'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
us Money & financial emergencies bank contact details changed • phone number changed on bank • email changed on banking app • bank profile updated without me • bank says details were changed • account takeover banking • online banking hacked • someone accessed my bank account • bank security alert contact change • unexpected security notification bank • sim swap and bank access • number porting scam banking • email account compromised banking • one time codes intercepted • new device on bank account • unauthorised account settings change • bank login stolen • debit card unauthorized transfer • identity theft banking alert What to do if…
What to do if…
your bank alerts you that your phone number or email was changed without your consent
Short answer
Call your bank immediately using a trusted number (on the back of your card or the bank’s official website), report an unauthorized contact-information change, and ask them to secure the account and stop transfers while you regain control.
Do not do these things
- Do not click links or call phone numbers included in the alert text/email (use a number you look up yourself).
- Do not share one-time passcodes, person-to-person payment verification codes, PINs, or online banking login details with anyone.
- Do not “fix” the issue by replying to the alert or resetting through a message link.
- Do not keep signing in from the same device if you suspect your email/phone/device is compromised.
- Do not delay because “nothing is missing yet” — contact-info changes are often used to take over the account next.
What to do now
- Call the bank’s fraud department via a trusted number. Ask them to:
- Lock online/mobile banking and require extra verification before any future profile changes.
- Undo the phone/email change and confirm the contact details on file.
- Stop/cancel pending transfers (including P2P transfers if still pending) and review recent activity.
- Check for new payees, linked external accounts, new devices, new cards, address changes, and statement settings (like paperless) and remove anything you didn’t authorize.
- Set a safe callback procedure (so you can ignore unexpected calls) and give you a case number.
- If money moved or the bank believes the account is compromised, ask what needs replacing.
- This may include a new card number, a forced password reset, and sometimes a new account number (which can affect autopay and direct deposits).
- Ask how to submit a dispute for any unauthorized electronic transfers through the bank’s error-resolution process.
- Secure your email account immediately (it often controls password resets).
- Change your email password from a known-safe device.
- Turn on multi-factor authentication for email.
- Check for forwarding rules/filters, recovery email/phone changes, and unfamiliar logins.
- Contact your mobile carrier to check for SIM swap / number porting.
- Ask whether a SIM change, eSIM activation, or port-out was requested or completed.
- Add stronger security to the carrier account (account PIN/passphrase and any port-out protections they offer).
- Reset voicemail/security PINs if applicable.
- If you suspect identity theft beyond this one bank, protect your credit.
- Consider placing a credit freeze with each of the three major credit bureaus (so new credit is harder to open in your name).
- If you’re not ready for a freeze, a fraud alert is another option.
- Report identity theft if it appears broader than just your bank login.
- Use IdentityTheft.gov to create a recovery plan and documentation you can use for disputes.
- Keep a tight record.
- Save screenshots of alerts, write down dates/times, who you spoke to, what was changed, and every transfer or linked account you didn’t recognize.
What can wait
- You don’t have to decide today whether to close every account or change banks.
- You don’t need to replace your phone immediately unless your carrier confirms a SIM-swap/port-out or you see persistent compromise signs.
- You don’t need to change every password right now — focus on banking, email, and your mobile number first.
Important reassurance
Unauthorized contact-detail changes are a known takeover tactic, and acting quickly often prevents losses. Feeling rattled is normal — the practical goal is to re-establish control and stop any money movement.
Scope note
These are first steps only. Next steps depend on what the bank finds (for example, formal disputes, documentation, and longer-term identity protection).
Important note
This is general information, not legal advice. If you believe you’re in immediate danger, call 911. Follow your bank’s official fraud and error-resolution process and keep copies of everything you submit.
Additional Resources
- https://www.consumerfinance.gov/rules-policy/regulations/1005/
- https://www.consumerfinance.gov/rules-policy/regulations/1005/6
- https://www.consumerfinance.gov/rules-policy/regulations/1005/11
- https://www.consumerfinance.gov/compliance/compliance-resources/deposit-accounts-resources/electronic-fund-transfers/electronic-fund-transfers-faqs/
- https://consumer.ftc.gov/articles/credit-freezes-and-fraud-alerts
- https://www.identitytheft.gov/Steps?scroll=true
- https://www.usa.gov/credit-freeze
About this guide
PanicStation.org guides are written as plain-English first steps, then reviewed for clarity, jurisdiction, and source quality. If you notice an error, outdated information, unclear wording, or a broken link, please contact us.