Act fast: stop contact, secure accounts, call your bank to reverse the payment, and report to official .gov portals. If your identity was exposed, freeze your credit and build a recovery plan. Speed matters: recovery windows are short.
Key Terms
Identity theft: When someone uses your personal info (like your SSN or account numbers) without permission to commit fraud (FTC definition).
IC3: The FBI's Internet Crime Complaint Center, the central intake for crimes that used the internet or a network (IC3 overview).
Phishing / Smishing: Fraudulent emails or texts that trick you into clicking links, sharing info, or installing malware (FTC phishing guide).
Fraud alert: A free notice on your credit file that tells businesses to verify identity before opening new credit (FTC on alerts).
Credit freeze: A free lock that restricts access to your credit report to stop new accounts in your name (FTC on freezes).
IP PIN: A 6‑digit IRS number that helps block fraudulent federal tax returns filed in your name (IRS IP PIN).
What to Do Right Now
Every minute counts. Follow these steps in order to maximize your chances of recovery and minimize further damage.
Cut contact immediately. Don't respond, don't pay more, and don't click new links. Capture screenshots, messages, usernames, URLs, and receipts before anything disappears. The FTC outlines first steps for victims in What to do if you were scammed.
Call your bank, card issuer, or app now. Ask to block, reverse, or dispute the payment. For wires and ACH, request an urgent recall. For cards, request a fraud dispute. For P2P apps, use in‑app reporting and notify the linked bank/card (payment‑specific steps).
Report the scam. File with the FTC at ReportFraud.ftc.gov. If it used the internet (email/text, website, social media, crypto, online market), also file with the FBI's IC3. More reports help agencies spot patterns and build cases.
Lock down your accounts. Change passwords on email and financial accounts. Turn on two‑factor authentication. Review recovery email and phone numbers. Enable sign‑in alerts. See practical anti‑phishing habits from CISA's Recognize and report phishing.
If identity data was exposed or misused (e.g., SSN, account takeover): create a personalized recovery plan and get pre‑filled letters to creditors/credit bureaus via the FTC's identity theft recovery guidance (recover from identity theft). Place a free fraud alert or credit freeze to stop new accounts (freezes and alerts).
If it's IRS‑related (IRS imposter, refund fraud, W‑2/1099 issues): forward phishing to phishing@irs.gov and follow the IRS reporting steps (IRS phishing reporting; tax scam reporting).
If your tax identity was stolen: file IRS Form 14039 (Identity Theft Affidavit) and consider opting into an IP PIN for future filings (Form 14039; Get an IP PIN).
USPS smishing or mail fraud: don't click links; follow Postal Inspection Service steps and reporting options (USPIS smishing guidance).
Cross‑border scams: if a foreign seller/website is involved, submit to the global econsumer.gov system via the FTC notice (report international scams).
State protection: ask your State Attorney General's consumer office for help and to file a complaint (find your AG).
First‑Hour Playbook by Payment Method
How you paid determines your recovery options. Work the row that matches your situation. Speed is critical.
- Card used without permission
- Account takeover
- You did not approve transfer
- You sent money after pressure
- Gift cards, crypto, wire
- Marketplace or social sale
Copy-ready phone scripts
Credit card dispute
Debit/ACH unauthorized
Wire: urgent recall
Bank‑linked P2P (e.g., Zelle)
Crypto exchange report
Where to Report: by Scenario
Use the right portal. If it used the internet, file with IC3 in addition to the primary portal.
Identity Theft and Account Takeover
If your SSN or credentials were exposed, move fast and follow these steps.
Quick checklist
-
Create your planGenerate pre‑filled dispute letters and steps via recover from identity theft.
-
Place a fraud alertOne‑year alert; lenders verify identity. FTC on alerts.
-
Freeze your creditEquifax, Experian, TransUnion. Free and stops new accounts. FTC on freezes.
-
IRS identity theftSubmit Form 14039 if your return is rejected or you receive unexpected IRS notices.
-
Get an IP PINBlock fraudulent e‑filings. See IP PIN overview or Form 15227.
-
Monitor and disputeCheck reports often; dispute in writing. See identity theft recovery steps.
