The Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany’s cybersecurity agency, and the Federal and State Police Crime Prevention Program (ProPK) have published a checklist outlining steps that victims should take when one of their online accounts has been compromised.
According to the recently published Cybersecurity Monitor 2025, nearly one in ten people affected by cybercrime last year experienced unauthorized access to an online account. This can have serious consequences, especially when an email account is involved.
For example, criminals could get access to your personal information and view stored data to illegally buy goods, or send spam messages under your name. Since your email address is often linked to other online services, scammers could use it to reset passwords and take over other accounts.
That’s why the BSI and ProPK have published a joint checklist for this kind of emergency. The document outlines the steps individuals should take when they suspect their online account has been compromised.
The first thing you should do when your account has been hacked is to ask the provider for help. They may be able to reset your password or restore your account. Also, you should warn your contacts, just in case they receive phishing emails or messages sent from your account.
If you’re still able to log in but suspect that your account may have been compromised, you should change your password immediately and end all active sessions. Furthermore, you should check your account settings in case an unauthorized user made changes to your account, including forwarding messages.
Lastly, you should inform your contacts and see if they have received spam or other suspicious messages from your accounts.
To protect your accounts in the future, the BSI and ProPK recommend using passkeys, enabling two-factor authentication (2FA), setting up a screen lock on all your devices, sharing as little information about yourself online, avoiding public WiFi, installing updates, and using antivirus software and a firewall.
“An emergency can quickly become overwhelming. Many people don’t know how to react at first. Especially in the case of email accounts. However, quick action can prevent further damage. The checklist is designed to empower those affected to act,” Karin Wilhelm, Consumer Protection Expert at the BSI, says in a statement.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked