Account Takeover on the Rise? Here’s How to Protect Your Online Accounts
In August 2025, the New York Department of State’s Division of Consumer Protection issued an alert about a significant increase in account takeover incidents. If you use online banking, email, social media, or any service that stores personal information, this matters to you. Account takeover is a form of identity theft where criminals gain access to your existing accounts — often by stealing your credentials — and then use them to commit fraud, make unauthorized purchases, or steal additional data.
This article distills the official tips from the New York alert into clear, actionable steps. While the warning came from a state agency, the advice is relevant no matter where you live.
What happened
On August 14, 2025, the New York Department of State’s Division of Consumer Protection published a consumer alert noting a rise in account takeover incidents. According to the agency, these attacks are increasingly common as criminals target individuals through phishing, data breaches, and credential stuffing (using stolen usernames and passwords from one site to break into accounts on another). The alert encourages consumers to take preventative measures before their accounts are compromised.
Why it matters
Account takeover can have serious consequences. Once a criminal takes over your account, they may:
- Drain your bank account or make unauthorized purchases.
- Lock you out, making it difficult to recover access.
- Use your account to scam your contacts.
- Steal sensitive personal information for further identity theft.
According to reports like those from the Democrat and Chronicle (Aug 19, 2025), this “new kind of identity theft” is rising fast in New York. Many consumers don’t realize how easy it is for attackers to gain access — especially if they reuse passwords or ignore two-factor authentication.
What readers can do
The New York Division of Consumer Protection provided several steps to help prevent account takeover. Here is a practical summary of their recommendations:
1. Use unique, strong passwords for every account
Do not reuse passwords across different sites. If one service is breached, attackers will try that same password on your email, bank, and social media. A password manager can generate and store complex passwords for you.
2. Enable multi-factor authentication (MFA)
Wherever possible, turn on MFA — also called two-factor authentication (2FA). This adds a second step (like a code sent to your phone, or a biometric scan) to log in. Even if your password is stolen, the attacker can’t get in without that second factor.
3. Monitor your accounts regularly
Check your bank and credit card statements weekly for transactions you don’t recognize. Also review your online accounts for signs of tampering, such as changed email addresses, phone numbers, or security questions.
4. Keep recovery options updated
Make sure the email address and phone number on your accounts are current. If you lose access, these recovery methods are how you prove you’re the owner.
5. Beware of phishing attempts
Never click links in unsolicited emails or texts that claim to be from a company asking you to “verify” your account. Instead, go directly to the official website or app. Phishing is a common way attackers steal credentials.
What to do if you suspect your account has been taken over
- Change your password immediately. If you can’t log in, use the “forgot password” or account recovery feature.
- Contact the platform’s support team. Many have dedicated fraud departments.
- Report the incident to your local consumer protection agency. In New York, that’s the Division of Consumer Protection (you can file a complaint online or call 1-800-697-1220). Also consider reporting to the Federal Trade Commission (FTC) at IdentityTheft.gov.
- Check your other accounts for signs of compromise, especially if you reused the password.
Sources
- New York Department of State’s Division of Consumer Protection consumer alert (August 14, 2025). Official alert posted on dos.ny.gov.
- Democrat and Chronicle, “A new kind of identity theft is rising fast in NY: What to know” (August 19, 2025).
- NEWS10 ABC, “Alert: New York warns of increasing scams for personal info” (August 14, 2025).
Note: The exact text of the alert was not reproduced here, but its recommendations are summarized. For full details, refer directly to the New York Department of State’s website.