First published: 20 Sep 2023
Last updated: 10 Nov 2023

Content written for

Individuals & families
Small & medium business
Large organisations & infrastructure

Bank accounts and online payment accounts are prized by cybercriminals because they can be used to steal money. Online payment accounts include things like PayPal, Afterpay and Zip Pay. Account compromise occurs when someone gets unauthorised access to your account and can act on your behalf. This is a guide for what to do if someone has compromised your bank account, online payment account or other financial account.

What are the signs that your bank account or online payment account has been compromised?

  • There is activity on your account that you don’t recognise, for example, purchases or transfers that you did not make.
  • You received an unexpected password reset notification.
  • You can’t log in to your account, even though you know the username and password you’re using are correct.
  • Your account shows a last login time, location, or device that looks wrong.
  • Your account provider alerts you to suspicious activity.
  • Your transactions are being declined when you should have enough money in your account.

An account is also compromised if its login details have been leaked, even if there has been no suspicious activity yet. This could happen if you accidentally forget to log out of an account on a public computer, if another account with the same password is compromised, if your login details were in a data breach or if you were tricked into providing your login details as part of a phishing attack. Whatever the cause, you should take the steps listed in this guide to secure your account.

Call if you need support.

The Australian Cyber Security Centre has a 24/7 Hotline: 1300 CYBER1 (1300 292 371).

Call now if you need additional support, and in the meantime, keep calm and read this guide. It steps you through what you can do right now to limit the damage.

Call your bank, online payment platform or financial institution immediately and inform them that you suspect your account has been compromised. Follow their guidance on securing your account and freezing any affected accounts or cards.

Online payment accounts are usually linked to a bank account or credit card. If you suspect your online payment account has been compromised, you will need to contact both your online payment platform and the bank that issued any linked credit cards or bank accounts.

If you are not satisfied with the response from your account provider, you can seek free advice from the Australian Financial Complaints Authority

If you have lost money, do not accept offers from third parties to help you get it back; this is a common tactic used by scammers to steal more money from you.

It is important that you change your account password, as it’s possible your old password has been compromised. Contact your bank if you need assistance changing your password. It is best practise to change your password or passphrase by logging into your account’s online platform or application directly. Avoid clicking on password or passphrase reset links you receive by email or message because fake reset links are commonly sent by cybercriminals.

The ACSC has published guidance on using password managers and creating unique passphrases, a strong type of password.

If a cybercriminal has access to your bank account, they might have access to your other accounts too. Look for suspicious activity on your other accounts, starting with the most important ones, for example, your email account. Your other accounts are at particular risk if they share the same password as your compromised bank account. Make sure your passwords are all unique. The  ACSC has published advice on using password managers and creating unique passphrases, a strong type of password.

Do you know how your account was initially compromised?

If you don’t, cybercriminals may have used malware to steal the username and password for your account. Refer to the ACSC’s guidance on removing malware.

Make a record of the key details of the incident, including details of what happened, when it happened, what you think may have led to the incident, and the steps you took in response. Using your record, report the incident to the appropriate authorities:

  1. Use ReportCyber to report the incident to the ACSC and the relevant police jurisdiction.
  2. If the cybercriminal used a scam to access your account, or if they used your account to scam other people, report the incident to Scamwatch.
  3. Report the incident to your bank or financial institution in the event that it has not already been done.
Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it