Look for these common warning signs:

• You can’t log in even though you’re sure your password is correct
• You receive password reset emails you didn’t request
• You see sent messages, posts, or purchases you didn’t make
• Friends or family say they received strange messages from you
• You get login alerts from devices or locations you don’t recognize
• Your account settings — name, email address, phone number, or recovery info — have been changed
• You’re suddenly signed out of an account on all your devices

If any of these apply, find the matching account type below and follow the steps.

Your email is the most critical account you have. If a hacker controls your email, they can reset passwords on almost every other account you own. Secure this first.

Action Checklist:

• Change your password immediately. If you can still log in, do this first. Use a strong, unique password you haven’t used before.
• If you’re locked out, use the provider’s account recovery process:
  • Gmail: accounts.google.com/signin/recovery
  • Yahoo: login.yahoo.com/forgot
  • Outlook/Hotmail: account.live.com/password/reset
• Turn on two-factor authentication as soon as you regain access. See our 2FA guide.
• Check your account activity log for sign-ins from unfamiliar locations or devices. In Gmail, scroll to the bottom of your inbox and click “Details.” In Outlook, go to account.microsoft.com → Security → Sign-in activity.
• Sign out of all other sessions. Most email providers have an option to sign out everywhere at once. This kicks the hacker out immediately.
• Check your recovery options. Make sure the hacker didn’t add their own phone number or email address as a recovery option.
• Check your email rules and filters. Hackers sometimes create rules that automatically forward your emails to their address or delete incoming messages. In Gmail, check Settings → Filters and Blocked Addresses. In Outlook, check Settings → Mail → Rules.
• Check your sent folder and trash. Look for messages you didn’t send — the hacker may have emailed your contacts or sent password reset requests to other services.
• Change passwords on other accounts that use this email address for login or recovery — especially banking, social media, and shopping accounts.

If you see transactions you didn’t make or can’t access your online banking, act immediately. Speed matters with financial accounts.

Action Checklist:

• Call your bank or credit card company now. Use the phone number on the back of your card or on your paper statement — never a number from an email or text.
• Report the unauthorized activity and ask them to freeze or lock your account to prevent further transactions.
• Request new card numbers. Your old cards should be canceled and new ones issued.
• Change your online banking password and turn on two-factor authentication.
• Review all recent transactions carefully. Flag every charge you don’t recognize — even small ones. Thieves often test with small charges before making large ones.
• Ask about fraud protection. Federal law limits your liability for unauthorized credit card charges to $50 — and most banks waive even that. Debit card protections are weaker, so report quickly.
• Update automatic payments. If your card number changes, update any recurring payments linked to it — utilities, subscriptions, insurance, etc.
• Monitor your statements closely for the next several months.

Action Checklist:

• If you can still log in: Change your password immediately. Go to Settings → Security and Login → Change Password.
• If you’re locked out: Go to facebook.com/hacked and follow the recovery steps.
• Check “Where You’re Logged In” under Settings → Security and Login. Sign out of any sessions you don’t recognize.
• Turn on two-factor authentication under Settings → Security and Login → Two-Factor Authentication.
• Check your personal information. Make sure the hacker didn’t change your name, email, phone number, or birthday.
• Review your recent posts, messages, and friend requests. Delete any posts or messages the hacker sent. Warn friends not to click on anything unusual sent from your account.
• Check connected apps. Go to Settings → Apps and Websites. Remove anything you don’t recognize.
• Let your friends know. Post an update or contact close friends to tell them your account was compromised and to ignore any strange messages.

Action Checklist:

• Change your Amazon password immediately. Go to Account → Login & Security → Password.
• If you’re locked out, click “Forgot Password” on the login page or contact Amazon customer service at 1-888-280-4331.
• Turn on two-step verification under Account → Login & Security → Two-Step Verification.
• Check your order history for purchases you didn’t make. Go to Account → Your Orders.
• Check your saved payment methods. Go to Account → Payment Options. Remove any cards or payment methods you don’t recognize. If your card was used for unauthorized purchases, contact your credit card company to dispute the charges.
• Check your saved addresses. Go to Account → Your Addresses. Remove any you don’t recognize.
• Review any linked accounts like Whole Foods, Audible, or Prime Video — they all use the same Amazon login.

These accounts control your phone, app purchases, cloud storage, and often your payment methods. A compromised Apple ID or Google account is especially serious.

Apple ID Checklist:

• Change your Apple ID password at appleid.apple.com or on your iPhone under Settings → [Your Name] → Sign-In & Security.
• If locked out, go to iforgot.apple.com.
• Turn on two-factor authentication under Settings → [Your Name] → Sign-In & Security → Two-Factor Authentication.
• Check your trusted devices and phone numbers to make sure none were added by someone else.
• Review your purchase history in the App Store and iTunes for charges you didn’t make.

Google Account Checklist:

• Change your Google password at myaccount.google.com/security.
• If locked out, go to accounts.google.com/signin/recovery.
• Run Google’s Security Checkup at myaccount.google.com/security-checkup — it walks you through everything that needs attention.
• Review your device activity and sign out of devices you don’t recognize.
• Check third-party app access and remove anything unfamiliar.
• Review Google Pay for unauthorized payment methods or transactions.

Action Checklist:

• Call your insurance company or healthcare provider directly. Report the unauthorized access.
• Change your patient portal password and enable two-factor authentication if available.
• Request copies of your medical records and review them for treatments, prescriptions, or visits you didn’t have. Incorrect medical records can be dangerous to your health.
• Review your Explanation of Benefits (EOB) statements from your insurance company for claims you don’t recognize.
• If your Medicare account is compromised, call Medicare at 1-800-633-4227 and request a new Medicare number.
• Report medical identity theft to the FTC at IdentityTheft.gov.