Beware of 907 Area Code Phone Scams – Common Texts, Calls, and Tricks
Written by: Thomas Orsolya
Published on:
Your phone rings with a 907 number, or a text pops up that looks like an official notice. If you have family in Alaska, do business there, or have ever had an Alaska number in your contacts, it might feel plausible. Even if you have no Alaska connection at all, the message still lands with the same punch: something is wrong and you need to act right now.
That reaction is exactly what scammers count on.
The 907 area code covers all of Alaska, which makes it easy for criminals to weaponize the “local” feel. And thanks to caller ID spoofing, the number you see is often not the number actually calling you. Scammers can make it look like the call is coming from a real Alaska agency, a local utility, a bank, or even law enforcement.
Over the last few years, Alaskans have been warned repeatedly about waves of 907-related fraud: fake “credit card deactivated” texts, DMV “fines” that demand payment through a link, police or court threats tied to warrants or jury duty, and utility shutoff scares.
This article breaks down what the 907 area code scam phone calls and text messages usually look like, how the operation works step by step, and what to do if you already responded.
Scam Overview
A “907 scam” is not one single scam. Think of it as a bundle of tactics that use Alaska’s area code as camouflage.
Sometimes the scammer is actually calling from a 907 number they control. More often, they are spoofing a 907 number to look local, trustworthy, or official. The goal is usually one of these:
Capture sensitive information (Social Security number, bank login, card number, PIN)
Trick you into clicking a link (to harvest data or install malware)
Pull you into a longer con (where they keep escalating demands)
Why the 907 area code is so useful to scammers
Alaska is unique in one simple way: 907 is statewide, not just one city. That gives scammers cover.
If they spoof a 907 number, they can pretend to be from:
A police department
A court office
The DMV
A telecom provider
A utility company
A bank or credit union
A delivery service
And because 907 covers the whole state, a victim cannot easily say, “That number is obviously from a different part of Alaska.” The ambiguity helps the scam.
Caller ID spoofing is the accelerant
Caller ID spoofing is when a caller deliberately falsifies the caller ID that appears on your phone. The FCC explains that spoofing becomes illegal when it is used with intent to defraud, cause harm, or wrongfully obtain something of value.
In practice, spoofing means:
You may see a familiar Alaska number, but the call did not originate there.
You might call back and reach an unrelated person or business.
Blocking one number does not solve the problem, because the scammer rotates numbers.
Alaska agencies have explicitly warned residents that scam calls can appear spoofed and look local.
The most common 907 scam themes
Below are the patterns that show up repeatedly in Alaska warnings and scam reports.
1) Credit card “deactivated” phishing texts
This is one of the clearest Alaska-specific examples, because the FBI’s Anchorage office warned about it directly.
The classic script:
You get a text that says your card has been deactivated or locked.
The text tells you to call a 907 number to “reactivate.”
An automated recording asks for your 16-digit card number, expiration date, CVV, and PIN.
That combination is everything a thief needs to drain accounts or clone your card.
2) DMV “fine” smishing texts (SMS phishing)
This one surged hard and became so common that both Alaska authorities and local police departments posted warnings.
Typical DMV smishing texts claim:
You have an unpaid traffic violation or “outstanding fine”
Your registration or driving privileges will be suspended
You must click a link and pay immediately
The Alaska DMV has stated plainly that these fraudulent texts are not connected to the DMV and should be disregarded, and that the Alaska DMV does not request payments or sensitive personal information via text message.
The Anchorage Police Department also warned that state DMVs will not ask for your information or money through texts, and advised people not to click links.
3) Law enforcement and court threats (warrants, jury duty, court appearance)
This category is especially effective because it targets fear.
The Alaska Court System issued a warning about phone scams involving someone impersonating a police officer about failure to appear for jury service or a court appearance, demanding immediate payment. It also notes the scam may push gift cards and threats of police being sent to your home.
This is not theoretical. It is a recurring tactic across Alaska: “pay now or you will be arrested.”
