
đ Account Takeovers
Attackers steal your password or trick you into sharing a code, then lock you out of your accounts and use password resets to take over more.
Use this page to be prepared for takeover attempts â what they look like, how they spread, and the steps to stop them fast.
đ Trusted Resources
FTC â How To Recover Your Hacked Email or Social Media Account.
đ https://consumer.ftc.gov/node/77537 âď¸
IdentityTheft.gov â Federal recovery steps tailored to what was exposed.
đ https://www.identitytheft.gov âď¸
Have I Been Pwned â See whether your email or passwords were exposed in past data breaches.
đ https://haveibeenpwned.com âď¸
đ§ Recognizing & Responding Safely
Enable 2FA everywhere. Prefer app-based or hardware key over SMS where possible.
Unique passwords per account. Use a password manager.
If you get a login alert: Change your password immediately and check ârecent activityâ or âdevicesâ for anything unfamiliar.
Locked out? Use the providerâs account-recovery process and remove any unfamiliar recovery email/phone on file.
đ Samâs Tips
2FA stops most takeovers. Turn it on today. Go to your accountâs Security or Login & Security settings and enable two-factor authentication (2FA).
One breach shouldnât open every door. Unique passwords stop chain reactions â use a password manager to create different passwords for every account.
Recovery info is security too. Keep your backup email/phone current â and secure it. Use strong passwords and 2FA on the backup account, and remove old phone numbers or emails you no longer use.
Email is the master key. Protect it first â use a strong, unique password and turn on 2FA so no one can reset your other accounts through your inbox.
Choose an authenticator app if possible (itâs more secure); text messages are still better than nothing.
Recommended authenticator apps:
đ Quick example
A notification pops up saying: âYour login was used in Chicago. If this wasnât you, enter the code we just texted to secure your account.â
Stop â surprise login alerts paired with âenter the codeâ is a takeover red flag.
Investigate â checking your account shows no actual login from Chicago; the alert only appeared in a text message, not the app or website.
Find better coverage â consumer alerts describe this exact pattern: criminals trigger a password reset, then trick you into giving them the code.
Trace â inspecting the message shows a generic number and a shortened link, not the providerâs verified domain.
This fails verification. Itâs a code-stealing attempt designed to hijack your account.
Why
- Real companies never ask you to read back a one-time code.
- Password-reset codes only appear during actions you initiate.
- Fake alerts often come from ordinary phone numbers or short links.
- Verification fails because the provider itself shows no suspicious login.
Bottom line:If you didnât request a code, donât enter it â and donât read it to anyone.
đOpen This Resource List
A compact, 1-Page PDF is available now. Large-print versions are being added and will be available in a future update.
Printing tip: Set the print scale to 100% for proper sizing. Blue, underlined URLs are clickable links.
The Compact PDF opens in a new tab or window (depending on your browser settings) so you wonât lose your place.
To print, open the PDF and press Ctrl + P (Windows) or Command + P (Mac).
When youâre done, simply close the tab or window to return here.
Coming Soon: Large-Print PDF (This Page's Resources).
Donât Get Bunked! provides education and links to third-party resources. Donât Get Bunked! does not perform fact-checking, issue ratings, or endorse any party, candidate, or position. Use multiple sources and original data where possible.
Š 2025â2026 Simple Virtues LLC d/b/a Donât Get Bunked!
Smarter choices. Safer browsing. Stronger you. â˘

