'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
uk Technology & digital loss account recovery alert • someone trying to reset password • support channel impersonation • fake support message • account takeover attempt • suspicious recovery request • password reset i didn’t request • unknown login recovery • account security notification • recovery email i didn’t request • recovery phone change alert • helpdesk social engineering • hacked account warning • account verification code request • unexpected 2fa prompt • security alert on my account • “is this reset real” • attacker contacting support What to do if…
What to do if…
you get alerts that someone is trying to recover your account using support channels
Short answer
Treat this as an account takeover attempt: don’t respond to any messages, and secure the account by going directly to the provider’s official website/app to change your password and lock down recovery details now.
Do not do these things
- Don’t click “secure your account” links in the alert email/text — open the service via the official app or by typing the address you already use.
- Don’t share one-time codes, “verification” numbers, backup codes, or screenshots of security pages with anyone (including “support” that contacted you).
- Don’t phone a number, WhatsApp, or live-chat link provided in the alert message.
- Don’t disable 2-step verification to stop prompts — that can make takeover easier.
- Don’t reuse an old password “just to stop the alerts”.
What to do now
- Open the real service safely: use the official app, or type the service’s address yourself (not from the alert).
- Change the password immediately:
- Use a strong, unique password you haven’t used anywhere else.
- If you reused that password on other sites, change those too (start with email, then any financial accounts).
- Secure account recovery routes (this is the main risk with “support-channel” recovery):
- Check recovery email(s) and phone number(s) and remove anything you don’t recognise.
- Re-check any “backup” recovery options (backup email, backup phone, recovery codes).
- Kick out other logins and revoke access:
- Review devices / active sessions and choose “sign out everywhere” if available.
- Review connected apps or “apps with access” and remove anything unfamiliar.
- Turn on (or re-set) 2-step verification (2SV):
- If the provider offers an authenticator-app option, use it.
- Generate fresh backup codes (if offered) and store them somewhere safer than your email inbox.
- Check your email account for hidden persistence (because email is often the recovery key):
- Look for unfamiliar forwarding rules, filters, “auto-delete/archive” rules, or delegated access.
- Remove anything you didn’t set and change your email password too.
- Use official support only (initiated by you):
- Go to the provider’s official help centre from inside the app/site you opened in step 1.
- Tell them you’re receiving account recovery attempts and ask what additional verification or temporary security lock options they can apply for account changes.
- If money could be at risk (banking, cards, shopping, or saved payment methods):
- Contact your bank/card provider using the number on the back of your card (or inside the official app).
- Ask them to check for unusual activity and to add extra checks for account changes.
- If you’ve lost money, or the attacker changed details and you can’t regain control:
- Consider reporting it via the UK’s official fraud reporting route (Report Fraud / Action Fraud) once you’ve stabilised access.
What can wait
- You don’t need to figure out who is doing it or confront anyone now.
- You don’t need to post about it publicly or warn everyone immediately.
- You don’t need to secure every device or change every password today — prioritise: email → the targeted account → financial → anywhere you reused that password.
- You don’t need to decide right now whether to make a formal report; first stop further changes.
Important reassurance
These alerts are common when attackers test recovery and support routes. If you quickly secure recovery details, sign out other sessions, and protect your email, you often prevent the takeover before anything irreversible happens.
Scope note
This is first-steps-only guidance to stabilise an attempted account recovery takeover. If you’ve lost access or there’s financial loss, you may need provider support and formal reporting.
Important note
This guide gives general information, not legal or professional advice. If you can’t regain access, or you suspect financial fraud or identity misuse, use the provider’s official recovery process and consider reporting through official UK channels.