'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
What to do if…
you realise you shared your bank login or one-time code and think your account is at risk
Short answer
Contact your bank immediately using a verified number (back of your card or in-app support) and tell them you shared your login/one-time code. Ask them what they can lock, stop, cancel, or recall right now while you reset passwords from a clean device.
Do not do these things
- Do not share any more codes, passwords, PINs, or “approve” any prompts you didn’t initiate.
- Do not trust caller ID, links in texts/emails, or numbers a caller gives you — use a verified number from your card or official app.
- Do not send money to a “safe account” or to someone claiming they can “secure” it for you.
- Do not install remote-access apps or screen-sharing tools because someone “needs to help you fix it”.
- Do not delete messages, emails, screenshots, or call logs yet — save them for your bank and reports.
- Do not wait to “see what happens” — act as if access is compromised until your bank confirms otherwise.
What to do now
-
End contact with the scammer and contact your bank the safe way.
Hang up/close the chat. Then call the number on the back of your debit/credit card (or use your bank’s official app). Ask for the fraud department. -
Ask your bank for immediate containment actions.
Say plainly: “I shared my online banking login / a one-time passcode. I think my account is at risk.” Ask them to:- lock online/mobile banking and force credential resets
- block further outgoing transfers where possible
- review and remove new payees/recipients and any new devices or profile changes
- check pending transactions and tell you what can be stopped, cancelled, reversed, or recalled
- issue new cards/account numbers if they think details were compromised
If any money was sent by wire, ask for an immediate wire recall and ask what paperwork they need from you. Write down the case number and who you spoke with.
-
Secure your accounts from a clean device (starting with email).
- Change your email password first (email is often the reset route for banking).
- Then change your bank password and any security questions/PINs you can reset.
- Turn on (or reset) multi-factor authentication, and sign out of other sessions/devices.
- If you suspect someone took over your phone number (SIM swap/port-out), contact your mobile carrier and ask for added protections (for example, a port-out/SIM swap lock or extra verification).
-
Check for “fast fraud” routes and shut them down.
Look for (and report to your bank immediately):- transfers you didn’t authorize, scheduled payments, or added recipients
- changes to your phone/email/address on the account
- new digital wallet provisioning or other card activity you don’t recognize
If the scam involved a payment app, contact that provider’s fraud support too.
-
Create an official report and recovery plan.
- File at IdentityTheft.gov (FTC) to get a tailored recovery plan and report.
- If funds were moved online (especially wires), report to the FBI’s IC3 as soon as you can. (If it involved a wire, reporting quickly can support recall efforts.)
-
Protect your credit if personal info may have been exposed.
- Consider a credit freeze or a fraud alert with the three nationwide credit bureaus (Equifax, Experian, TransUnion).
- Practical difference: a freeze typically means contacting all three bureaus; a fraud alert can be placed with one bureau, which then notifies the other two.
- If you’re worried about new bank accounts being opened in your name, consider a ChexSystems security freeze.
What can wait
- You don’t have to decide right now whether to close every account — first get the account contained and activity reviewed.
- You don’t need to negotiate with the scammer or “prove” anything to them — stop contact.
- You don’t need to produce a perfect timeline immediately — start with the essentials (what you shared, when, and what changed).
Important reassurance
Scammers engineer urgency and confusion to make normal, careful people act fast. Sharing a one-time code or login under pressure happens — taking quick containment steps now is the right move and can limit damage.
Scope note
This is first-step guidance to stabilise the situation and reduce immediate risk. Next steps (disputes, documentation, longer-term monitoring) depend on what your bank finds and what transactions occurred.
Important note
This is general information, not legal or financial advice. If you believe you’re in immediate danger or being threatened, contact emergency services.