'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
us Technology & digital loss email account recovery changed • recovery email changed • recovery phone number changed • email account hacked • someone changed my recovery details • locked out of email • suspicious sign in alert • password reset i did not request • email forwarding turned on • inbox rules changed • account security settings changed • two factor changed • attacker still has access • compromised email account • i think my gmail was hacked • outlook account hacked • yahoo mail hacked • phishing link clicked • sim swap concern • recovery codes missing • devices signed in i don’t recognise What to do if…
What to do if…
your email account recovery email or phone number is changed without your consent
Short answer
Assume takeover: use the email provider’s official account-recovery process immediately, then secure the account (new password + sign out everywhere + MFA) and remove any forwarding/rules the attacker added.
Do not do these things
- Don’t click “security alert” or “reset password” links from messages you weren’t expecting — go to the provider by typing the address or using the official app.
- Don’t keep retrying passwords/codes over and over — repeated failures can trigger lockouts and slow recovery.
- Don’t call “support” numbers from search ads or popups, and don’t pay anyone to “recover” your account.
- Don’t assume changing your password is enough — attackers often add forwarding, rules, or third-party app access.
- Don’t rush to delete the account while you’re still trying to regain control — you may lose evidence and access to critical resets.
What to do now
- Switch to a safer setup (2 minutes). Use a trusted computer/device and trusted network. If you suspect your phone number was compromised, do recovery from a computer first.
- Start recovery via the provider’s official recovery flow (now). Look for “secure a hacked account,” “account recovery,” or “can’t sign in.” If you can sign in, go straight to Security settings and review changes.
- If you can get in: secure the account in the safest order.
- Change your password to a strong, unique one.
- Sign out of all other sessions/devices (“log out everywhere”).
- Remove unknown recovery email/phone and add only ones you control.
- Enable MFA (authenticator app or passkeys if available) and create backup/recovery codes. Store offline.
- Look for attacker “persistence” inside the mailbox (don’t skip).
- Disable any forwarding you didn’t set.
- Remove suspicious filters/rules (auto-forward, auto-delete, mark-as-read).
- Review connected apps / third-party access and revoke anything you don’t recognize.
- Check sign-in history for unknown devices/locations and remove them where possible.
- Protect other accounts that use this email (15–30 minutes).
- Start with banking, payment apps, retailer accounts with saved cards, mobile carrier, cloud storage, social media.
- Change passwords and confirm recovery email/phone are yours (not the attacker’s).
- If you suspect a SIM swap or phone-number takeover: contact your mobile carrier using the number on your bill or the carrier’s official website and ask about recent SIM/line changes. Request stronger account protections (carrier-specific options vary).
- Report and document if it’s more than “just email.”
- If identity theft is a concern, report at IdentityTheft.gov and follow the step-by-step recovery plan.
- If money was lost or this was part of a scam, file a complaint at the FBI’s Internet Crime Complaint Center — use only the official ic3.gov site (avoid lookalike “support” portals).
What can wait
- You don’t need to prove how the attacker got in before securing the account.
- You don’t need to notify everyone immediately — first stop forwarding/rules and regain control.
- You don’t need to rebuild every account today — prioritize accounts that can be reset via email and anything tied to money.
- You don’t need to decide today whether to abandon the email address — that’s a later decision if recovery fails or trust is lost.
Important reassurance
This is a common takeover pattern, and feeling “behind” is normal. The fastest way to stop the damage is to regain control through official recovery, then remove forwarding/rules and sign out other sessions so the attacker can’t keep using your inbox.
Scope note
This is first-step, damage-limiting guidance. If recovery fails, the next phase is provider escalation (if available) and migrating critical accounts to a new email with strong MFA.
Important note
This is general information, not legal or professional advice. If you are in immediate danger or believe a crime is actively in progress, contact local authorities. Use only official provider and government reporting channels.
Additional Resources
- https://consumer.ftc.gov/how-recover-your-hacked-email-or-social-media-account
- https://www.identitytheft.gov/
- https://www.ftc.gov/news-events/topics/identity-theft/report-identity-theft
- https://www.ic3.gov/
- https://www.fbi.gov/investigate/cyber
- https://support.google.com/accounts/answer/6294825?hl=en