What To Do If Someone Has Your Bank Details
If a scammer has your account number, sort code, or banking login details, act quickly to limit exposure and protect your account.
Last reviewed: 1 June 2026
First 10 minutes
- Call your bank immediately using the number on the back of your card or in your banking app
- Tell them exactly what details may have been exposed
- Ask them to add a fraud alert and enhanced monitoring to your account
- If your online banking login was exposed, change your password and PIN from a clean device
- Ask whether any transactions have been initiated that can be blocked
First 24 hours
- Check your account balance and recent transactions for anything you do not recognise
- Dispute any unauthorised transactions immediately
- Enable transaction notifications if not already on
- Report to your national fraud service
- If you shared details on a fake website or in response to a phishing message, report that as well
Contact your bank or payment provider
- Alert your bank immediately — they can place extra verification on outbound payments
- Ask whether you need a new account number or only enhanced monitoring
- Confirm how to dispute any fraudulent transactions if they appear
- Ask about setting a verbal password or passphrase for phone banking
Evidence to preserve
- Note exactly what details were shared: account number, sort code, login credentials, or full card number
- Record how they were shared — phishing page, phone call, message, or other
- Save any messages or instructions that led to the disclosure
- Keep records of all contact with your bank about the incident
Secure your accounts and devices
- Change online banking passwords and PINs from a clean device
- Enable two-factor authentication on your online banking if available
- Remove any saved payment methods from websites or apps where your credentials were exposed
- Set up transaction alerts to catch any unauthorised activity quickly
- Check credit reports for any new accounts or credit applications in your name
Report it
- Report to your national fraud/cybercrime service
- Report to the platform, bank, or provider involved
- Keep any reference numbers you're given
What counts as 'bank details' matters for assessing your risk. An account number and sort code (or routing number) on their own have limited misuse potential — they are used to send money to you, not to take it. However, combined with a name and address, they can be used in authorised push payment fraud or direct debit fraud.
Banking login credentials are a higher risk: with username and password (and sometimes a one-time code), a fraudster can access your account directly. If login details were shared, treat it as an urgent account takeover risk and contact your bank immediately.
Your bank can add monitoring, block suspicious outbound transactions, and guide you through securing the account. Act quickly and keep a record of everything you tell them.
Frequently asked questions
Is an account number and sort code enough to steal money from me?
On its own, unlikely — these details are used to send money to you, not take it. However, they can be combined with other data for direct debit fraud or targeted social engineering. Tell your bank so they can monitor.
Someone has my online banking login — what do I do?
Call your bank immediately and change your password from a clean device at the same time. This is a high-risk situation — banking logins can be used to move money, change contact details, or set up payments.
Do I need a new bank account?
Not necessarily. Your bank can assess the risk based on what was exposed. In most cases, enhanced monitoring and a password change are sufficient. A new account number may be recommended if the risk is high.
I gave my bank details to someone I trusted — they turned out to be a scammer. What now?
Contact your bank immediately and explain what happened. Treat it the same as any other exposure — your bank cannot distinguish how the details were shared, only that they may now be at risk.