PanicStation.org
UK USA
uk Money & financial emergencies shared bank login details • gave online banking password • shared one-time code • shared otp passcode • gave verification code • bank account takeover worry • bank impersonation call • safe account scam fear • phishing bank credentials • scammer has my bank code • approved banking notification • unexpected bank security text • fraudster has my login • online banking hacked concern • bank details leaked today • sent security code by mistake • someone logged into my bank • worried money will be stolen

What to do if…
you realise you shared your bank login or one-time code and think your account is at risk

Short answer

Contact your bank immediately using a trusted route (your banking app, the number on your card/statement, or 159) and tell them you shared your login/one-time code. Ask them to secure your account and tell you what they can stop, cancel, or recall right now.

Do not do these things

  • Do not share any more codes, passwords, card details, or “approve” any prompts you did not start yourself.
  • Do not call back a number that texted/emailed you or that a caller gave you (even if caller ID looks like your bank).
  • Do not move money to a “safe account” or to someone else “for protection”.
  • Do not let anyone talk you through your banking app or install remote-access software on your phone/computer.
  • Do not assume “nothing happened yet” means you’re safe — treat it as urgent until your bank confirms your account is secured.
  • Do not delete texts/emails/call logs yet — you may need them to explain what happened.

What to do now

  1. Stop the interaction and switch to a trusted contact method.
    If you’re on a call/chat with the “bank” or “fraud team”, end it. Then contact your bank via:

    • your bank’s official app (in-app support), or
    • the phone number printed on your card/statement, or
    • dial 159 from a UK phone and select your bank if it’s listed. (159 will never call you.)

  2. Tell your bank exactly what you shared and ask for an immediate “lockdown”.
    Say plainly: “I gave my online banking login / a one-time passcode. I think my account is at risk.” Ask them to:

    • lock online/mobile banking and force security resets
    • block further outgoing payments/transfers where possible
    • check for new payees/beneficiaries and remove anything you don’t recognise
    • check for changes to your contact details (phone/email/address) and undo them
    • review recent activity (logins, devices, unusual transactions)
      Ask them what they can stop, cancel, or recall right now, and get a reference number for the report.

  3. From a clean device, secure the “keys” that protect your bank account.

    • Change your online banking password (and memorable information if applicable).
    • Change your email password (because password resets often go through email).
    • Turn on (or re-set) multi-factor authentication where available, and sign out of other sessions/devices.

  4. Check quickly for the most common take-over changes and report them.
    In your banking app/online banking, look for:

    • new payees, scheduled payments, or standing orders you didn’t set up
    • changes to your phone/email/address
    • messages about security changes or new devices
      If you see anything, tell your bank immediately and ask what they can reverse or block.

  5. Report the fraud through the correct UK route.

    • If you live in England, Wales, or Northern Ireland, make a report via Report Fraud (the UK service for reporting fraud and cyber crime).
    • If you live in Scotland, report to Police Scotland via 101.

  6. Reduce follow-on risk over the next 24–48 hours.

    • Watch your balance and notifications closely.
    • If you reuse passwords anywhere, change those too (especially email and payment apps).
    • If you think your identity details (name, address, DOB) were exposed, you can consider Cifas Protective Registration as an extra check against impersonation. It can slow down genuine applications and doesn’t prevent all fraud, but it may help in higher-risk situations.

What can wait

  • You do not need to decide today whether to close your account or switch banks — first get the account secured and activity checked.
  • You do not need to write long explanations or confront the scammer — keep communications minimal and practical.
  • You do not need to make formal complaints right now — focus first on stopping loss and documenting what happened.
  • You do not need to spend hours “investigating” how it happened — your priority is containment.

Important reassurance

These scams are designed to create urgency and override your instincts. Sharing a code or login under pressure is common — what matters now is acting quickly and using trusted contact routes so your bank can contain it.

Scope note

This covers first steps to reduce immediate loss and regain control. Next steps (like disputes, complaints, or longer-term monitoring) depend on what your bank finds and what transactions occurred.

Important note

This is general information, not financial or legal advice. If you feel threatened or unsafe because of the scam (for example, someone is pressuring you in person), prioritise immediate personal safety and contact emergency services.

Additional Resources
Support us