What to Do if Your Windows Phone or PC Has Been Compromised
When you suspect that either your Windows PC or Windows Phone has been compromised, then it can be very concerning. You need to take steps to figure out what might have happened, how it occurred and the worst likely outcome. This applies whether it’s someone picking up your unlocked phone and messing with it, or an employee or former friend who’s copied files or deleted some off your PC.
Here are a few pointers about how to proceed if you think something might have happened.
First, Stop Any Further Damage or Loss
It depends what might have been done as to whether there’s a serious problem. It could be that someone has added malware or a virus to your PC or mobile device. In which case, you’ll need to install a virus and malware scanner and removal tools depending on what’s on the system. Data may get corrupted as a result, or it may be necessary to wipe the device and start over from a backup.
Disconnect from the internet while you’re making checks just in case someone is connected to your computer or phone right now.
If you’re unsure what’s happened, then you might want to consider computer forensics. These computer forensics firms specialize in looking at computing equipment and getting to the bottom of exactly what’s happened – even to the extent of discovering another person’s attempt to hide their activities by covering their tracks. These firms have specialist software which most people don’t own that helps discover more information.
Second, Determine If Data Has Been Deleted or Transferred
For your computing devices, you can look at logs of changes to files. If you’re doing so manually, you can review the modified dates of files that you regularly use to see if they’ve been updated since the last time you accessed them. The above link provides five different approaches to see which files might have been modified recently, possibly without your knowledge.
Make sure these have all been virus and malware checked before opening them though. This avoids opening a file that’s been intentionally infected.
Third, Look at How the PC or Device Was Used Recently
Review the recent internet usage of your PC too. Certainly, go into your installed web browser and access the ‘Browsing History’ feature. This will show all the recently viewed websites. It’s possible that someone who accessed your device decided to surf the web and then wipe the records to cover their tracks, but maybe they weren’t as thorough. This can sometimes indicate the identity of the person based on what sites they accessed. They may not even have logged out of a personal account on some of these websites, which may provide further clues on who they were and what they were doing.
Also, the recent cookie text files created for the browser are a good indicator of websites accessed. These might still be present even if the browser history was wiped.
It’s not the end of the world when your security is compromised, but it is something to take seriously. By proceeding appropriately once it happens, it won’t completely ruin your day.