Account takeover
Quick answer
When a scammer gains control of one of your accounts, often using a stolen password plus a tricked one-time code.
- Change the password from a trusted device, log out all sessions, and enable two-factor authentication.
What it is
When a scammer gains control of one of your accounts, often using a stolen password plus a tricked one-time code.
How it works
The scammer phishes your password and persuades you to share a verification code, then changes recovery details to lock you out and exploit the account.
Red flags to watch for
- A login code you did not request
- Anyone asking you to share or forward a code
- Unexpected password-reset emails
- Being logged out suddenly
What not to do
- Do not act under time pressure
- Do not share codes, passwords, or card details
- Do not click links or pay fees from the message
The safe next step
Change the password from a trusted device, log out all sessions, and enable two-factor authentication.
Often seen on: SMS, Email, WhatsApp, Social media.
Commonly targets: Anyone with online accounts, Messaging and email users.
How to verify safely
- Do not use links, phone numbers, QR codes, or email addresses from the suspicious message.
- Open the official app or website yourself - type the address manually.
- Call a contact you have saved, or the number printed on your bank card.
- If you are threatened or in immediate danger, contact local emergency services or police.
How to report it
Report to your country's fraud or cybercrime authority; see the reporting directory for official links.
Find official links for your country in the scam reporting directory.
Got a message like this?
Check it now to see the specific red flags and what to do next.
Check a messageRelated scam types
Frequently asked questions
What is an account takeover?
When a scammer gains control of one of your accounts, often using a stolen password plus a tricked one-time code.
How can I avoid an account takeover?
Change the password from a trusted device, log out all sessions, and enable two-factor authentication.
What should I do if I have already been affected?
Contact your bank or the relevant provider through official channels, change any exposed passwords from a trusted device, and save evidence. See our recovery guides, and be wary of recovery scams that promise to get your money back for a fee.