Is a notification that my online banking password was recently changed something I should worry about?
If you did not change it, treat this as an urgent security incident — someone may have accessed your account and changed the credentials.
Last reviewed: 1 June 2026
Explanation
An unexpected password change notification from your bank is a serious warning sign. This can indicate that a scammer obtained your login credentials through phishing, credential stuffing, or data breach and has changed the password to lock you out. If the notification arrives by email or SMS and you are unsure whether it is genuine, do not click any link in it. Instead, immediately call your bank using the number on your card and report the situation. Ask them to freeze the account while the access is investigated. Change any other accounts that use the same password and enable two-factor authentication on all financial accounts. Prompt action can significantly limit the damage.
Common red flags
- Password change confirmation you did not initiate
- Bank notification followed by a call from 'fraud prevention' asking for your details
- Inability to log in to your account with your existing password
- Transaction alerts for payments you did not make
What to do now
- Call your bank immediately using the number on the back of your card
- Ask to freeze the account while access is investigated
- Change the email address password associated with your banking account
- Enable two-factor authentication on all financial and email accounts
Frequently asked questions
How did someone get my banking login in the first place?
Common routes include phishing emails, credential stuffing from breached third-party sites, or malware on your device. Change all passwords that match your banking password on other sites.