to get a phone, if you’re going to get a credit card or take out a loan but you don’t do that every single day. So really just leave it when you can turn them on when you need it and turn it off when you don’t and that’s another layer of protection even if you do get your identity compromised. They just can’t go out and take out a loan at your name.
JOCELYN: It’s actually a little bit like insurance. You have to have it and it’s one of those things you hope you don’t need but if you do need it it’s there to protect you so we definitely recommend doing that if you haven’t already. We will list the websites and the phone numbers of all the credit bureaus in today’s show notes. You can head over to flippedlifestyle.com/podcast58.
SHANE: The final step in securing your financial information is to notify the authorities. You want to leave some kind of trail of documentation behind as soon as you realize that you have some kind of fraud or identity theft. So make sure you have got just a record of everything that’s happening that way you can legally fight the charges, get out of all the money that’s been charged into your account and that you can clear this up. The first thing you need to do is to notify your local police, call the police department in your area, don’t dial 911. No one is dying here folks. This is really just ones and zeroes in the banks and stuff like that. But it is serious so call the police. Tell them you need to file an identity theft police report and leave the 911 alone because that’s for people who are like n danger with death and dismemberment and this is getting a little morbid. But just call the police department and just file a police report at your local authorities. Next you need to notify a couple of different departments if you’re in America in the federal government. I am sure in other countries that there are federal authorities or at the nation level authorities where you need to deal with this. It might be a little different process but this is what you do if you’re listening at the United States. You need to notify the social security department and let them know the social security number might be threatened. There are multiple agencies that handle identity theft, we reported it to all of them and you probably should too but you need to start with the secret service, believe it or not. They handle a lot of the identity theft problems in the United States. Let the FTC know. The social security office actually directed us over to the FTC office, they also gave us a phone number for that. We also include that in the show notes. The FBI has an identity theft division. You can notify them and file a report as well and it is also a good idea in most states to notify your state police. It seems like a little overkill to do all that and it probably won’t do anything in the short-term but it will help you to create a paper trail, a timeline of events to let people know when the identity theft happened when you were aware of it. It gives you something as you’re dealing with these financial institutions as you are sorting out the mess, to kind of refer back to and say no I reported an identity theft at this time, this is when I recognized it and it just gives you a lot of proof of what is going on. Also remember you are going to be really mad and vengeful when this happens and notifying the police an important step. They may catch the bad guys, they may not but the most important thing is you secure yourself and that you’re able to recover from this even if the bad guys don’t get caught, they might go away and once they go away you’re still you’re going to have to live your life. So make sure you do your due diligence. Report this to all the authorities that you can and it will help you to get your life back in order in the back side of this even if they don’t catch the bad guys.
JOCELYN: On that subject, don’t forget about your online financial account so it’s not just banks. Make sure to notify Paypal if you use Paypal. Remember that Paypal is not FDIC insured. There are some people who keep tens of thousands of dollars on Paypal. I have seen it time and time again. Please don’t do this. You shouldn’t be keeping a whole lot of money there because it’s not insured so you need to be moving that over and that’s a whole other ball of wax. As far as the need of that goes you definitely need to let Paypal know. If you use that you might have possibly been attacked. Also look out for other accounts that might store your financial information. If you use accounting software. If you use any type of app or something like that that pulls from your bank accounts or financial information just make sure that all that is secured, don’t forget to secure. Remember to consider anyone else that your data breach could impact. Maybe it’s your customers. Have you put someone else’s data at risk? And you didn’t even really think about it.
SHANE: OR your family like if they hack your Facebook account and you had it set to private well they can access all of your family stuff so they can start learning about them and try social hacking them maybe.
JOCELYN: So just keep that in mind as you’re looking through all this stuff and trying to keep yourself protected.
