If your email or bank account has been hacked, move fast: from a device you trust, change that account's password, turn on two-step verification, and check for anything the attacker may have changed, such as new forwarding rules, added payees, or altered recovery details. For a bank account, call the number on the back of your card right away and report fraud. Secure your email first, because it can reset the password on almost every other account you own.

What are the first 10 steps, in order?

  1. Switch to a device you trust. If your computer may be compromised, use your phone or another computer.
  2. Change the password on the hacked account. Make it long and unique, not a small tweak of the old one.
  3. Turn on two-step verification (also called two-factor authentication). It blocks a hacker even if they still know a password.
  4. Sign out of all other sessions and devices. Most email and bank accounts have a "log out everywhere" option.
  5. Check email forwarding and filter rules. Hackers quietly forward your mail to themselves. Delete anything you did not set up.
  6. Check your recovery email and phone number. If an attacker changed these, they can re-hijack the account, so reset them to yours.
  7. For a bank, call the official number and report fraud. Ask them to watch for, or reverse, unauthorized transfers and new payees.
  8. Change the password anywhere you reused it. One leaked password unlocks every account that shares it.
  9. Remove anything you do not recognize: new payees, linked accounts, or connected apps.
  10. Warn your contacts if the hacker may have messaged people as you, so no one else gets scammed.

Why secure email before the bank?

Your email is the master key. Anyone who controls it can click "forgot password" on your bank, your shopping accounts, and your social media, then catch the reset links as they arrive. Locking down email first slams that door. Once email is safe and protected with two-step verification, the rest of your accounts are far harder to take over.

How do I check the hacker did not leave a back door?

Changing your password is not enough on its own. Attackers plant quiet ways back in, so look for:

Remove anything you did not create. This is the step most people skip, and it is the reason a hack sometimes "comes back" a week later.

What if I cannot log in at all?

Use the provider's official account-recovery process. Search the company's real website for it, and never use a phone number from a pop-up or a text. Have details ready: old passwords, recent contacts, the account creation date. For banks, the number on your card or an in-person branch visit is the fastest verified route. If you get stuck, a local professional can guide you through recovery without taking control of your money or accounts.

How do I make sure it does not happen again?

  1. Use a password manager so every account has its own strong password.
  2. Turn on two-step verification everywhere it is offered, especially email and banking.
  3. Be skeptical of "urgent" messages asking you to log in or verify. Go to the site directly instead.
  4. Keep your phone and computer updated.

If your email or bank account has been compromised and you want a real person to make sure it is fully locked down, not just reset, we can help, in plain language and with no monthly contract. We can also set things up so the next attempt simply bounces off.

Hacked email or a compromised account? Book a free 15-minute call → We help home users and seniors across Marion County, FL.