Why this matters: fast freezes and alerts prevent new accounts, reducing long‑term damage.
Evidence You'll Need
Gather this information before you file reports or contact your bank. Complete documentation strengthens your case.
Tip: Use Print to save this page as a PDF and include it with your bank or exchange case.
Timelines and Expectations
Understanding what happens next helps you stay organized and follow up effectively.
Banks / Cards / Apps
Expect case numbers quickly; decisions may take days to weeks. Move fast: recovery often depends on timing (FTC first steps).
Law Enforcement Intake (FTC / IC3)
Reports feed investigations and trend analysis; reimbursement is not guaranteed but supports disputes (IC3 intake).
Identity Theft Fixes
Alerts and freezes take effect quickly; disputes may take several weeks per creditor/bureau cycle (FTC on alerts/freezes).
Why This Matters
Fraud operates at scale and speed. Social platforms are a major conduit; consumers have reported substantial losses via social media since 2021 (FTC social media losses).
Scammers use sophisticated tactics: fake websites, AI voice clones, and urgent pressure to bypass defenses.
For leaders, invest in resilient controls and fast escalation paths. For technical teams, deploy strong authentication, phishing‑resistant MFA, and takedown/reporting workflows. For individuals, act quickly: secure accounts, contact your bank, and report through official .gov portals.
Risk Patterns and 2025 Threats to Watch
Impersonation (Government, Company, Tech Support)
No legitimate agency will ask you to move, withdraw, or convert money to "protect" it. They won't demand payment via gift cards, crypto, or wire. Report imposters to the FTC and IC3 (how to avoid a scam).
Phishing and Smishing Everywhere
Verify sender addresses. Hover to preview links before clicking. Use a known good website or phone number to contact the organization-never use contact info from a suspicious message. CISA's guide explains safe reporting and verification basics (CISA phishing tips).
Crypto and Fast‑Settlement Channels
These are prized by scammers because reversals are hard. If you paid this way, act immediately and include technical details (wallet addresses, hashes) in your reports (IC3 complaint).
FAQs
Can I get my money back after a wire?
Should I pay a fee to “recover” my money?
Do I need a police report?
I clicked a phishing link. What now?
What if a tax preparer mishandled my tax info?
Do I report to both the FTC and FBI?
A One‑Page Checklist (First 30 Days)
Print this and check off each step as you complete it.
Today: Stop contact. Call your bank/card/app. Change email and financial passwords. Enable 2FA. Collect evidence (FTC first steps).
Today: Report to the FTC and, if online, to the FBI IC3 (FTC intake; IC3 intake).
48 hours: If identity data was exposed, place a fraud alert or credit freeze with the credit bureaus (alerts/freezes).
Week 1: Build your identity theft recovery plan. Contact affected companies and send disputes as needed (identity theft plan).
Weeks 2-4: Re‑check statements and credit files. Track case numbers, letters, and outcomes. Keep freezes in place until you genuinely need new credit (freeze basics).
For Leaders and Teams
Executives
Expect rising losses and overlapping jurisdiction. Offer a simple internal "first hour" protocol: stop‑pay, secure accounts, collect evidence, report to FTC/IC3, and brief legal/compliance. Centralize proof‑of‑loss templates and executive contacts for banks/exchanges.
CTOs / CISOs
Harden identity (phishing‑resistant MFA, password managers, session monitoring). Build takedown/reporting muscle (abuse mailboxes, DMARC, HSTS, brand monitoring). Pre‑stage incident playbooks for wire/ACH recall, crypto triage, and marketplace fraud.
Ops / Finance
Pre‑authorize rapid‑response procedures with banks. Document recall workflows. Maintain up‑to‑date lists of required data (transaction IDs, hashes, counterparties, correspondent banks). Every minute saved in the first hour increases recovery odds.
Disclosures and Limits
This guide is for U.S. readers and general information only; it is not legal, tax, or financial advice. Laws and platform policies change. For personalized guidance, consult your bank's fraud team, a qualified professional, or law enforcement.
Always verify .gov domains: Official reporting portals end in .gov and use https. Scammers create fake portals that look real-double-check the URL before entering personal information.