What Kind of Access Attempt?

Unauthorized access attempts fall into two main categories: attempts to access your online accounts (email, banking, social media) and attempts to access your local machine directly. The response differs significantly between these two scenarios.

Online Account Alerts

Emails or SMS alerts saying someone tried to log in from an unknown device or location.

Local Login Attempts

Failed login alerts in Windows Event Viewer, macOS Console, or screen appears different after absence.

Suspicious Activity

Strange processes running, new accounts created, files changed, or remote access tools installed.

Responding to Online Account Breach Attempts

If You Received an Alert But Didn't Click Anything

  1. Change your password immediately from a device you trust, using a network you trust. Don't use the same device or network the attempt may have come from.
  2. Enable Multi-Factor Authentication (MFA) if not already on. Even if the attacker has your password, MFA prevents them from completing the login.
  3. Review active sessions in the account settings — most services (Google, Apple, Microsoft, Facebook) show all logged-in devices and locations. Revoke any you don't recognize.
  4. Check if your email was used elsewhere — search your email for "welcome" and "account" to find every service you've registered with. If this password was reused, change it everywhere.

If the Login Was Successful

If an unauthorized user actually got in, the steps above apply — plus:

  • Check account activity logs for what was accessed, changed, or downloaded
  • Check sent emails for messages you didn't write
  • Check for added recovery email addresses or phone numbers (attackers add these to maintain access)
  • Contact the service's security team if you suspect ongoing compromise

Email is the master key. Whoever controls your email controls every account with password reset. Securing your email account — with a strong unique password and MFA — is the single most important defensive action you can take.

Suspicious Local Machine Access

Review Windows Login Logs

Event Viewer (Win+R → eventvwr.msc) → Windows Logs → Security. Look for Event ID 4625 (failed login) and 4624 (successful login). Note the times — if there are successful logins at times you weren't at the computer, someone else has access.

Review Mac Login History

Open Terminal and run last to see all recent login/logout times. Also check System Settings → Privacy & Security → for apps that have requested unusual access (Accessibility, Full Disk Access, Screen Recording).

Check for Remote Access Tools

Remote access software (TeamViewer, AnyDesk, Chrome Remote Desktop) can be used by someone who has physical or prior remote access to install monitoring tools. Check:

  • Windows: Startup apps in Task Manager → Startup tab; also check msconfig → Startup
  • Mac: System Settings → General → Login Items
  • Both: Look in installed programs for unfamiliar remote access applications

Hardening Your Machine After an Incident

  1. Change your Windows/Mac login password — use a strong, unique password not used anywhere else.
  2. Enable disk encryption — BitLocker (Windows Pro) or FileVault (Mac) prevents access to your files if the machine is stolen or accessed physically.
  3. Review all user accounts — Control Panel → User Accounts or System Settings → Users & Groups. Remove any accounts you didn't create.
  4. Update everything — OS, browser, and all software. Attackers exploit known vulnerabilities in outdated software.
  5. Run a full malware scan — use Malwarebytes to check for any malware that may have been installed during the unauthorized access.

We do security audits. If you suspect unauthorized access to your machine, bring it in. We review login logs, check for installed remote access tools, scan for malware, and harden your system against future attempts.