Bank of America Target Purchase Phone Call Scam Exposed
Written by: Thomas Orsolya
Published on:
It starts with a voicemail that sounds urgent – maybe you even missed a call.
“Bank of America – a purchase was declined for $319.55 at Target.com. Press 1 if you recognize this purchase, or call our fraud department immediately.”
The message feels real. It mentions a specific amount, a trusted retailer, and the name of your bank. You might even glance at your phone, thinking your debit card was compromised. But here’s the truth: this is not Bank of America calling you.
This is a phone-based phishing scam – a coordinated fraud attempt by criminals impersonating the bank’s fraud department. Their goal is to trick you into revealing personal information, remote-controlling your phone, or transferring money under the pretense of “protecting your account.”
In this in-depth guide, you’ll learn exactly how the Bank of America Target Purchase Phone Call Scam works, what to watch out for, and what steps to take if you’ve already interacted with the scammers.
Scam Overview
The Bank of America Target Purchase Scam is a voice phishing attack, or vishing scam, that uses fake automated phone calls or voicemails to trick customers into believing there’s fraudulent activity on their account.
The scam usually begins with a recorded message claiming that a Target.com purchase was declined for a specific amount (often around $319.55). The message then asks you to press a number or call back a specific phone number to confirm or dispute the transaction.
The call sounds legitimate because:
It uses Bank of America’s name,
It references Target, a well-known retailer,
It includes a realistic purchase amount, and
It mimics the tone and wording of actual bank fraud alerts.
Example of a Scam Voicemail
“Bank of America, a purchase was declined for $319.55 at Target.com. Press 1 if you recognize this purchase. If you do not recognize this purchase, call our fraud department immediately at [number].”
At first glance, nothing seems suspicious. Many banks, including Bank of America, do send automated alerts for potential fraud. But the key difference is that legitimate fraud alerts never ask you to call back an unknown number or provide sensitive information over the phone.
Why It’s So Convincing
Scammers design these calls to sound exactly like real automated fraud detection systems. They often use:
Synthetic voices that resemble official bank systems,
Spoofed caller IDs showing “Bank of America” or local area codes,
Realistic dollar amounts and retailers, and
Carefully crafted timing — such as calling during business hours or weekends when you’re shopping.
Everything about the call is engineered to make you think it’s urgent and real.
What the Scammers Want
The ultimate goal is money and information. By posing as a bank’s fraud department, scammers attempt to:
Collect your card details — including number, CVV, and expiration date.
Gain access to your online banking account by requesting your username and password.
Obtain verification codes (2FA) sent to your phone.
Convince you to transfer money to a “safe account.”
Install remote-access apps under the guise of “security verification.”
Once they have access to your financial data, they can drain your accounts within minutes.
Why Target Is Mentioned
Target is one of the most frequently used brands in this scam. Why? Because:
It’s a household name that doesn’t raise suspicion.
Purchases from Target.com are common and believable.
Scammers can use it to imply a legitimate shopping charge.
A fake transaction like “$319.55 at Target.com” is small enough to seem plausible but large enough to trigger concern. It’s the perfect psychological pressure point.
Bank of America’s Name Adds Credibility
By attaching the Bank of America brand, scammers instantly gain trust. Bank of America has over 70 million customers, making it a prime target for impersonation. These calls can reach both actual Bank of America customers and random phone numbers — many people assume it’s real simply because they’ve heard of the bank.
The Fear Factor
The scam leverages two psychological triggers:
Fear of losing money, and
Urgency to act immediately.
Hearing “a purchase was declined” creates anxiety. You feel you must act now to prevent further fraud. That’s exactly what scammers count on — fear overrides logic, and people follow instructions without verifying the source.
How the Scam Works
While this scam may appear simple, it’s actually a multi-stage social engineering scheme involving automation, spoofing, and live manipulation. Here’s how it unfolds in detail.
Step 1: The Fake Fraud Alert Call or Voicemail
The scam begins with an automated call or voicemail like this:
“This is Bank of America’s fraud department. We’ve detected a suspicious charge of $319.55 at Target.com. To confirm this purchase, press 1. To report this as fraudulent, press 2 or call our fraud department immediately.”
If you answer live, an interactive voice response (IVR) system simulates a bank menu. If you don’t answer, they leave a voicemail urging you to call back.
