Tax Mediation and Resolution Agency Scam Calls: The “Flagged Account” Voicemail Con
Written by: Stelian
Published on:
It usually arrives when you are not looking for it.
A missed call, a voicemail, and a transcript that sounds like it came from a serious office with a serious file in front of them.
“Resolution escalation… flagged for immediate follow up… unresolved activity…”
For a second, your mind does the work for them. IRS. Garnishment. Trouble.
That brief spike of panic is the opening the scammers want, because once you call back, the conversation is no longer about facts. It becomes about pressure, urgency, and getting you to do something you would never do on a normal day.
Scam Overview
What the “Tax Mediation and Resolution Agency” phone scam is
The “Tax Mediation and Resolution Agency” phone call scam is a common impersonation-style fraud that uses official-sounding language, vague threats, and a fast-moving script to push you into calling back, sharing personal information, and in many cases sending money.
The name itself is part of the trick. “Tax Mediation and Resolution Agency” sounds plausible, but it is usually either completely made up or designed to resemble legitimate tax relief services without being tied to any verifiable organization. Scammers rotate names constantly:
Tax Mediation and Resolution Agency
Tax Solutions and Review Agency
Resolution Escalation Office
Tax Resolution Team
Tax Relief Department
Compliance Review Unit
They often include a confident caller name, sometimes something that sounds formal and specific, like “Monica Fairchild,” plus a “department line” callback number. That detail is intentional. It creates the feeling that this is a real office with a real workflow, not a random scam call.
Why the voicemail is vague on purpose
A real tax issue comes with specifics: tax year, notice numbers, a clear amount, and written documentation that you can verify. Scammers avoid all of that.
Instead, they use phrases that trigger fear without giving you anything concrete to check:
“Your account has been flagged”
“Unresolved activity”
“Immediate follow up required”
“Resolution options available”
“Enforcement action may proceed”
Vagueness is not a mistake, it is a strategy. If they provide details, you can fact-check them quickly. If they stay vague, your imagination fills in the worst-case scenario, and you call back to stop the discomfort.
The reality check most people do not know
One of the strongest safeguards is also the simplest: the IRS typically contacts taxpayers by mail first, not by a surprise robocall demanding urgent action.
That does not mean you will never receive a legitimate call about tax matters, but it does mean that an unsolicited voicemail claiming your account is “flagged” and pushing you to call a random “department line” should immediately be treated as suspicious.
The IRS also warns that it does not call demanding immediate payment using specific methods like gift cards, prepaid debit cards, or wire transfers.
So when a “Tax Mediation and Resolution Agency” caller starts steering you toward urgent payment, unusual payment methods, or secrecy, you are no longer in the world of tax resolution. You are in the world of fraud.
What the scammers are really selling
This scam generally takes one of two forms, and sometimes it blends both.
1) IRS impersonation style pressure They imply consequences like garnishment, levy, lien, or “enforcement,” and they frame themselves as the last step before things get worse.
2) Tax relief style enrollment pitch They claim you qualify for special programs, debt reduction, or a settlement solution, and they want you to pay a fee to “start” or “lock in” the process.
In both cases, the emotional engine is the same: urgency plus fear, followed by a promise of relief if you cooperate.
Common scripts and how they are structured
A typical voicemail transcript sounds like this:
“Hi, it’s [Name], calling from the resolution escalation office at the Tax Mediation and Resolution Agency. Our department line is [number]. I’m contacting you because your account has been flagged for immediate follow up due to unresolved activity…”
The script is designed to do three things quickly:
Sound official with titles like “resolution escalation office.”
Create urgency with words like “flagged” and “immediate follow up.”
Trigger uncertainty with “unresolved activity” instead of real details.
Once you call back, the scam becomes interactive, and that is where the real manipulation begins.
The red flags that show up again and again
If you are trying to spot this scam quickly, here are the most common warning signs.
Voice and messaging red flags
Prerecorded or robotic voicemail tone
A script that feels generic, with no tax year or notice number
Pressure to act “today,” “before it escalates,” or “before enforcement”
Threat language that jumps straight to consequences
Process red flags
They ask you to verify identity using sensitive data right away
They discourage you from calling the IRS directly
They want you to stay on the phone while you take actions
They claim there is a narrow window to “qualify” for relief
Payment red flags
They request payment through gift cards, wire transfers, prepaid cards, crypto, or payment apps
They claim the method is “required” to stop escalation
They demand immediate payment before any documentation
The IRS explicitly warns that it does not demand immediate payment using specific payment methods such as gift cards, prepaid debit cards, or wire transfers, and that it generally mails a bill first.
The twist many victims do not expect: the tech support pivot
A growing number of “tax resolution” scams now include a second stage that looks like tech support fraud.
Here is what that can look like in the real world:
You call back, they “verify” you, then claim they see suspicious activity.
They say your identity was used to file something, or your device is compromised.
They insist they must “secure your account” or “complete verification.”
They push you to install remote access software like AnyDesk or similar tools.
Once a scammer has remote access, the situation can escalate fast. They can watch you log in to your bank, steer you into transfers, and pressure you into reading out verification codes. The entire thing is framed as help, which is why it is so effective.
Why smart, cautious people still get pulled in
This scam does not rely on stupidity. It relies on timing and emotion.
Most people are not tax experts.
Most people fear government consequences.
Most people want problems resolved quickly.
Most people do not expect a scam to sound so calm and procedural.
The script is engineered to feel like a “process,” not a threat. It gives you an action step, call back, press a number, “speak to an agent,” and that sense of structure can make the whole thing feel legitimate.
Who they target, and why it feels personal
These calls are often blasted out widely, but the scammers are skilled at making them feel personalized once you engage.
If you sound anxious, they become reassuring. If you sound skeptical, they become more “official.” If you mention a past issue, they lock onto it and build a story around it.
The goal is not to prove anything. The goal is to keep you talking long enough that compliance starts to feel easier than resistance.
What to do if you receive a suspicious tax-related call, even if you are unsure
The IRS’s guidance for suspicious IRS-related calls is straightforward: record the number and hang up, then report it to TIGTA, and report the number to phishing@irs.gov with “IRS Phone Scam” in the subject line.
Even if the call claims to be “tax debt relief” rather than IRS, the IRS also recommends recording the number and hanging up, and reporting suspicious tax debt relief calls to consumer protection agencies like the FCC and FTC.
That advice exists for a reason. The fastest way to lose money to this scam is to stay on the line.
How The Scam Works
Step 1: The voicemail drop that creates urgency without details
The scam begins with a voicemail that feels official but contains no verifiable specifics.
You will hear terms like:
flagged
unresolved activity
escalation
enforcement
resolution options
The purpose is not to inform you. It is to create a feeling that you must act now to avoid consequences.
The wording is carefully chosen to hit your nervous system first and your logic second.
Step 2: The call-back connects you to a confident “agent” with a rehearsed process
When you call the number, the tone often shifts from threatening to helpful.
They may introduce themselves as:
a resolution specialist
a compliance agent
a case manager
an escalation officer
They speak quickly and confidently, like they handle these cases all day. That confidence is part of the con. The more normal they sound, the more likely you are to follow instructions.
This is also where they start gathering information.
Step 3: The “verification” questions that quietly collect valuable data
Early questions can seem harmless, but they are often designed to build a profile that can be used for identity theft, account takeover attempts, or future scams.
Common asks include:
full name and address
date of birth
last 4 digits of SSN
employer name
estimated tax debt, even if you say you do not know
banking institution name, framed as “confirming payment options”
This stage also serves another goal: compliance training. Once you answer five questions in a row, it becomes psychologically easier to answer the sixth, even if it is more sensitive.
Step 4: The fear squeeze, consequences get louder if you hesitate
If you question them, they often respond with pressure:
“This is time-sensitive.”
“Your file is being escalated.”
“We are trying to stop enforcement.”
“If you wait, you may lose eligibility for resolution options.”
Some will go further into threats, including law enforcement language, which the IRS has repeatedly identified as a scam pattern.
Even without explicit threats, the emotional message is the same: act now, or regret it.
Step 5: The “solution” pitch, special programs, fast-track enrollment, guaranteed outcomes
Now comes the relief.
They claim you qualify for a program that can reduce or eliminate the problem quickly. They often misuse real tax terms, or invent programs that sound like real ones.
Typical promises include:
settling for a fraction of what you owe
stopping wage garnishment immediately
putting your account into a protected status within 24 hours
wiping penalties or debt through a “resolution option”
The red flag is certainty. Real tax outcomes are not guaranteed over the phone by someone who has not reviewed your documents.
Step 6: The money ask, fees, payments, and methods designed to be irreversible
This is the moment where the scam turns into theft.
They may ask for an “enrollment” or “processing” payment, sometimes framed as a small amount to get started, then escalating later.
They may also push payment methods that are hard to reverse:
gift cards
prepaid debit cards
wire transfers
crypto
The IRS warns that it does not call to demand immediate payment using these specific methods. (IRS)
If the caller is directing you away from normal, traceable payment channels and toward gift cards or wires, that is the clearest signal you are dealing with a scam.
Step 7: The tech support pivot, remote access, and “security” as a cover for deeper theft
If they want more than a quick payment, they may pivot into device security.
They claim:
your device is infected
your identity is compromised
your banking is at risk
they need to “secure” you before proceeding
Then they instruct you to install remote access software. Once they can see your screen, they can:
guide you into logging into your bank
pressure you into sending money “to a safe account”
trick you into approving transfers
capture sensitive information and verification codes
This stage can be devastating because it feels cooperative. Victims often realize what happened only after money is missing or accounts are locked.
What To Do If You Have Fallen Victim to This Scam
Stop all contact immediately. Hang up, do not call back, and do not respond to additional calls or texts. Block the number if possible.
Write down the details while they are fresh. Note the callback number, what they claimed, what you shared, what they asked you to do, and any payment instructions. If you installed anything, write down the exact app name.
If you paid, contact your bank or card issuer right away. Explain that you were scammed and ask what can be done to stop or reverse the transaction. If you paid by wire, ask about a wire recall immediately. If you paid by gift cards, contact the gift card issuer right away. If the codes have not been redeemed, there may be a short window to freeze funds.
If you installed remote access software, disconnect and remove it immediately. Turn off WiFi and mobile data, uninstall the remote access tool, and restart the device. If you used online banking during the session, assume the device was exposed and move quickly to secure accounts.
Change passwords from a clean device, starting with email and banking. Use a device you trust. Start with your email account first, then banking and payment apps, then your Apple ID or Google account. Turn on 2-factor authentication wherever possible.
Run a full security scan and strengthen your browser protection. If this scam involved downloads, links, or remote access, run a scan with Malwarebytes to check for malware and unwanted programs. Install AdGuard to reduce malicious ads, scam pop-ups, and redirect pages that often push fake support numbers and “urgent” warnings.
Report the scam to the right places. The IRS recommends recording the number and hanging up, then reporting IRS-related scam calls to TIGTA, and reporting the number to phishing@irs.gov with “IRS Phone Scam” in the subject line. If the call presented itself as tax debt relief rather than IRS, the IRS also suggests reporting suspicious tax debt relief calls to agencies like the FCC and FTC.
If you shared sensitive personal information, take identity theft precautions. If you provided SSN, ID photos, or banking details, consider a fraud alert or credit freeze with major credit bureaus. Monitor for new accounts, password reset attempts, and unusual activity.
Verify your real tax situation safely, using official channels. Do not use the number from the voicemail. If you are concerned about taxes, use official IRS resources and verified contact paths. The IRS provides guidance on how to recognize tax scams and how it contacts taxpayers.
