My online shopping or other online account was compromised

If your online shopping account was compromised, the following, immediate steps can help you lock it down and potentially kick out any hackers who have wrongfully taken control. 

 

These are critical, must-do steps that should be done in the following order.

• If you can access your account, log in and look for any unauthorized activity.
• If you can’t access your account, go to the site’s “Forgot Password” function to see if you can reset your password and log in that way.
• Once inside your account, change your password. Create a new password that isn’t used on any of your other online accounts.
• Notify the company about your account being compromised. They may ask for evidence (such as unauthorized activity). You can notify the company by reporting it through their official website, or calling a verified phone number, if one is provided on their official website. You may be asked to verify your identity.
• Beware of look-alike sites that are not legitimate. Avoid clicking on unknown links that were sent to you; it could be a scam.
• If the account holds your credit card or bank account information, check your statements for any unauthorized activity. Cancel any cards that may have been compromised.

Now that you’ve taken the first critical steps to protect yourself, it’s time to investigate and learn the extent of any damage you may have suffered from your account being compromised. Once you know more, you can respond more thoroughly.

 

Because each situation can be different at this stage, the following steps are not exhaustive or outlined in any particular order:

• If the account that was compromised shares a password with any of your other online accounts, check those accounts first, because the hacker may try other, popular accounts using the same login information to gain access to your information.
• Check the website Have I Been Pwned to see if any of your online accounts have been involved in prior data breaches, hacks, or cyber-attacks. This trusted website is run by a team of cybersecurity experts.

 

The following steps will better protect you from account compromise and many other forms of online scams. That’s because these steps aren’t isolated to single accounts but relate to overall online security. If you put several of these into practice, you’ll be safer day-to-day. 

• Here are some of the most important ways to stay safe in the future:
• Use a password manager and create and store unique passwords for each individual online account. Repeat passwords are one of the biggest vulnerabilities in account compromise and hacking.
• Set up the defense mechanism known as multi-factor authentication, or MFA for short. To learn more about MFA and how to use it, read our FAQ.
  • Speaking of MFA, never share the one-time passcodes that are sent to your phone or email inbox with anyone and remember that no legitimate company will ever ask you to share the one-time passcode over the phone or in a customer support chat.
• Never share login credentials with anyone.
• Never click on unknown links or respond to unsolicited text or email messages.

• BBB Scam Alert: Compromised account? Think twice before you panic
• Hacked online shopping account recovery guide (The Cyber Helpline)
• BBB Tip: How to create a strong password
• Helping Families Make Smart Internet and TV Choices – FAM (famfriendly.com)

 

Setting up multi-factor authentication 

• 2FA Directory (find out how to enable two-factor authentication on various accounts and websites) 
• PC Magazine article on authenticator apps

 

Recognizing and preventing future events

• How to know if you’ve been hacked, and what to do about it (Wired)
• How to spot the “red flags” of scams (BBB)
• Learn more about impersonation scams (BBB)
• netcetera_Talking with kids about being online (ftc.gov)
• Avoid scams while shopping online for bargains (FDIC) 
• Online shopping scams (BBB) (search our library of articles about online shopping scams)
• BBB Tip: Phishing scams can come in text messages, prize offers