If Something Goes Wrong
When an account is compromised, a scam has already happened, or a device cannot be trusted — the first minutes matter most. Knowing the sequence before you need it is the only way to use it under pressure.
Once an attacker is in an account, they move fast — setting up forwarding rules, changing recovery options, resetting other accounts. Every minute of delay is a minute they hold the account and you do not. The recovery sequence exists for that reason: it is designed to work quickly, in order, under stress.
Waiting to see if the problem resolves on its own, or not knowing what to do and doing nothing while the situation gets worse. A compromised account does not self-correct. A scam situation where you have already sent money gets harder to recover from the longer you wait to contact your bank.
For a compromised account: change the password first, enable two-step verification second, then audit what happened. Do not skip ahead — if the attacker can still reset the password, nothing else matters. For a scam where money was sent: stop contact immediately, call your bank or card issuer to report fraud, then file a report with the FTC. For a device you cannot trust: disconnect it from Wi-Fi and Bluetooth before anything else, then change passwords for any accounts accessed on it from a separate clean device.
The goal right now is knowing this before you need it.
- 1.Save this page or bookmark the relevant guidance so you can find it quickly if something happens
- 2.Confirm you know how to access your email account's security settings — practice navigating there now
- 3.Save the FTC fraud report link — reportfraud.ftc.gov — somewhere you can find it
- 4.Write down your bank's fraud line number and keep it somewhere accessible offline
- 5.Talk through the sequence with anyone in your household who uses the same accounts or devices