Recover from hacked online shopping account

The ability to access your payment information and fraudulently buy goods makes online shopping accounts a popular target for cyber criminals. If you suspect your account has been hacked you need to act fast!

We want to better understand the impact of you experiencing this issue, can you share your experience by filling in this online form? This will help us better protect future victims.

Hacked online shopping account - Do this first!

  1. Contact your bank - let your bank know that an online shopping account has been accessed and that your payment details may have been stolen. They will likely cancel your cards and reissue, as well as monitoring your account for fraud.

  2. Change your password - if you can still log into your account then follow the usual process to reset your password. Make this a strong password that you have never used before.

  3. Turn on two-factor authentication - almost all good shopping accounts now give you the option to turn on two-factor authentication. Turn this on now. This site will help you understand what it is and tell you how to turn it on.

  4. Change your log in details to other sites that use the same - or similar - username and password - any other online accounts with the same or similar log in details need to be changed immediately. It is highly likely that a cyber criminal will check other popular sites as soon as they get into your account.

  5. Report the unauthorised access to the online store - Let the provider know your account was hacked and they will follow an evidence preservation procedure at their end. Useful if you need it in a legal case later.

Approaches to dealing with a hacked online shopping account

Follow these steps now you have changed your password and turned on two-factor authentication:

  1. Check your account security settings - go into your accounts settings and find the security settings area. Check what devices and apps are connected and disconnect any you don’t recognise. Check recent log ins and screenshot the information of unauthorised log ins - most provide time, date, IP address, browser type and device type.

  2. Scan your devices for malware - there are a number of ways the perpetrator may have got your log in details - from a past breach (you can check known breaches here), guessed it, seen you type it in or you may have told them in the past. However, they could also have malicious software on one of your devices that gives them access to what you type into websites. Scan all of the devices you use to access your account with an anti-virus solution and remove any malware.

  3. Check your account activity & settings - try to gain a picture of what the cyber criminal did when they had access to your account. Check your purchase history, delivery addresses etc.

  4. Set up a recovery email - if you haven’t already set up a recovery email or phone number go to your settings and do this now. If you get hacked in future and get locked out of your account this will give you a way back in.

  5. If you are completely locked out - if you have been completely locked out of your account then follow the providers account recovery process. If you have not set up the recovery process before you may need to raise a case with the provider and work to prove that you own the account.

Link to online shopping provider guidance

The following takes you to information and guides provided directly by popular shopping account providers: Amazon, eBay and Etsy.

Report the crime

If you are in England, Wales or Northern Ireland you should report all cyber crime to Action Fraud. In Scotland, you can see details of reporting to Police Scotland here.

How do I stop my online shopping accounts being hacked again?

  1. Get good at passwords - use strong password, use different passwords on each site, never share them and change them regularly. Use a password manager app to help you do this. See some good guidance here.

  2. Commit to two-factor authentication - two-factor is a way to improve your security drastically in one easy step. Use it on every site that offers it. You can get more information here.

  3. Be careful clicking or downloading - tricking you to share your password by sending you trick emails or texts is a really common way to have your passwords stolen. As is downloading attachments in email that contain malicious software. Be extremely careful when clicking online links or opening/downloading online attachments.

  4. Get secure - take time to improve your general online security. Use sites like Get Safe Online and Cyber Aware to understand what good security looks like and make changes.

Donate

To help people like you we rely 100% on donations from people like you.

Without donations we cannot keep our service free and provide help to the most vulnerable victims of cyber crime when they need it most. As a not-for-profit organisation, 100% of your donation goes towards keeping The Cyber Helpline up and running - so 100% goes towards helping people like you. Donate now and help us support victims of cyber crime. 

To help people like you we rely 100% on donations from people like you.