A takeover is stressful because it happens quickly and often at night. The fastest win is to stop the attacker from moving further while you recover control. Start with your email account, since it is the gateway to resets everywhere else.

Minute 0-5: stop the bleeding

  • Use a trusted device or browser, not the compromised one.
  • Change your primary email password immediately.
  • Log out of all sessions and remove unknown devices.
  • Check for new forwarding rules or filters.

Minute 5-15: regain access

Work down the chain of important accounts: banking, payments, cloud storage, then social profiles. Use the official reset flow and remove any new phone numbers or emails added by the attacker.

Laptop showing a 'You've been hacked!' message
Reset the most powerful accounts first.

Minute 15-30: contain and notify

Now check for damage. Review recent transactions, sent messages, and connected apps. Remove anything you do not recognize and report fraud if necessary.

  1. Scan your inbox and sent mail for unusual messages.
  2. Review bank and payment activity for new transfers.
  3. Revoke access for third-party apps you do not trust.
  4. Notify key contacts if messages were sent in your name.
After containment, add MFA and store backup codes offline. Do not reuse the old password anywhere else.

After the first hour

If you suspect malware or a compromised device, run a full scan or factory reset. Update your security questions, and consider rotating recovery email addresses. The goal is to close the path the attacker used the first time.