5 Key Signs You’ve Been Hacked — and What To Do Next To Protect Your Money
Written by
Gabriel Vito
Edited by
Zuri Anderson
Commitment to Our Readers
GOBankingRates' editorial team is committed to bringing you unbiased reviews and information. We use data-driven methodologies to evaluate financial products and services - our reviews and ratings are not influenced by advertisers. You can read more about our editorial guidelines and our products and services review methodology.
20 Years
Helping You Live Richer
Reviewed
by Experts
Trusted by
Millions of Readers
You log into your bank account and your stomach drops. The balance isn’t what it was yesterday. It’s thousands of dollars lower, or maybe zero.
This is how many people first learn they’ve been hacked. It happens fast. Americans lost more than $12.5 billion to fraud in 2024, a 25% jump from the year before, according to the Federal Trade Commission.
A hack can drain your accounts and wreck your finances. But spotting the signs early and acting quickly can stop the damage.
Red Flags That You’ve Been Hacked
The warning signs often start small. Here are some of the most common:
- Unfamiliar login alerts
- Locked or altered accounts
- Unexpected password reset emails
- Small, suspicious transactions
- Missing security alerts
Phishing is one of the main ways these attacks begin. This is when scammers impersonate trusted sources to get you to click fake links or give up sensitive information.
“Phishing has reached epidemic proportions with the proliferation of cheap, easily accessible generative AI tools that have helped cyber criminals polish and automate their attacks,” said Diana Rothfuss, global solutions strategy director at SAS.
Hackers may also quietly change your email or phone number to intercept alerts. Aimee Simpson, director of product marketing at Huntress, advises regularly checking bank statements and security notifications and using strong passwords and multi-factor authentication (MFA).
How to Protect Yourself Before It Happens
“Reviewing transactions for suspicious activity, while prudent, only helps you catch fraud after it’s occurred. Taking a more proactive approach to fraud prevention that involves layering defenses is much more effective,” Rothfuss noted.
Enable two-factor authentication through an authenticator app. Use strong, unique passwords. Turn on account alerts and consider freezing your credit when it’s not in use.
“Verizon’s 2025 Data Breach Investigations Report found that stolen credentials were the No. 1 method attackers used to breach accounts,” Rothfuss said. “That illustrates why it is so important to never reuse passwords.”
Tools That Can Help Protect You
Good security habits are the first line of defense, but you don’t have to protect yourself alone. As hacks and scams grow more sophisticated, so do the tools designed to stop them. Several reputable services can help monitor your personal data and alert you to suspicious activity.
Companies like Aura and IdentityForce offer identity theft protection plans that can flag fraudulent activity and data breaches tied to your personal information. Credit bureaus such as Experian also provide credit monitoring tools that can warn you if new accounts are opened in your name.
What to Do If You’ve Been Hacked
Even strong security can’t stop every attack. If you’re hit, it’s best to act fast.
These steps, inspired by guidance from the Federal Trade Commission (FTC), can help limit the damage if your accounts are hacked.
According to the FTC, if you get hacked, recovery starts by changing your passwords from a secure device, enabling multi-factor authentication and logging out of other active sessions. Then contact your bank or financial institutions using only official contact information. If fraud has occurred, ask them to close or freeze the affected accounts to prevent new charges.
Next, place a fraud alert with one of the three credit bureaus. That company must notify the other two. A fraud alert makes it harder for someone to open new accounts in your name, and it lasts for one year. You can also freeze your credit, which blocks most new credit inquiries entirely until you lift the freeze. Then, review your credit reports for suspicious accounts or transactions.
Finally, report the incident to the FTC at IdentityTheft.gov. You’ll get a personalized recovery plan and additional steps based on your situation.
“Fake emails and calls from banks alerting you to fraud is a common phishing scam tactic — so don’t act in a panic,” Simpson warned. “Take a breath, calm down and navigate independently to your bank’s website to get in touch or ring them back on a number you’ve verified for yourself.”
And don’t stop there. Keep monitoring your accounts for weeks after an attack. According to the Consumer Financial Protection Bureau, thieves sometimes make small charges first to test the waters before taking larger amounts.
More From GOBankingRates
