• 🔓 Account Takeovers

    Attackers steal your password or trick you into sharing a code, then lock you out of your accounts and use password resets to take over more.

    Use this page to be prepared for takeover attempts — what they look like, how they spread, and the steps to stop them fast.

    🔗 Trusted Resources

    FTC — How To Recover Your Hacked Email or Social Media Account.

    🌐 https://consumer.ftc.gov/node/77537 ↗️

    IdentityTheft.gov — Federal recovery steps tailored to what was exposed.

    🌐 https://www.identitytheft.gov ↗️

    Have I Been Pwned — See whether your email or passwords were exposed in past data breaches.

    🌐 https://haveibeenpwned.com ↗️

    🧭 Recognizing & Responding Safely

    Enable 2FA everywhere. Prefer app-based or hardware key over SMS where possible.

    Unique passwords per account. Use a password manager.

    If you get a login alert: Change your password immediately and check “recent activity” or “devices” for anything unfamiliar.

    Locked out? Use the provider’s account-recovery process and remove any unfamiliar recovery email/phone on file.

    📌 Sam’s Tips

    2FA stops most takeovers. Turn it on today. go to your account’s Security or Login & Security settings and enable two-factor authentication (2FA).Choose an authenticator app if possible (it’s more secure); text messages are still better than nothing.

  • One breach shouldn’t open every door. Unique passwords stop chain reactions — use a password manager to create different passwords for every account.

    Recovery info is security too. Keep your backup email/phone current — and secure it. Use strong passwords and 2FA on the backup account, and remove old phone numbers or emails you no longer use.

    Email is the master key. Protect it first — use a strong, unique password and turn on 2FA so no one can reset your other accounts through your inbox.

    🔓 Quick example

    A notification pops up saying: “Your login was used in Chicago. If this wasn’t you, enter the code we just texted to secure your account.”

    Stop — surprise login alerts paired with “enter the code” is a takeover red flag.Investigate — checking your account shows no actual login from Chicago; the alert only appeared in a text message, not the app or website.Find better coverage — consumer alerts describe this exact pattern: criminals trigger a password reset, then trick you into giving them the code.Trace — inspecting the message shows a generic number and a shortened link, not the provider’s verified domain.

    Conclusion

    This fails verification. It’s a code-stealing attempt designed to hijack your account.

    Why

    • Real companies never ask you to read back a one-time code.
    • Password-reset codes only appear during actions you initiate.
    • Fake alerts often come from ordinary phone numbers or short links.
    • Verification fails because the provider itself shows no suspicious login.

    Bottom line:If you didn’t request a code, don’t enter it — and don’t read it to anyone.

  • 📄Open This Resource List

    Choose the format that works best for you. Both files open in a new tab or window (depending on your browser settings) so you won’t lose your place.

    Printing tip: Set the print scale to 100% for proper sizing. Blue, underlined URLs are clickable links.

    Large-Print is easiest to read; Compact fits on one page for quick reference.

    Click the button, then, after the document opens, press Ctrl + P (Windows) or Command + P (Mac).

    When you’re done, just close the new tab or window to return here.

    Cookie Use
    We use cookies to ensure a smooth browsing experience. By continuing we assume you accept the use of cookies.
    Learn More