Email account
Secure this first. Email often controls password resets for other accounts.
Start with emailAccount hacked
What to do if your account has been hacked
If an account has been hacked, start by securing your email, changing passwords and checking recent activity. The aim is to stop further access and regain control calmly.
UK-focused guidance Plain English Account safety steps No blame or panic
Do these first
Start with the account that controls access to everything else. For most people, that is their email account.
- Secure your email account first.
- Change the password on the hacked account.
- Turn on two-factor authentication if available.
- Check recovery email, phone and device settings.
- Look for messages, transactions or changes you did not make.
What kind of account was hacked?
The steps are similar, but some accounts need faster action because they control money, identity or other logins.
Banking or payment account
Contact your bank or payment provider immediately through an official route.
Money involvedSocial media or shopping account
Change the password, check recent activity and remove unknown devices.
Secure the accountStep-by-step guidance
Work through the steps in order. If money is involved, contact your bank or payment provider as soon as possible.
1
Secure your email account first
Your email account may let someone reset passwords on other services. Change the password and check recovery details.
- change your email password
- check recovery phone and email settings
- remove unknown devices or sessions
2
Change affected passwords
Change the password on the hacked account and any account using the same password. Use strong, unique passwords where possible.
3
Turn on two-factor authentication
Two-factor authentication adds another check before someone can access the account. Use app-based authentication where available.
4
Check recent activity
Look for messages, purchases, password changes, unknown devices, new payment details or account settings you did not add.
5
Contact the provider
If you cannot regain access, use the official account recovery route. Do not trust unsolicited “account recovery” messages.
6
Scan your device
If you downloaded a file, installed an app or clicked a suspicious link, run a security scan and update your device.
What not to do
Avoid actions that could give someone more access.
Do not reuse old passwords
If the password was exposed once, do not use it again on the same or another account.
Do not trust recovery messages
Use official account recovery routes only. Be cautious of people claiming they can help privately.
Do not ignore email access
If someone controls your email, they may be able to reset other passwords.
Do not leave unknown devices connected
Remove devices, sessions or apps you do not recognise from account settings.
Want printable scam-safety checklists at home?
The UK Scam Safety Toolkit gives you practical checklists and action sheets to keep at home, including steps for suspicious messages, bank calls, online shopping scams and family conversations.
If something else happened
These guides may help if the account hack was part of a wider scam.
I clicked a scam link
Close the page, check what you entered and secure any accounts involved.
Read the link guidanceI sent money
Contact your bank or payment provider quickly and ask what can be done.
Read the money guidanceI received a suspicious text
Use a quick check before clicking, replying or sharing details.
Read the text scam checksKeep the 10-second scam check nearby
The safest step is often a pause. Download the free Cleverways guide and keep a simple check nearby for suspicious messages, calls and payment requests.