SCAM RECOVERY GUIDE

I Got Scammed, What Do I Do Now? Recovery Steps (2026)

A calm, step-by-step action plan for the moment you realize it happened. Stop the loss, recover by exactly how you paid, lock down your accounts, report to the right agency, and avoid the second scam that targets victims.

SB

SafeBrowz Team Security ResearchJune 7, 202611 min read

First, a word before the steps

This is not your fault. The people who run these scams do it full time, with scripts refined on thousands of victims, and they are very good at it. Embarrassment is the emotion they count on, because a victim who feels ashamed stays quiet, and silence is what lets them keep the money. You are doing the right thing by reading this instead of going dark.

The single biggest factor in getting money back is how fast you act. Banks can sometimes claw back a transfer in the first hours that is gone forever after a few days. So move quickly, but move in order. The rest of this page is that order.

The first hour: stop the bleeding

Before you recover anything, you have to stop losing more. Do these in the first sixty minutes.

1. Cut contact. Stop replying. Do not call the "support" number they gave you, do not open their next link, do not install any app or remote-access tool they ask for (AnyDesk, TeamViewer, and similar tools are a common move). If they are on the phone, hang up.
2. Send no more money. Any new request, "one final verification fee," "tax to release your funds," "you almost have it, just one more transfer," is the scam continuing. There is no scenario where sending more gets the first amount back.
3. Screenshot everything. The chat, the profile, the website, the payment confirmations, the email headers, the phone number, the wallet address. Capture it now, before they delete the account or the page goes down.
4. Write down the facts. Dates, times, exact amounts, currency, account or card numbers used, the name and platform you were contacted on. You will repeat this to your bank and to investigators, and a clear timeline speeds every step that follows.

Got a link from the scam you want to check? Paste it into the live scanner below before you click it again.

Recover by how you paid

This is the core of getting money back. The right move depends entirely on the payment method, because each one has a different window and a different process. Find the one you used.

Credit card or debit card

This is the best-protected way to have paid, so call your card issuer the moment you realize it. Tell them it was fraud and ask to dispute the charge and request a chargeback, then ask them to cancel the card and send a new one with a new number.

In the United States, credit card disputes fall under the Fair Credit Billing Act (Regulation Z), which generally gives you 60 days from the statement date to dispute. Debit card and other electronic transfers fall under the Electronic Fund Transfer Act (Regulation E); the CFPB notes that reporting an unauthorized debit card transaction within two business days caps your liability at $50, and reporting within 60 days of the statement caps it at $500, while waiting longer can leave you fully exposed. The lesson is the same in every case: call now, do not wait for the statement. If your bank refuses to help, you can escalate a complaint to the CFPB.

Bank transfer, ACH, or wire

Call your bank immediately and ask them to recall or reverse the transfer. ACH payments can sometimes be returned; wires are faster and harder, but a domestic wire can sometimes still be stopped if you act within hours.

For a wire, the FBI's Internet Crime Complaint Center runs the Financial Fraud Kill Chain, a process that can freeze funds while they are still in the receiving bank. It works best when the wire was sent within the last 72 hours and is domestic. To trigger it, file a complaint at ic3.gov right away and call your bank, and have your local FBI field office reference the kill chain. The faster the report, the better the odds, this is one of the few mechanisms that can recover a wire.

Zelle, Venmo, Cash App, or PayPal

Peer-to-peer payments are designed to be instant and final, like handing over cash, which is exactly why scammers prefer them. Recovery is harder, but you should still file, and fast.

• Report in the app first. Each one has a fraud or "report a problem" path: Zelle inside your banking app, plus Venmo, Cash App, and PayPal in their own settings. PayPal purchases may qualify for Purchase Protection if you paid for goods or services (not "friends and family").
• Then call your bank. If the payment went through your bank's Zelle, report it there too. Use the phrase authorized push payment fraud, this is the recognized term for being tricked into sending a payment yourself, and U.S. banks have faced growing pressure to reimburse it. Some now do.
• File a regulator complaint. If the bank or app declines, complain to the CFPB. It creates a paper trail and sometimes reopens a denied case.

Be realistic: P2P recovery is the toughest, but filing still matters for the investigation and for any reimbursement decision.

Gift cards (Apple, Google, Amazon, Steam, others)

If you were told to buy gift cards and read off the codes, the FTC says to contact the card brand's fraud line right away, the faster you call, the better the chance some balance is still frozen and can be returned.

• Apple Store / iTunes: Apple Support, 1-800-275-2273.
• Google Play: Google Play gift card support page.
• Amazon: Amazon customer service gift card fraud line.
• Steam: Steam Support help request.

Keep the physical card and the receipt. The brand will ask for the card number and the receipt. Then report it to the FTC, which tracks gift card scams closely. No real business, government office, or utility ever asks to be paid in gift cards, that demand alone confirms it was a scam.

