Been Hacked Fix UK

If you think you or your business has been hacked, act quickly and calmly. This guide gives you the first practical steps to limit damage, protect money movement, preserve evidence and get trusted support.

Step 1: Check the signs that something is wrong

A cyber incident is not always obvious at first. Treat the situation seriously if you notice any of these warning signs.

  • Locked accounts or unexpected password changes. You suddenly cannot access email, Microsoft 365, banking, cloud systems or line-of-business software.
  • Strange emails sent from your account. Customers, suppliers or colleagues report suspicious messages, links, invoices or attachments.
  • Missing, renamed or encrypted files. Files disappear, change name, become unreadable or show ransom-style notes.
  • Login alerts from unknown locations. You receive sign-in notifications from places, devices or times you do not recognise.
  • Unusual financial activity. Payments are redirected, invoices are altered, bank activity looks wrong or a supplier asks for payment changes.
  • Unexpected software or remote access tools. Apps appear that you did not install, or security tools have been disabled.
  • Staff reporting odd behaviour. Emails vanish, files move, browsers open unexpectedly or devices behave unusually.

Step 2: Limit the damage first

  • Disconnect affected devices from the internet. Unplug the network cable or turn off Wi-Fi. Do not wipe the device.
  • Do not keep talking to suspicious callers. If someone claims to be from a bank, Microsoft, HMRC or IT support, end the call and use a known trusted number.
  • Protect money movement. Warn anyone who can approve payments. Check bank activity and supplier payment changes using a trusted phone number.
  • Preserve evidence. Take photos or screenshots of warnings, emails, bank messages and login alerts. Write down dates, times and affected accounts.
  • Do not post about it publicly. Avoid giving attackers or scammers extra information.
  • Locate backups. Check what backups exist, but do not overwrite, delete or reconnect affected systems until you have a plan.
  • Do not pay ransom demands without advice. Payment does not guarantee recovery and can create further risk.

Step 3: Use a clean route to get help

If email may be compromised, do not rely on it for recovery decisions. Use a trusted phone number, a clean device and known contact details. IT Life-Raft can help you focus on containment, account recovery, evidence, backups and practical next steps.

Step 4: Secure accounts from a clean device

  • Reset passwords for email, Microsoft 365, banking, cloud storage and important business systems.
  • Enable multi-factor authentication where possible.
  • Check email forwarding rules, mailbox delegates, recovery addresses and unknown devices.
  • Review administrator accounts and remove anything you do not recognise.
  • Check whether payment details, supplier records or customer messages have been altered.

Step 5: Review devices, backups and monitoring

Once the immediate risk is contained, affected devices may need checking, cleaning, rebuilding or replacing. Backups should be reviewed carefully before restoration. Business incidents may also need monitoring for further suspicious activity.

  • Check whether email rules or recovery details were changed.
  • Review endpoint protection, updates, firewall status and backups.
  • Monitor bank accounts, email activity and Microsoft 365 sign-ins.
  • Check whether exposed email addresses appear in known breach data using Have I Been Pwned.
  • Move important accounts to unique passwords stored in a password manager.

Useful external resources after a suspected hack

These resources can help you check exposure, report fraud and understand whether personal data may be involved. Use them from a clean device where possible.

Need urgent help?

If this involves business email, invoices, Microsoft 365, bank payments or customer data, treat it as urgent. Contact IT Life-Raft using a trusted phone number or the urgent incident form so we can help you get calm, practical next steps.