How To Secure Devices, Accounts, And Personal Information
This guide gives you an order of operations for preserving proof, securing the accounts that control everything else, checking devices and trackers, limiting exposed information, and reporting financial or online crime.
- If a device or account may be controlled by a violent or abusive person, use a safer device and make a safety plan before changing access they may notice.
- Preserve alerts, fraudulent messages, login notices, forwarding rules, payment records, tracker maps, serial numbers, and suspicious settings before removing them.
- If money is moving now, call the bank, card issuer, payment service, or phone carrier through a verified number immediately.
- A separate device you have reason to trust
- A password manager with a new unique master password
- Authenticator app or hardware security key when supported
- Account-recovery information and backup codes stored offline
- A log of accounts, sessions, devices, removal requests, reports, and results
Keep the proof needed to understand the compromise and report it.
Capture login alerts, security emails, account recovery changes, forwarding and inbox rules, connected apps, trusted devices, active sessions, payment changes, impersonation profiles, threatening messages, and suspicious files. Record the exact date, time, time zone, account, device, URL, and what you observed.
Do not download unknown attachments or repeatedly interact with a suspected attacker. Do not pay a recovery service that promises to hack an account back. Only the provider, financial institution, platform, or lawful authority can restore or investigate access.
Do This In Order
- Take screenshots and export security logs when the provider permits it.
- Save original emails with headers and original attachments without opening unknown files.
- Record fraudulent transaction IDs, wallet addresses, phone numbers, domains, usernames, and ticket numbers.
- Record every device and account that may share the same password or session.
- Store the evidence away from the suspected device or shared account.
Use These Resources
- NIST Digital Evidence PreservationExplains why digital files require preservation controls beyond ordinary documents.
- FBI Internet Crime Complaint CenterAccepts reports about internet-enabled crime and fraud.
Stop an attacker from resetting everything else after you change it.
Start with the email account, phone-carrier account, Apple or Google account, password manager, financial accounts, and any domain or business administrator account. These accounts can reset passwords, receive verification codes, or control other users.
Use a trusted device. Create a unique random password for each account. Turn on phishing-resistant multifactor authentication when available, save new recovery codes offline, and remove recovery addresses or numbers you do not recognize.
Do This In Order
- Change the password and remove reused or app-specific passwords.
- Revoke every active session and sign in again only on trusted devices.
- Remove unknown devices, passkeys, security keys, recovery methods, and connected apps.
- Check email forwarding, filters, delegates, aliases, and automatic replies.
- Set a carrier PIN and account lock to reduce unauthorized number transfers.
Use These Resources
- CISA Secure Our WorldOfficial steps for passwords, multifactor authentication, phishing, and updates.
Avoid changing passwords on a device that can immediately expose them again.
A stolen password and a compromised device are different problems. Multiple accounts accessed despite password changes, unknown administrative tools, browser-session theft, suspicious accessibility settings, remote-control software, or malware indicators may require professional review or a clean operating-system reinstall.
Do not promise yourself that an antivirus scan proves a device is clean. Preserve evidence first if an investigation matters. Back up personal documents carefully, not unknown programs, scripts, browser profiles, or executables.
Do This In Order
- Disconnect a seriously suspected computer from networks until you decide what to preserve.
- Inventory installed apps, browser extensions, device-management profiles, accessibility permissions, VPNs, certificates, and administrator accounts.
- Install updates only from the official operating-system or device source.
- Use a forensic professional before wiping when attribution, recovery, or legal evidence matters.
- When reinstalling, use official installation media and restore only necessary personal files.
Use These Resources
- CISA Secure Our WorldOfficial steps for passwords, multifactor authentication, phishing, and updates.
- NIST Digital Evidence PreservationExplains why digital files require preservation controls beyond ordinary documents.
Stop ongoing loss, protect credit, and create the reports businesses will request.
Contact the fraud department of every affected business using a verified phone number or website. Freeze or close affected accounts, dispute unauthorized activity, and request written confirmation. Place a fraud alert or credit freeze as appropriate and review reports from all three nationwide credit bureaus.
Use IdentityTheft.gov to create an FTC Identity Theft Report and recovery plan. File an IC3 complaint for internet-enabled crime and preserve the complaint number. A local police report may also be useful or required for specific losses.
Do This In Order
- Call affected financial institutions and payment services immediately.
- Change financial PINs, credentials, contact details, and transaction alerts.
- Review credit reports and dispute accounts or inquiries you do not recognize.
- Create and save the FTC report and recovery plan.
- Keep a contact log with the company, representative, date, ticket number, promise, and deadline.
Use These Resources
- FTC IdentityTheft.gov Recovery StepsBuilds a recovery plan and FTC Identity Theft Report.
- FBI Internet Crime Complaint CenterAccepts reports about internet-enabled crime and fraud.
Preserve the content, report it through the right channel, and reduce further exposure.
Do not pay, send more images, negotiate, or prove your identity to the offender. Preserve profile URLs, usernames, messages, threats, payment instructions, posted URLs, dates, and screenshots before platform reporting removes the content. If a child is involved, report immediately to NCMEC CyberTipline and law enforcement rather than redistributing the material.
Report the source page to the host or platform. Separately request eligible removal from search results. Search removal does not remove the source page, so track both requests.
Do This In Order
- Preserve direct URLs and complete account information.
- Report the account and content through the platform's abuse or intimate-image process.
- Request removal from the hosting website and record the ticket.
- Use Google Results About You or the personal-content removal process for eligible search results.
- Notify trusted contacts if impersonation may be used to target them.
Use These Resources
- Google Results About YouFinds and requests removal of eligible personal information from Google Search.