Cryptocurrency

Be honest with yourself here: crypto is usually unrecoverable. Transactions are irreversible by design and the receiving wallet is often anonymous. That said, do all of the following, because the exceptions are real and reporting feeds investigations.

• Revoke token approvals immediately. If you connected your wallet to a scam site or signed an approval, an attacker may still be able to drain tokens you have not lost yet. Go to revoke.cash, connect your wallet, and revoke every approval you do not recognize. Then move remaining funds to a fresh wallet.
• Report to the exchange. If the funds went to or through a known exchange (Coinbase, Binance, Kraken), report it with the transaction hash. Exchanges can sometimes freeze an account that received stolen funds. For a hacked Coinbase account specifically, see our Coinbase account recovery guide.
• File with IC3 and note the chain. Report at ic3.gov with the wallet addresses and transaction hashes. On-chain analytics firms like Chainalysis work with law enforcement to trace stolen crypto, and a documented complaint is how your case enters that pipeline.

If your seed phrase was exposed, treat every asset in that wallet as compromised, follow our dedicated walkthrough on what to do when your crypto seed phrase is stolen.

Secure your accounts

Whether or not money moved, if you typed a password into a scam page or gave anyone access, assume your accounts are at risk. Lock them down in this order.

1. Change your email password first. Email is the master key, password resets for everything else land there. Use a new, unique password.
2. Change passwords on anything that shared that password. Reused passwords are how one breach becomes ten. Give every important account its own password; a password manager makes this painless.
3. Turn on two-factor authentication. Prefer an authenticator app or a hardware key over SMS codes. This blocks most account takeovers even if the password leaked.
4. Log out all devices. Most major accounts have a "sign out of all sessions" option in security settings. Use it to kick out anyone who got in.
5. Check for takeover signs. Look for new forwarding rules in your email, unfamiliar logged-in devices, changed recovery phone or email, and filters that auto-delete bank alerts, all classic attacker moves.
6. Scan your device for malware. If you installed anything they sent or granted remote access, run a full antivirus scan and remove any remote-access app they had you install.

To see whether your email or password already appeared in a known breach, check haveibeenpwned.com, a free, trusted service that does not store what you enter.

Protect your identity

If you handed over a Social Security number, driver's license, passport, or other identity documents, the risk goes beyond this one scam, your identity itself can be used to open accounts. Act on this even if no money was lost.

• Start a recovery plan at identitytheft.gov. This free FTC site builds a personalized, step-by-step recovery plan and generates the affidavits and letters you may need. It is the single best starting point for identity theft in the U.S.
• Place a fraud alert. A free fraud alert tells lenders to verify your identity before opening credit. You only have to contact one of the three bureaus; it must tell the other two.
• Consider a credit freeze. A freeze is stronger, it blocks new credit entirely until you lift it, and it is free. Place it with all three bureaus: equifax.com, experian.com, and transunion.com.
• Watch your statements and credit report. Review bank and card statements line by line for the next several months and pull your free credit reports to catch anything new.

Report it (by region)

Reporting rarely gets your specific money back on its own, but it is how patterns get spotted, infrastructure gets taken down, and investigators build cases. File with the right channel for where you are, plus your bank and the platform where it happened.

• United States: the FTC at reportfraud.ftc.gov and the FBI at ic3.gov. For identity theft specifically, identitytheft.gov.
• United Kingdom: Action Fraud at actionfraud.police.uk, or call 0300 123 2040. In Scotland, report to Police Scotland on 101.
• Canada: the Canadian Anti-Fraud Centre at antifraudcentre.ca, or 1-888-495-8501.
• Australia: Scamwatch, run by the National Anti-Scam Centre, at scamwatch.gov.au.
• Everywhere: report to your bank or card issuer, and to the platform where the scam reached you (the marketplace, social network, dating app, or messaging service). Platforms can ban the account and preserve evidence.

Keep your report or complaint numbers. Your bank may ask for the FTC or police reference when deciding a reimbursement claim.

Watch out for the second scam: fake recovery services

This is the most important section on this page, so read it even if you skip the rest. The moment you become a known victim, you become a target for a second wave, recovery scams (also called refund scams or reclaim scams). The AARP and the FTC both warn that fraudsters trade and resell "sucker lists" of people who have already lost money, then circle back posing as the rescue.

The pitch is built on your hope. You get a call, an email, a social media DM, or a comment under a scam-related video from a "fund recovery agent," a "blockchain forensics expert," a "lawyer," or someone claiming to be from a government agency or the very platform where you lost money. They say they can get your funds back, they just need an upfront fee, a "tax," a "release payment," or your wallet and banking details to "process the refund."

