Source: https://lindenlab.freshdesk.com/support/solutions/articles/31000135214-what-to-do-if-your-account-has-been-compromised

The section "What should I do next?" already recommends changing password and enabling MFA. It might be useful to tell Residents with compromised accounts to verify that their email is set to their email, and hasn't been changed by a malicious actor.