My bank, credit union or investment account was compromised

The following, immediate steps can help lock down your account and potentially kick out any hackers who have wrongfully taken control.  

 

These are critical, must-do steps that should be done in the following order:

• • If you can access your account, log in and look for any unauthorized activity.
  • If you can’t access your account, go to the site’s “Forgot Password” function to see if you can reset your password and log in that way.
  • Once inside your account, change your password. Create a new password that isn’t used on any of your other online accounts.
  • Notify the fraud department of the company that holds your account about the situation. They may ask for evidence (such as unauthorized activity). When you contact them:
    • Be sure to use an official contact method, such as the phone number listed on the back of your credit card, on your statement, or on their official website. You may be asked to verify your identity.
  • Beware of look-alike sites that are not legitimate. Avoid clicking on unknown links that were sent to you; it could be a scam.
  • If the account is related to your credit card or bank accounts, notify the company right away. There may be a limited time for reporting issues and recouping funds.
    • Replace any compromised credit or debit cards.
    • If you suspect financial fraud, freeze or lock your credit.

Now that you’ve taken the first critical steps to protect yourself, it’s time to investigate and learn the extent of any damage you and others may have suffered from your account being compromised. Once you know more, you can respond more thoroughly.

• Because each situation can be different at this stage, the following steps are not exhaustive or outlined in any particular order:
• Ensure that your other online accounts are not compromised. If the compromised account is linked to other online accounts, log out of those linked accounts and log back in once your compromised account is back in your control. (For example, if your credit card is linked to an online shopping account or payment app, immediately remove the card from that site).
• If the account that was compromised shares a password with any of your other online accounts, check those accounts first. The hacker may try other popular accounts using the same login information to gain access to your information.
• Check the website Have I Been Pwned. This site allows you to see if any of your online accounts have been involved in prior data breaches, hacks, or cyber-attacks. This trusted website is run by a team of cybersecurity experts who have tracked data theft for years.
• Check your credit. Get a free credit report to understand where you stand. You can request a copy of your own credit report–for free –from any of the three major credit agencies (Equifax, TransUnion, Experian) at Annual Credit Report.com.
• If the compromised account includes data about others (account co-holders, customer information), notify those whose information was possibly accessed.
• Consider filing a police report.
• If you are 60 years or older, call the National Elder Fraud Hotline at 833–FRAUD–11 or 833–372–831

 

Compromised accounts are some of the thorniest problems online since each account carries unique information that may or may not put you at greater risk if exposed. But the complexity of the problem, thankfully, has several long-term defenses.

The following steps will better prepare you against account compromise and many other forms of online scams. That’s because these steps aren’t isolated to single accounts but relate to overall online security. If you put several of these into practice, you’ll be safer day-to-day. Here are some of the most important ways to stay safe in the future:

• Use a password manager and create and store unique passwords for each individual online account. Repeat passwords are one of the biggest vulnerabilities in account compromise and hacking.
• Set up the defense mechanism known as multi-factor authentication, or MFA for short. To learn more about MFA and how to use it, read our FAQ.
  • Speaking of MFA, never share the one-time passcodes that are sent to your phone or email inbox with anyone, and remember that no legitimate company will ever ask you to tell them the one-time passcode over the phone or in a customer support chat.
• Never share login credentials with anyone.
• Never click on unknown links or respond to unsolicited text or email messages.

• How to spot the “red flags” of scams (BBB)
• Learn more about impersonation scams (BBB)

 

My bank account was compromised

• Money can be stolen from your bank account: Here’s how to lower your risk (AARP)
• How do I get my money back after I discover an unauthorized transaction or money missing from my bank account? (Consumer Financial Protection Bureau)

 

My credit card was compromised

• Four steps you can take if you think your credit or debit card data was hacked (Consumer Financial Protection Bureau)
• Steps to take if you are the victim of credit card fraud (Experian)
• Fraud Victim Checklist (TransUnion)

 

My investment account was compromised

• Recovering from Investment Fraud (FINRA)
• Identity theft, data breaches and your investment accounts (SEC)

 

Setting up multi-factor authentication 

• 2FA Directory (find out how to enable two-factor authentication on various accounts and websites) 
• PC Magazine article on authenticator apps

 

Check out the background and experience of financial brokers, advisers and firms

•  Broker Check by FINRA  

 

Recognizing and preventing future incidents 

• How to know if you’ve been hacked, and what to do about it (Wired) 
• How to spot the “red flags” of scams (BBB)
• BBB Tip: How to create a strong password
• Learn more about impersonation scams (BBB)
• BBB Tip: Phishing scams can come in text messages, prize offers