Here is the rule that protects you, with no exceptions:

An illustrative example of what a fake recovery site looks like is crypto-recovery-pro.com, a slick page promising "guaranteed" recovery of stolen crypto if you pay a fee and hand over your wallet details. Click it to run it through the scanner and watch it flag. The real recovery tools in this guide are different: the FTC, IC3, IdentityTheft.gov, your bank, and revoke.cash never ask for an advance fee. If you are tempted, stop, and check the offer against the rule above.

Red flags of a recovery scam:

• They contacted you, you did not find them.
• They ask for any payment up front, by gift card, crypto, or transfer.
• They guarantee results. No one can guarantee recovery.
• They ask for your passwords, seed phrase, or remote access to "help."
• They claim to be a government agency but message you on WhatsApp, Telegram, or social media.

For more on spotting the underlying lures, see how to tell if a website is a scam and our text message scam guide.

Stay safe from the next one

Once the immediate crisis is handled, a few habits cut your odds of a repeat: use a unique password per account with a password manager, keep two-factor on everywhere, pay with a credit card or a virtual card online whenever you can (it is the easiest to dispute), and slow down on any message that creates urgency. Scammers manufacture pressure precisely because a rushed brain skips its own checks. Related patterns worth knowing: fake online stores, job offer scams, and Amazon verification email scams.

How SafeBrowz blocks this threat

Most scams start with a link, a fake login page, a cloned store, a "recovery service," a payment page. SafeBrowz runs a 3-layer detection engine (Local + APIs + AI) that checks that link before the page can load and take your credentials or your money.

• Layer 1 - Local detection: 60+ URL patterns plus a 550+ brand-specific signature database (including Cyrillic and Punycode homograph variants) and a community whitelist/blacklist, all running inside the extension before the page renders. It catches lookalike bank, exchange, and brand domains instantly.
• Layer 2 - API checks: aggregates threat-intelligence feeds (Google Safe Browsing, PhishTank, URLhaus) plus 30+ scam-TLD heuristics to flag known malicious domains, including freshly stood-up "fund recovery" pages.
• Layer 3 - AI deep scan (Premium): content analysis in 100+ languages catches novel variants in seconds, including newly registered recovery-scam and phishing domains that have not yet hit any blocklist.

Detection signatures are derived from threat-intelligence research and our internal brand database, not from user browsing data. SafeBrowz does not store per-user browsing history.

Frequently asked questions

I sent money to a scammer. Can I get it back?

It depends on how you paid and how fast you act. Credit and debit card payments are the most recoverable through a chargeback. Bank transfers and wires can sometimes be recalled or frozen if you call your bank and file with IC3 within hours. Peer-to-peer payments (Zelle, Venmo, Cash App) and crypto are the hardest to recover, but you should still report them, both for any reimbursement decision and for the investigation. In every case, calling your bank immediately gives you the best odds.

How long do I have to dispute a card charge after a scam?

In the United States, credit card disputes under the Fair Credit Billing Act generally allow 60 days from the statement date. For debit cards and electronic transfers under Regulation E, the CFPB notes that reporting within two business days caps your liability at $50, within 60 days caps it at $500, and waiting longer can leave you fully liable. Do not wait for the statement, call your card issuer as soon as you realize it was fraud.

Someone offered to help me recover my lost money for a fee. Is that real?

No. It is a recovery scam, a second fraud aimed at people who already lost money. No legitimate agency or company charges an upfront fee to recover funds, and the FTC, FBI, and police never contact you first to offer recovery. If someone reaches out promising to get your money back for a fee, an advance payment, a "tax," or your account details, walk away and report them.

Who do I report a scam to in the US, UK, Canada, or Australia?

In the US, file with the FTC at reportfraud.ftc.gov and the FBI at ic3.gov; for identity theft use identitytheft.gov. In the UK, report to Action Fraud at actionfraud.police.uk or call 0300 123 2040. In Canada, contact the Canadian Anti-Fraud Centre at antifraudcentre.ca. In Australia, report to Scamwatch at scamwatch.gov.au. Always also report to your bank and the platform where the scam reached you.

I gave the scammer my Social Security number. What now?

Start a recovery plan at identitytheft.gov, the FTC's free, step-by-step service. Place a free fraud alert with one of the three credit bureaus (it notifies the other two), and consider a free credit freeze at equifax.com, experian.com, and transunion.com to block new credit in your name. Then watch your statements and credit reports closely for several months.

How does SafeBrowz help after a scam?

SafeBrowz cannot reverse a payment, that runs through your bank and the agencies above. What it does is stop the next link. Its 3-layer engine (Local URL patterns plus threat-intel APIs plus AI content analysis) flags fake login pages, cloned stores, and "fund recovery" sites before they load, including the recovery scams that target victims. It is free on Chrome, Firefox, and Edge, and you can paste any suspicious link into the checker on this page to test it instantly.