10 Warning Signs | Cyber Attack Response | Holker IT
Cyber Incident Response · Signs & Symptoms

How To Tell If Your Business Has Been Hacked: 10 Warning Signs.

Most breaches aren't obvious. If two or more of these signs sound familiar, treat it as a live incident and act now, not after you've confirmed it with certainty.

Microsoft PartnerCyber Essentials CertifiedICO RegisteredISO 27001 Aligned

Get In Touch

Fill out the form and a member of our Cyber Attack Response team will be in touch. No hard sales, just honest advice.

Many businesses don't realise they've been compromised until real damage is already done: a locked file server, a supplier asking why an invoice went unpaid, or a customer reporting a strange email that turns out to have come from you. Catching the signs early gives you a much better chance of stopping a small problem becoming a large one.

Spotted one of these already? Don't wait to be sure. Call Holker IT's Cyber Attack Response team on 0333 305 2020 (Option 2) and follow our first-hour containment checklist while you wait.
The signs

10 Warning Signs Your Business Has Been Hacked.

1

Files won't open, or have unfamiliar extensions

A common early sign of ransomware. Don't try to open, rename or "fix" the files yourself.

2

A ransom note appears

As a desktop wallpaper, a text file, or a pop-up. Treat this as confirmation of an active incident.

3

Unexpected password reset or login alerts

Emails confirming a password change you didn't make, or a login alert from an unfamiliar location or device.

4

Colleagues report strange emails "from you"

A classic sign of business email compromise. Check your sent folder and inbox rules immediately.

5

Systems running unusually slowly

Especially combined with unusual outbound network activity, which can indicate malware communicating with an attacker.

6

New admin accounts or unrecognised devices

Check your Microsoft 365 or Google Workspace admin centre for accounts or devices you don't recognise.

7

Antivirus or EDR alerts you can't explain

Don't dismiss a security alert just because a scan says the threat was "removed". Get it checked properly.

8

Invoices or bank details changed without your knowledge

A hallmark of invoice fraud following a mailbox compromise. Verify any bank detail change by phone before paying.

9

Customers or suppliers report odd communications from you

If a customer says they received a strange email or invoice "from you" that you didn't send, your systems may already be compromised.

10

Your data turns up somewhere it shouldn't

A dark web monitoring alert, an unexpected breach notification from a supplier, or a customer telling you their details have been misused elsewhere.

What to do next

If Any Of These Sound Familiar.

You don't need to be certain before you act. If two or more of these signs are present, or even one that involves a ransom note or confirmed unauthorised access, start with our first-hour containment checklist: isolate the affected system, preserve evidence, and get specialist help involved.

For the full picture on what happens next, including reporting obligations and recovery, see our main guide: My Business Has Been Hacked? What To Do Right Now.

Why it matters

This Is More Common Than You'd Think.

43%of UK businesses identified a breach or attack in the past 12 months
19%of UK businesses were victims of at least one cyber crime
93%of cyber crime cases started with phishing

Source: gov.uk Cyber Security Breaches Survey 2025/2026. Only around 5% of UK businesses currently hold Cyber Essentials certification, and just 44% of micro-businesses have an external cyber security provider in place, which is often why these signs go unnoticed for longer than they should.

FAQ

Frequently Asked Questions.

My computer is just running slowly. Is that always a sign of hacking?

Not always, slow systems can have many causes. But combined with any other sign on this list, such as unusual login alerts or antivirus warnings, it's worth getting checked rather than assumed.

How do I check for unauthorised logins in Microsoft 365?

In the Microsoft 365 admin centre, check the sign-in logs for unfamiliar locations or devices, and review mailbox rules for anything you didn't set up yourself. If you're not confident doing this, call us and we'll check it for you.

I'm not technical. How do I check these signs myself?

You don't have to. Call Holker IT's Cyber Attack Response team on 0333 305 2020 and describe what you've noticed; we can talk you through a quick check or take over the investigation entirely.

Should I run an antivirus scan myself first?

A scan is unlikely to cause harm, but don't rely on "all clear" as proof nothing happened, and don't delete or quarantine anything you might need as evidence. Isolate the device from the network and get specialist advice.

What if none of these signs are present but I'm still worried?

Trust your instincts. If something feels off, whether that's a colleague's odd behaviour, a supplier's unusual request, or a system that just "feels wrong", it costs nothing to call and ask.

Get Emergency Help Now.

Call 0333 305 2020 (Option 2) and a member of our Cyber Attack Response team will call you back immediately.

Sources: NCSC Respond & Recover guidance, gov.uk Cyber Security Breaches Survey 2025/2026.

Scroll to Top