Change the password on the account.
Change the alternative email address on the account (since that can be used to change the password)
Change the ‘secret question’ on the account (ditto).
And make sure that if she uses the same email address and password for anything related to money (eg paypal, amazon, etc) that she changes those ASAP!)
Many people get caught by this without any kind of virus – they simply use the same email address and password for everything. Crooks just set up a site that you have to log into and when people create an account (email and pw!) they then try that on the relevant email website and then on paypal, etc…