The caller ID may even display “Bank of America” or a local number — this is called caller ID spoofing. The scammer’s system manipulates how the number appears, making it seem legitimate.
Step 2: The Callback Trap
If you call back, you’re connected to a fake fraud agent who introduces themselves as from Bank of America’s “fraud prevention department.” They sound professional, calm, and sympathetic.
They’ll immediately verify “your identity” by asking for:
Your full name,
Last four digits of your debit or credit card,
Date of birth, or
Zip code.
They use these questions to make the conversation seem legitimate — but it’s all part of building trust and collecting data.
Step 3: The Fake Investigation
Next, the scammer explains that your account may be compromised and they’re investigating fraudulent activity. They might say things like:
“We’re seeing multiple unauthorized attempts at Target.com. To protect your funds, we need to verify recent transactions and secure your account.”
They may list fake recent purchases or mention your real bank balance (if they found partial info from data leaks or social media). This is where the scam becomes dangerous — the conversation feels authentic.
Step 4: Capturing Your Credentials
Once you’re comfortable, they’ll request your online banking login credentials “to confirm ownership.” They may say:
“For verification, I’m going to send you a security code from Bank of America. Please read it back to me when you receive it.”
That code is actually a two-factor authentication code from the real Bank of America website, which the scammer is using in real time to log into your account.
Once they gain access, they can:
Transfer funds to external accounts,
Change your password,
Disable notifications, and
Lock you out completely.
Step 5: The “Secure Account” Scam
In some cases, scammers tell victims that their funds need to be moved to a “temporary safe account” for protection. They might say:
“Your current account is under review. We’re creating a secure holding account where you can move your balance until we verify your transactions.”
They’ll walk you through Zelle, wire transfer, or ACH transactions to send your money directly to them — while convincing you it’s just a temporary safety measure.
Step 6: Remote Access Requests
Advanced variants of the scam involve remote desktop or mobile access tools. The scammers instruct you to install apps like:
AnyDesk,
TeamViewer,
QuickSupport, or
LogMeIn.
They claim these tools allow them to “check your mobile security” or “help you reverse unauthorized transactions.” Once installed, they gain full control of your device and can monitor your banking app or copy sensitive data.
Step 7: Draining and Disappearing
After stealing your credentials or money, the scammers vanish. The phone number becomes inactive or reroutes to a different call center. Victims who realize what happened often discover:
Their Bank of America online access is locked,
Funds have been transferred via Zelle or wire,
Fraudulent transactions appear on their account, and
The phone number they called no longer exists.
What to Do If You Have Fallen Victim to This Scam
If you’ve received or responded to a Bank of America Target Purchase scam call, act fast. Every minute matters when securing your financial accounts.
1. Hang Up and Stop Communication
If you’re currently speaking with someone claiming to be Bank of America about this purchase, hang up immediately. Do not provide any further information. Remember — legitimate fraud agents will never pressure you or ask for codes over the phone.
2. Do Not Call the Number Back
Do not redial or respond to voicemails. Scammers frequently rotate numbers and forward calls through virtual call systems. Always use official channels instead.
3. Contact Bank of America Directly
Call the number printed on the back of your debit or credit card (1-800-432-1000 in the U.S.) or log in to your account via the Bank of America mobile app or website. Explain the situation — they can check for fraudulent activity, lock your accounts, and issue new cards.
4. Change Your Online Banking Credentials
Immediately change your online banking username and password. Use a strong, unique password not used on other sites. If you gave out your security code, assume the scammer has already accessed your account and notify the bank.
5. Check for Unauthorized Transfers
Review your recent transactions carefully, especially:
Zelle transfers,
Wire transfers,
ACH debits, or
Unfamiliar purchases.
If any unauthorized activity appears, report it as fraud immediately.
6. Disable Remote Access Apps
If you installed any apps at the scammer’s request (AnyDesk, TeamViewer, etc.), uninstall them immediately. Then, perform a full security scan using reputable antivirus software or visit a professional repair service to check for malware.
Include the phone number, time of call, and any voicemail recordings if possible. This helps investigators block future scam networks.
8. Monitor Your Credit and Identity
Scammers may have obtained enough information to commit identity theft. Monitor your credit reports with:
Equifax
Experian
TransUnion
Consider placing a fraud alert or credit freeze on your accounts.