Is Your Device Infected? Run a Free Malware Scan
Slow performance, constant pop-ups, or strange behavior? These are classic signs of a malware infection. The fastest way to find out is to scan your device with Malwarebytes Anti-Malware Free — one of the most trusted malware removal tools available.
The free version detects and removes the most common threats, including:
Adware — the cause of those annoying pop-ups
Browser hijackers — unwanted redirects and changed homepages
Trojans and spyware — hidden programs stealing your data
Potentially unwanted programs (PUPs) — software you never asked for
👉 Select your device below — Windows, Mac, or Android — then follow the simple steps to download Malwarebytes, scan your system, and remove any threats it finds. The whole process takes about 5 minutes.
Malwarebytes for WindowsMalwarebytes for MacMalwarebytes for Android
Run a Malware Scan with Malwarebytes for Windows
Malwarebytes is one of the most popular and trusted anti-malware tools for Windows — and it’s completely free for removing infections. It catches threats that many antivirus programs miss, including adware, browser hijackers, and trojans. Follow the steps below to scan and clean your PC in just a few minutes.
Download Malwarebytes
Click the button below to download the latest version of Malwarebytes for Windows from the official source. The free version is all you need — it will scan your computer and remove adware, browser hijackers, and other malicious software at no cost.
(The link opens in a new page where your download will start)
Install Malwarebytes
When the download finishes, open your Downloads folder and double-click the MBSetup file. If Windows shows a User Account Control pop-up, click “Yes” to allow the installation.
Follow the On-Screen Prompts to Install Malwarebytes
The setup wizard will walk you through a few quick screens:
Choose where you’re installing the program — “Personal Computer” or “Work Computer” — then click Next.
Malwarebytes will now install on your device. This usually takes under a minute.
When installation is complete, the “Welcome to Malwarebytes” screen will open automatically.
On the final screen, click Open Malwarebytes to launch the program.
Enable “Scan for Rootkits”
Before scanning, turn on rootkit detection so Malwarebytes can find even the most hidden threats. Click the Settings gear icon on the left side of the screen.
In the settings menu, find “Scan for rootkits” and click the toggle so it turns blue.
Done? Click “Dashboard” in the left pane to return to the main screen.
Start the Scan
Click the blue Scan button. Malwarebytes will automatically update its virus database and start checking your computer for malware.
Wait for the Scan to Finish
The scan checks your entire system for browser hijackers and other malicious programs, so it can take several minutes. Feel free to do something else — just check back occasionally to see the progress.
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found — malware, adware, and potentially unwanted programs. Click the “Quarantine” button to remove all of them at once.
Malwarebytes will now remove the malicious files and registry entries and move them safely into quarantine.
Restart Your Computer
Some threats can only be fully removed after a reboot. If Malwarebytes asks you to restart, click Yes. Once you’re logged back in, your PC is clean and you can continue with the next steps in this guide.
When the scan finishes, click Quarantine to remove everything Malwarebytes found. That’s it — your Windows PC is now clean of trojans, adware, and other malware, and should be back to running smoothly.
If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future. If you are still having problems with your computer after completing these instructions, then please follow one of the steps:
Malwarebytes for Mac is a free on-demand scanner that removes the malware other security software tends to miss — adware, browser hijackers, and unwanted programs included. Cleaning an infected Mac with Malwarebytes has always been completely free, and it’s our go-to recommendation. Follow the steps below to scan and clean your Mac in just a few minutes.
Download Malwarebytes for Mac
Click the button below to download the latest version of Malwarebytes for Mac.
When the download finishes, open your Downloads folder and double-click the setup file to begin the installation.
Follow the On-Screen Prompts to Install Malwarebytes
The Malwarebytes for Mac Installer will guide you through a few quick screens. Click “Continue” and keep following the prompts until the installation completes.
When the installation is complete, Malwarebytes opens to the Welcome to Malwarebytes screen. Click “Get started“.
Select “Personal Computer” or “Work Computer”
Malwarebytes will ask what type of computer you’re installing it on. Click either Personal Computer or Work Computer, whichever applies.
