Things Worth Knowing
Digital

If your account is compromised

What to do, in order, when you suspect someone has accessed an email, bank or social account. The first hour matters most.

The damage from a compromised account compounds quickly. The faster you contain it, the less it matters. Work in the order below. Skip steps only if they do not apply.

Start with email

Email is the master key. If a scammer controls your email, they can reset every other account that sends recovery links there. Check your email first. If you can still log in, change the password immediately, sign out all other sessions (most providers have a 'sign out everywhere' option in security settings), turn on two-factor authentication if it is off, and set up a passkey. Check for forwarding rules or filters the attacker may have added to hide their activity.

Lock down banking and payments

Open your banking app and check recent transactions. If anything looks wrong, call the number on the back of your card and ask them to freeze the card and any pending transfers. Most European banks let you freeze and unfreeze the card from the app. Do the same for any payment apps (PayPal, Revolut, Wise, N26). Under EU rules (PSD2), you are generally not liable for unauthorised transactions you report promptly, but the timing matters; do not wait to see if it sorts itself out.

Change critical passwords

After email and banking, change passwords on anything containing personal data or money: government services, tax portals, health records, social media, cloud storage, work accounts. Use your password manager to generate new ones. Sign out all sessions on each one. Add passkeys where offered.

Check what was changed

Look at account recovery information on each compromised service. Phone numbers, backup emails, security questions. Attackers often quietly add their own so they can lock you out later. Remove anything you did not add yourself.

Tell people who could be targeted

If your email or social account was compromised, the attacker may have messaged your contacts pretending to be you, often asking for money or sending phishing links. Post or message your contacts to warn them. The embarrassment is brief; the alternative is a friend or family member sending money to a scammer in your name.

Report it

Report compromised bank accounts to the bank in writing as well as by phone, so there is a record. Report identity theft to your country's cybercrime authority or police; you may need a report number for insurance, credit-record corrections, or to dispute fraudulent contracts. If a service was compromised that holds personal data about others, the provider is required under GDPR to notify regulators and affected users; if they don't, you can complain to your national data protection authority.

After the fire is out

Once the immediate damage is contained, do the boring work that prevents the next time. A password manager. Unique passwords everywhere. Passkeys on the accounts that support them. Two-factor authentication on everything important. Remove old accounts you no longer use; an unused account is a forgotten back door. Keep recovery codes somewhere you will still find them in a year.