When an Account Is Compromised: A First-Response Guide for Parents and Caregivers

Account hacked? Bank, email, phone, or social media compromised? What you do in the first hour matters. This practical guide walks parents and caregivers through a calm, step-by-step first response to contain damage, preserve evidence, protect finances and identity, and regain control. No fear tactics, just clear actions that can help to mitigate the damage when it counts most.

Discovering that an online account has been hacked and/or taken over can feel overwhelming. This guide walks parents and caregivers through a quick first-response sequence designed to contain damage, preserve evidence, and restore control as quickly as possible.

Credit Cards, Bank Accounts, Apple ID, Google Account, Email, and Phone Number Compromises

Step 1: Pause Briefly and Preserve Evidence

Before resetting devices or changing passwords, take a short moment to document what you are seeing.

Banks, platform support teams, and law enforcement may ask for proof of compromise. Resetting too early can erase valuable information.

What to do:

Screenshot suspicious login alerts, password reset emails, unknown devices, and fraudulent transactions

Save related emails as PDFs

• Write down when you first noticed the issue

• Which accounts were affected

• What actions you took and when

This step should take no more than 10 minutes and can make recovery much easier later.

Step 2: Secure Money and Payment Methods First

Financial damage can escalate quickly if attackers retain access.

What to do:

• Call your bank immediately

• Cancel compromised credit or debit cards

• Request new cards

• Enable two-factor authentication if not already active

• Turn on transaction alerts for small amounts, such as $50

If a card was used fraudulently, do not wait to see what happens. Early reporting matters.

Step 3: Protect Your Credit Profile

Once immediate financial risk is contained, protect against identity misuse.

What to do:

• Contact Equifax https://www.equifax.ca/personal/  and TransUnion https://www.transunion.ca/ 

• Report the compromise

• Ask about placing a fraud alert on your file

• Request guidance on credit monitoring

This helps prevent new accounts or loans from being opened without your knowledge.

Step 4: Secure Your Primary Email Account

In most account takeovers, email is the control centre. If an attacker controls email, they can reset nearly everything else.

What to do:

• Change your email password immediately

• Enable strong two-factor authentication

Review:

• Account recovery email addresses

• Phone numbers

• Mail forwarding rules

• Auto-delete or archive rules

• Remove anything you do not recognize

Secure email before resetting other accounts whenever possible.

Step 5: Lock Down Your Phone Number

SIM-swap attacks allow attackers to intercept verification codes and password resets.

What to do:

• Call your mobile provider

• Request a new SIM card

• Change your phone number if advised

• Add a carrier-level PIN or security note

If attackers control your phone number, other security steps can fail.

Step 6: Invalidate Active Sessions Everywhere

Changing a password alone does not always remove attackers.

Attackers often remain logged in through active sessions, trusted devices, or third-party app connections.

What to do:

Use “Sign out of all devices” or “Log out of all sessions” on:

• Email accounts

• Social media

• Apple ID or Google account

• Review connected apps and revoke access you do not recognize

This cuts off silent persistence.

Step 7: Reset Compromised Devices Safely

If there is any concern your phone or tablet was compromised, a full reset is often the safest option.

iPhone

If you can access the device

• Settings → General → Transfer or Reset iPhone

• Erase All Content and Settings

IMPORTANT NOTE - Remember a full factory reset will delete all your contacts, pictures, and video that you have on your phone. Save important content to your cloud account before conducting your factory reset. Read Step 8 below before uploading from your cloud account.

If you cannot access the device

• Use a computer with Finder or iTunes

• Enter recovery mode based on model

• Choose Restore, not Update

Activation Lock will require the original Apple ID afterward.

Android

If you can access the device

• Settings → System → Reset options

• Erase all data (factory reset)

If locked out, use recovery mode to wipe data

Remember, Factory Reset Protection requires the original Google account credentials.

Step 8: Restore Carefully From Backups

After a reset, restoring everything automatically can reintroduce problems.

What to do:

• Review cloud backups carefully

• Avoid full device restores if the source of compromise is unclear

• Reinstall apps manually where possible

This is especially important for teens who use many third-party apps.

Step 9: Secure Apple ID or Google Account and Linked Services

Once devices are clean, focus on account recovery.

Apple ID

• Visit https://account.apple.com/  and remove unfamiliar devices

• Reset your password iforgot.apple.com

• Enable two-factor authentication

• Contact Apple Support if recovery stalls https://support.apple.com/

Google Account

• Visit myaccount.google.com

• Remove unfamiliar devices

• Reset your password

• Enable two-step verification

• Review recovery email and phone

• Remove unknown connected apps

Then change passwords for all linked services using strong, unique credentials. A reputable password manager can help.

Step 10: Check Other Household Accounts and Devices

Compromises often spread through shared credentials and networks.

