Respond • Recover • Prevent

What to Do If You Encounter a Scam

Clear, practical steps to protect yourself before and after phishing, fraud, or social engineering attempts. The most important rule: act fast.

Report a Scam Scam Lookup Training
Do the next right step
Rule of thumb: if you clicked, replied, logged in, shared a code, or sent money — treat it as urgent. Start with the “money/charge” steps below, then lock down email + passwords.
1) Pause
Don’t click, reply, or pay. Scammers rely on urgency.
2) Verify
Use official websites and known phone numbers — not the message.
3) Protect
Change passwords, enable MFA, and monitor accounts if exposed.
4) Report
Reporting quickly can reduce losses and unlock protections.

If money was sent or a charge posted

These are the fastest actions that can actually stop or reverse damage.
Call your bank/card issuer
Ask to freeze the account/card and open a fraud dispute.
Save proof
Transaction ID, date/time, screenshots, messages, URLs, phone numbers.
Secure email first
Change email password + enable MFA. Email is the “master key” for resets.
Log out of other sessions
Force sign-out / revoke sessions on major accounts (email, banking, social).
Report a Scam Scam Lookup Login to save tasks
Tip: If you can’t call right now, use your bank’s official app/website and look for “Report fraud” or “Dispute a charge.”
Your protections — and why reporting fast matters
In the U.S., banks and card providers often have to investigate fraud — but your protections depend on how quickly you report it.
Act fast

Credit Cards

Strong protections for unauthorized charges
  • Report suspicious charges immediately.
  • Ask the issuer to freeze the card and open a fraud dispute.
  • Most issuers limit liability (often as low as $0–$50) when reported quickly.
  • Save your case number and the dispute date.
Tip: Credit cards usually offer better fraud recovery than debit cards.

Bank / Debit Accounts

Time matters more than anything
Within 2 days
Best protection — report right away.
Within 60 days
Protections can drop. Don’t wait.
After 60 days
You may lose additional protections.
Do this now: Call your bank, request a fraud claim, and change online banking passwords.

Payment Apps

PayPal / Venmo / Cash App / Zelle
  • Report the transfer the same day if possible.
  • Ask support if the payment can be reversed or frozen.
  • If you “authorized” the transfer, recovery can be harder — but reporting fast still helps.
  • Keep screenshots, usernames, phone numbers, emails, and transaction IDs.

Gift Cards & Merchants

Report immediately with receipts
  • Call the gift card issuer or store immediately with the receipt + card numbers.
  • If the card hasn’t been spent, it may be possible to freeze remaining value.
  • Report where the scammer asked you to buy cards (this helps stop repeat scams).

What to report (fast checklist)

This “paper trail” helps banks, platforms, and investigators.
Transaction details
Amounts, dates, merchant name, transaction ID.
Messages & evidence
Emails, texts, screenshots, phone numbers, URLs.
Accounts affected
Which logins, banks, cards, or apps were involved.
Report numbers
Bank case ID, app ticket ID, police report number (if filed).
Remember: The faster you report, the more protections you may have and the easier it is to stop future damage.
Identity Theft — what to do right now
If someone used your personal info (SSN, IDs, logins) to open accounts, take over accounts, or commit fraud, use these steps.
Identity

1) Report it + get a recovery plan

Official FTC identity theft reporting
  • Report identity theft and follow the personalized recovery plan.
  • Save your report/case details and any reference numbers.
IdentityTheft.gov
Tip: This is the fastest way to get a real step-by-step plan and printable letters.

2) Freeze your credit (or add a fraud alert)

Stops new credit accounts from being opened
  • Credit freeze is the strongest protection.
  • Fraud alert tells lenders to verify it’s really you.
  • Pull your credit reports and look for accounts/inquiries you don’t recognize.
FTC: Freezes & Alerts AnnualCreditReport.com

3) Lock down accounts

Email first, then banking and everything else
  • Change your email password and enable MFA.
  • Change passwords for banking, payment apps, social media, and shopping accounts.
  • Revoke active sessions / “log out of all devices” where available.
Important: If your email is compromised, attackers can reset passwords everywhere.

