How to respond to scams

Responding to a scam requires a dual approach: Immediate Defense (what to do the exact moment you realize something is wrong) and Damage Control (what to do if a scammer successfully managed to get a foothold).

Here is a comprehensive, action-oriented outline on how to handle these situations.

1. Immediate Defense: The "In-The-Moment" Response

If you are currently on the phone, reading an email, or looking at a strange website pop-up, your goal is to break the contact instantly.

• Go Frictionless & Go Dark:

  • On the Phone: Hang up immediately. You do not owe a scammer politeness. Do not argue, do not yell, and do not try to "scam them back." Engaging simply tells them your phone number is active, which guarantees more calls.

  • On the Computer/Phone Screen: Close the browser tab. If a pop-up has frozen your screen with warning noises, do not click "OK" or "Cancel." Force close the browser or restart your computer entirely.

• The "Independent Verification" Rule:

  • Never use the contact information provided by the suspected scammer (e.g., the number they called from, the phone number in the text, or the link in the email).

  • Look up the organization independently. Use the phone number printed on the back of your credit/debit card, your actual monthly utility bill, or by typing the official company website directly into your browser.

• Freeze the Information:

  • Never give out a One-Time Password (OTP) or text confirmation code.

  • If you have already typed a password into a suspicious link, immediately open a new tab, navigate to the real website, and change that password.

2. Active Damage Control: If Information Was Shared

If you realize after the fact that a scammer got your data, money, or access to your device, move through these steps as quickly as possible.

Scenario A: You Shared Financial Info or Sent Money

• Contact Your Financial Institutions Instantly: Call your bank or credit card company's fraud department. Tell them explicitly: "I have been the victim of a scam." They can freeze cards, stop pending wire transfers, or flag your account for unauthorized activity.

• Contact the Payment Provider: If you sent money via a peer-to-peer app (like Zelle or Venmo), a gift card, or a wire service (like Western Union), contact that specific company's fraud line immediately. While recovery is difficult, acting within minutes gives them the best chance to halt the transaction.

Scenario B: You Shared Personal Information (SSN, Identity Details)

• Freeze Your Credit: Contact the three major credit bureaus (Equifax, Experian, and TransUnion) to put a freeze on your credit report. This is free and completely blocks anyone from opening new credit cards or loans in your name.

• Monitor for Identity Theft: Keep a close eye on your credit reports and bank statements over the next several months for small, unfamiliar charges or new account inquiries.

Scenario C: You Allowed Remote Access to Your Computer

• Disconnect from the Internet: Pull the Ethernet cord or turn off your Wi-Fi immediately. This cuts the scammer's active connection to your machine.

• Run a Full Security Scan: Use a trusted, local antivirus program (like Windows Defender or Malwarebytes) to scan for and delete any remote access tools or malicious software the scammer may have installed.

• Change All Passwords: From a separate, clean device (like your phone or a tablet), change the passwords to your primary email account, financial institutions, and password managers.

• Call Roger Matthews: He can remove any software put on that lets the scammers get on your computer, and can verify that there are no viruses on your computer. Most scammers don't put viruses on your computer. They want to gain your trust and make you a repeat customer. So they will "pretend" to do something useful on your PC (not really), and convince you that it is worth $500 every six months to keep you safe. And of course, they will want to be paid with gift cards or by Zelle, anything but a credit card, because there is serious fraud protection on credit cards. 

3. Reporting and Documentation

Reporting a scam helps consumer protection agencies track patterns, take down fraudulent websites, and warn others.

• Document the Details: Before deleting anything, take a quick screenshot or write down the scammer's phone number, email address, website URL, and the timestamp of the interaction.

• Report to Federal Authorities:

  • FTC (Federal Trade Commission): Report at ReportFraud.ftc.gov. This is the primary database used by law enforcement to track scam rings.

  • IC3 (Internet Crime Complaint Center): If it involves significant financial loss or online fraud, report it to the FBI's dedicated portal at IC3.gov.

• Report Local Impersonations: If the scammer impersonated a local utility company, your bank, or a local police department, notify that specific entity directly so they can issue community alerts.

4. Post-Scam Hygiene: Strengthening Your Digital Borders

Scammers frequently sell lists of "active targets" or people who have engaged with them in the past. Expect an increase in attempts over the next few weeks and lock things down.

• Enable Two-Factor Authentication (2FA): Turn this on for every critical account, especially your primary email. If a scammer steals your password, they still cannot log in without the second code.

• Silence Unknown Callers: Use your phone’s built-in settings to automatically send calls from numbers not in your contacts straight to voicemail.

• Establish a Family "Password": For sophisticated phone scams (like AI voice-cloning or "grandchild in jail" scenarios), establish a secret word or phrase with your family members. If someone calls claiming an emergency, asking for that word instantly cuts through the deception.