If you think you have been scammed online, take a breath. It happens to careful people every day, and there are practical steps you can take right now that improve your chances of getting money back and limiting any further damage.
This guide walks you through what to do first, how to protect your accounts, and how to report what happened. Work through it in order, and act as soon as you can, because acting quickly often makes the biggest difference.
Paste an address for a free safety check: encryption, malware and phishing, domain age and more.
Your fastest route is usually your bank or card provider. Card payments often carry protections that let the provider reverse a charge or open a dispute, and many banks have a dedicated fraud line. Explain clearly what happened, when, and how much was taken.
If you paid by bank transfer, recovery can be harder, but it is still worth reporting straight away, because your bank may be able to contact the receiving bank before the money moves on. If you paid through an online payment service or marketplace, open a dispute or buyer-protection claim with that platform too. Keep a note of every reference number and the name of anyone you speak to.
If the same password protected other accounts, change it everywhere. Use a unique password for each important service.
Add a second step to your email and banking logins so a stolen password is not enough on its own.
Check bank and card statements over the coming weeks for charges you do not recognise, and report anything unexpected.
Your email can reset other accounts, so secure it before anything else if you think it was exposed.
People who have been scammed are often targeted a second time. Be very cautious of anyone who contacts you offering to recover your lost money for a fee, especially if they claim to be an investigator, a lawyer, or a government official. Genuine authorities and banks do not ask you to pay an upfront fee to get your money back.
If a message or caller pressures you to act fast, pay in an unusual way, or share more account details, treat it as another scam. When in doubt, hang up and contact your bank or the authority directly using a number you find yourself, not one the caller gives you.
Reporting helps you and helps others avoid the same trap. Report the scam to your national consumer-protection or fraud authority, which usually has an online form or a phone line for exactly this. Provide the evidence you gathered, including the website address, dates, amounts, and any messages.
Also report it to the platform or host where it happened, such as the marketplace, social network, or payment service. They can often remove a fraudulent listing or seller and may assist your dispute. If your personal details were exposed, tell your bank so they can watch your accounts for unusual activity.
Once things are under control, a few habits make a repeat far less likely. Use a unique password for every important account, keep two-factor authentication switched on, and favour payment methods that offer buyer protection, such as a credit card, over direct bank transfers to people you do not know.
Before you buy from an unfamiliar site in future, run it through our free safety check to see whether the connection is encrypted, how old the domain is, and whether it is flagged for malware or phishing. A quick look before you pay is far easier than recovering money afterwards.
Sometimes, especially if you act quickly. Contact your bank or card provider straight away and ask about a chargeback, a payment reversal, or a dispute. Card payments often carry more protection than bank transfers, but it is always worth reporting fast, because the sooner your bank knows, the more it can usually do.
Contact your bank or card provider immediately to report the fraud and stop any further payments. Then change any passwords that may be exposed, turn on two-factor authentication, and save all your evidence, such as receipts, emails, and screenshots.
Yes. Change the password on any account that may have been exposed, and change it anywhere you reused the same password. Start with your email and banking logins, and turn on two-factor authentication so a stolen password alone is not enough to get in.
Almost always no. This is a common follow-up scam that targets people who have already been scammed. Genuine authorities and banks do not ask for an upfront fee to return your money. Do not pay, and contact your bank or fraud authority using a number you find yourself.
Report it to your national consumer-protection or fraud authority, which usually has an online form or phone line for scams. Also report it to the platform or host where it happened, such as the marketplace or payment service, and tell your bank so it can watch your accounts.
Use a unique password for each important account, keep two-factor authentication switched on, and prefer payment methods with buyer protection. Before buying from an unfamiliar website, run it through a free safety check to look for encryption, domain age, and malware or phishing flags.
Free, anonymous, and no signup. Know before you buy.