4) Dispute and document

Create a paper trail and clean up your credit file
  • Dispute fraudulent accounts, inquiries, addresses, or debts.
  • Keep copies of letters/screenshots and anything you submit.
  • If needed, file a local police report (some creditors may request it).
CFPB: What to do USA.gov: Identity Theft
Pick what happened
Choose the scenario that matches what you saw. Each includes prevention tips and a fast “if you fell for it” checklist.
Act fast

Email Phishing

Avoid it first — then what to do if it happened.
How to avoid it
  • Do not click links or download attachments from unexpected emails.
  • Check the sender’s address carefully — attackers spoof names.
  • Hover over links to inspect the destination URL.
  • Report suspicious emails to your IT team or email provider.
If you fell for it
Do these steps as soon as possible.
  • Immediately change any passwords you entered.
  • Enable multi-factor authentication (MFA).
  • Run a malware scan if an attachment was opened.
  • Notify your IT or security team.

SMS / Text Message Scams

Avoid it first — then what to do if it happened.
How to avoid it
  • Do not click links in unsolicited text messages.
  • Be suspicious of urgent delivery or account alerts.
  • Delete and block the sender.
If you fell for it
Do these steps as soon as possible.
  • Contact your bank if financial information was entered.
  • Change passwords associated with the message.
  • Report the message to your mobile carrier.

Phone Call Scams (Vishing)

Avoid it first — then what to do if it happened.
How to avoid it
  • Hang up on callers demanding immediate action.
  • Never share one-time passcodes or PINs.
  • Call organizations back using official phone numbers.
If you fell for it
Do these steps as soon as possible.
  • Contact your bank or credit card provider immediately.
  • Monitor accounts for unauthorized transactions.
  • Document everything and keep case numbers.

Website & Social Media Scams

Avoid it first — then what to do if it happened.
How to avoid it
  • Verify website URLs carefully — look for misspellings.
  • Be cautious of login pages reached via links.
  • Avoid downloading files from unknown sites.
If you fell for it
Do these steps as soon as possible.
  • Change affected passwords immediately.
  • Log out of all sessions for compromised accounts.
  • Warn contacts if your account sent messages.

Romance & Relationship Scams

Avoid it first — then what to do if it happened.
How to avoid it
  • Be cautious of online relationships that escalate quickly.
  • Never send money, gift cards, or crypto to someone you have not met.
  • Watch for emergencies, travel issues, or restricted access stories.
If you fell for it
Do these steps as soon as possible.
  • Stop communication immediately.
  • Contact your bank/payment provider quickly.
  • Report the profile to the platform and keep screenshots.

Investment & Cryptocurrency Scams

Avoid it first — then what to do if it happened.
How to avoid it
  • Be skeptical of guaranteed or unusually high returns.
  • Avoid investment advice from messaging apps or social media.
  • Verify platforms through official regulators.
If you fell for it
Do these steps as soon as possible.
  • Stop sending funds immediately.
  • Document transactions and communications.
  • Contact your bank or platform support right away.

Business & Vendor Fraud

Avoid it first — then what to do if it happened.
How to avoid it
  • Verify payment/banking changes via a second channel.
  • Be cautious of urgent executive or vendor requests.
  • Train staff to recognize Business Email Compromise (BEC).
If you fell for it
Do these steps as soon as possible.
  • Contact your bank immediately to stop or recall payments.
  • Notify leadership and security teams.
  • Preserve emails and records for investigation.

Mail, Gift Card & Other Scams

Avoid it first — then what to do if it happened.
How to avoid it
  • Legitimate organizations do not demand gift card payments.
  • Be cautious of QR codes in public places or on flyers.
  • Shred unsolicited documents requesting personal data.
If you fell for it
Do these steps as soon as possible.
  • Report gift card scams to the issuer immediately with your receipt.
  • Place fraud alerts if identity data was shared.
  • Monitor credit reports and financial accounts.
Need help right now?
Report what you saw and we’ll help categorize it for others.
Report a Scam Scam Lookup Login to save tasks