Beware the FAKE Bank of America “GameStop Charge” Scam Text
Written by: Thomas Orsolya
Published on:
The voicemail sounds calm, almost routine.
It says there was a charge at GameStop on your Bank of America card, and it needs your attention. A text message follows from the same number, 18009010403, repeating the warning like a helpful reminder you should not ignore.
For a split second, your brain does what it always does in moments like this. It pictures the damage first, then it searches for the fastest way to stop it.
That is exactly what this scam is built to trigger.
Because in many cases, the “charge” is not the real story. The real story is what happens next, when a fake fraud alert pulls you into a phone call, a reply, or a verification step that quietly hands scammers the keys to your money.
Scam Overview
Bank of America and GameStop charge scam texts are impersonation messages designed to look like real fraud alerts. They usually arrive as one or more SMS messages, sometimes paired with a voicemail, claiming your Bank of America card was used at GameStop, often for a specific dollar amount. The scam is meant to create urgency, get you to engage, and then push you toward actions that benefit the scammers.
A user report describes receiving a voicemail and text messages from 18009010403 about a charge at GameStop on a Bank of America card. That pattern is consistent with bank impersonation campaigns where scammers use familiar merchant names and “fraud department” language to lure victims into a live conversation.
Why these “Bank of America charge at GameStop” alerts feel so believable
Scammers have learned what makes people react.
They do not send messages that sound like obvious nonsense. They send messages that feel like something a bank would actually say when it detects unusual activity. That includes:
A recognizable bank brand, such as Bank of America
A recognizable merchant, such as GameStop
A simple fraud scenario that anyone can understand
A sense of time pressure, often implied rather than shouted
A clear next step, usually “call this number” or “reply YES/NO”
The merchant matters more than people realize.
GameStop is widely known, easy to picture, and easy to believe as a fraud target. It creates a simple mental image: someone used a card in a store, or online, and the bank caught it. That story is clean, familiar, and plausible enough to pull you in.
The phone number is the real payload
In many versions of this scam, the scammer’s phone number is the most important piece of the message.
It is not always about getting you to click a link. It is about getting you to call.
Once you call, you are no longer evaluating a text message. You are dealing with a confident human voice that can:
Interrupt your thinking
Add urgency at the right moments
Reassure you when you hesitate
Adapt the story based on your answers
Walk you step-by-step into a trap
Bank of America warns about exactly this kind of social engineering, including scammers who pretend to “help stop fraud” by asking you to share a one-time code or send money through Zelle.
What scammers want from you
The most common goals of Bank of America fraud alert scams fall into a few categories.
They want your one-time passcodes. This is one of the most dangerous outcomes because it can give them instant account access. Bank of America specifically warns that scammers may ask you to share a one-time code to “resolve fraud.”
They want your online banking access. Some victims are pushed to “confirm” credentials or are tricked into logging in on a fake page. Others are talked into revealing details over the phone.
They want to move your money. A common twist is a fake “secure transfer” where the scammer convinces you to send money to yourself or to a “safe account” through Zelle or other instant transfer methods. Bank of America notes they will never contact you to ask you to send money using Zelle, including sending money to yourself, as a fraud solution.
They want your identity details. Even if you do not bank with Bank of America, scammers can harvest your name, phone number, email, and address, then use it for more targeted fraud later.
“But I don’t even bank with Bank of America”
This is one of the most confusing parts of the scam, and it is also one of the reasons it works.
Scammers send these alerts in bulk. They do not need to know who banks where. They only need a small percentage of recipients to respond.
If you do bank with Bank of America, the alert feels personal. If you do not, many people still call just to “clear it up,” because it feels safer than ignoring it.
That reaction is completely normal. It is also exactly what scammers are counting on.
Why you might get a voicemail plus a text
A voicemail makes it feel more official.
Text messages are common, but voicemails create a different kind of pressure. A voicemail feels like a direct outreach, like a fraud agent tried to reach you and will keep trying until you respond.
In reality, it is simply another channel to push you to engage.
The scam flow often looks like this:
You miss a call, or receive a voicemail
The voicemail claims a suspicious charge and instructs you to act
A text arrives from the same number to reinforce the urgency
If you respond, the scammer now knows your number is active
How scammers make the messages look “bank-like”
Scammers borrow the tone and structure of real alerts:
Short sentences
Clear merchant names
Minimal details
A simple yes/no decision
A number that appears “support-like”
Some scams even attempt to insert themselves into existing message threads, making it look like the alert is part of your bank’s usual SMS history. This is one reason the safest habit is to verify using official channels you initiate, not the number provided in the message.
What Bank of America says to do with suspicious texts
If a suspicious text uses Bank of America’s name, Bank of America instructs people to forward suspicious messages to their abuse reporting email address and to forward suspicious texts to 7726 (SPAM) to report to your mobile carrier.
