Whether you received an alert that your passwords are available on the dark web or you just want to practice preventive security, it’s a great idea to turn on two-factor authentication for your financial accounts.
But what if you get a different, more unsettling message? And a hacker is actively trying to break into your account but not succeeding? Should you pump your fist in celebration, bite your nails for what may happen next — or do something else entirely?
That’s what a listener of the Clark Howard Podcast recently asked.
What Do You Do if a Hacker Is Actively Trying To Get Into Your Accounts?
If you have two-factor authentication turned on and a hacker fails to break into your account(s), that’s a positive. But it can also make you wonder what to do.
During the Nov. 18 episode of the podcast, David in California asked: “My wife recently had three back-to-back codes sent to her phone for access to her PayPal account. Wow! The two-factor authentication worked! She then went on to change her password. Question: Is there anything else we need to do other than change her password?”
Better to get a text on your cell phone that alerts you that someone is trying to get into your account than to get an email noting someone has drained your account.
Still, that kind of notification is unsettling in a few ways. Someone has gotten at least one of your passwords, whether they figured it out on their own or they found it sitting on the dark web after a database breach. And they’re actively trying to get into one of your accounts.
The first thing to do is to shore up your passwords for all your financial accounts, not just the one the scammer is attempting to exploit.
“I would be aware that if somebody has figured that out, some of your other financial passwords – they may be onto those as well,” money expert Clark Howard says. “You may consider changing the ones that you have in your brokerage, 401(k), bank, credit union, that kind of thing. Do just a fresh reset on your passwords.”
Second, take some time to understand that the security of your accounts can be relative. Most security options are targets of hackers, including password managers, as Clark pointed out on the podcast.
There are even multiple types of two-factor authentication. Biometric data is one of the more secure ways to protect your accounts. But two-factor authentication via text gets exploited regularly as well.
“We’ve talked about why passwords are gonna go rear-view mirror because hackers have been able to defeat most any password system out there,” Clark says. “Criminals are stealing your cell phone service. Suddenly your cell phone will go dead because somebody has switched your cell phone service because of poor security at the cell phone carriers.”
If you have the option, it’s not a bad idea to switch your two-factor authentication from SMS (text message) to an authenticator app.
Should I Freeze My Credit?
Clark didn’t mention this on the podcast, where he tries to keep answers succinct.
But he often says that it’s a great idea to freeze your credit.
Freezing your credit at the three major credit bureaus will make it extremely difficult for anyone to open accounts in your name with your Social Security number. And you can “thaw” your credit any time you need to open a new account.
It’s an inconvenience to freeze your credit, especially when it’s time to open a new account. But if someone is actively trying to get into your accounts, it’s a good idea. And it can give you peace of mind.
Final Thoughts
Don’t panic if someone is trying to get into one of your accounts especially if your security measures are working. Just be aware that if they’ve figured out one of your passwords, they may figure out more.
Make sure that you have everything buttoned down with two-factor authentication and by changing your passwords. And consider freezing your credit.