SHANE: A side note here but it’\s also really important to use a third party payment gateway. You shouldn’t be collecting any information yourself. Like any of the information that Jocelyn and I keep. The only think we know about anybody that has ever done business with us online is their email address. That’s it because we use third party gateways. We don’t even get access to any information that anyone has ever given us for payments, for personal information, anything like that because the only thing we collect is the email address. So you sue third party gateway like Stripe, like Paypal authorized on that to collect payments. Protect yourself and your customers by using these big services. Don’t try to boot strap and don’t try to go out and sign for it yourself, you don’t want hat information because you don’t want to ever expose that to anybody else. So it’s really important to do that and that way you can protect your customers and you clients as well as yourself. So that wraps up how to protect yourself during identity theft from a financial standpoint. Now, let’s talk about this should apply to most people listening to this podcast, how to protect your website and your online business, how to recognize when your website has been attacked, how to know if hackers have got in and how to get all that back together again. Your website is really the core of your online business. We lost total control of all of our website during this attack at times and that’s really bad because you know without our website we don’t have our online business. It’s kind of hard to make a living when you don’t have any way to sell things online. So there are a lot of warning signs to look out for to kind of recognize this. I think that looking back now, you know 202/0 is always perfect eyesight. We did not see the signs of how serious this was immediately. We thought it was just kind of like maybe like a spam bot or something doing this and we didn’t realize it was actually a physically a human being on the other end of this connection so keep an eye out for these things as you start your online business as you get deeper on eh online business and maybe you can kind of see when this is happening and do something about it faster than we did. If things start appearing on your website that don’t belong like Google ads, tons of spam, if the layout of your homepage changes or something looks different on your website and it’s because of the responsive nature of the theme or anything like that, if your low times increase for no reason, one of the biggest clues that we missed that we were being hacked and a victim of identity theft was that our internet slowed down tremendously. Because what was happening was not only were things being put on our websites that was causing them to load slow, but our data was being filtered and pushed through a different area like to the hacker himself before it was sent on to the rest of the internet. So basically double the traffic was coming out. If we were to go to CNN.com, well it would go to the hacker and CNN.com so it was doubling our bandwidth. So if you see a lot of problems with your internet or your low times increased for no reason, anything that is out of the ordinary, and it’s not just normal kind of online business, you might be being hacked, you might be experiencing some kind of data breach. If there is a similar problem like what we talked about earlier, email and social media accounts, if you can’t log in even that you know that you’re typing the password correctly or if the URL is different. If that’s not the wpadmin or whatever. If you see unusual usernames in your list of users or people that are logging in to your website, if you see an admin account that shouldn’t be there. If you’re getting those forgot password emails, when you didn’t set it up or if your click forgot password yourself, and it sends you a password instead of taking you to a screen to change your password, that is a huge red flag that something is wrong. That shouldn’t be sending you a password, it should be letting you change your password instead. Anything weird going on with your website: the log-ins, the URL; it’s probably a sign that someone has got in somehow and change something and they are trying to hack you and take your information.
JOCELYN: Before you have a problem, you need to make sure that you’re making frequent back-ups of your website. We actually backup several times a day now but you definitely have to backup enough, I say at least once a day.
SHANE: That way if there is a problem, you can actually roll back to one of your backups before the hackers got in and you don’t lose everything.
JOCELYN: But as soon as you realize you do have a problem, you need to contact your website host immediately. This is probably going to be over your head so you’re going to need some help. You’re going to need your server host and anybody who send any kind of work on your website, you’re probably going to need their help.
SHANE: You need someone who understands CSS and code because they are going to have to look for codes that should not be in your website to find out how they are getting in and how they are manipulating everything, how they are adding all these Google ads and things like that to your site.
JOCELYN: The very first thing that you want to do is find out how they are getting in because you need to stop that immediately. Ways that they could get in, we talked about this on another podcast are old plug-ins that are not updated. They could get in using a password page that maybe you don’t recognize and you accidentally compromised your information by typing your password into or it could even be your computers like we were talking about before. You need to close all the doors that you can, make sure that you’re sealing them out. Follow the same steps that we talked about earlier for your emails and your social media accounts. Those are using different machines to find the problem using different networks. Go to a public network, use a different computer. Don’t forget to clear off your machines and your router before you start all over again. You don’t want to just come on back home and not realize that your router is hacked and then start all over again. This actually happened to us.
SHANE: That sounds familiar.
JOCELYN: So don’t do that. Once you shut down and you secure all of your accounts, all of your computers you can then go back in, clean out the mess and in the end you may even have to do a clean WordPress install and start your site all over again and roll it back to a point that you know where it hasn’t been hacked. That’s why those frequent backups are so important. You really need to be doing this at least once a day.