4) Utility shutoff threats and “pay right now” demands
Utility impersonation scams are a long-running pattern. Victims are told:
Your payment is overdue
Service will be disconnected in minutes
You must pay immediately (often via card over the phone, prepaid cards, or digital payment methods)
Alaska news reporting has covered utility impersonation threats in Anchorage and the Mat-Su Valley and noted it as a persistent problem. Alaska’s Regulatory Commission has also warned about scam calls that spoof numbers and attempt to get personal information or payments by pretending to represent a utility.
5) “Your account is suspended” phishing for logins
In one Alaska example, scammers targeted Alaska phone numbers with messages claiming a credit union account was suspended and pushed a link to “reactivate.” The warning emphasized not clicking the link and not providing login credentials.
6) “Press 1” robocalls posing as federal agencies
Alaskans have also been flooded with robocalls impersonating the U.S. Marshals Service, using intimidation and sometimes spoofed numbers. The guidance was simple: do not press buttons, do not provide information, and report through official channels.
Quick red flags checklist
If a 907 call or text does any of the following, treat it as a scam until proven otherwise:
Threatens arrest, a warrant, or immediate legal consequences
Demands payment by gift card, crypto, wire transfer, or a link in a text
Asks for sensitive info: PIN, CVV, login codes, passwords
Tells you not to hang up, or not to talk to anyone else
Uses caller ID that looks official, but refuses normal verification steps
The theme is consistent: pressure first, verification never.
How The Scam Works
Most 907 area code scam phone calls and text messages follow a predictable workflow. The storyline changes (DMV, credit card, police, utilities), but the mechanics are remarkably similar.
Step 1: They choose a pretext that fits Alaska and “sounds official”
Scammers pick scenarios where victims will assume there is no time to think:
“Your card has been deactivated”
“DMV has a fine due and will suspend your license”
“You missed jury duty and there is a warrant”
“Your power or phone service will be shut off”
“This is a federal agent, press 1 to speak to your case officer”
Alaska agencies have warned about several of these exact angles, including court impersonation, DMV smishing, and credit card phishing tied to 907 numbers.
Step 2: They deliver the hook by text, call, or a two-step combo
There are three common delivery models.
Model A: Text only (smishing)
This is the DMV “fine” pattern:
A text appears with a threat (license suspension, registration hold)
A link is included
The link leads to a fake payment portal or fake login page
Alaska authorities have warned explicitly that these texts are fraudulent and that the DMV does not request payments or sensitive info by text.
Model B: Robocall first, then a live scammer
This is common with “press 1” calls:
A recording claims to be law enforcement or a federal agency
It instructs you to press a number to connect
A live scammer takes over and escalates pressure
Alaska reporting on U.S. Marshals impersonation calls matches this pattern and notes spoofing can be involved.
Model C: Text first, call second
This is the FBI-described “credit card deactivated” flow:
The victim receives a text
The text instructs them to call a 907 number
The call goes to an automated recording that harvests card data and a PIN
This model is especially dangerous because victims feel like they initiated the call, which can lower their skepticism.
Step 3: They manufacture authority and urgency
This is where the scam turns from suspicious to emotionally compelling.
“Official” sounding scripts and calm, controlled voices
A caller ID that appears local or matches a real organization
Common urgency cues:
“Pay in the next 30 minutes”
“This is your final notice”
“A unit is being dispatched”
“Your license will be suspended today”
“Your service will be shut off within the hour”
The Alaska Court System’s warning is a textbook example of this pressure: immediate payment demanded, coupled with the threat of law enforcement action.
Step 4: They push you away from verification
Real organizations want you to verify. Scammers want the opposite.
You will often hear:
“Do not hang up or it will be worse”
“You cannot call the main number, this is a direct line”
“Your case is confidential”
“If you tell anyone, you could be charged”
“I am trying to help you, but you must cooperate”
This is a control tactic. It keeps you from doing the one thing that breaks most scams: independent confirmation.
Step 5: They move to the “payment or data capture” moment
Different pretexts lead to different demands, but the end goal is always money or sensitive information.
Below are the most common “endgames” for 907 scams.
