Account takeovers can be scary, but by moving quickly to counter the damage, you can limit the impact – and hopefully prevent it from happening again.
Recognize the Signs of an Account Takeover
Look out for signs such as unfamiliar login notifications, unexpected password changes, missing funds, or unauthorized purchases.
Act Quickly
As soon as you realize your account has been compromised, take immediate action to regain control. The longer you wait, the more damage the fraudster can potentially do.
Notify the Account Provider
Contact the provider of the compromised account, whether it's a bank, email service, social media platform, or other online service. Use the provider's official contact information, not any contact details provided by the fraudster.
Change Your Passwords
If possible, change the password for the compromised account immediately. If you reused that password anywhere else, change it for those accounts as well (just remember to use a different strong password!).
Enable Two-Factor Authentication (2FA)
If you haven’t already enabled two-factor authentication for the affected account, do so immediately.
Check for Unauthorized Activity
Review your account activity and transaction history to identify any unauthorized transactions or changes made by the fraudster. Report any suspicious activity to the account provider immediately.
Secure Your Devices
If the account takeover occurred due to malware or a security vulnerability on your device, scan your computer, smartphone, or other devices for malware and take steps to secure them. Update your operating system, antivirus software, and other security programs to the latest versions.
You should also check the account’s list of authorized devices, if available, and revoke access to all other devices. If you share your account between devices or family members, you can always go back later and re-add them where necessary once your account has been secured.
Monitor Your Accounts
Keep a close eye on all of your financial and online accounts for any further signs of unauthorized activity. Regularly review your account statements and set up alerts for unusual transactions or changes.
Report the Incident
If the account takeover involved financial fraud or identity theft, report the incident to the relevant authorities, such as your local law enforcement agency or the Federal Trade Commission (FTC) at www.identitytheft.gov. Provide as much detail as possible about the fraudster's activities and any losses you've incurred.
Alert Your Contacts
If the fraudster used your compromised account to send phishing emails or messages to your contacts, alert them about the situation. Advise them not to interact with any suspicious communications purportedly from you and to be cautious of similar scams.
Educate Yourself
Take this opportunity to educate yourself about common tactics used by fraudsters to take over accounts and how to protect yourself from future attacks. Stay informed about the latest cybersecurity threats and best practices for securing your accounts and personal information.