That guidance is valuable because it gives you a safe action that does not involve engaging with the scammer.
The most common “GameStop charge” scam text themes
Even if the wording varies, most versions follow the same emotional script:
“Did you authorize this?”
“We detected unusual activity.”
“Reply YES to confirm, NO to deny.”
“Call immediately to stop the charge.”
“Your card will be locked if you do not respond.”
Sometimes the message includes a dollar amount. Sometimes it does not. The goal is always the same: push you to engage before you verify.
Red flags that separate a real alert from a scam attempt
A real bank might text you about unusual activity. But the danger is not the concept of a fraud alert, it is the way scammers twist it.
Be cautious when:
The message pressures you to call a number provided in the text
The message asks for one-time codes, PINs, or login details
The person on the phone insists you must act right now
The “solution” involves sending money, even to yourself
You feel rushed, confused, or kept on the line while you do things
Bank of America explicitly warns that scammers may ask you to share a code or send money, including through Zelle, as part of a fake fraud resolution process.
Why this scam can be expensive, fast
If you engage and the scam moves into one-time code capture, things can happen quickly.
A scammer does not always need your password. In many account takeover patterns, the scammer triggers a reset or enrollment flow and then uses the one-time code you read back to them. That is why one-time codes are so valuable, and why banks repeatedly warn not to share them.
Once access is gained, the money movement can be immediate through instant transfer systems, and reversals can be difficult.
A quick reality check about phone numbers like 18009010403
Seeing an “800” style number can lower your guard. It feels official.
But phone numbers can be spoofed. Caller ID can be faked. Text sender numbers can be manipulated in ways that make them look legitimate.
So the safest policy is simple: never trust the number that contacted you. Trust only the number you look up yourself from an official source, or the number printed on the back of your card or bank statement.
Bank of America’s guidance for people who responded to suspicious messages is to call the number on the back of your card or statement.
How the Scam Works
Below is the most common step-by-step pattern for Bank of America and GameStop charge scam texts, including versions that begin with a voicemail from a number like 18009010403. The steps are written in a realistic sequence, but scammers may mix or skip steps depending on how you respond.
1) The alert arrives with a familiar merchant and a clear threat
You receive a voicemail, a text, or both.
It claims a charge at GameStop on your Bank of America card. The details may be minimal, but the message usually implies urgency. It is framed as a fraud prevention alert, not a sales pitch.
This is the hook. It activates fear, and it creates a problem that feels time-sensitive.
2) You are given a simple action, call back or reply
The message typically offers a fast way to fix it:
Call a number to “verify” or “stop the charge”
Reply YES/NO to confirm the transaction
This is the fork in the road the scammers care about.
If you reply, they learn your number is active and responsive.
If you call, you enter the high-risk stage where a scammer can guide you in real time.
3) The “bank representative” answers, and builds trust quickly
On the phone, the scammer sounds like a fraud department agent.
They may:
Confirm the merchant name and amount
Claim the transaction is pending and can still be stopped
Use banking language to sound credible
Then they begin “verification.”
The first questions often feel harmless: your name, phone number, maybe the last four digits of a card. This is compliance-building. Each small answer makes the next request easier.
4) They escalate the story from one charge to a broader compromise
Once you are engaged, many scammers expand the narrative:
“We also see attempted transfers.”
“We see an added payee.”
“We see a Zelle enrollment.”
“We see sign-ins from another state.”
This creates a bigger emergency, which makes drastic actions feel reasonable.
Bank of America specifically warns about scams where a caller claims fraud and then asks you to share a code or send money through Zelle as the fix.
5) They attempt to capture a one-time code
This is one of the most common turning points.
The scammer says something like:
“I’m sending a code to verify you.”
“Read the code to confirm we can block the fraud.”
“This code allows me to secure your account.”
In reality, that code may be:
A login verification code
A password reset code
A code to enroll the scammer’s device
A code to authorize a transfer setup
Bank of America warns about scammers asking you to share a one-time code over the phone.
6) They introduce the “secure transfer” trick
If they cannot get a code, or after they get it, many scammers pivot to money movement.
They may claim:
Your account is “unsafe” and needs funds moved temporarily
The charge cannot be stopped unless the account is “verified”
A “safe account” will protect your money during the investigation
Then they instruct you to send money through Zelle or another instant method, sometimes framed as sending money to yourself.
Bank of America warns that they will never contact you and ask you to send money using Zelle, including sending money to yourself, as a fraud solution.
7) They use pressure to keep you from verifying independently
Throughout the call, scammers try to prevent you from pausing.
Common pressure lines include:
“Do not hang up, or the charge will post.”
“If you call the bank back, it will delay the case.”
