Need help now? Call the Elder Fraud Hotline: 1-833-FRAUD-11
Senior Scam Center Logo
Senior Scam Center Beta
Get Help
← Back to Identity Theft

Account Takeover

How criminals take over your email, bank, or social media accounts — and the security steps that block them.

How the Scam Works

Account takeover is when a criminal gains access to one of your existing online accounts — email, banking, brokerage, Amazon, Facebook, PayPal, Zelle — and uses it to steal money or impersonate you. It is one of the fastest-growing types of fraud, costing Americans over $15 billion in 2024.

Hackers typically gain access through:

  • Reused passwords: If you use the same password on multiple sites, one data breach exposes all your accounts.
  • Phishing emails: Fake login pages capture your password.
  • SIM-swap attacks: A criminal calls your phone company posing as you, gets your phone number transferred to their SIM card, then intercepts your verification codes.
  • Malware: Hidden software on your computer that records keystrokes or screen activity.
  • Public WiFi sniffing: Unsecured WiFi networks at airports or coffee shops can expose login data.
  • Tricked verification codes: A scammer pretending to be your bank asks you to read them the 6-digit code from a text — which lets them in.

Once a criminal is in, they can:

  • Drain bank accounts via wire transfers, Zelle, or ACH
  • Hijack your email to reset passwords on every other account you own
  • Take over Facebook or Instagram to scam your friends ("Hi grandma, I need help paying my electric bill")
  • Make purchases on Amazon, Walmart, or other retailers with your saved payment
  • Liquidate your brokerage accounts by selling investments and wiring the proceeds

Real-World Example

🔓 Real Case

A 65-year-old retired nurse in Massachusetts used the same password — "Sunshine2018!" — for her email, bank, brokerage, and Facebook. In June 2024, that password appeared in a Yahoo Mail data breach. Within hours, criminals logged into her Gmail, reset her brokerage password, sold $94,000 in mutual funds, and initiated a wire transfer to a Romanian bank. Her brokerage caught the wire just before it cleared. But the criminals also took over her Facebook and sent messages to 47 friends asking for "emergency" gift cards — three friends sent a combined $1,800 before realizing it was a scam.

Warning Signs

  • You suddenly can't log in to an account — your password "no longer works."
  • Verification codes arrive on your phone that you didn't request.
  • "Suspicious login" alerts from your email or bank.
  • Friends receive strange messages from your account.
  • Your phone suddenly says "No Service" — could be a SIM swap.
  • Unexpected order confirmations from Amazon or other retailers.
  • Sent items appear in your email that you didn't write.

How to Lock Down Your Accounts

  • Use a unique password for every account. Reusing passwords is the #1 cause of takeovers.
  • Use a password manager — free options: Bitwarden, 1Password, Apple Keychain, Google Password Manager. It remembers your passwords for you so they can be long and strong.
  • Turn on two-factor authentication (2FA) on every account that supports it — especially email, banks, and brokerages. Use an authenticator app (Google Authenticator, Authy) rather than SMS when possible.
  • Add a SIM lock or port-out PIN with your phone carrier to prevent SIM-swap attacks.
  • Never share verification codes with anyone, even someone claiming to be from your bank.
  • Check if your data was breached at haveibeenpwned.com. If yes, change passwords immediately.
  • Avoid public WiFi for banking or shopping. Use your phone's data instead.
  • Keep software updated. Most takeovers exploit outdated browsers or operating systems.

What to Do If You've Been Taken Over

  • 1.Change passwords immediately — starting with your email (since it controls password resets for everything else).
  • 2.Enable 2FA on every account if not already on.
  • 3.Call your bank and brokerage to put fraud alerts on every account.
  • 4.Freeze your credit at all three bureaus.
  • 5.Tell your friends and family not to trust messages from your accounts until you confirm.
  • 6.Report at IdentityTheft.gov and ic3.gov.
  • 7.Scan your computer for malware (Malwarebytes is free and reliable).

Think Your Identity Is Compromised?

Use our free Scam Checker to instantly analyze any phone number, email, or website for known scam patterns.

🔍 Check It Now →

Senior Scam Alerts Newsletter

Free weekly alerts backed by real federal cases. Plain language. No jargon.

No credit card. Unsubscribe anytime.