Who to Escalate To

In an organization, you have a formal escalation path. Your IT security team or help desk is exactly where this goes. They handle potential incidents regularly and would far rather know than not know. If there's a formal incident reporting process, use it. If you don't know who to contact, ask your manager or your HR department.

Personally, the path depends on what happened. For account compromises, most major platforms have account security processes. If you think your email or social media account has been compromised, use that platform's account recovery and security incident reporting. For suspected fraud — if you think you've been scammed, if you think someone's using your identity — your financial institution's fraud department is the right escalation point. They're experienced, they move quickly, and they have tools you don't. For crimes — if you believe you've been targeted by someone who may be breaking laws — your local law enforcement's cybercrime reporting process is appropriate. Many police departments now have dedicated cybercrime units.