PanicStation.org
UK USA
uk Money & financial emergencies bank contact details changed • phone number changed on bank • email changed on banking app • bank profile updated without me • bank says details were changed • account takeover banking • online banking hacked • someone accessed my bank account • bank security alert contact change • unexpected security notification bank • sim swap and bank access • number porting scam banking • email account compromised banking • one time codes intercepted • new device on bank account • bank login details stolen • fraudulent payee added • unauthorised account settings change

What to do if…
your bank alerts you that your phone number or email was changed without your consent

Short answer

Contact your bank immediately using a trusted number (back of your card or the bank’s official website/app), tell them it’s an unauthorised contact-details change, and ask them to lock down your account and stop any payments until you’re back in control.

Do not do these things

  • Do not click links or call numbers in the alert message if it came by text/email (use a trusted number you find yourself).
  • Do not share any one-time passcodes, card PINs, or “security codes” with anyone — even if they claim to be the bank.
  • Do not try to “fix it” by replying to the message or using a link to reset details.
  • Do not assume it’s a harmless mistake if you don’t recognise the change.
  • Do not start SMS-based password resets until you’ve checked your mobile number hasn’t been SIM-swapped/ported.

What to do now

  1. Call the bank’s fraud team via a trusted route. Ask them to:
    • Freeze/lock online and telephone banking (temporary block) until verification is complete.
    • Undo the phone/email change and confirm what contact details they currently hold.
    • Stop/cancel pending payments and review recent activity (transfers, card payments, cash withdrawals).
    • Check for new payees/beneficiaries, linked accounts, new devices, new cards, address changes, and statement settings (like paperless) and remove anything you didn’t authorise.
    • Add a note that contact-detail changes must use stronger checks (for example, a secure call-back or in-app confirmation), if your bank offers this.
    • Give you a case/reference number and confirm the safe way they will contact you so you can ignore unexpected calls.
  2. If you can safely access your banking app (using your usual, trusted path), use in-app security controls.
    • Freeze your card (if available), sign out of other sessions/devices, and check “profile/settings” for any changes you didn’t make.
    • If anything looks off or you’re unsure your device/email is safe, stop and rely on the fraud team instead.
  3. Secure your email account (because it often controls password resets).
    • Change your email password from a known-safe device.
    • Turn on two-step verification for email.
    • Check for mail forwarding rules/filters, recovery email/phone changes, and recent sign-ins you don’t recognise.
  4. Contact your mobile network provider (using a trusted number) to check for SIM-swap/number-porting.
    • Ask whether any SIM swap, eSIM activation, or port-out/PAC activity was requested or completed.
    • Ask them to secure the mobile account with stronger checks (for example, an account passphrase/PIN) and add any protections they offer against number changes.
    • Reset your voicemail PIN if you have one (voicemail can be used to intercept codes).
  5. Only once the bank confirms you’re back in control, refresh your banking security.
    • Change your banking password from a clean device.
    • Remove unknown devices/sessions (if shown).
    • If your bank offers alternatives to SMS for sign-in approval, consider enabling them.
  6. Write down a clean timeline and keep proof.
    • Note the time/date of the alert, what the bank confirmed, what was changed, and any transactions/payees you didn’t recognise.
    • Save screenshots of alerts and account-change notifications.
  7. If money has left your account or you suspect wider identity misuse, report it.
    • England/Wales/Northern Ireland: report fraud via Action Fraud.
    • Scotland: report via Police Scotland (their non-emergency route).
    • Consider Cifas Protective Registration if you’re worried someone is using your identity to open or take over accounts.

What can wait

  • You don’t need to decide today whether to switch banks, close every account, or replace your phone.
  • You don’t need to change every password you’ve ever had — focus first on banking, email, and your mobile number.
  • If your bank doesn’t put things right, you can use the bank’s complaints process and (after the bank’s final response, or if it’s delayed) escalate to the Financial Ombudsman Service.

Important reassurance

This is a common pattern in account-takeover attempts, and quick action usually limits the damage. Feeling shaky, angry, or embarrassed is a normal response — the useful move is locking things down step by step.

Scope note

These are first steps to regain control and prevent further loss. Later steps (like longer-term identity protection or formal disputes) depend on what your bank finds and what activity occurred.

Important note

This is general information, not legal or financial advice. If you believe you’re in immediate danger, call emergency services. For refunds and formal disputes, follow your bank’s fraud process and keep records of everything you report.

Additional Resources
Support us