Chase Login Hacked: What to Do

TL;DR

Someone may have got into your Chase online account. This guide explains how that could happen and what steps you need to take *right now* to protect yourself.

1. Change Your Password Immediately

This is the most important step. Go to the Chase website (make sure it’s the real one – see section 6) and change your password. Choose a strong, unique password that you don’t use anywhere else.

2. Review Recent Transactions

1. Log into your Chase account (using your *new* password).
2. Check all recent transactions for anything you don’t recognise. Even small amounts could be a sign of fraud.
3. Report any suspicious activity to Chase immediately – see section 5.

3. Check Your Account Activity Details

Chase lets you see more details about your account history. Look for:

• New Payees: Have any new people or companies been added to pay from your account?
• Address Changes: Has the address on your account been changed without your knowledge?
• Contact Information Updates: Has your email address or phone number been altered?

4. How Did This Happen? Common Causes

Here are some ways attackers get login details:

• Phishing Emails: These look like legitimate emails from Chase, but they’re fake. They try to trick you into entering your username and password on a bogus website. Never click links in suspicious emails.
• Malware/Viruses: Software on your computer or phone could be recording what you type (a “keylogger”) or stealing information directly from Chase’s website.
• Weak Password: Easy-to-guess passwords are simple for attackers to crack.
• Password Reuse: Using the same password on multiple websites means if one site is hacked, all your accounts are at risk.
• Public Wi-Fi: Connecting to unsecured public Wi-Fi networks can allow attackers to intercept your data.
• Data Breaches: A website you use (not necessarily Chase) might have been hacked, and your login details stolen.

5. Report Fraud to Chase

Contact Chase immediately:

• Phone: 1-800-933-2433 (This is the official number – check the Chase website for confirmation).
• Online: Log into your account and use the secure messaging system.

They will investigate any fraudulent transactions and help you get your money back.

6. Verify You’re on the Real Chase Website

Attackers create fake websites that look identical to Chase’s. Here’s how to be sure:

• Check the URL: The address should start with https://www.chase.com. Look for the padlock icon in your browser’s address bar – this indicates a secure connection.
• Don’t click links from emails: Type the Chase website address directly into your browser.

7. Scan Your Devices for Malware

Run a full scan with reputable antivirus software on all your devices (computers, phones, tablets). Here are some options:

• Windows: Windows Defender (built-in) or a third-party solution like Norton or McAfee.
• Mac: Malwarebytes or Sophos Home.
• Android: Google Play Protect (built-in) or Bitdefender Mobile Security.
• iOS: Apple’s security features are generally strong, but consider a mobile security app for extra protection.

Example command to update Malwarebytes definitions (Windows):

mbamcli --update

8. Consider Enabling Two-Factor Authentication

Two-factor authentication (2FA) adds an extra layer of security. Even if someone knows your password, they’ll also need a code sent to your phone or generated by an app.

• Check Chase’s website for instructions on how to enable 2FA.