NCSS small.png




You’ve been hacked – do you know who to call?


Cybercrime can be particularly difficult to investigate and prosecute because it often crosses

legal jurisdictions and even international boundaries. According to the 2015 Verizon Data Breach

Report, intrusions go undetected more than 200 days from the actual event. Some criminals

disband one criminal operation — only to start up a new activity with a new tactic — before an

incident even comes to the attention of the authorities. Once you believe you have been the victim

of a cybercrime, it’s important to report it and to protect the evidence.




Seek Legal Advice. If you are a business owner, seek legal advice to guide you in addressing
whatever liability and reporting requirements govern the breach. Protecting sensitive employee

data, health data, or credit card data have various governing regulations and notification requirements.


Local law enforcement. Even if you have been the target of a multi- jurisdictional cybercrime, call

your local law enforcement agency (either police department or sheriff’s office). They have an

obligation to help you, take a formal report, and make referrals to other agencies. Report your

situation as soon as you find out about it. Some local agencies have detectives or departments

that focus specifically on cybercrime.


IC 3. The Internet Crime Complaint Center (IC3) will thoroughly review and evaluate your complaint

and refer it to the appropriate federal, state, local, or international law enforcement or regulatory

agency that has jurisdiction over the matter. IC3 is a partnership between the Federal Bureau of

Investigation and the National White Collar Crime Center (funded, in part, by the Department of

Justice’s Bureau of Justice Assistance). Complaints may be filed online at




Even though you may not be asked to provide evidence when you first report the cybercrime, it

is very important to keep any evidence you may have related to your complaint. Keep items in a

safe location in the event you are requested to provide them. Evidence may include:


  • Canceled checks and copies of bank statements
  • Certified or other mail receipts
  • Credit card receipts
  • Envelopes (if you received items via FedEx, UPS, or U.S. Mail)
  • Faxes
  • Log files, if available, with date, time and time zone
  • Messages from Facebook, Linkedin, Twitter or other social networking sites
  • Money order receipts
  • Pamphlets or brochures
  • Phone bills
  • Printed or preferably electronic copies of emails (if printed, include full email header information)
  • Printed or preferably electronic copies of web pages (to prove web defacement)
  • Wire receipts


And most importantly, don’t shut down your computer or erase any files. Law enforcement

and/or a computer forensic specialist will need the evidence stored on your hard drive and memory

storage locations.




Many cybercrimes start with malware—short for “malicious software.” Malware includes viruses and

spyware that get installed on your computer, phone, or mobile device without your consent—you may

have downloaded the malware without even realizing it!  These programs can cause your device to

crash and can be used to monitor and control your online activity. Criminals use malware to steal

personal information and commit fraud. If you think your computer has malware, you can file a complaint
with the Federal Trade Commission at  Often malware is embedded in links to

emails or attachments.  Don’t open an attachment from someone you don’t know!






  • Ransomware
  • Business Email Compromise
  • Pwned
  • Voter Registration Systems
  • Data
  • Identity Theft


Download a PDF of this fact sheet.


Still have questions, need help?

Contact us at our “Ask-an-Expert” service, or visit us at the link below.


©2018 National Cybersecurity Society, All Rights Reserved



Become a member of The National Cybersecurity Society today and learn more about how to protect your business from a cyber attack.



About The National Cybersecurity Society


The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education,

awareness and advocacy to small businesses.  The NCSS provides cybersecurity education tailored to the needs of

the small business owner; helps small businesses assess their cybersecurity risk;  distributes threat information to

business owners so that they will be more knowledgeable about the threats facing their business; and provides advice

on the type of services needed to stay safe online.

Similar Content