High riskIdentity Theft & Data Scams

Account Takeover Scam

In this scam, a fraudster gains access to your email, bank, or shopping accounts, often after phishing or a data breach, then changes details, makes purchases, or uses the account to attack others.

Quick verdict

Risk level
High risk
Scam type
Account takeover (identity)
Main red flag
Unexpected password resets, logins, or changes to your accounts.
What to do first
Secure your email first, then change passwords and enable two-factor authentication.

What this scam usually looks like

In this scam, a fraudster gains access to your email, bank, or shopping accounts, often after phishing or a data breach, then changes details, makes purchases, or uses the account to attack others.

Example message pattern

Example pattern — not a real report
Example pattern: You get password-reset emails you did not request, are logged out unexpectedly, or see orders and changes you did not make.

This is a fictional, anonymised example used to illustrate the pattern. It is not a verified real message, and any names are used only to show how the scam typically reads.

Red flags to watch for

  • Password-reset emails or codes you did not request
  • Being logged out or locked out unexpectedly
  • Changed recovery email, phone, or details
  • Orders, messages, or transfers you did not make
  • Logins from unfamiliar devices or locations

What to do

  • Secure your email account first, as it controls other resets
  • Change passwords and enable two-factor authentication
  • Review and remove unknown devices and sessions
  • Contact affected providers and your bank

If you already clicked or replied

  • Regain access through official recovery and lock the account down
  • Check for changed recovery details and undo them
  • Review transactions and report fraud
  • Warn contacts if your account messaged them

What not to do

  • Do not reuse passwords across accounts
  • Do not ignore unexpected reset emails or logins
  • Do not delay securing your email

Similar scams

High risk Social Media

MFA Fatigue Scam

In this scam, an attacker who has your password repeatedly triggers multi-factor approval prompts or codes, hoping you approve one out of annoyance or confusion, granting them access to your account.
Medium risk Email

Email Storage Full Scam

This scam warns that your mailbox or storage is full and that you will stop receiving messages unless you 'verify' or 'upgrade' through a link. The link leads to a fake webmail login page that captures your email password.
High risk Identity Theft

Synthetic Identity Scam

In this scam, criminals combine real stolen details, such as your Social Security or ID number, with fake information to create a synthetic identity used to open accounts and credit that can affect you.

Frequently asked questions

Why secure my email first?
Email controls password resets for many accounts. If a scammer holds your email, they can take over others, so lock it down first.
How did they get in?
Often through phishing, reused passwords exposed in a breach, or intercepted codes. Unique passwords and two-factor authentication make takeover much harder.
My account was taken over. What now?
Regain access through official recovery, change passwords, enable two-factor authentication, remove unknown sessions, undo changed recovery details, and report fraud.
How do I prevent it?
Use strong unique passwords, enable two-factor authentication, and be wary of phishing links and unexpected reset requests.

Last reviewed: June 2026

Disclaimer: This page provides educational information only to help you recognise common scam patterns. It is not legal, financial, cybersecurity, or law enforcement advice, and it does not confirm whether any specific message, company, or person is genuine or fraudulent. When in doubt, contact the official organisation directly and report concerns to your local authorities.