When It Happens to You
Knowing what to do before something goes wrong is the difference between recovery and prolonged damage. This section is your reference when a digital incident is already happening.
Monday Morning
Meera is a 34-year-old marketing manager. She opened her laptop at 7:42am on a Monday.
Her inbox had 47 new messages. Not newsletters. Not work emails. Replies to messages she had not sent.
Her email had been accessed overnight. A password reset link had been used on her banking app. Three of her contacts had received emails, in her name, with a link asking them to urgently verify a shared document.
She did not know what to do first. Call the bank? Change the password? Tell her contacts? File a report?
She did all four at once, in the wrong order, on the compromised device.
Her bank's fraud team told her later: if she had called them within the first hour, the transfer might have been reversed. She called at hour three. It was not.
This section exists to give you the plan Meera did not have.
The Numbers Behind Why This Section Matters
1 in 7
cybercrime victims in the UK reported to police in 2024.
The six who did not report missed the window for legal action, insurance claims, and financial recovery.
Source: Action Fraud, 2025Average Loss Exceeds $10,000
The average victim of a financial scam in the US loses more than $10,000 per incident. For investment fraud, the median loss is over $40,000. Most of those losses are avoidable with a fast, correct first response.
63% Take Over a Year to Recover
Identity theft resolution is slow. 63% of victims say full recovery took more than a year. Victims who filed early fraud alerts and credit freezes resolved cases 4x faster than those who waited.
3x Longer Without a Plan
Recovery from sextortion without a response plan takes three times longer than for victims who had clear steps in place. Knowing which platforms to contact and in what order is the single most effective preparation.
Most Victims Do Not Know Where to Report
The most common reason victims do not report is not shame. It is not knowing who to contact or whether it will help. Each module in this section includes specific reporting contacts by country.
What This Section Covers
Each module covers a specific type of incident. The advice in each one is structured around time - what to do in the first hour, first day, and first week.
The modules work in sequence for most incidents:
Account Compromised or Hacked - Stop ongoing access. Assess damage. Rebuild authentication.
Money Stolen or Lost to Scam - First 24 hours. Chargebacks and reversals. Credit monitoring.
Identity Stolen or Impersonated - Fraud alerts. Credit freezes. Correcting false records.
Harassed, Stalked or Threatened - Documentation. Platform reporting. Law enforcement escalation.
Intimate Images Shared or Deepfake Created - Immediate takedown. Legal options. Support organisations.
Child Groomed, Exploited or Victimised - Reporting to NCMEC and police. Platform removal. Support services.
Digital Rights and Legal Literacy - What your rights actually are. How to use them.
Living With the Digital Aftermath - Psychological recovery. Long-term monitoring.
Digital Estate and Post-Mortem Exploitation - Planning ahead. What happens to accounts after death.
Try It: Your Personal Response Plan Builder
This tool takes two minutes to complete. It creates a personalised response card with your specific bank fraud line, cybercrime reporting portal, and three highest-risk accounts. Save it or print it before you need it.
What That Just Showed You
1. Most people cannot name their bank's 24-hour fraud line from memory. The number is available on the back of your card. If you do not have your card, finding it takes minutes you may not have during a fraud incident.
2. Your three highest-risk accounts are probably not what you think. Most people name social media. But the highest-risk accounts are usually email (used to reset everything else), password managers, and banking apps. Losing access to email alone can cascade across every other account.
3. A cybercrime reporting portal is not the same as a police station. In India, it is cybercrime.gov.in and the 1930 helpline. In the UK, it is Action Fraud. In the US, it is the FBI's IC3. Filing via the correct portal routes your case correctly and creates an official record faster.
4. Your trusted contact matters more than you expect. During an incident, your own judgment is impaired by stress. A trusted contact who is calm, not panicking, and not affected by the same incident is often the most useful resource you have.
Three Things Worth Doing Now
-
Save your bank's 24-hour fraud line in your phone as a contact. Not in notes. In your phone contacts, labelled clearly.
-
Write down (on paper) the recovery email address for your primary email account. If your phone and email are both compromised, this is what you use.
-
Bookmark your country's cybercrime reporting portal. India: cybercrime.gov.in. UK: actionfraud.police.uk. US: ic3.gov. Australia: cyber.gov.au.
One Question Before You Continue
You discover at 8am that your email has been accessed overnight by someone else. What is the first thing you should do?