PanicStation.org
UK USA
uk Technology & digital loss browser homepage changed overnight • default search engine changed • browser hijacked • unwanted search engine • suspicious browser extension • homepage keeps changing back • search redirect • new tab page changed • chrome settings changed overnight • edge search engine changed • firefox homepage changed • safari homepage changed • malware or adware suspected • potentially unwanted program • device behaving strangely • account sync changed settings • managed by your organisation message • phishing after browser change • protect passwords now

What to do if…
your browser homepage and default search engine change overnight

Short answer

Treat it like a possible browser hijack: stop using that browser for anything sensitive, then remove suspicious extensions/apps and run a malware scan before you sign back into accounts.

Do not do these things

  • Don’t type passwords, card details, or recovery codes into the affected browser “just to check something” until you’ve cleaned it.
  • Don’t install random “cleaner”, “driver updater”, or “security” tools prompted by pop-ups.
  • Don’t click “Allow notifications” or “Install” on unfamiliar pages trying to “fix” your browser.
  • Don’t keep repeatedly changing the homepage/search engine if it keeps flipping back — that can waste time while the cause remains.
  • Don’t ignore messages like “Managed by your organisation” if this is a work/school device — you may not be able to fix it safely yourself.

What to do now

  1. Pause sensitive activity. Close any tabs where you were logged into email, banking, or password managers. If possible, use a different device (or a phone on mobile data) for anything urgent.
  2. Check if a work/school policy is controlling it (quick test).
    • If you see “Managed by your organisation” in browser settings and this is a work/school device, stop and contact your IT/admin. Don’t try to bypass controls.
  3. Remove suspicious extensions first (most common cause).
    • Open the browser’s extensions/add-ons list and disable anything you don’t recognise (especially “search”, “coupon”, “PDF”, “new tab”, “security”, “assistant” tools you didn’t choose).
    • Then remove them, not just disable, if you’re confident they’re unwanted.
  4. Undo the change using the browser’s built-in reset/refresh.
    • Use your browser’s reset/restore settings feature to return the homepage and search engine to defaults (this typically disables extensions and resets key settings while keeping bookmarks).
    • If you’re using Firefox, use Refresh Firefox.
  5. Look for the underlying installer (often a “bundled” app).
    • On Windows: open “Apps” / “Installed apps”, sort by recently installed, and uninstall anything unfamiliar from the last day or two.
    • On macOS: check Applications for anything you don’t recognise; removing the app can remove the extension it installed.
  6. Run a reputable malware scan and update.
    • Run your device’s built-in security scan (for example Windows Security) or a reputable antivirus you already have installed.
    • Then update your operating system and browser.
  7. If you used the affected browser for passwords recently, secure the most important accounts.
    • Start with email, then banking, then any account that reuses the same password. Turn on two-step verification where available.
    • If you can, do password changes from a different device or after cleaning.
  8. If you clicked a suspicious link or got a scam message connected to this, report it (optional but useful).
    • Forward suspicious emails to report@phishing.gov.uk (National Cyber Security Centre).
    • Forward scam texts to 7726 (SPAM) to your mobile network.
  9. If money was lost, you were hacked, or you installed something due to a scam: report it.
    • Use the UK police reporting service Report Fraud (it replaced Action Fraud).
    • If you’re in Scotland, contact Police Scotland instead (101 for non-emergency; 999 in an emergency).

What can wait

  • You do not need to decide today whether this was “definitely malware” — focus on removing control (extensions/apps), scanning, and securing accounts.
  • You do not need to reinstall your entire operating system unless the problem returns after the steps above.
  • You do not need to chase every browser setting — the key is removing what’s enforcing the change.

Important reassurance

This is common and often caused by a single extension or bundled app. Taking a calm, methodical approach (remove extensions → reset browser → scan → secure accounts) usually gets you back in control.

Scope note

These are first steps to stabilise the situation and prevent irreversible mistakes. If the settings keep reappearing after removal and scans, you may need deeper device support (IT support, a trusted repair shop, or specialist help).

Important note

This is general information, not a guarantee or a diagnosis. If you suspect ongoing compromise, repeated account takeover, or financial fraud, prioritise account security and official reporting.

Additional Resources
Support us