9. Educate Family Members
Share this information with family and friends — especially older relatives who are more frequently targeted. Explain that banks never ask for verification codes, passwords, or remote access.
10. Stay Alert for Follow-Up Scams
Scammers often target victims again, pretending to be “refund departments” or “fraud recovery teams.” If you’ve been scammed once, they may contact you again claiming they can help recover your money. Don’t trust unsolicited calls — hang up immediately.
Is Your Device Infected? Scan for Malware
If your computer or phone is slow, showing unwanted pop-ups, or acting strangely, malware could be the cause. Running a scan with Malwarebytes Anti-Malware Free is one of the most reliable ways to detect and remove harmful software. The free version can identify and clean common infections such as adware, browser hijackers, trojans, and other unwanted programs.
Malwarebytes works on Windows, Mac, and Android devices. Choose your operating system below and follow the steps to scan your device and remove any malware that might be slowing it down.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes
Download the latest version of Malwarebytes for Windows using the official link below. Malwarebytes will scan your computer and remove adware, browser hijackers, and other malicious software for free.
(The above link will open a new page from where you can download Malwarebytes)
Install Malwarebytes
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Once the scan completes, remove all detected threats. Your Windows computer should now be clean and running smoothly again, free of trojans, adware, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
After scanning, delete any detected threats. Your Mac should now be free from adware, unwanted extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
When the scan is finished, remove all detected threats. Your Android phone should now be free of malicious apps, adware, and unwanted browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
After cleaning your device, it’s important to protect it from future infections and annoying pop-ups. We recommend installing an ad blocker such as AdGuard. AdGuard blocks malicious ads, prevents phishing attempts, and stops dangerous redirects, helping you stay safe while browsing online.
How to Identify a Real Bank of America Fraud Alert
To protect yourself, know how real fraud alerts differ from fake ones.
Feature
Real Bank of America Alert
Scam Call/Voicemail
Delivery method
Via Bank of America app, text, or secure email
Random phone call or voicemail
Callback number
Official BofA number on website or card
Unknown number or spoofed local number
Information requested
May ask you to verify a transaction, but not for passwords or codes
Requests login details, 2FA codes, or card info
Tone
Professional but calm
Urgent, threatening, or insistent
Response time
Allows you to confirm in app
Pressures you to act “immediately”
Bank of America fraud detection systems are automated and always direct you to verify through secure channels, never through random calls.
The Bottom Line
The Bank of America Target Purchase Phone Call Scam is one of the most convincing frauds circulating today. It uses a combination of believable details, spoofed caller IDs, and psychological pressure to make victims act fast — often before verifying the truth.
Here’s what to remember:
Bank of America will never call you out of the blue to confirm transactions or ask for codes.
Never share your verification codes or passwords with anyone claiming to be from the bank.
Always verify using official numbers found on your card or in the bank’s mobile app.
If you ever receive a voicemail or call about a “declined Target.com purchase” — hang up, don’t engage, and contact Bank of America directly. Awareness is your best defense. The more people understand how this scam operates, the fewer victims scammers will find.
Frequently Asked Questions About the Bank of America Target Purchase Phone Call Scam
What is the Bank of America Target Purchase Phone Call Scam?
The Bank of America Target Purchase Phone Call Scam is a voice phishing (vishing) fraud in which scammers impersonate the bank’s fraud department. Victims receive an automated call or voicemail claiming that a purchase for around $319.55 at Target.com was declined. The message instructs them to “press 1” or “call the fraud department immediately” to verify the transaction. Once the victim responds, scammers posing as Bank of America representatives collect personal data, access online banking accounts, or trick victims into transferring funds to “safe” accounts. The scam has no connection to the real Bank of America or Target — it’s a deceptive ploy to steal your money and identity.
How can I tell if a Bank of America call is fake?
Fake Bank of America calls almost always include urgent language and immediate instructions to verify a transaction or confirm your identity. Common signs include:
Automated messages mentioning a specific retailer like Target.com or Amazon.
Requests to press a number or call back a different phone number.
Spoofed caller IDs showing “Bank of America” or a local area code.
Requests for sensitive data like passwords, one-time passcodes, or full card numbers.
Emotional pressure — the scammer insists your account will be frozen if you don’t act quickly.
Real Bank of America calls never request passwords, security codes, or remote access. If in doubt, hang up and call the official number on the back of your card.