“You have a short window before funds are released.”
This is manipulation, not process.
A legitimate bank will not punish you for hanging up and calling back through the official number on your card.
8) If you comply, they move fast, then disappear
If the scammer succeeds, the final stage happens quickly:
Money is moved out
Access is gained
New payees are added
Your credentials are changed
You are told to wait, or to expect a call back
Then the contact fades. Or worse, it continues in a new form, with follow-up calls from “escalation” or “recovery” teams.
If gift cards ever enter the conversation, that is a strong scam signal. The FTC’s guidance on gift card scams emphasizes reporting quickly to the gift card company and to the FTC, because speed can affect recovery.
What To Do If You Have Fallen Victim to This Scam
If you replied, called back, shared any information, read a code, clicked a link, or sent money, the goal now is containment. The steps below are practical, and you can do them calmly, one by one.
Stop engaging with the number and preserve evidence Do not reply again. Do not call back. Block the number. Take screenshots of the texts and save the voicemail if possible. Write down the time, the phone number, and what was said.
Contact your bank using a trusted number you choose If you bank with Bank of America, call the number on the back of your card or your statement. If you do not, call the bank you actually use and explain you may have interacted with a bank impersonation scam.
If you gave any information, tell them exactly what you shared and ask for the fraud department.
Bank of America’s guidance for people who responded to suspicious texts or calls is to call the number on the back of your card or bank statement.
If you shared a one-time code, assume account takeover risk One-time codes are not harmless.
Immediately change your online banking password and your email password, because email is often the path to resets. Turn on two-factor authentication where possible.
If your bank supports it, ask them to add additional verification to your profile.
Review your account for changes, not just charges Look for:
New payees
New linked accounts
New phone numbers or emails on your profile
New transfer recipients
Any new Zelle enrollment activity
Scammers often set up future access, even if they do not move money right away.
If you sent money, act immediately, and ask about recall options If you sent funds through an instant transfer, call your bank right away. Ask whether the transfer can be canceled or recalled, and file a fraud report.
If you were pushed into gift card purchases, report it to the gift card company immediately and file a report with the FTC. The FTC recommends reporting gift card scams quickly, and notes some companies may help with recovery.
Scan your devices if you clicked links or installed anything If the scam included any link, or if you were asked to install apps or profiles, scan your devices.
Use reputable tools:
Malwarebytes to check for malware and unwanted programs
AdGuard to reduce exposure to malicious ads and scam pages that often lead to phishing and fake alerts
Report the scam text properly Forward suspicious texts that use Bank of America’s name to their abuse reporting email address. Bank of America also recommends forwarding scam texts to 7726 (SPAM) to report to your mobile carrier.
Reporting helps carriers and banks map campaigns and block infrastructure faster.
Watch for follow-up attempts and “recovery” scams After you engage once, scammers may try again using new stories. They may pretend to be:
A bank supervisor
A “Zelle support team”
A fraud investigator
A service that can recover your money
Be especially wary of anyone who contacts you first and asks for payment to recover losses.
If you shared personal identity details, consider protective steps If you provided sensitive personal data, consider placing fraud alerts or credit freezes with relevant credit bureaus in your country, depending on what applies to your situation.
Give yourself a rule for the future, and stick to it When a message triggers panic, slow the moment down.
Use a simple habit: do not use the contact details provided in the message. Use a number you already trust, like the number on your card, or one you look up yourself.
Is Your Device Infected? Scan for Malware
If your computer or phone is slow, showing unwanted pop-ups, or acting strangely, malware could be the cause. Running a scan with Malwarebytes Anti-Malware Free is one of the most reliable ways to detect and remove harmful software. The free version can identify and clean common infections such as adware, browser hijackers, trojans, and other unwanted programs.
Malwarebytes works on Windows, Mac, and Android devices. Choose your operating system below and follow the steps to scan your device and remove any malware that might be slowing it down.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.
Download Malwarebytes
Download the latest version of Malwarebytes for Windows using the official link below. Malwarebytes will scan your computer and remove adware, browser hijackers, and other malicious software for free.
(The above link will open a new page from where you can download Malwarebytes)
Install Malwarebytes
After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes
When the Malwarebytes installation begins, the setup wizard will guide you through the process.
You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
Malwarebytes will now begin the installation process on your device.
When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.
Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.
In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.
Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.
To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware
Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.
Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.
When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.
Once the scan completes, remove all detected threats. Your Windows computer should now be clean and running smoothly again, free of trojans, adware, and other malware.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.
Download Malwarebytes for Mac.
You can download Malwarebytes for Mac by clicking the link below.
When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.
When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.
When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.
The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.
To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.
Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.
Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.
