Cyber
Incident
Recovery.
Your field manual for the moment you've been hacked — the bank, the email, the crypto, the phone. Contain it, take back control, and build the record everyone will ask for.
This guide provides general information about responding to cyber incidents and fraud. It is NOT legal, financial, or cybersecurity advice. The author is not a lawyer, banker, or security professional. Threats, platform procedures, and laws change and vary by jurisdiction. Call your bank or card issuer's fraud line directly, and consult qualified professionals for advice specific to your situation.
When you've been hacked,
the order is everything.
A charge you didn't make. A login alert from a city you've never visited. A password-reset email you didn't request — or worse, one you can no longer log in to. The instinct is to do everything at once from the device in your hand.
That's the mistake. If the device or the account is compromised, fast-but-wrong moves hand the attacker your new passwords as you type them.
This manual is one calm sequence: contain, take back the email that controls everything else, freeze the money, lock down the rest, and write it all down — because the bank, the police, your insurer, and the credit bureaus will every one of them ask for the timeline.
Work from a clean device. Everything you do to recover assumes you're resetting passwords from a phone or computer that was not part of the breach. Reset from the infected one and the attacker simply captures the new credentials.
Thirteen chapters.
One first-response record.
Triage by incident type, then work the chapter that matches what happened to you. Every chapter cross-references the others, because real incidents rarely come one at a time.
- 01Triage — Which Incident Do You Have
- 02The First 60 Minutes — Disconnect, Lock Down, Freeze the Money
- 03Bank & Financial Account Fraud
- 04Crypto Theft
- 05Identity Theft
- 06Account Takeover — Email, Social & Cloud
- 07Infected or Locked Device & Ransomware
- 08Phone & SIM Swap
- 09Reporting & Resources
- 10The Prevention Playbook — Harden So It Can't Happen Again
- 11Evidence Checklist
- +Glossary · Operator Maintenance
Resource Pack — what you also get
- CIR-OS-INCIDENT-RECORD (fillable PDF) — The Cyber Incident First-Response Record. An incident snapshot, the Critical/High action checklist, a Contact & Reference Log for every case and claim number you'll be quoting for weeks, and a Recovery Anchors sheet for the offline record that lets you rebuild. Print it and keep it beside you through every call.
Who this is for.
Money moved that you didn't authorize. You're locked out of your email or social. A new device or login appeared on your accounts. Your phone suddenly lost signal (a SIM swap) and codes stopped arriving. You need the next move, in order, right now.
The immediate fire is out and now there's a week of bank disputes, police reports, credit freezes, and account hardening ahead. The manual carries you through the long tail and keeps your evidence file straight.
This is not a replacement for your bank's fraud team, law enforcement, or a security professional. For large losses, business compromise, or active extortion, escalate — the manual tells you when and to whom, so you walk in organized.
One price. Forever yours.
Identity-theft "protection" services bill you monthly forever and still hand you a call-centre script when something goes wrong. We charge $48 once. The work is in the sequence, the chapters, and the record — not in a subscription. Buy it, use it, recover.
Frequently asked
Is this Canada-specific?
The reporting contacts — Canadian Anti-Fraud Centre, Equifax and TransUnion Canada, CRA identity theft, Service Canada for SIN misuse — are Canadian, with Alberta crisis lines noted. The recovery sequence itself (contain, anchor your email, freeze the money, lock down, record) is universal. Swap the agency names, keep the moves.
Does it replace my bank or the police?
No. It gets you to them faster and more organized. The manual tells you exactly who to call, in what order, and what to have ready — and the Incident Record captures the case and reference numbers you'll be quoting to all of them for weeks.
What format do I get?
One PDF (the manual) and one fillable PDF (the Cyber Incident First-Response Record). Bundled as a zip after checkout. Open in any free PDF reader; print the record and keep it beside you.
How does delivery work?
Checkout is handled by Stripe — secure, encrypted, thirty seconds. The moment payment goes through, the confirmation page shows your download link, and the same link arrives in your Stripe receipt by email. The link works indefinitely. If you ever lose access, reply to your receipt and we'll resend.
Refund policy?
Digital products are generally non-refundable once delivered. That said — if the manual genuinely doesn't fit your situation and you tell us within 14 days, we'll refund you. We'd rather you ask than feel stuck.