I gave a scammer my bank login credentials — what should I do?
Act immediately: call your bank's fraud line right now, change your password, and ask them to lock your account. Every minute counts when your login is compromised.
Last reviewed: 10 June 2026
Explanation
Handing over bank login credentials — whether through a fake website, a phishing email, or a tech-support call — is one of the most serious account compromises you can experience. A scammer with your username and password can log in, transfer money, change your contact details so you stop receiving alerts, add themselves as a payee, and potentially take out loans against your name.
Call your bank's 24-hour fraud or security line right now. Do not use any phone number the scammer gave you — look up the number on your card or the bank's official website. Ask them to lock your online banking access, reverse any unauthorized transactions, and issue you new account numbers if money has already moved. Request that they flag your account for elevated monitoring.
If you used the same password on other sites (email, PayPal, Amazon), change all of them immediately. Criminals who harvest credentials often sell them in bulk or test them across many services — this is called 'credential stuffing.' Enable two-factor authentication on every financial account. Use a unique, strong password for each site; a password manager makes this practical.
Check your credit reports at annualcreditreport.com for any new accounts opened in your name. Consider placing a free fraud alert or credit freeze with the three major bureaus — Equifax, Experian, and TransUnion — to prevent new credit from being opened. Report the incident to the FTC at IdentityTheft.gov for a personalized recovery plan.
Common red flags
- Email or text claiming your account is 'suspended' with a link to log in
- Tech support caller who asks to 'verify' your login over the phone
- Pop-up warning you to call a number before your device is locked
- Caller ID spoofed to show your bank's real number
- Website URL that looks like your bank but has a subtle misspelling
- Someone asking for a one-time passcode sent to your phone
What to do now
- Call your bank's fraud line immediately using the number on your card
- Ask the bank to lock your account and reverse unauthorized transactions
- Change your banking password and enable two-factor authentication
- Change the same or similar password on all other accounts
- Check your credit report at annualcreditreport.com
- Place a fraud alert or credit freeze with all three credit bureaus
- Report to IdentityTheft.gov for a personalized recovery plan
Frequently asked questions
Can the bank recover money the scammer transferred after getting my login?
Transactions made using your own credentials are typically treated as authorized unless you report them quickly. Many banks do reimburse victims of account takeover fraud — especially if you report before the money leaves the banking system.
What is two-factor authentication and should I use it?
Two-factor authentication (2FA) requires a second proof of identity — usually a one-time code sent to your phone — in addition to your password. It stops most account takeover attempts even when your password is stolen. Enable it on every financial account.