Protect important accounts first
Secure your primary email, banking, cloud storage, phone account, domain registrar, hosting account, and work logins before lower-risk services.
Avoid unsafe handling
- Do not share passwords in email, chat, screenshots, or support tickets.
- Do not keep passwords in unprotected notes or spreadsheets.
- Use a trusted password manager.
- Review account recovery and MFA settings regularly.
Respond to warning signs
Unexpected login alerts, password reset messages, or MFA prompts can indicate an attack. Visit the service directly, review sessions, and replace exposed credentials from a trusted device.