Endgame 1: Capture your card data and PIN (credit card reactivation scam)
This is the one the FBI described clearly:
Automated system asks for card number, expiration, CVV, and PIN
If the victim enters it, the scammer can attempt:
Unauthorized card-not-present purchases
Cash advances (if possible)
Account takeover attempts using the collected data
A key detail: legitimate banks and card issuers do not need your PIN to “reactivate” a card by phone, and they do not ask for it through an unsolicited text-driven callback flow.
Endgame 2: Steal your identity or account logins (phishing links)
In the Alaska credit union phishing example, scammers used a “your account is suspended” message and tried to steal usernames and passwords through a link.
Telecom providers have also warned about phishing and “pretexting” where scammers try to get personal data or even remote access to a computer, pretending to be customer support.
Endgame 3: Immediate payment to avoid arrest or penalties
This is the court and law enforcement intimidation route:
“Pay the fine right now”
“Buy gift cards to prove compliance”
“Pay to drop the warrant”
The Alaska Court System warning explicitly notes that scammers may demand immediate payment and even push gift cards.
This style of scam also often demands payment methods that are hard to reverse:
Cryptocurrency deposits
Gift cards
Wire transfers
That is not an accident. It is risk management for the scammer.
Endgame 4: Utility shutoff payments
Utility impersonation scams are designed to feel operational:
“Your account is delinquent”
“We will disconnect service”
“Pay now and it will be restored”
Alaska reporting has documented this kind of threat-based utility scam pattern. And Alaska’s utility regulators have warned about fraud calls that spoof numbers and try to extract money or information.
Step 6: If you hesitate, they escalate or pivot
Scammers rarely give up on the first “no.” They pivot:
If you refuse to pay, they offer a “payment plan” with a smaller first payment (like $50 or $100) to get you started.
If you won’t click a link, they ask you to “verify” info verbally.
If you say you will call back, they keep you on the line to prevent that.
If they sense you are slipping away, they turn up fear: arrest, suspension, disconnect, extra fees, embarrassment.
Step 7: They reuse your contact information
If you reply once, click once, or speak once, your number can become more valuable:
It may be re-targeted by the same crew.
It may be sold or shared with other scam operations.
You may start receiving “follow up” scams referencing the first one.
That is why “just seeing what they want” is risky. The safest approach is controlled: do not engage, verify independently.
What To Do If You Have Fallen Victim to This Scam
If you already answered, clicked, paid, or shared information, focus on fast containment. You are not trying to “win the argument” with the scammer. You are trying to reduce damage.
1) Stop contact immediately and preserve evidence
Hang up. Do not continue the conversation.
Do not reply to texts.
Take screenshots of texts, numbers, links, and any payment instructions.
Write down what happened while it is fresh (time, amount, method, what you shared).
This helps your bank, your carrier, and investigators.
2) If you shared card details or banking info, call your bank now
Ask for the fraud department and do these actions immediately:
Lock or cancel the card
Dispute unauthorized charges
Add extra authentication notes to your account
Change online banking passwords
Ask about new account numbers if needed
If you entered a PIN in response to a scam, assume it is compromised. The FBI warning about the 907 “reactivation” scheme is clear that scammers attempt to collect PINs.
3) If you clicked a link and entered credentials, secure your accounts in this order
Email account (because it controls password resets)
Banking and payment apps
Phone carrier account
Social media accounts
Do the following:
Change passwords to strong, unique ones
Enable multi-factor authentication (prefer an authenticator app where possible)
Log out of all sessions (most services have a “log out everywhere” option)
Check for new forwarding rules or recovery emails you did not set
4) If you paid by gift card, wire, or crypto, act within minutes if possible
Gift cards
Call the gift card issuer immediately and report the card as used in a scam.
Keep receipts and card numbers.
Recovery is difficult, but fast reporting is your only chance.
Wire transfer
Contact your bank right away and request a wire recall or fraud investigation.
Cryptocurrency
If you sent crypto to a wallet address, report it anyway. It is hard to recover, but reporting can support investigations and may help future victims.