Start the Scan
Click the “Scan” button. Malwarebytes will automatically update its detection database and begin checking your Mac for malware.
Wait for the Scan to Finish
Malwarebytes will scan your Mac for adware, browser hijackers, and other malicious programs. This can take a few minutes, so feel free to do something else — just check back occasionally to see the progress.
Quarantine the Detected Threats
When the scan is done, you’ll see a list of everything Malwarebytes found. Click the “Quarantine” button to remove all the threats at once.
Restart Your Mac
Malwarebytes will now remove all the malicious files it found. Some threats can only be fully removed after a reboot — if Malwarebytes asks you to restart, allow it. Once you’re logged back in, your Mac is clean.
Once the scan is done, remove every threat it detected. Your Mac is now free of adware, rogue browser extensions, and other potentially harmful software.
If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future. If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.
Run a Malware Scan with Malwarebytes for Android
Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.
Download Malwarebytes for Android.
You can download Malwarebytes for Android by clicking the link below.
In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.
When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process
When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options. This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue. Tap on “Got it” to proceed to the next step. Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue. Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android
You will now be prompted to update the Malwarebytes database and run a full system scan.
Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.
Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.
When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.
Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.
After the scan, tap Remove Selected to delete all detected threats. Your Android phone is now clean — no more malicious apps, adware, or browser redirects.
If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future. If you are still having problems with your phone after completing these instructions, then please follow one of the steps:
Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
Now that your device is clean, keep it that way. Most infections start with a malicious ad or a fake download button — so blocking them at the source is your best defense.
We recommend AdGuard, which blocks malicious ads, phishing pages, and dangerous redirects before they can reach you.
The “Tax Mediation and Resolution Agency” phone call scam is designed to feel urgent, official, and procedural, while giving you almost nothing you can verify.
That is not a bug in the script. It is the point.
If you receive a voicemail saying your account is “flagged” or there is “unresolved activity,” treat it as suspicious, do not call back, and verify independently. Remember the anchors the IRS repeats: it generally contacts people by mail first, and it does not demand immediate payment using gift cards, prepaid cards, or wire transfers.
If you already engaged, you can still shut it down. Step away from the scammer, secure accounts, scan your device, and report the attempt. The faster you move from panic to practical steps, the less damage this script can do.
FAQ
What is the “Tax Mediation and Resolution Agency” phone call scam?
It’s a scam where callers pretend to be from an official-sounding “tax help” or “resolution” agency. They use urgent language like “your account has been flagged” or “unresolved activity” to push you into calling back, sharing personal information, paying fees, or installing software.
Is “Tax Mediation and Resolution Agency” a real government agency?
In these scam calls, the name is usually made up or intentionally vague. Real government agencies do not handle tax enforcement through generic robovoicemails with random callback numbers.
Why do these voicemails say my account was “flagged”?
Because it creates panic without giving details you can verify. Scammers want you to imagine the worst, then call back quickly before you check official sources.
Are these calls actually from the IRS?
Almost always, no. Scammers may mention the IRS directly or imply IRS involvement. A big red flag is urgency combined with vague claims and a push to call a “department line” that you cannot independently verify.
Would the IRS leave a voicemail like this if I really owed taxes?
Real tax issues usually come with written notices that include specific information, like the tax year, notice numbers, and clear instructions. A vague “flagged account” voicemail is not how legitimate tax collection is typically started.
What are the biggest red flags that it’s a scam?
Common red flags include:
Prerecorded voicemail or robocall
Vague phrases like “unresolved activity” with no tax year or notice number
Pressure to act immediately or “today”
Threats of garnishment, levy, arrest, deportation, or police involvement
Requests for sensitive info right away (SSN, banking info, photos of ID)
Demands to pay using gift cards, wire transfers, crypto, or prepaid cards
Instructions to install remote access tools to “secure” your device
They mentioned “Offer in Compromise.” Does that make it legitimate?
No. Offer in Compromise is a real IRS program, but scammers misuse the term to sound credible. Real eligibility requires documentation and review, not a quick phone call with guaranteed promises.
