Respond • Recover • Protect

What to do if you encounter a scam

Clear, practical steps to follow after phishing, fraud, impersonation, or social engineering attempts. The most important rule is simple: act quickly, protect key accounts, and verify through official channels.

Report a Scam Training What Is Phishing?
Fast action matters • Start with money and email • Save evidence as you go
Designed to help you do the next right step without getting overwhelmed
Know what to do first if you clicked, replied, logged in, or sent money
Protect accounts quickly before more damage happens
Create a better paper trail for banks, apps, and recovery steps
Rule of thumb: if you clicked, replied, logged in, shared a code, or sent money, treat it as urgent. Start with money/charge protection, then secure your email and passwords.

Quick start

Four immediate actions to take when something feels wrong.
Act Fast

Under pressure, it helps to keep the response simple. Slow the situation down, verify independently, protect exposed accounts, and report quickly.

1

Pause
Stop clicking, replying, sending money, or continuing the conversation.
Stop contact Stop payment

2

Verify
Use the official website, app, or a trusted phone number you looked up yourself.
Official source Independent check

3

Protect accounts
Change passwords, secure email first, enable MFA, and sign out of other sessions.
Email first MFA + sign out

4

Report and document
Save screenshots, URLs, phone numbers, receipts, and case numbers as soon as possible.
Save evidence Get case numbers

Report a Scam Start Training
Priority order: if money moved, handle that first. Then secure your email, passwords, and affected accounts.

If money was sent or a charge posted

These are usually the highest-priority actions because time affects recovery.
Call your bank or card issuer
Ask to freeze the account/card and open a fraud dispute immediately.
Save proof right away
Keep screenshots, transaction IDs, messages, URLs, and phone numbers.
Secure your email first
Email is often the recovery key for everything else. Change it first if exposed.
Sign out of other sessions
Use “log out of all devices” or revoke sessions where available.
Report a Scam Learn the Pattern Login to Save Tasks
Tip: If you cannot call immediately, use your bank or card provider’s official app or website and look for “Report fraud,” “Dispute charge,” or similar options.
Your protections — and why speed matters
Banks, card issuers, and platforms often have fraud processes in place, but your protections can depend heavily on how quickly you report the problem.
Time matters

Credit cards

Usually the strongest consumer fraud protections
  • Report unauthorized charges as soon as you see them.
  • Ask the issuer to freeze or replace the card and start a fraud dispute.
  • Write down the case number, representative, and date.
  • Keep copies of any messages or receipts tied to the scam.
Tip: Credit cards generally offer better recovery options than debit transactions.

Bank / debit accounts

Delays can reduce protections
Report immediately
This gives you the best chance to limit damage and improve recovery options.
Do not wait
Delays can make disputes harder and can increase your risk.
Secure access too
Change online banking passwords and remove unauthorized devices or sessions.
Do this now: call your bank, request a fraud claim, and secure the login tied to the account.

Payment apps

PayPal, Venmo, Cash App, Zelle, and similar services
  • Report the payment the same day if possible.
  • Ask whether the payment can be frozen, reversed, or investigated.
  • Keep screenshots, usernames, emails, and transaction IDs.
  • Secure the email and password connected to the app.

Gift cards and merchant scams

Move fast with receipts and card details
  • Contact the gift card issuer or retailer immediately.
  • Provide receipt details, card numbers, and screenshots if available.
  • If funds remain, ask whether the balance can be frozen.
  • Save all related messages and payment instructions.

What to collect and report

A strong paper trail helps with disputes, recovery, and future protection.
Transaction details
Amounts, dates, merchant names, payment method, and transaction IDs.
Messages and evidence
Emails, texts, screenshots, links, phone numbers, usernames, and receipts.
Affected accounts
Which email, bank, card, app, or social media accounts were involved.
Case numbers
Bank dispute IDs, app ticket IDs, police reports, and any support confirmation numbers.
Remember: speed helps, but documentation helps too. Save what you can as soon as possible.
Identity theft — what to do right now
If someone used your personal information, opened accounts, took over existing accounts, or used your identity for fraud, start here.
Identity

1) Report it and get a recovery plan

Use the official FTC identity theft process
  • Report the identity theft and follow the guided recovery plan.
  • Save case details, printable letters, and any official instructions you receive.
IdentityTheft.gov
Tip: This is one of the fastest ways to get a structured recovery path and documentation help.

2) Freeze your credit or add a fraud alert

Protect against new accounts being opened in your name
  • A credit freeze is usually the strongest option for preventing new credit activity.
  • A fraud alert can also help by adding extra verification steps.
  • Review your credit reports for unknown accounts, addresses, or inquiries.
FTC: Freezes & Alerts AnnualCreditReport.com

3) Lock down key accounts

Start with email, then banking, apps, and everything else
  • Change your email password and enable MFA.
  • Change passwords for banking, payment apps, shopping accounts, and social platforms.
  • Log out of other devices or revoke active sessions where possible.
Important: if your email is compromised, attackers may be able to reset other accounts quickly.