5) Check your device safety if you clicked anything suspicious
If a link took you to a site that asked for personal data or pushed downloads:
Run a mobile security scan (or reputable antivirus on desktop)
Remove unknown profiles or device management settings (mobile)
Delete suspicious apps you do not recognize
Update your operating system and browser
Consider a factory reset if you installed unknown software or granted remote access
6) Protect your identity proactively
If you shared personal details like Social Security number, driver’s license number, or banking login credentials:
Place a fraud alert or credit freeze with the major credit bureaus
Monitor credit reports and account openings
Document everything for disputes
The FTC’s IdentityTheft.gov is the standard starting point for a recovery plan and reporting.
7) Report the scam in the right places
Reporting matters because it helps pattern-matching and enforcement.
Recommended reporting channels:
FTC fraud reporting (ReportFraud)
FBI IC3 (Internet Crime Complaint Center)
Your local police department (especially if there were threats or large losses)
Alaska consumer protection resources if you are in Alaska
Alaska scam warnings often point victims to the FTC and IC3 as the appropriate reporting pathways.
8) Notify your mobile carrier and tighten call and text defenses
Most carriers can:
Add extra account security (port-out PIN, account passcode)
Help you block known scam patterns
Offer spam call filtering tools
Also consider:
Silencing unknown callers
Filtering unknown senders in messaging apps
Using built-in “report junk” features
9) Use a verification rule going forward (simple and effective)
Adopt one rule and stick to it:
Never trust inbound contact. Verify by outbound contact.
That means:
If you get a “DMV fine” text, go to the DMV website yourself, not the link in the text. Alaska DMV has warned it does not request payment by text.
If you get a “card deactivated” text, call the number on the back of your card. The FBI recommended exactly that for the 907 reactivation scheme.
If someone claims to be police or court staff demanding payment, hang up and call the publicly listed number. Alaska courts have warned these payment-demand calls are scams.
If a “utility” threatens shutoff, call the company using the number on your bill, not the caller.
This single habit blocks most scams.
Is Your Device Infected? Run a Free Malware Scan
Slow performance, constant pop-ups, or strange behavior? These are classic signs of a malware infection. The fastest way to find out is to scan your device with Malwarebytes Anti-Malware Free — one of the most trusted malware removal tools available.
The free version detects and removes the most common threats, including:
Adware — the cause of those annoying pop-ups
Browser hijackers — unwanted redirects and changed homepages
Trojans and spyware — hidden programs stealing your data
Potentially unwanted programs (PUPs) — software you never asked for
👉 Select your device below — Windows, Mac, or Android — then follow the simple steps to download Malwarebytes, scan your system, and remove any threats it finds. The whole process takes about 5 minutes.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes is one of the most popular and trusted anti-malware tools for Windows — and it’s completely free for removing infections. It catches threats that many antivirus programs miss, including adware, browser hijackers, and trojans. Follow the steps below to scan and clean your PC in just a few minutes.
Download Malwarebytes
Click the button below to download the latest version of Malwarebytes for Windows from the official source. The free version is all you need — it will scan your computer and remove adware, browser hijackers, and other malicious software at no cost.
(The link opens in a new page where your download will start)
Install Malwarebytes
When the download finishes, open your Downloads folder and double-click the MBSetup file. If Windows shows a User Account Control pop-up, click “Yes” to allow the installation.
Follow the On-Screen Prompts to Install Malwarebytes
The setup wizard will walk you through a few quick screens:
Choose where you’re installing the program — “Personal Computer” or “Work Computer” — then click Next.
Malwarebytes will now install on your device. This usually takes under a minute.
When installation is complete, the “Welcome to Malwarebytes” screen will open automatically.
On the final screen, click Open Malwarebytes to launch the program.
Enable “Scan for Rootkits”
Before scanning, turn on rootkit detection so Malwarebytes can find even the most hidden threats. Click the Settings gear icon on the left side of the screen.
In the settings menu, find “Scan for rootkits” and click the toggle so it turns blue.
