Being scammed is a shock. However it happened (a fake invoice that looked completely real, an investment that turned out to be a lie, a romance that was built from the start to exploit you), the moment of realisation often comes with a wave of anger, embarrassment, and disbelief. That response is completely understandable, and it does not reflect badly on you. Scammers are professionals who practise these techniques every day, adapt them to individual targets, and deliberately exploit psychological vulnerabilities that affect everyone regardless of age, background, or experience.
What matters right now is what you do next. The faster you act, the better your chances of limiting the financial damage, and in some cases recovering funds. This guide walks you through the immediate steps, how to protect your finances and identity, where to report, and what recovery realistically looks like.
If you are outside the United States, the reporting agencies and steps in this guide may not apply to you. See Where to Report a Scam Outside the US for country-specific resources covering the UK, Canada, Australia, New Zealand, and the European Union.
Step 1: Stop the situation from getting worse (first 30 minutes)
The first priority is preventing any further loss.
Cut off all contact with the scammer immediately. Block them on every channel: phone, email, social media, and any messaging apps you used. Do not respond to follow-up messages, even if they seem threatening or urgent. One of the most common second attacks on scam victims is a "recovery scam," where the same criminal group, or a different one that has purchased your information, contacts you posing as a law firm, a government recovery service, or a consumer protection organisation. They claim they can get your money back in exchange for an upfront fee. They are not real. Do not engage.
Stop all further payments, transfers, or deliveries. If you are in the middle of an ongoing transaction (still sending funds in instalments, still shipping goods, still sharing access to accounts), stop immediately. If you have just sent money via wire transfer, call your bank right now and ask them to request a recall. Wire transfers can sometimes be stopped in the first few hours if you act quickly enough; after that window closes, recovery becomes extremely difficult.
Preserve all evidence before doing anything else. Do not delete any messages, emails, accounts, or transaction records. Screenshot or save everything:
Every message, text, email, or voicemail from the scammer
All receipts and transaction confirmations, including reference numbers
The scammer's phone numbers, usernames, email addresses, and website URLs
Any documents, contracts, or invoices you were sent
Any social media profiles or listings connected to the scam
This documentation serves two critical purposes: it supports dispute and chargeback claims with your bank or payment platform, and it is exactly what law enforcement and the FTC need when you file a report.
Step 2: Protect your money and identity (first 24–48 hours)
Once you have stopped the immediate situation, focus on containing any financial and identity exposure.
Call your bank or card issuer first. Tell them you have been the victim of fraud. Depending on how you paid, they may be able to reverse the transaction, freeze compromised accounts, issue replacement cards, or flag your account for heightened monitoring. Federal law gives you stronger dispute rights the sooner you report, and delays reduce your options. Use the number on the back of your card or your bank's official app, not any number found in a suspicious email or on an unfamiliar website.
Contact the payment platform if applicable. If the scam involved PayPal, Venmo, Cash App, Zelle, or a similar service, open a dispute through that platform's own process as quickly as possible. Each platform has different coverage rules: PayPal and credit card transactions generally have stronger buyer protection, while Zelle and peer-to-peer transfers made voluntarily are much harder to dispute. For detailed steps on PayPal and Venmo specifically, including contact numbers, dispute timelines, and what each platform will and will not cover, see the PayPal Scam Protection Guide.
Freeze your credit at all three bureaus. If the scammer obtained your Social Security number, date of birth, address, or other personal identifying data, a credit freeze is the single most effective step you can take to prevent them from opening new accounts in your name. A credit freeze is free by law, takes about five minutes per bureau online, and has no effect on your existing credit accounts or score. You must freeze with each bureau separately, as contacting one does not automatically alert the others:
Equifax: equifax.com/personal/credit-report-services/credit-freeze
Experian: experian.com/freeze/center.html
TransUnion: transunion.com/credit-freeze
Place a fraud alert in addition to, or instead of, a freeze. A fraud alert is less restrictive than a full freeze. It does not block all credit activity, but it requires lenders to verify your identity before issuing new credit in your name. An initial fraud alert lasts one year and is free. You only need to contact one bureau, which is then legally required to notify the other two on your behalf.
Change all compromised passwords and enable two-factor authentication. If you shared login credentials, clicked a link that may have captured a password, or use the same password across multiple accounts, change those passwords now. Use a password manager to generate unique, strong passwords for each account. Enable two-factor authentication, preferably an authenticator app rather than SMS, on all financial, email, and social media accounts.
If your device was accessed remotely: Remote access is the end goal of a large number of scams, particularly fake tech support calls, fake customer service, and fraudulent software invoice scams. If you installed software or granted remote access to anyone during this incident, treat your device as potentially compromised. Disconnect it from the internet, run a full malware scan, and change the passwords for every account you were logged into from that device. A professional IT assessment or factory reset is the safest course if you have any doubt about whether the device is clean.
Step 3: Report it
Research consistently shows that fewer than one in ten scams are reported. The most common reasons are embarrassment, the belief that nothing will come of it, and not knowing where to go. All of those concerns are understandable, but reporting genuinely matters even when you do not expect to recover your money. Agencies use complaint data to identify criminal networks, coordinate law enforcement operations across agencies, issue public warnings, and pursue prosecutions. A single report may not result in direct action on your case, but aggregated reports across thousands of victims have led to major takedowns of organised fraud operations.