What happens if I press 1 or call the number back?
If you press 1 or call the number provided in the voicemail, you’ll be connected to a fake Bank of America agent trained to sound professional. They’ll ask for your name, ZIP code, and last four digits of your card to “verify your identity.” Then they’ll claim to see suspicious Target.com transactions and will ask for:
Your online banking credentials,
Verification codes sent to your phone, or
To move your funds to a “temporary safe account.”
In more advanced scams, they’ll ask you to install a remote access app such as AnyDesk or TeamViewer, giving them direct control over your device. Once they have access or your codes, they can empty your bank account in minutes.
Does Bank of America ever call customers about suspicious purchases?
Yes, Bank of America does contact customers about potential fraud — but only through secure, verifiable channels. Legitimate fraud alerts:
Come through the Bank of America app, secure text messages, or verified emails.
Always allow you to confirm transactions safely without providing personal details.
Never include unknown callback numbers or links.
If you receive a call that seems suspicious, hang up and call 1-800-432-1000 (the official number on the back of your card). That’s the only way to confirm if a fraud alert is real.
Why do scammers mention Target.com in these calls?
Target.com is frequently used in these scam messages because it sounds plausible and familiar. Most Americans have shopped at Target or online retailers like it, so hearing a transaction “declined at Target.com for $319.55” doesn’t raise immediate suspicion. The amount is chosen carefully — large enough to alarm you but small enough to seem believable. The scammers use this realism to make their fake voicemail sound like a legitimate fraud alert from Bank of America’s system.
What should I do if I gave my information to a fake Bank of America caller?
If you shared any information with a scammer, take these steps immediately:
Call Bank of America directly at 1-800-432-1000 to report the incident.
Freeze or lock your cards to prevent unauthorized charges.
Change your online banking password and enable two-factor authentication.
Check your transaction history for unknown transfers or Zelle payments.
Uninstall any remote access apps the scammer asked you to install.
Report the scam to the FTC at reportfraud.ftc.gov and the FBI IC3 at ic3.gov.
Acting quickly can help Bank of America block transactions and limit damage.
Can scammers really make the caller ID show “Bank of America”?
Yes. This tactic is known as caller ID spoofing. Scammers use VoIP (internet-based calling) tools to falsify the caller ID that appears on your phone. This means your display might show “Bank of America” or a local area code even though the call is coming from overseas. Caller ID alone can never verify legitimacy. Always confirm through official phone numbers listed on bankofamerica.com or on your card.
What if I received a voicemail about a declined Target.com purchase but didn’t respond?
If you ignored or deleted the voicemail, you’re safe — simply do nothing further. The voicemail is part of a mass robocall campaign that targets thousands of numbers daily. No real purchase was made, and your Bank of America account isn’t affected. However, you can help others by reporting the number used in the call to the FTC or by posting it on scam-reporting websites such as 800notes.com or WhoCallsMe.com.
What are the risks if scammers accessed my account remotely?
If you installed a remote access app at a scammer’s request, they may have been able to:
View your screen, emails, and files,
Capture passwords or authentication codes,
Transfer money using your online banking app,
Install malware or keyloggers.
Disconnect your device from the internet, uninstall the remote app, and perform a full malware scan. Then contact Bank of America to freeze your account and reset credentials. It’s also wise to have your phone or computer inspected by a trusted professional for any remaining malicious software.
Is there a way to verify real Bank of America fraud alerts?
Yes. You can verify legitimate alerts in several ways:
Log into the Bank of America mobile app or online banking directly — real alerts appear in your notifications.
Check emails from official @bankofamerica.com domains only.
Call the number on your physical debit or credit card to speak to a verified representative.
Set up custom alerts within your account so you always know when a real purchase occurs.
If a call, email, or text doesn’t match these official sources, it’s almost certainly a scam.
10 Rules to Avoid Online Scams
Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.
Stop and verify before you click, log in, download, or pay.
Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).
If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.
Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.
If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.
Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.
If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.
Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.
If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.
Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.
If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.
Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.
If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.
Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.
If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).
Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.
If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.
Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.
If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.
Move quickly. Speed matters for disputes, account recovery, and limiting damage.
Stop payments and contact: do not send more money or respond to the scammer.
Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
Scan your device: remove suspicious apps or extensions, then run a full malware scan.
Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.
These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