After scanning, delete any detected threats. Your Mac should now be free from adware, unwanted extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
When the scan is finished, remove all detected threats. Your Android phone should now be free of malicious apps, adware, and unwanted browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
After cleaning your device, it’s important to protect it from future infections and annoying pop-ups. We recommend installing an ad blocker such as AdGuard. AdGuard blocks malicious ads, prevents phishing attempts, and stops dangerous redirects, helping you stay safe while browsing online.
The Bottom Line
The Bank of America and GameStop charge scam text is a modern version of a classic con: a believable fraud alert that pushes you into a fast reaction. In the user report, the scam included a voicemail and texts from 18009010403 about a GameStop charge on a Bank of America card, a pattern that fits bank impersonation and fraud alert social engineering.
The safest response is to avoid calling numbers provided in unexpected texts or voicemails. Instead, verify using official channels you initiate, like the number on the back of your card or bank statement. If you already engaged, focus on containment: contact your real bank, change passwords, review for account changes, and report the scam through official reporting paths, including Bank of America’s abuse reporting and your carrier’s 7726 spam reporting.
FAQ
What are “Bank of America & GameStop charge” scam texts?
They are fake fraud alerts designed to look like Bank of America security messages. They claim your card was used at GameStop and try to push you into calling a phone number or replying to the text. The real goal is to steal one-time codes, online banking access, or money.
Is 18009010403 a real Bank of America number?
Do not assume any number in a text or voicemail is legitimate. Scammers can spoof caller ID and can send texts that appear to come from convincing numbers. The safe move is to call Bank of America using the number on the back of your card, or a number you find on the official Bank of America website, not the number that contacted you.
Why do scammers use GameStop in these alerts?
GameStop is recognizable and feels plausible as a fraud merchant. Scammers pick well-known store names because they trigger a quick emotional reaction and make the story easy to believe without needing extra details.
What happens if I reply YES or NO to the text?
Replying confirms your phone number is active and responsive. That can lead to more scam attempts. In some versions, replying also triggers a follow-up call from a fake “fraud department” agent.
What happens if I call the number in the message?
You may reach a fake bank representative who sounds professional and urgent. They will try to “verify” you, then pressure you to share sensitive information, especially one-time passcodes. Some will push you to send money through instant transfer methods as a supposed fraud fix.
Will a real bank ever ask me to read back a one-time code?
No. A one-time code is meant to confirm it is really you. If you read it to someone else, you can be handing them the keys to your account. Treat any request for a code as a major red flag.
Why do scammers ask people to send money using Zelle or similar services?
Because those transfers can be fast and difficult to reverse. Scammers may claim you must move money to a “safe account,” or even “send money to yourself,” but the instructions are designed to route funds to the scammer or a mule account.
I do not bank with Bank of America. Why did I get this message?
Scammers send these alerts in bulk. They do not need accurate bank data. They only need a small percentage of people to respond out of caution, confusion, or urgency.
What should I do if I received the alert but did not respond?
Do not call the number and do not reply. If you want peace of mind, check your real bank account and card statements directly, or call your bank using the number on the back of your card.
What if I replied or called, but I did not give them anything?
Your risk is lower, but expect more scam attempts. Block the number, watch for follow-up messages, and be cautious of calls claiming to be “escalated support” or “fraud recovery.”
What if I shared my bank login, card details, or a one-time code?
Treat it as urgent:
Contact your bank immediately using a trusted number
Change your online banking password
Change your email password (email is often used for resets)
Ask the bank to review recent activity and add extra security controls
What if I sent money or bought gift cards?
Call your bank immediately and ask if the transfer can be stopped or recalled. If gift cards were involved, contact the gift card issuer right away and keep receipts and card details. Report the incident quickly, speed matters.
Should I scan my device after interacting with this scam?
If you clicked links, installed anything, or were guided through steps on a computer, yes.
Use Malwarebytes to scan for malware and unwanted programs
Use AdGuard to help block malicious ads and scam pages that often lead to phishing
How do I report these scam texts?
Report the text as spam in your messaging app
Forward the message to 7726 (SPAM) to report it to your mobile carrier, if supported in your region
10 Rules to Avoid Online Scams
Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.
Stop and verify before you click, log in, download, or pay.
Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).
If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.
Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.
If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.
Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.
If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.
Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.
If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.
Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.
If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.
Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.
If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.
Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.
If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).
Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.
If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.
Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.
If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.
Move quickly. Speed matters for disputes, account recovery, and limiting damage.
Stop payments and contact: do not send more money or respond to the scammer.
Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
Scan your device: remove suspicious apps or extensions, then run a full malware scan.
Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.
These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.
Thomas is an expert at uncovering scams and providing in-depth reporting on cyber threats and online fraud. As an editor, he is dedicated to keeping readers informed on the latest developments in cybersecurity and tech.
