Email, phone and backup codes first
If the attacker controls your recovery email, SIM, or backup codes, every social reset can be reversed. Secure those before changing app passwords.
Account recovery first
Scam Scan account recovery for Instagram, WhatsApp and Gmail hacks
Use this page when Instagram, WhatsApp, Gmail, Telegram, Facebook, LinkedIn, or another account was hacked, locked, phished, or taken over. Start with access recovery, then secure money-risk channels, evidence, and official reporting routes.
Best for hacked accounts
Instagram, WhatsApp, Gmail, Telegram, and LinkedIn takeover cases fit this route.
Recovery Priority
Recover access in the order that blocks repeat takeover
Use this when Instagram, WhatsApp, Gmail, Telegram, or a money-linked account was hacked.
Remove unknown devices
Log out unknown sessions from Gmail, Instagram, WhatsApp linked devices, Telegram sessions, Facebook, LinkedIn, and any payment-linked app.
Escalate fast if funds or documents are exposed
If money moved or PAN, Aadhaar, bank documents, private photos, or business pages were misused, save proof and use bank/wallet, 1930, cybercrime.gov.in, police, or cyber cell routes.
Scam Scan limitation
Scam Scan cannot recover accounts directly and is not a government, police, bank, telecom, platform, or recovery service. It helps organize steps and evidence before official recovery routes.
Best first steps for hacked, locked, or phished accounts
Account takeover cases become worse when the attacker controls email, phone, UPI apps, social media, or business pages at the same time. Work in a fixed order: stop access, secure recovery channels, save proof, then report financial or identity risk.
- Secure the recovery email and phone first
If your Gmail, Outlook, SIM, or recovery email is compromised, recover it before resetting social apps. Otherwise the attacker can take the account back.
- Log out unknown sessions
Use the real app or official website to remove unknown devices from Instagram, WhatsApp, Telegram, Facebook, LinkedIn, Gmail, and payment-linked accounts.
- Change passwords and enable MFA
Use a new unique password. Prefer authenticator/passkey where available, and update backup codes after recovery.
- Warn contacts if messages were sent
If scammers used your account to ask for money, send a warning from a safe channel and ask contacts not to pay or share OTP.
- Escalate if money or identity risk exists
If money moved, bank/UPI access was touched, documents were stolen, or blackmail started, save proof and use bank, 1930, cybercrime.gov.in, police, or cyber cell routes.
Move fast if account recovery overlaps with money risk
- UPI, card, wallet, or bank app is logged in on a stolen or remote-controlled device.
- Scammer asked your contacts for money from your WhatsApp, Instagram, Telegram, or Facebook account.
- Recovery email, phone number, or two-factor method was changed without permission.
- Documents, PAN, Aadhaar, bank statement, selfies, or business proof were uploaded to a fake form.
- Threat, blackmail, fake police notice, or extortion started after account access was lost.
ScamScan is not an official recovery authority
Use this page to organize steps and proof. Actual account restoration happens through the official platform, and financial cyber fraud should move through bank/wallet, 1930, cybercrime.gov.in, police, or cyber cell routes.
Platform Playbook
What to check by account type
Profile, DM, ad account, and page takeover
- Check login activity, connected email/phone, Meta Accounts Center, and unknown devices.
- Save screenshots of changed email, suspicious posts, money-request DMs, and attacker contact details.
- If a business page or ad account is involved, preserve billing alerts and admin-change emails.
OTP theft, linked devices, and contact fraud
- Remove unknown linked devices and re-register only on your own phone.
- Enable two-step verification PIN and warn contacts if scam messages were sent.
- Save attacker number, group links, payment requests, and screenshots before blocking.
Recovery email, forwarding, filters, and app passwords
- Check security activity, recovery phone/email, forwarding rules, filters, connected apps, and app passwords.
- Log out all sessions after password change and update recovery methods.
- Look for password reset emails from banks, wallets, social accounts, or marketplaces.
UPI, wallet, marketplace, and job scam overlap
- Contact bank/wallet fast if money moved or payment app access is at risk.
- Keep UTR/reference, debit alerts, suspect UPI ID, and chat screenshots in one folder.
- Use 1930 complaint steps and complaint status tracking for official follow-up.
Evidence
Save this proof before the attacker deletes it
| Proof | Why it helps | Where it fits |
|---|---|---|
| Login/security alerts | Shows date, time, device, and location clues | Platform recovery and official complaint |
| Changed email/phone screenshots | Shows account takeover timeline | Platform support and police/cyber cell follow-up |
| Messages sent by attacker | Proves impersonation, money requests, or blackmail | Contacts warning, platform report, complaint proof |
| Payment proof and UTR | Connects account takeover to financial loss | Bank/wallet, 1930, cybercrime.gov.in |
| Recovery tickets | Shows you already used official platform support | Follow-up timeline and escalation |
FAQ
Account recovery questions people ask after a hack
What should I recover first after an account hack?
Recover the email or phone number used for password reset first, then remove unknown sessions, change passwords, enable MFA, and warn contacts if the attacker messaged them.
Should I file a cybercrime complaint for a hacked account?
If money moved, identity documents were misused, blackmail started, or the account was used to scam others, preserve proof and use official routes such as platform support, bank/wallet, 1930, cybercrime.gov.in, police, or cyber cell.
Can ScamScan recover my Instagram, WhatsApp, or Gmail account?
No. ScamScan is not the official platform or a government authority. Use it to organize recovery steps and evidence, then recover through the real platform and official reporting channels.
What if the hacker changed recovery email or phone?
Use the platform's official account recovery flow, save the changed-detail screenshots, check your email security, and keep all recovery ticket numbers in one timeline.