What to do:

• Change your home Wi-Fi password

• Update router firmware

Review:

• Family sharing accounts

• Shared cloud storage

• Parent and sibling email accounts

Do not assume only one account was affected.

Step 11: Report the Fraud

Reporting helps protect both your family and others.

What to do

• File a report with the Canadian Anti-Fraud Centre https://antifraudcentre-centreantifraude.ca/report-signalez-eng.htm

• Contact your local police using the non-emergency line

• Keep reference/case numbers and copies of reports

This step is often overlooked but matters.

Step 12: Monitor for Ongoing Activity

Recovery does not end once access is restored.

What to do:

• Watch for unusual login alerts

• Review account activity regularly

• Follow up with support teams if anything looks off

Some compromises unfold in stages.

Step 13: Set Up Early-Warning Alerts

Monitoring helps detect misuse of your identity after the incident.

What to do:

Create Google Alerts google.com/alerts for:

• Your full name

• Your phone number

• Watch for fake profiles, marketplace listings, or impersonation

A Note for Parents Guiding Teens

Check teen-specific accounts carefully, including:

• Gaming platforms with stored payment methods

• Messaging apps

• School or education portals

Teens are often targeted through phishing inside games or fake moderation messages. Walk through each step together. Calm, steady leadership matters.

How to Report a Social Media Account Takeover

If a social media account has been taken over, reporting it properly matters. Platforms prioritize reports that follow their specific compromise workflows. Using the wrong form or trying to fix things informally often delays recovery.

First: What to Do Before You Report

Before contacting any platform:

Take screenshots of:

• Login alerts

• Password reset emails

• Messages sent from your account that you did not write

• Profile changes you did not make

• Note the date and time you lost access.

• Do not create a new account to replace the compromised one yet. That can complicate verification.

Reporting by Platform

Instagram (meta)

Use Instagram’s hacked account process, not the standard help form.

Steps:

• Go to the Instagram app or website

• Select Forgot password

• Choose Someone hacked my account

Follow identity verification steps, which may include:

• Confirming your email or phone number

• Submitting a selfie video to prove identity

If you can still log in:

• Secure the account

• Review login activity

• Revoke unfamiliar sessions

Facebook (meta)

Facebook treats account takeover as a security incident.

Steps:

• Visit Facebook’s account recovery page

• Select Someone else accessed my account

Follow prompts to:

• Secure your email

• Reset your password

• Review recent activity

If locked out:

• Complete the identity verification process

• Upload government ID only through official Facebook prompts

TikTok

TikTok account takeovers often involve email or phone number changes.

Steps:

• Open TikTok

• Go to Report a problem

• Select Account and profile

• Choose Hacked account

Submit details including:

• Username

• Original email or phone number

• Date of compromise

Follow up through TikTok’s security email if prompted.

Snapchat

Snapchat compromises are common through phishing attacks.

Steps:

• Visit Snapchat Support

• Choose I think my account was hacked

• Submit the hacked account form

Provide

• Username

• Email

• Phone number

• Approximate date of compromise

Snapchat may temporarily lock the account during review. This is normal.

YouTube / Google Account

YouTube account takeovers are handled through Google security recovery.

Steps:

• Go to Google Account Recovery

• Select I think someone else is using my account

• Follow identity verification steps

Review:

• Devices

• Third-party app access

• Channel permissions

If a teen’s channel is involved, use the family manager account if applicable.

What to Include in Your Report

Platforms respond faster when reports include:

• Clear confirmation the account was taken over

• Approximate time of compromise

• Changes you did not authorize

• Proof of original ownership if requested

Avoid emotional explanations. Stick to facts.

What Not to Do

• Do not negotiate with the attacker.

• Do not pay to get the account back.

• Do not rely on “recovery services” found online.

• Do not post publicly asking for help from strangers claiming to be platform staff.

These are common secondary scams.

If the Account Belongs to a Teen

Parents should:

• Report using the teen’s account details

• Preserve evidence before the account is locked

• Check linked gaming, messaging, and school accounts

• Monitor for impersonation or misuse of images

Walk through the process together. Teens often panic and make mistakes under pressure.

After Reporting

• Monitor your email closely for platform responses

• Reply quickly and clearly

• Keep all reference numbers and confirmation emails

• Expect recovery to take days, sometimes longer

Remember, persistence matters when it comes to these social media platforms.  Also, understand that it could take a social media platform days or even weeks to recover your account.

Online safety is not about fear. It is about preparedness. When parents and caregivers know what to do, even serious incidents become more manageable.

If you are guiding a teen through this process, walk through each step together. Calm leadership is one of the most powerful tools we have in digital spaces.

Digital Food For Thought

The White Hatter

Facts Not Fear, Facts Not Emotions, Enlighten Not Frighten, Know Tech Not No Tech