'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
us Technology & digital loss account recovery alert • password reset i didn’t request • support channel scam • fake customer support • account takeover attempt • recovery email changed • recovery phone changed • unknown login recovery • account security notification • verification code request • 2fa prompt i didn’t trigger • helpdesk impersonation • hacked account warning • “support asked for code” • suspicious reset link • attacker contacting support • account recovery scam • urgent security alert message What to do if…
What to do if…
you get alerts that someone is trying to recover your account using support channels
Short answer
Assume an account takeover attempt: don’t respond to messages, and secure the account from the provider’s official site/app now (change password, confirm recovery info, enable MFA, and sign out other sessions).
Do not do these things
- Don’t click links or call numbers from the alert message — go to the provider directly using the official app or a typed URL.
- Don’t share MFA/2FA codes, backup codes, or “verification” numbers with anyone (including “support” contacting you).
- Don’t install remote-access or screen-sharing apps because someone says they’re helping you “secure” your account.
- Don’t disable MFA to stop repeated prompts.
- Don’t assume it’s safe because you can still log in — recovery attempts often come first.
What to do now
- Open the real service safely: use the official app or type the known website address yourself (support-channel scams often include lookalike “support” links).
- Change your password immediately:
- Make it unique and strong.
- If you reused it anywhere, change those accounts too (start with email, then financial).
- Secure the recovery channels (this is the main risk here):
- Check recovery email(s), phone number(s), and any “backup” options.
- Remove anything you don’t recognize and re-verify what’s yours.
- Sign out other sessions / revoke access:
- Use “sign out of all devices” / “log out everywhere” if available.
- Review connected apps and revoke anything unfamiliar.
- Enable or re-set MFA (2FA) and refresh backup options:
- If the provider offers an authenticator-app option, use it.
- Regenerate backup codes (if offered) and store them somewhere safer than your email inbox.
- Check your email account for hidden persistence (because it’s often the recovery key):
- Look for forwarding rules, filters, mail delegation, or additional recovery addresses you didn’t add.
- Remove suspicious rules and change the email password too.
- Contact official support through the provider’s help center (initiated by you):
- Use the provider’s official help pages from inside the app/site you opened in step 1.
- Tell them you’re receiving account recovery attempts and ask what extra verification or temporary security lock options they offer for account changes.
- If any financial account is involved (or saved payment methods exist on the targeted account):
- Contact the bank/card issuer via the number on your card or inside the official app.
- Ask them to review activity and add stronger verification for transfers and account-profile changes.
- If you shared a verification code, gave remote access, lost money, or got locked out:
- Report it to the FTC (ReportFraud.ftc.gov) and follow the IdentityTheft.gov steps if personal information was misused.
- If it’s cyber-enabled fraud/account takeover (especially with financial loss), file a complaint with IC3 as well.
What can wait
- You don’t need to “catch” the person or keep replying to gather info.
- You don’t need to update every account immediately — prioritize: email → the targeted account → banking/financial → other reused-password accounts.
- You don’t need to decide right now whether this rises to identity theft; focus first on locking down access and recovery.
Important reassurance
Attackers often try support-based recovery because it can bypass passwords. Securing recovery details, revoking sessions, and protecting your email usually stops the takeover quickly — even if the alerts were intense.
Scope note
This is immediate stabilization guidance. If you lose access, money is involved, or personal data was shared, you may need provider support and formal reporting/identity recovery steps.
Important note
This is general information, not legal, financial, or cybersecurity professional advice. If you can’t regain access or believe fraud occurred, use official provider recovery channels and consider filing reports with U.S. authorities.