Back to my results
Print or Download as PDF

Compromised or hacked accounts can cause all sorts of trouble and a variety of consequences. It’s important to understand what to do if your financial information has been illegally accessed.

The following, immediate steps can help lock down your account and potentially kick out any hackers who have wrongfully taken control.  

 

These are critical, must-do steps that should be done in the following order:

  1. If you can access your account, log in and look for any unauthorized activity.
  2. If you can’t access your account, go to the site’s “Forgot Password” function to see if you can reset your password and log in that way.
  3. Once inside your account, change your password. Create a new password that isn’t used on any of your other online accounts.
  4. Notify the fraud department of the company that holds your account about the situation. They may ask for evidence (such as unauthorized activity). When you contact them:
    • Be sure to use an official contact method, such as the phone number listed on the back of your credit card, on your statement, or on their official website. You may be asked to verify your identity.
  5. Beware of look-alike sites that are not legitimate. Avoid clicking on unknown links that were sent to you; it could be a scam.
  6. If the account is related to your credit card or bank accounts, notify the company right away. There may be a limited time for reporting issues and recouping funds.
    • Replace any compromised credit or debit cards.
  7. If you suspect financial fraud, freeze or lock your credit.

Now that you’ve taken the first critical steps to protect yourself, it’s time to investigate and learn the extent of any damage you and others may have suffered from your account being compromised. Once you know more, you can respond more thoroughly.

Because each situation can be different at this stage, the following steps are not exhaustive or outlined in any particular order:

 

Ensure that your other online accounts are not compromised. If the compromised account is linked to other online accounts, log out of those linked accounts and log back in once your compromised account is back in your control. (For example, if your credit card is linked to an online shopping account or payment app, immediately remove the card from that site).

 

    • If the account that was compromised shares a password with any of your other online accounts, check those accounts first. The hacker may try other popular accounts using the same login information to gain access to your information.
    • Check the website Have I Been Pwned. This site allows you to see if any of your online accounts have been involved in prior data breaches, hacks, or cyber-attacks. This trusted website is run by a team of cybersecurity experts who have tracked data theft for years.
    • Check your credit. Get a free credit report to understand where you stand. You can request a copy of your own credit report for free from either of the two credit bureaus:
  • If the compromised account includes data about others (account co-holders, customer information), notify those whose information was possibly accessed.
  • Consider filing a police report.
  • Compromised accounts are some of the thorniest problems online since each account carries unique information that may or may not put you at greater risk if exposed. But the complexity of the problem, thankfully, has several long-term defenses.
  • The following steps will better prepare you against account compromise and many other forms of online scams. That’s because these steps aren’t isolated to single accounts but relate to overall online security. If you put several of these into practice, you’ll be safer day-to-day. Here are some of the most important ways to stay safe in the future:
    • Use a password manager and create and store unique passwords for each individual online account. Repeat passwords are one of the biggest vulnerabilities in account compromise and hacking.
    • Set up the defense mechanism known as multi-factor authentication, or MFA for short. To learn more about MFA and how to use it, read our FAQ.
      • Speaking of MFA, never share the one-time passcodes that are sent to your phone or email inbox with anyone, and remember that no legitimate company will ever ask you to tell them the one-time passcode over the phone or in a customer support chat.
  • Never share login credentials with anyone.
  • Never click on unknown links or respond to unsolicited text or email messages.

 

My bank account was compromised

 

My credit card was compromised

 

My investment account was compromised

 

Setting up multi-factor authentication 

 

Recognizing and preventing future incidents 

Back to my results

Warn others (report a scam)

Good job taking control of the situation! We recommend taking a few moments to report the scam to the BBB, which can help us fight fraud. If you haven’t already, please consider reporting the incident you encountered to BBB Scam TrackerSM, our prevention and reporting platform.

 

Reporting the scam to the proper channels can help law enforcement shut down scam operations that prey on others; BBB shares its data with the Federal Trade Commission (FTC). Scam submissions are published on BBB Scam TrackerSM, which enables the public to search the reports and determine whether they are being targeted. BBB Scam TrackerSM reports are also used to publish timely research and consumer education resources. Report your scam incident to BBB Scam TrackerSM. 

Avoid future scams (learn how)

Research indicates that possessing knowledge about scams and scam tactics can help people spot and avoid scams that will inevitably target them. The unfortunate truth is that scammers will always try to steal data, money, and important information from people.

 

Even when scammers are caught, others will replace them. The best defense, then, is to understand what a scam looks like and how to respond. Protect yourself and your loved ones by learning more about scam types and tactics by visiting BBB’s Scam Prevention Guide.