Been Hacked How Do I Fix It? In Scotland
If you are in or around Scotland and believe you have been hacked, disconnect first, preserve evidence, and get trusted support quickly.
Step 1: Know the signs that may indicate you have been hacked.
What Might a Cyber Breach Look Like?
- Locked accounts or password changes. You suddenly can’t access email, systems or cloud services.
- Strange emails sent from your account. Contacts report suspicious messages, links or attachments.
- Missing, renamed or encrypted files. Files disappear, change name or become unreadable.
- Unexpected pop-ups or warnings. You see unfamiliar security alerts or software prompts.
- Login alerts from unknown locations. You get sign-in notifications from places or devices you do not recognise.
- Unusual financial activity. Invoices are altered, payments are redirected or bank activity looks wrong.
- New software or tools you didn’t install. Remote access tools or unknown apps appear.
- Disabled security features. Antivirus, firewall or backups stop working.
- Staff reporting odd behaviour. Files move, emails disappear or systems behave unusually.
Step 2: Simple Steps To Limit Damage After You Have Been Hacked
- Immediately disconnect devices from the Internet or turn off your internet connection.
- If you are talking to someone claiming to be from a bank or IT support, disconnect and avoid further interaction.
- Speak to a trusted colleague, director, family member or adviser before taking risky action.
- Make notes of events, capturing dates, times, names, phone numbers and affected accounts.
- Do not post about it online.
- List your internet accounts, including email, Microsoft 365, banking, cloud software and subscriptions.
- Locate backups, but do not overwrite or delete evidence.
- Do not pay ransom demands without professional advice.
Step 3: Reach Out To A Trusted IT Support Company Such As IT Life-Raft, Avoid Using Email
You do not know if someone else is watching your email. Time is against you, so use a trusted phone number or known contact route. Some cyber breaches are designed to intimidate or embarrass the victim into delaying help. IT Life-Raft will help you focus on containment, account recovery and practical next steps.
Step 4: Setting Expectations For Anyone That Has Been Hacked
The first focus is containment. In some incidents the damage may already have been done, and it may not be possible to reverse every action of a cyber breach. The priority is to stop further damage, secure devices, reclaim accounts and protect money movement.
Step 5: Securing Your Desktop or Laptop
Devices may need to be isolated, checked, updated and monitored. Do not reconnect affected machines unless instructed. If remote support is required, use only the link or instructions provided by a trusted IT support contact.
Step 6: Securing Accounts
After devices are contained, focus on account recovery. Reset passwords from a clean device, enable multi-factor authentication, review email forwarding rules, check payment details and confirm that no unauthorised users remain in Microsoft 365, Google Workspace, banking or cloud systems.
Step 7: Review & Post Cyber Breach Monitoring
For business incidents, consider whether personal data, customer data or payment data may be involved. Internal policies, insurers, banks, the ICO or law enforcement may need to be contacted depending on the incident.
- Monitor accounts for further suspicious activity.
- Check whether email rules or recovery details were changed.
- Review endpoint protection, backups and patching.
- Check whether details have appeared in known breach datasets using Have I Been Pwned.
- Use a password manager and unique passwords.
Need urgent help?
If you need practical containment guidance after a suspected hack, contact IT Life-Raft for calm, plain-English support before deleting evidence or resetting the wrong account.