- FBI Internet Crime Complaint CenterAccepts reports about internet-enabled crime and fraud.
Document the device and move to safety before disabling or handling it.
If an unwanted tracker alert appears, capture the alert, detection map, times, item information, serial number or device ID, and any owner information displayed. Go to a safe public location and contact law enforcement when safety is at risk. Turning off Bluetooth, location, or airplane mode does not necessarily stop the tracker itself from reporting.
For a suspected hidden camera, microphone, GPS device, or spyware, photograph its location and condition before removal when safe. A consumer scan cannot rule out every device. Do not dismantle, destroy, or connect an unknown device to your primary phone or computer.
Do This In Order
- Use the official Apple or Android alert workflow to locate and identify compatible trackers.
- Save screenshots of the map, alert history, serial number, and instructions.
- Move to a safe public location if the device may be tied to a dangerous person.
- Ask law enforcement whether they want the device preserved before disabling it.
- Use a professional bug sweep when the concern includes multiple rooms, vehicles, wired devices, radio-frequency devices, or spyware.
Use These Resources
- Apple: What To Do About An Unwanted Tracker AlertShows how to locate, identify, document, and disable a suspicious compatible tracker.
- Android: Find Unknown TrackersShows how to review alerts, scan, save tracker information, and disable a tracker.
- Safety Net Project Documentation TipsAddresses technology abuse, stalking evidence, and survivor safety.
Remove the information that supports impersonation, stalking, fraud, or unwanted contact.
Search your name, addresses, phone numbers, email addresses, usernames, business names, and images. Record every result in a removal log. Prioritize current home address, personal phone, family links, signatures, identification documents, financial information, private medical information, and content paired with threats.
Remove or restrict information from accounts you control, request removal from the source website, then request search-result removal when eligible. Data-broker opt-outs may need to be repeated because records can reappear from new source data.
Do This In Order
- Create a dedicated removal email that does not reveal unnecessary personal information.
- Record the source URL, exposed data, owner, request method, submission date, ticket, and result.
- Remove location history, public friend lists, public family links, and old contact details from accounts you control.
- Request source deletion or suppression before search-result removal.
- Recheck high-risk identifiers on a schedule and record reappearance.
Use These Resources
- Google Results About YouFinds and requests removal of eligible personal information from Google Search.
- Apple Safety CheckReviews device sharing, account access, and personal-safety settings.
Detect new access, fraud, or exposure early with a manageable routine.
Turn on login, recovery, password-change, payment, credit, and device alerts. Review them from one trusted location. Schedule a monthly review of root-account sessions and a quarterly review of public exposure, connected apps, recovery methods, and credit reports.
A clean week does not prove the original cause is gone. Keep the compromise log and note whether recurrence points to one device, one recovery path, one shared person, or one reused credential.
Do This In Order
- Enable security and transaction alerts on root and financial accounts.
- Review active sessions and connected applications monthly.
- Review credit and identity-theft indicators on a regular schedule.
- Repeat searches for high-risk personal information.
- Escalate recurring compromise to the provider, financial institution, law enforcement, or a qualified forensic professional.
Use These Resources
- CISA Secure Our WorldOfficial steps for passwords, multifactor authentication, phishing, and updates.
- FTC IdentityTheft.gov Recovery StepsBuilds a recovery plan and FTC Identity Theft Report.
- Evidence of the compromise was saved before settings or content changed.
- Email, carrier, cloud, password manager, financial, and administrator accounts were secured first.
- All sessions, unknown devices, connected apps, and recovery methods were reviewed.
- The suspected device was preserved, professionally reviewed, or rebuilt from official media.
- Fraud, identity theft, internet crime, and platform reports have saved ticket numbers.
- Source removals and search-result removals are tracked separately.
- Unknown tracker information was saved before disabling the item.
- A monthly and quarterly monitoring schedule is active.
- Use a safer device and a safety plan before changing access when a violent, abusive, or stalking person may monitor the device or account.
- Call financial institutions immediately when money, credit, a phone number, or account recovery is actively being changed.
- Do not pay sextortion demands, account-recovery scammers, or people offering to hack an account back.
- Use a forensic professional before wiping a device when attribution, recovery, litigation, police evidence, or disputed access matters.
Start with the accounts that can reset or control everything else: email, carrier, cloud, password manager, financial, domain, and administrator accounts. Use a trusted device, revoke sessions, and then work outward.
No. It substantially improves security, but stolen sessions, malicious connected apps, compromised recovery methods, or a compromised device can bypass the protection. Review sessions and account settings as well as the password.
No. Remove or suppress the source page when possible, then request search-result removal. Track the two actions separately.
Move to safety first. Save the alert, map, serial number, and owner information. If police may investigate, ask whether they want the tracker preserved before disabling or handing it over.
- NIST Digital Evidence Preservation
Explains why digital files require preservation controls beyond ordinary documents.
- FBI Internet Crime Complaint Center
Accepts reports about internet-enabled crime and fraud.
- CISA Secure Our World
Official steps for passwords, multifactor authentication, phishing, and updates.
- FTC IdentityTheft.gov Recovery Steps
Builds a recovery plan and FTC Identity Theft Report.
- Google Results About You
Finds and requests removal of eligible personal information from Google Search.
- Apple: What To Do About An Unwanted Tracker Alert
Shows how to locate, identify, document, and disable a suspicious compatible tracker.
- Android: Find Unknown Trackers
Shows how to review alerts, scan, save tracker information, and disable a tracker.
- Safety Net Project Documentation Tips
Addresses technology abuse, stalking evidence, and survivor safety.
- Apple Safety Check
Reviews device sharing, account access, and personal-safety settings.