What to Do If Someone Tries to Access Your Account? A Quick Reaction Guide

Step 1: Don’t Panic, Act Fast

The attacker is counting on your panic and confusion. Take a deep breath. Your goal is to move quickly but methodically. Do not ignore the alert, even if you think it might be a mistake. The first few minutes are the most critical to lock the attacker out before they can do significant damage, such as changing your password and locking you out permanently.

Step 2: Immediately Change Your Password

This is your absolute first priority. From a trusted, secure device (not one you suspect might be compromised), log in to the account and change your password. Create a strong, unique password that you have never used on any other site.

A strong password includes:

• At least 12-16 characters.
• A mix of uppercase letters, lowercase letters, numbers, and symbols.
• No personal information (like your name, birthday, or pet’s name).

Using a password manager is the best way to generate and store these complex passwords securely.

Step 3: Revoke All Active Sessions

Changing your password might not be enough if the attacker is already logged in. Most major services (like Google, Facebook, and Microsoft) have a security setting that shows you all the devices currently logged into your account. Find this section and use the “Sign out of all other sessions” or “Log out everywhere” option. This will forcibly kick the intruder out.

Step 4: Enable Two-Factor Authentication (2FA)

If you haven’t already, now is the time. 2FA is the single most effective step you can take to prevent future account takeovers. It requires a second form of verification in addition to your password, usually a code from an authenticator app on your phone. Even if an attacker steals your password, they won’t be able to log in without this second code.

• Best Option: Use a dedicated authenticator app like Aegis (Android) or Tofu (iOS).
• Good Option: Using your phone number for SMS codes is better than nothing, but it is vulnerable to SIM-swapping attacks.

Step 5: Review Account Activity and Permissions

Once you’ve secured the account, it’s time to check for damage. Attackers often make subtle changes to maintain access or exploit your account. Carefully review:

• Recovery Information: Check if the attacker has changed your recovery email address or phone number.
• Third-Party App Access: Look at which apps have permission to access your account data. Revoke access for any app you don’t recognize or no longer use.
• Sent Items & Trash: Check your email’s sent folder for any messages the attacker might have sent, and look in the trash for deleted alerts or communications.
• Forwarding Rules: In your email settings, ensure the attacker hasn’t set up a rule to secretly forward all your incoming messages to their own address.