What to Do If You Fall for a Scam - 3 Examples

As a financial industry professional with a long history of fighting fraud, I field calls from my friends and relatives when the worst-case scenario happens and they tell me they’ve responded to a scam. It’s never a conversation I want to have, but if recent articles are any indication, a scam can take anyone by surprise.

FICO’s own research shows that 68% of consumer around the globe have received an unsolicited text, email or phone call they thought was part of a scam, and in the US it’s even higher at 72%. So, it’s no surprise that fraudsters get through our defenses from time to time. While I’ve frequently addressed what banks can do to help fight fraud from scams, I wanted to share some practical steps for anyone facing a scammer.

First things first, take a deep breath. It happens to the best of us. Whether it’s a sketchy letter from the Social Security Administration or you’ve unwittingly fallen for a social engineering tactic, I’ve got your back. Let’s navigate this together.

Example 1:  Fear that Personal Details Have been Compromised

Imagine this: My cousin calls me in a panic. They received a letter from the Social Security Administration, but unfortunately it was already opened! My cousin is convinced their identity is compromised and it’s only a matter of time until a criminal uses their ill-gotten information to commit financial fraud.

My first step is to reassure them and take a moment to calm their nerves. An open letter isn’t an immediate sign of identity theft; sometimes these things happen in transit. Plus, the unfortunate reality is that everyone’s data is floating around somewhere. But to be safe, I would advise them to take the following steps:

1. Consider a Fraud Alert or Credit Freeze. To start layering protection, you might want to place a fraud alert or credit freeze on your credit file with all three of the primary credit bureaus. This makes it harder for fraudsters to open new accounts in your name.
2. Monitor Financial Accounts. Keep a close eye on bank statements, credit card bills, and any other financial accounts for suspicious activity. Signing up for account alerts, whether through a mobile app, online banking, text messages or another channel can provide real-time updates for any authorized or unauthorized account activity.
3. Check your credit report. Use a reliable source like annualcreditreport.com or consider services such as those offered by myfico.com.
4. Stay Vigilant. Fraud, especially identity theft, might not be immediately apparent. It is vital to keep your finger on your financial pulse in the coming weeks and months.

Example 2: Falling for Social Engineering Tactics

In the first scenario, the compromise was out of my cousin’s control. But what happens when someone calls in tears because they just realized they fell for a social engineering tactic? Maybe they gave out their credit card information over the phone to someone claiming to be from their bank, or perhaps they gave out their banking details and personal information because they thought they were talking to the IRS. Maybe they filled out a form on a website after clicking on a link in an email that was convincing – but turned out to be a phishing scam.

Again, the best first step is to reassure and calm them down. It’s easy to feel embarrassed or ashamed after falling for a scam, but remind them that it can happen to anyone. Once they are more rational than emotional, walk them through these steps:

1. Damage control: If they gave out sensitive information like credit card numbers or passwords, it’s crucial to act fast. Advise them to contact their bank or credit card company immediately to report the incident and request a freeze or cancellation of their accounts if necessary. It’s particularly important to act quickly if they’ve accidently shared details for a banking accounts. This is a great example of why it’s important to be calm, so they can carefully do some damage control assessment.
2. Change passwords: Encourage them to change any passwords that might have been compromised. This includes not only their banking and financial accounts but also their email, social media, and any other online accounts. The latter types of accounts might not be obvious, but they are equally important as an email account is often the vehicle most commonly used to reset passwords and in some cases, even login to an account. It’s also important to do this when calm and not in a panic; if they are overly emotional, they might not realize they are on the wrong website, or they might accidently lock themselves out of the account. In general, when we rush, we make mistakes. It’s important to remember that – and remember that was likely one of the causes of the whole mess in the first place.
3. Secure primary contact details: This is a critical step in the process. Whether their primary accounts are tied to a specific email address or a phone number, if they’ve compromised themselves and potentially given access to a scammer, changing their email password and enabling two-factor authentication can be an immediate way to combat account takeover. If the scammer can make changes to their account before they do, the criminals can route any authentication communications to an email or phone under their control, leaving the victim high and dry.
4. Educate themselves: Use this experience as a learning opportunity. Help your friend understand how the scam worked and what red flags they missed. You can also share links to scam-awareness initiatives like the Social Security Administration’s Slam the Scam Day. Knowledge is power, and the more they know about common scams and tactics, the better equipped they’ll be to spot them in the future.
5. Report the scam: Reporting the scam to their bank and to the relevant authorities can help prevent others from falling victim. Depending on the nature of the scam, they may want to file a report with agencies like the Federal Trade Commission (FTC) or the Internet Crime Complaint Center (IC3).
6. Stay alert: Remind your friend to stay vigilant in the future. Scammers are constantly coming up with new tricks, so approach any unsolicited communications with an abundance of caution.

Example 3: The Ill-Advised Payment or Transfer

Like it or not, scammers are very convincing – so much so that stories abound of individuals being tricked into sending life-changing sums of money. In these situations, when someone has transferred money through a real-time payment system like Zelle, Venmo, CashApp or FedNow, it’s again important to remain calm and as rational as possible. Then it’s time to assess the situation and take appropriate action.

First, what account was used for the transfer? Was it a daily use checking account, or maybe a savings account? Knowing where the funds came from can help the victim understand the immediate impact on their financial life.

Second, was the victim the one who initiated the transfer? This is a common scenario known as authorized push payment fraud, which is growing in scale around the globe. Perhaps it was the (less likely) situation that they handed access to a personal account to a fraudster? If the victim initiated the transfer, it’s likely the account itself is not compromised, but if they gave the proverbial keys to the kingdom to a criminal, the victim will need to take immediate action.

Contacting the financial institution as soon as possible and explaining the situation is vitally important. Going as far as calling the bank, then heading straight to a branch, can potentially expedite resolution, but the victim should be prepared for lengthy identification steps. Bank staff are trained to take someone through rigorous identity verification to weed out potential scammers pretending to be panicked customers.

Moving quickly will give the victim the best chance of recovering any funds sent as part of a scam. Because real-time payments move money immediately, there is an extremely small window of time for a bank to try and get that transfer back.

Moving Forward After a Scam

Responding to a scam can be a scary experience, but it’s not the end of the world. While some of the steps I’ve discussed, like freezing or monitoring your credit, may not apply in countries outside the United States, the general recommendations of monitoring your accounts, changing passwords, and reporting the scam to the relevant authorities all apply — regardless of geography.

By staying calm, taking swift action, and learning from the experience, you can minimize the damage and protect yourself against future scams. And remember, you’re not alone — reach out to friends, family, or even professionals for support and guidance. We’re all in this together!

How FICO Helps Fight Fraud and Scams

• Read Fighting Scams with AI Decisioning
• Explore the findings of our FICO 2024 Global Scams Impact Survey
• Read the post Card-Not-Present Fraud Remains a Leading Concern as Payments Systems Evolve 
• Explore the impact of real-time customer communications to stop fraud
• Learn about FICO’s award winning retail banking model with scam detection score

For more of my latest thoughts on the evolution of payments, fraud, and FICO’s entire family of software solutions, follow me on LinkedIn.