Recover After a Stolen Phone Account Takeover
What to do immediately after your phone is stolen and a thief uses it to take over your email, banking, or social media accounts.
Last reviewed: 1 June 2026
First 10 minutes
- Call your mobile network operator immediately to suspend your SIM and block the handset using the IMEI number
- From a different device, log in to your email account and force-sign-out all active sessions
- Change your email password first — this secures the gateway to password-reset flows for all other accounts
- Log in to your banking app from a different device and review for any unauthorised transactions or new payee additions
- Revoke access on any linked accounts accessible via mobile login (Apple ID, Google account) from their respective security settings
First 24 hours
- Work through your critical accounts — banking, email, social media — forcing sessions and changing passwords from a clean device
- Contact your bank's fraud team to flag the theft and request a temporary hold on transfers initiated from mobile
- File a police report for the stolen phone — this is required for insurance claims and may be requested by your bank
Contact your bank or payment provider
- Call your bank to report the theft and review the account for any transfers, new payees, or setting changes made after the phone was stolen
- Request that any payments made via mobile banking in the theft window be flagged for investigation
- Ask for a temporary enhanced authentication requirement on your account until new security measures are in place
Evidence to preserve
- Record the phone's IMEI number (found on the box or your network account) for the police report and network block request
- Note the approximate time the phone was stolen and any accounts that show suspicious activity in the window following
- Screenshot any unauthorised transactions, new payee additions, or account-setting changes across your accounts
Secure your accounts and devices
- Move critical accounts from SMS two-factor authentication to an authenticator app on a new device
- Audit which apps were installed on the stolen phone and which had saved passwords or biometric access
- Request a new SIM with a new number if the old number is being used to intercept SMS verification codes
Report it
- Report to your national fraud/cybercrime service
- Report to the platform, bank, or provider involved
- Keep any reference numbers you're given
A stolen phone is not just a hardware loss — it is a master key to any account protected by SMS two-factor authentication. Thieves increasingly target phones specifically to exploit this, using the device's biometric unlock or a visible PIN before banking and changing account details. Speed is essential.
Once your SIM is suspended and your email password is changed, the most urgent window for account takeover has passed. Work through your remaining accounts systematically. After recovering access, audit your two-factor authentication setup and migrate away from SMS-based codes where possible.
Frequently asked questions
The thief has disabled Find My Phone — can I still track it?
If Find My has been disabled, tracking via Apple or Google is no longer possible. Focus on suspension (SIM and IMEI block) and account security rather than device recovery. Provide the IMEI to police and your network operator — this remains useful for network-level blocking.
Should I reset my passwords from the stolen phone's iCloud or Google backup?
No — use a completely separate device. If the thief still has the phone active, resetting passwords from the same Google or Apple account while the phone is signed in may alert them or allow them to intercept the reset link via the phone.