Done? Click “Dashboard” in the left pane to return to the main screen.
Start the Scan
Click the blue Scan button. Malwarebytes will automatically update its virus database and start checking your computer for malware.
Wait for the Scan to Finish
The scan checks your entire system for browser hijackers and other malicious programs, so it can take several minutes. Feel free to do something else — just check back occasionally to see the progress.
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found — malware, adware, and potentially unwanted programs. Click the “Quarantine” button to remove all of them at once.
Malwarebytes will now remove the malicious files and registry entries and move them safely into quarantine.
Restart Your Computer
Some threats can only be fully removed after a reboot. If Malwarebytes asks you to restart, click Yes. Once you’re logged back in, your PC is clean and you can continue with the next steps in this guide.
When the scan finishes, click Quarantine to remove everything Malwarebytes found. That’s it — your Windows PC is now clean of trojans, adware, and other malware, and should be back to running smoothly.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is a free on-demand scanner that removes the malware other security software tends to miss — adware, browser hijackers, and unwanted programs included. Cleaning an infected Mac with Malwarebytes has always been completely free, and it’s our go-to recommendation. Follow the steps below to scan and clean your Mac in just a few minutes.
Download Malwarebytes for Mac
Click the button below to download the latest version of Malwarebytes for Mac.
When the download finishes, open your Downloads folder and double-click the setup file to begin the installation.
Follow the On-Screen Prompts to Install Malwarebytes
The Malwarebytes for Mac Installer will guide you through a few quick screens. Click “Continue” and keep following the prompts until the installation completes.
When the installation is complete, Malwarebytes opens to the Welcome to Malwarebytes screen. Click “Get started“.
Select “Personal Computer” or “Work Computer”
Malwarebytes will ask what type of computer you’re installing it on. Click either Personal Computer or Work Computer, whichever applies.
Start the Scan
Click the “Scan” button. Malwarebytes will automatically update its detection database and begin checking your Mac for malware.
Wait for the Scan to Finish
Malwarebytes will scan your Mac for adware, browser hijackers, and other malicious programs. This can take a few minutes, so feel free to do something else — just check back occasionally to see the progress.
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found. Click the “Quarantine” button to remove all the threats at once.
Restart Your Mac
Malwarebytes will now remove all the malicious files it found. Some threats can only be fully removed after a reboot — if Malwarebytes asks you to restart, allow it. Once you’re logged back in, your Mac is clean.
Once the scan is done, remove every threat it detected. Your Mac is now free of adware, rogue browser extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
After the scan, tap Remove Selected to delete all detected threats. Your Android phone is now clean — no more malicious apps, adware, or browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
Now that your device is clean, keep it that way. Most infections start with a malicious ad or a fake download button — so blocking them at the source is your best defense.
We recommend AdGuard, which blocks malicious ads, phishing pages, and dangerous redirects before they can reach you.
A 907 area code on your screen does not automatically mean Alaska, and it definitely does not mean “legitimate.”
Scammers use 907 numbers and spoofing to make their calls and texts feel local and credible, then they push urgency: pay now, click now, verify now. Alaska agencies have issued repeated warnings about these patterns, including DMV smishing texts, credit card “reactivation” phishing, and court or police impersonation that demands immediate payment.
If you remember only one thing, make it this:
When money, passwords, PINs, or threats enter the conversation, stop treating it like customer service. Treat it like fraud. Hang up, do not click, and verify through a trusted number or official website you find independently.
And if you already engaged, move quickly. Fast containment and reporting can be the difference between a close call and a long cleanup.
FAQ
Is every call or text from the 907 area code a scam?
No. 907 is the area code for all of Alaska, so legitimate calls can come from businesses, clinics, schools, airlines, hotels, government offices, and individuals in Alaska. The problem is that scammers can also spoof a 907 number to make a call look local or official. The area code alone is not proof either way.
Why am I getting 907 calls if I do not know anyone in Alaska?
