Account Access scam guide

Account takeover

Account takeover can follow phishing, SIM swap, malware, password reuse, OTP theft, or remote access abuse. Attackers may change recovery details, message contacts, or move money.

Report this scam View all categories

Risk signal

Unauthorized login

Severity

critical

Group

Account Access

Common identifiers

Add identifiers that can be matched safely across reports, profiles, payments, and evidence without exposing unnecessary private data.

01

Account email

Use the exact account email shown by the scammer so CheckKaroo can link repeat signals and avoid weak matches.

02

Phone number

Use the exact phone number shown by the scammer so CheckKaroo can link repeat signals and avoid weak matches.

03

Login alert

Use the exact login alert shown by the scammer so CheckKaroo can link repeat signals and avoid weak matches.

04

Device details

Use the exact device details shown by the scammer so CheckKaroo can link repeat signals and avoid weak matches.

Evidence to preserve

Keep proof in original form where possible. Screenshots help, but transaction IDs, URLs, timestamps, and chat context make moderation stronger.

01

Login alerts

Capture login alerts with date, time, sender, URL, or transaction context visible where possible.

02

Password reset emails

Capture password reset emails with date, time, sender, URL, or transaction context visible where possible.

03

Changed recovery data

Capture changed recovery data with date, time, sender, URL, or transaction context visible where possible.

04

Messages sent by attacker

Capture messages sent by attacker with date, time, sender, URL, or transaction context visible where possible.

First response

These steps reduce further loss and keep your report useful for review, banking escalation, platform reporting, and official complaints.

01

Recover the account

Do this early: recover the account helps reduce repeat contact, preserve proof, and keep escalation options open.

02

Revoke sessions

Do this early: revoke sessions helps reduce repeat contact, preserve proof, and keep escalation options open.

03

Enable MFA and change passwords

Do this early: enable mfa and change passwords helps reduce repeat contact, preserve proof, and keep escalation options open.

Urgent money loss

If money was recently transferred, call 1930 first and raise a bank or payment-app dispute. Speed matters for fund-freeze attempts.

Privacy boundary

Do not upload OTPs, passwords, full card numbers, full Aadhaar, private documents, or unrelated intimate media. Use masked, relevant evidence whenever possible.

Related categories

Similar fraud patterns

SIM takeover

SIM swap fraud

Mobile number takeover used to intercept OTPs and access banking, email, or social accounts.

Credential capture

OTP and credential theft

Scams that trick users into sharing OTPs, PINs, passwords, card data, or recovery codes.

Fake login

Phishing link scam

Fake links that steal logins, card details, OTPs, personal data, or payment credentials.

Screen control

Remote access app fraud

Scammers make victims install screen-sharing or remote-control apps to steal money or data.

KYC panic

KYC update fraud

Fake bank, wallet, telecom, or account KYC warnings used to steal credentials or money.