Can the IRS demand payment using gift cards or wire transfers?
No. Gift cards, prepaid cards, and urgent wire transfers are classic scam payment methods. If anyone asks for gift cards or the codes on the back, treat it as fraud and stop contact immediately.
Should I call back “just to confirm”?
No. Don’t call back and don’t press any keypad options. If you want to verify your tax situation, use official IRS contact methods you look up yourself, not the number in the voicemail.
I called back and gave them my name, address, or SSN. What should I do now?
Take action quickly:
Stop contact and block the number
Change your email password first, then banking and payment passwords
Turn on 2-factor authentication
Watch for password reset attempts and suspicious logins
Consider a fraud alert or credit freeze if you shared SSN or ID images
They told me my phone or computer is hacked and asked me to install AnyDesk. What does that mean?
That is a common escalation into remote access theft. If you install remote access software, scammers can see your screen, control your device, and guide you into logging into bank accounts or approving transfers.
I installed remote access software. What should I do immediately?
Do this in order:
Disconnect from the internet (WiFi and mobile data)
Uninstall the remote access app
Restart the device
Run a full scan with Malwarebytes
Change passwords from a different, trusted device
Contact your bank if you accessed financial accounts while scammers had access
I paid them. Can I get my money back?
It depends on how you paid:
Card payments: call your bank and ask about chargebacks and fraud claims
Wire transfers: ask immediately about a wire recall
Gift cards: contact the card issuer right away, there may be a chance to freeze funds if codes were not redeemed yet Acting fast gives you the best chance.
How can Malwarebytes and AdGuard help after a scam call?
Malwarebytes can scan for malware, adware, and unwanted programs, especially if you installed anything or allowed remote access.
AdGuard can reduce malicious ads, scammy pop-ups, and redirect pages that often push fake “support” numbers and urgent warnings.
Where should I report this scam?
Report it to:
TIGTA (Treasury Inspector General for Tax Administration)
phishing@irs.gov (include the phone number and details, and use a subject like “IRS Phone Scam”) You can also report the number as spam to your phone carrier and file reports with consumer protection agencies.
How can I reduce scam calls like this in the future?
A few practical steps:
Let unknown numbers go to voicemail
Block repeat scam numbers
Enable spam call filtering on your phone
Never call back numbers left in suspicious voicemails
Keep devices updated, use AdGuard to reduce malicious ad exposure
Run periodic scans with Malwarebytes, especially after any suspicious interaction
What should I tell a friend or family member who received the same voicemail?
Tell them: do not engage. Don’t press buttons, don’t call back, don’t share personal info, and don’t install anything. If they are worried about taxes, verify using official IRS resources and independently found contact information.
10 Rules to Avoid Online Scams
Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.
Stop and verify before you click, log in, download, or pay.
Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).
If you already clicked: close the page, do not enter passwords, and run a malware scan.
Keep your operating system, browser, and apps updated.
Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.
If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.
Use layered protection: antivirus plus an ad blocker.
Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.
If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.
Install apps, software, and extensions only from official sources.
Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.
If you already installed something suspicious: uninstall it, restart, and scan again.
Treat links and attachments as untrusted by default.
Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.
If you entered credentials: change the password immediately and enable 2FA.
Shop safely: research the store, then pay with protection.
Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.
If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.
Crypto rule: never pay a “fee” to withdraw or recover money.
Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.
If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.
Secure your accounts with unique passwords and 2FA (start with email).
Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.
If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.
Back up important files and keep one backup offline.
Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.
If you suspect infection: do not connect backup drives until the system is clean.
If you think you are a victim: stop losses, document evidence, and escalate fast.
Move quickly. Speed matters for disputes, account recovery, and limiting damage.
Stop payments and contact: do not send more money or respond to the scammer.
Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
Scan your device: remove suspicious apps or extensions, then run a full malware scan.
Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.
These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.
Stelian leverages over a decade of cybersecurity expertise to lead malware analysis and removal, uncover scams, and educate people. His experience provides insightful analysis and valuable perspective.