4) Dispute and document everything

Create the strongest record you can
  • Dispute fraudulent accounts, inquiries, charges, or debts.
  • Keep copies of everything you submit or receive.
  • If needed, file a local police report and save the report number.
CFPB: What to Do USA.gov: Identity Theft
Pick what happened
Choose the scenario that feels closest to what you saw so you can move faster.
Scenarios

Email phishing

Avoid it first — then what to do if it happened.
How to avoid it
  • Do not click links or open attachments from unexpected emails.
  • Check the sender address carefully — names can be spoofed.
  • Hover over links before clicking to inspect the destination.
  • Report suspicious messages to your email provider or IT team.
If you fell for it
Do these steps as soon as possible.
  • Change any password you entered right away.
  • Enable MFA on affected accounts.
  • Run a malware scan if you opened an attachment.
  • Notify your organization if work accounts were involved.

SMS / text scams

Avoid it first — then what to do if it happened.
How to avoid it
  • Do not tap links in unsolicited texts.
  • Be suspicious of urgent delivery, toll, package, or account alerts.
  • Delete and block the sender if the message is clearly suspicious.
If you fell for it
Do these steps as soon as possible.
  • Contact your bank if payment or financial information was entered.
  • Change passwords tied to the account or message.
  • Report the text to your carrier or messaging platform when possible.

Phone call scams

Avoid it first — then what to do if it happened.
How to avoid it
  • Hang up on callers demanding urgent action or secrecy.
  • Never share one-time passcodes, PINs, or verification codes.
  • Call organizations back using official numbers you looked up yourself.
If you fell for it
Do these steps as soon as possible.
  • Contact your bank or card provider immediately if money or account info was involved.
  • Monitor accounts for unauthorized activity.
  • Write down what was said, the number used, and any case numbers you receive.

Website and social scams

Avoid it first — then what to do if it happened.
How to avoid it
  • Check URLs carefully for misspellings or odd domains.
  • Avoid logging in after clicking links from unexpected messages.
  • Be cautious with fake marketplace listings, DMs, and sponsored content.
If you fell for it
Do these steps as soon as possible.
  • Change affected passwords immediately.
  • Log out of all sessions where possible.
  • Warn contacts if your compromised account may have messaged others.

Romance and relationship scams

Avoid it first — then what to do if it happened.
How to avoid it
  • Be cautious when online relationships escalate very quickly.
  • Never send money, gift cards, or crypto to someone you have not truly verified.
  • Watch for repeated emergencies, travel excuses, or urgent money asks.
If you fell for it
Do these steps as soon as possible.
  • Stop communication immediately.
  • Contact your bank or payment provider quickly.
  • Report the profile to the platform and keep screenshots.

Investment and cryptocurrency scams

Avoid it first — then what to do if it happened.
How to avoid it
  • Be skeptical of guaranteed returns or pressure to act immediately.
  • Do not trust investment advice coming through random messages or social accounts.
  • Verify platforms and advisors using official regulatory sources.
If you fell for it
Do these steps as soon as possible.
  • Stop sending funds immediately.
  • Document transactions, wallet addresses, and communications.
  • Contact your bank or platform support right away.

Business and vendor fraud

Avoid it first — then what to do if it happened.
How to avoid it
  • Verify banking or payment changes using a second trusted channel.
  • Be cautious of urgent executive, payroll, or vendor requests.
  • Train employees to recognize business email compromise patterns.
If you fell for it
Do these steps as soon as possible.
  • Call your bank immediately to stop or attempt to recall payments.
  • Notify leadership, IT, or security teams quickly.
  • Preserve emails, invoices, and communication records.

Mail, gift card, and other scams

Avoid it first — then what to do if it happened.
How to avoid it
  • Legitimate organizations do not demand gift card payment.
  • Be careful with mailed notices, QR codes, and suspicious letters.
  • Shred documents that contain personal information before disposing of them.
If you fell for it
Do these steps as soon as possible.
  • Report gift card scams to the issuer immediately with receipt details.
  • Place fraud alerts if identity information was shared.
  • Monitor financial accounts and credit reports closely.
Built for real people
Clear next steps when you are stressed, rushed, or not sure what happened.
Useful for organizations
Helpful for employees, managers, and teams responding to suspicious activity.
Designed for outreach
Useful in workshops, awareness training, and community education settings.
Need help right now?
Report what happened, keep your documentation, and take the next protective step today.
Report a Scam Login to Save Tasks Training