Scammers and robocallers often dial numbers in bulk. Your number may also be on a marketing list, exposed in a data breach, or recycled from an older contact list. Sometimes scammers pick Alaska numbers to stand out or to make their story sound believable.
Can scammers fake a 907 number on caller ID?
Yes. This is called caller ID spoofing. A scammer can make it look like the call is coming from a real 907 number, including a legitimate organization. That is why calling back the number that appears on your screen is not always safe.
What are the most common 907 scam text messages?
Common 907 scam texts include:
“Your credit card is deactivated, call this 907 number to reactivate”
“DMV fine due, pay now or your license will be suspended”
“Package delivery problem, click here to reschedule”
“Suspicious account activity, verify your identity”
“Utility shutoff notice, pay immediately”
The consistent pattern is urgency plus a link or callback number.
What should I do if I receive a 907 scam text with a link?
Do not click it. Instead:
Screenshot the message for evidence
Delete it
Report it as spam/junk in your messaging app
If it claims to be your bank, DMV, or utility, go to the official website manually or call the official number on your statement or card
If I answered the call, can I still be in danger if I did not give information?
Usually the biggest risk comes when you provide information, click links, or send money. But even answering can confirm your number is active, which may lead to more calls. If you answered, keep an eye out for follow-up attempts, and avoid engaging again.
How do I tell if a “DMV fine” text is real?
Treat any DMV payment demand sent by text as suspicious. The safest approach is:
Do not use the link in the text
Go to the official DMV website yourself (typed manually)
Call the DMV using a publicly listed number if you are unsure
Would a police department or court ever demand payment over the phone to avoid arrest?
No legitimate agency handles warrants or legal penalties this way. A common scam script is “pay now or you will be arrested.” Real courts and law enforcement do not demand immediate payment by phone, and they do not resolve warrants through gift cards, crypto, or instant transfers. If you get a threat like this, hang up and verify through official contact channels.
What payment methods are the biggest red flags?
Huge red flags include requests for:
Gift cards
Cryptocurrency
Wire transfers
Cash apps or peer-to-peer transfers
Payment through a link sent by text
Scammers prefer methods that are fast and hard to reverse.
What if the caller knows my name or personal details?
That does not prove legitimacy. Your information may come from data breaches, public records, social media, or lead lists. If a caller “proves” they know you, treat it as a warning sign and verify independently.
Should I block 907 numbers?
Blocking can help reduce repeat calls from a specific number, but it is not a full solution because scammers rotate numbers and spoof caller ID. A better defense is:
Let unknown numbers go to voicemail
Use call filtering features from your phone or carrier
Verify anything important by calling back through official numbers you find yourself
What is the safest way to verify a real issue if I am worried?
Use this rule: Never trust inbound contact. Verify by outbound contact.
Call your bank using the number on the back of your card
Contact a utility using the number on your bill
Look up official agency numbers from their real websites, not links in texts
I clicked a link but did not enter information. What now?
Take precautions anyway:
Close the page immediately
Run a security scan on your phone or computer
Clear your browser history and website data
Watch for unusual popups, login prompts, or new apps
If the site asked for permissions or downloads, tighten security and consider a deeper device check
I entered my card number or banking login. What should I do first?
Act immediately:
Call your bank or card issuer’s fraud department
Freeze or replace the card
Change banking passwords and enable multi-factor authentication
Review recent transactions
Dispute unauthorized charges
Speed matters.
Where should I report 907 scam calls and texts?
Useful reporting options include:
FTC fraud reporting
FBI IC3 (especially if money was lost or there was a phishing link)
Your mobile carrier (spam reporting)
Local law enforcement if threats were involved
10 Rules to Avoid Online Scams
Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.
Stop and verify before you click, log in, download, or pay.
Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).
If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.
Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.
If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.
Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.
If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.
Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.
If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.
Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.
If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.
Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.
If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.
Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.
If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).
Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.
If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.
Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.
If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.
Move quickly. Speed matters for disputes, account recovery, and limiting damage.
Stop payments and contact: do not send more money or respond to the scammer.
Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
Scan your device: remove suspicious apps or extensions, then run a full malware scan.
Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.
These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
