Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Why Your Computer Has Probably Not Been Hacked

It’s a knee-jerk assumption that is most often wrong.

I regularly hear from people who believe their computer has been hacked and is under someone else's control. It's very rarely the case.
Text: You've been hacked - or have you?
(Image: canva.com)

Individuals often contact me because they believe their computer has been hacked and that someone is controlling it remotely. A common symptom is that they “fix” this problem only to have it almost immediately “hacked” again.

Most of the time, it was never compromised in the first place.

I’m not saying it’s not possible; hacks do happen, of course. But 99 times out of 100, the people contacting me in this situation are experiencing something else entirely.

And it’s not a hack. Not even close.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Your machine has probably not been hacked

People often believe their computers have been hacked because of unexpected behavior like slowdowns, network activity, or mouse movement. All are typically benign and explainable. Pop-ups, missing files, and perceived intrusions often result from normal processes or browser tricks, not hacks. The best approach is to keep yourself secure using standard recommendations.

If it’s not a hack, what is it?

Most of the time, what people interpret as a hack is some kind of system behavior that they didn’t expect and don’t understand.

That’s it.

I’ll run through some examples in a moment. Computers are extremely complicated; they do things we don’t understand or expect all the time. More often than not, it’s benign, if occasionally annoying.

But if you have a reason or a tendency to believe someone’s after you, then unexpected, unknown behavior can easily be seen as threatening even when it’s not.

Normal system behavior

When your computer system slows down for no apparent reason, the concern is that a hacker is doing something with your computer at that moment. In reality, there are several more likely scenarios.

  • Windows update could be updating.
  • The Search Indexer could be indexing.
  • Your security software could be performing a scan.
  • Your backup software could be backing up.
  • Other legitimate background tasks could be occurring.

Many of these happen without on-screen indication. Your computer just starts doing something even though you haven’t asked it to.

All of them are benign and expected. You can check CPU usage and disk activity to see what programs are really to blame.

Unexpected network activity

Perceived network slowdowns are also a common issue that some take as a sign of an intruder.

The concern is that someone has access to your machine and is in the process of copying your data from it. Particularly if your connection is slow to moderate in speed to begin with, that kind of activity could indeed manifest as a slow connection.

But then, so could many other more likely things.

  • Windows Update might be downloading updates for your computer.
  • Your security software might be downloading its updates.
  • Your cloud software (OneDrive, DropBox, Google Drive, and others) might be uploading recent changes on your machine or downloading recent changes made elsewhere.

There are other possibilities. Any of them are more likely than nefarious activity. You can check network activity to see what’s what.

The case of the moving mouse pointer

This one freaks people out.

Without your hand being anywhere near the mouse, the mouse pointer moves on its own across your screen. Must be a hacker controlling it remotely, right?

More often than not (and I’ll fall back to 99 times out of 100), it’s nothing like that. It’s much more likely to be dirt and dust in and around the mouse’s sensor or a poor surface on which the mouse is having difficulty sensing movement. It could also be a malfunctioning mouse (or one low on battery, if it’s wireless).

The solution for those is simple: clean the sensor, use a different surface or mouse pad, or consider replacing the mouse or at least trying another for a bit.

One situation I run into periodically is misbehaving software on my machine that causes it to freeze up for a moment. Once the freeze is over, the mouse pointer flies around the screen as it catches up on all the mousing that happened during the freeze. This isn’t even a mouse issue; it’s other misbehaving software. In my case, I suspect the display driver.

Pop-up warnings

Sometimes, scary pop-up warnings tell you your computer is infested with malware or has been hacked. That warning often comes with a phone number to call or some other action you need to take RIGHT NOW. Some even make it look like they’ve taken over your machine.

They haven’t. The vast majority of these pop-ups don’t come from your computer at all.

They’re from a website you’ve visited. It’s the website that’s been compromised, not your machine. The compromise causes that website to launch full-screen windows within your browser with the scary warning. Shutting down the browser typically gets rid of the messages1, and then you know to never visit that site again.

Definitely never take the action that the message indicates you must take. If you do, you could be phished or you could end up downloading malware allowing your machine to be hacked.

Missing files

Files go missing all the time. It can be frustrating, but it’s not a sign that someone is removing or copying them from your machine.

I’ve certainly accidentally deleted files on occasion.

Sometimes the software we run is so poorly designed that it causes files to be lost (looking at you, OneDrive “backup”).

Sometimes disk cleanup tools — even so-called performance enhancers and system optimizers — are too aggressive and end up deleting things they shouldn’t.

My advice here is two-fold: don’t run those enhancers or optimizers (they rarely do anything useful), and make sure you’re backing up.

The dilemma: 1 out of 100

Here’s the real problem: every one of those items I list as symptoms above could indeed indicate your machine has been hacked.

It’s just extremely unlikely.