Use the table below to match your situation to the right reporting channel:
Any fraud or scam (always start here): FTC → reportfraud.ftc.gov
Online fraud, cybercrime, or significant financial fraud: FBI IC3 → ic3.gov
Fraud involving a bank, credit union, or payment app: CFPB → consumerfinance.gov/complaint
Personal data or identity was stolen: IdentityTheft.gov (FTC personalised recovery plan)
The scam involved US mail or a parcel delivery: USPS Postal Inspection Service → postalinspectors.uspis.gov
Investment fraud or securities fraud: SEC → sec.gov/tcr
Crypto or commodities fraud: CFTC → cftc.gov/complaint
Any of the above (also report locally): Local police — a police report number is required for some credit bureau disputes and for the IdentityTheft.gov recovery process
FTC — reportfraud.ftc.gov: The Federal Trade Commission is the primary consumer fraud reporting agency in the US. Filing a report takes under 15 minutes, does not require a follow-up interview, and feeds a national database shared with hundreds of law enforcement agencies. The FTC also uses the data you submit to generate individual recovery recommendations and to track fraud trends that inform enforcement priorities.
FBI IC3 — ic3.gov: The Internet Crime Complaint Center is the FBI's intake point for cybercrime and internet-enabled fraud. If your case involves significant financial loss, organised criminal activity, or any element of computer intrusion, an IC3 complaint gives federal investigators the most actionable picture. The IC3 publishes annual reports documenting the national scale of internet crime; their figures are among the most credible benchmarks in the field.
CFPB — consumerfinance.gov/complaint: The Consumer Financial Protection Bureau has regulatory authority over banks, credit unions, and payment apps. If your financial institution or payment platform is not responding adequately to your dispute, a CFPB complaint creates a formal record and requires the company to respond to the Bureau within a set timeframe.
IdentityTheft.gov: If the scammer obtained personal identifying information — Social Security number, financial account details, driver's licence number, or date of birth — go to IdentityTheft.gov. This FTC tool generates a personalised Identity Theft Recovery Plan tailored to exactly what was stolen, complete with step-by-step instructions, pre-filled dispute letters for credit bureaus, and guidance on contacting specific businesses affected by the theft.
Step 4: What recovery looks like
The honest picture on money recovery: Whether you can recover funds depends primarily on how you paid and how quickly you acted.
Credit card payments offer the strongest recovery pathway. Chargebacks give you 60 to 120 days to dispute fraudulent charges, and card issuers are generally required to side with cardholders in clear-cut fraud cases under the Fair Credit Billing Act. If you paid with a credit card, call your issuer today. Bank account transfers (ACH) can sometimes be reversed within a few business days if the fraud is reported immediately; your bank has more discretion here, and outcomes vary. Wire transfers are very difficult to recover once processed. The recall window is narrow, and success depends on the receiving bank cooperating. Cryptocurrency is essentially unrecoverable once sent. There is no central authority, no chargeback mechanism, and on-chain transactions cannot be undone. Gift card payments are also unrecoverable, which is precisely why scammers overwhelmingly prefer them as a payment method.
If your identity was stolen: Identity theft recovery is a longer-term process. The IdentityTheft.gov resource walks through each stage in sequence: placing a seven-year extended fraud alert, disputing fraudulent accounts on your credit report, and following up with individual creditors. Keep a dedicated file of all correspondence, as you may need to repeat some steps multiple times, and a paper trail is essential when disputes are challenged.
What you should not pay for: Services that charge upfront fees to recover scam losses on your behalf are themselves scams. There is no legitimate private firm that can reverse wire transfers or cryptocurrency transactions, and no government agency will contact you unsolicited offering paid recovery services. If you are considering legal action to pursue fund recovery, consult a licensed attorney in your state; the American Bar Association's lawyer referral service (findlegalhelp.org) can help locate one.
Emotional recovery: Fraud is a genuinely difficult experience, and the financial loss is often compounded by a sense of betrayal, particularly in romance scams or long-running impersonation schemes where the victim had extensive contact with the scammer over weeks or months. The National Center for Victims of Crime (ncvc.org) and the FBI's Office for Victim Assistance (fbi.gov/resources/victim-services) both offer resources specifically for fraud victims. Talking to someone who understands what happened is not a small thing.
Quick reference checklist
Immediate (first 30 minutes)
Stop all contact with the scammer; block every channel
Stop any pending payments, transfers, or shipments
If wire transfer: call your bank now to attempt recall
Screenshot and save all evidence; do not delete anything
First 24–48 hours
Contact your bank or card issuer; dispute the transaction
Contact payment platform if applicable (see PayPal Scam Protection Guide)
Freeze credit: Equifax, Experian, TransUnion (each bureau separately)
Place a fraud alert (one bureau notifies all three)
Change compromised passwords; enable 2FA on all financial accounts
If remote device access occurred: scan for malware; consider factory reset
Report
FTC: reportfraud.ftc.gov (always file here first)
FBI IC3: ic3.gov (for online fraud or significant losses)
CFPB: consumerfinance.gov/complaint (if a financial institution is involved)
IdentityTheft.gov (if personal data was taken)
Local police (for a crime reference number)
SEC (sec.gov/tcr) or CFTC (cftc.gov/complaint) if investment or crypto fraud is involved
Not in the US? See Where to Report a Scam Outside the US for agencies in the United Kingdom, Canada, Australia, New Zealand, and the European Union.