SHANE: Yes it does suck that you’re going to go back out and fix everything. You have to understand that but it’s really no different in real life than as somebody spray paints your house, or they key your cars or something else. There are bad people out there. It is inconvenient but you can’t throw yourself a pity party when something bad happens. You just have to roll up your sleeves and fix the mess. That’s all you can do. So don’t let the pity party creep in and when you do realize that this is happening don’t panic. That’s the absolute worst thing you can do. It really does feel like the end of the world when identity theft and fraud happens to you. I mean this is probably one of the worst. This is without question one of the top five worst things that has ever happened to us as a family and probably even as in before we have met when we’re individuals. This was a really difficult event that we are still picking up the pieces from. But it is not the end of the world. At the end of the day, it’s just something that happens. It’s all going to work out in the end, it will get solved and you’re going to move on and you’re going to rebuild. It could even happen again to us but it’s not going to bring us down and it’s not going to destroy us just because bad people decided to do bad things. All you can do in the end and all of this stuff whether it’s prevention or fixing the mess after it happens is your best. So if it happens to you, follow the steps above that we outlined today. That will get you started, do that, try to take back control of your life, take back control of your websites, your social media, your bank account sand move on. It’s really all you can do. We got to a point last week probably where we were so overwhelmed and so stressed out and we were like how is this ever going to get fixed. And both of us were just kind of like we just going to have make a list and start at the top and work our way down and eventually we will get caught up. Will we lose customer because of this? Probably. Will we lose money because of this? Yes definitely we already have, a ton of money. Has it created a little but more inconvenience in our life? In some ways it has but you know what it is what it is and at the end of the day all you can deal with is hand out your debt. So that’s what we’re going to do. Be positive, move on, we are wiser now, we are stronger now because of this and we have definitely learned our lesson and hopefully these last three podcasts and the Q and As that we have done have been able to help you guys secure yourselves and maybe you can prevent this from happening to someone else. Also remember too that if this does happen to you being bitter and angry and vengeful is not really going to solve anything. There is a very good chance that they are not going to find the person that is doing this to you, but you can’t let it ruin your life. Because if you let it affect you, I promise you the thief has moved on. He has already gone to his next to his next victim or she has already gone to their next person they are trying to phish or hack. So it’s not ruining their life so don’t let it ruin yours. No matter what happens you get to control how you respond to situations like this and that response will determine your future, not the actions of some petty thief or the losses that you incurred during the event. So just buck up little troopers and if this does happen to you, move on. It’s really the only thing you can do. It’s what we’re doing and we are going to move forward and we are going to stay the course and keep going the way we were going before it happened.
JOCELYN: We close every Flipped Lifestyle podcast with a can’t miss moment and that just means something that we might not have had the opportunity to experience before we started our online business. this week’s can’t miss moment was taking our little girl Anna to preschool together. This is her first year of preschool. She is four years old and we decided that we are going to let her go to preschool this year and we were one of only a couple of mom and dad combos that we saw at the preschool.
SHANE: I think there was a couple of dads without their moms but I think there was one other couple that was a mom and dad in there. We need to ask them if they have an online business.
SHANE: It was at a 9 am on a Tuesday.
JOCELYN: This creeps into like every aspect of our life. But we love online business that much. But we also love out daughter and we went in there to the preschool room and just watch her play with some of her new little friends and we have a great time this morning and it’s all thanks to what we are able to do every single day because of the wonderful customers and the wonderful things that we have going on online. Even though people try to take us down, they are not succeeding because we are keeping on going. So we are just all thankful for that and for all of you who have given us support this entire time.
SHANE: Something new that we are doing at every podcast as we wrap things up is we are sharing a bible verse with you because we draw a lot of our—we don’t get in quotes and things like that but we draw a lot of inspiration out form the bible and that we definitely read quite a few verses over the last few weeks to build us up and give us strength. As we are coming out of this mess, we have a great verse today that I think really applies and I think it’s a fitting verse to close out this series. On the evil people attacking us and trying to steal our identity and that is Romans 12:21: Don’t let evil conquer you but conquer evil by doing good. So I hope that sharing our story and being very transparent about our identity theft and getting hacked is doing some good out there. It is protecting you guys and your online identity, your financial information and your websites and online business and if we can do anything to help you take your online business to the next level, all you have to do is shoot us an email or head over to flippedlifestyle.com/flipyourlife and let us and we would love to do that. So until next time guys get out there, take action on what you have learned on the last few podcast, protect yourself, be safe, flip your life. We’ll see you then. Bye.