Occam’s Razor –“The simplest explanation is usually the best one.” — applies.

In all these cases, the simplest explanation is something significantly less nefarious than a hacker accessing your machine.

Do this

So, if we can’t trust the symptoms with 100% accuracy to tell us when something’s happening, what can we do?

The same old litany of steps you’ve heard over and over again.

  • Don’t open attachments you’re not 100% certain are safe.
  • Don’t click on email links you’re not 100% certain are legitimate.
  • Keep your security software as up to date as possible. Make sure it’s working and scanning appropriately.
  • Keep your system as up to date as possible.
  • Secure your online accounts with strong, unique passwords and two-factor authentication when possible.
  • Maintain a healthy level of skepticism.
  • Back up.

And if you still truly believe that your system is under the control of someone else and you can no longer trust it, stop using it. Find a trustworthy tech friend or shop to help you understand what is and is not happening, and take steps based on what’s found.

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

Footnotes & References

1: Sometimes the browser pop-ups are so well-crafted that they prevent you from closing the browser or even switching away. In those cases, a forced shutdown is sometimes the only way out.

10 comments on “Why Your Computer Has Probably Not Been Hacked”

  1. The Search Indexer, security software, and backup software shouldn’t have much effect on your computer speed if those programs are well-designed. Macrium Reflect and others are designed to go to a low-priority state so as not to significantly impact speed. If you find. If you find a program significantly affecting performance, you might want to look for an alternative or have it run when you are not using the computer if it’s possible.

    Reply
  2. I just ran into this the other day. Saw an interesting Facebook post. I was interested to learn more. It was supposed to be an ad, so, I clicked to learn more. Next thing I know, the screen is flashing. Someone has taken over my computer and there is nothing I can do unless I call a phone number. It was certainly designed well to instill panic. In the back of my mind, I knew it would be fake, but the longer it took me to figure out how to get control back, the more panic starts to set in. I get why some people get taken in by these things. And since it’s my laptop, just pulling the plug wouldn’t shut it down. Holding power, just put it to sleep and it immediately came back when I switched it on. It wasn’t until after a Ctrl+Alt+Delete to sign off and sign back in and returning to the browser and seeing the screen this time in a tab that I figured out the webpage had immediately gone into full screen mode.

    Reply
    • A flashing screen designed to instill panic is usually not a sign of malware. Nowadays, most malware works silently in the background stealing passwords, bank logins, or other data. Most hackers don’t advertise that they’ve installed malware. I’m not saying malware won’t do that but the odds favor a hacked website or a rogue ad popup.

      Reply
  3. On my Windows 11 primary laptop PC, I have the Power button set to Shut Down the computer, so if I ever encounter a scenario such as Leo describes, all I have to do is press the Power button to shut down the laptop, then even though I know I’ve not been hacked, I’ll run a full offline system scan (can take a long time), followed up with a MalwareBytes Free edition full scan, just to be safe. I’m confident that between these two scanners, if anything’s amiss, one of them will catch it.

    I check for updates using Windows update (system), and Patch My PC (software), weekly to keep my computers as up to date as I can, and I have Macrium Reflect Free edition set up to create a weekly full system image, and differential images every Tuesday through Sunday, keeping four image sets (A Full System image, and six Differential images) so I can look back up to 28 days if file recovery is ever needed.

    Finally, and perhaps most important, I practice what I describe as Cognitive Security, which I won’t explain in detail here, because I’ve done so many times before, and the name implies what it’s all about (being cognitively aware of the dangers of the Internet, and anything found there). See my post on “Think 2FA Is Bulletproof? Here’s Why You’re Still Vulnerable”
    https://askleo.com/think-2fa-is-bulletproof-heres-why-youre-still-vulnerable/ for more details.

    Ernie

    Reply
  4. @Simersen, There are a lot of legitimate ads on Facebook. In fact most ads that I see are from legitimate companies. The product advertised was not something typically associated with risky clicking. In future, please try to avoid blaming the victim. Would you blame the victim of a theft because they victim had glass windows in their house allowing a thief to smash the windows? Maybe that victim should just brick up all their windows? We all need to take care when we are online and even though we all try our hardest to spot the bad eggs, we all still get caught out at some time. The lesson here was, “Don’t panic. It can usually be fixed.”

    Reply
  5. James B: Unfortunately such analogies don’t work in this case, nor for most cases when someone is victimized via online activity. Most online victimization starts and continues by the victim doing something they’ve been told not to do. Such as clicking a link in an email. Perhaps it was a momentary laps. What I do in such cases is note down the name of the product and then go to Google and/or Amazon and search for it. Of course, there are no guarantees of safety on Google and Amazon, but they are much better than Facebook.

    Reply
  6. @Simersen, I’m glad you are so superior to everyone and never make a mistake. I’m sorry you have a hard time empathizing with others.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.