05
14 min read · 5 briefings

Scam-Proof Your Life

Incident response isn't just for companies — it's for the day your phone rings.

01 The Scam Playbook, by Channel

Scams mutate daily, but the underlying plays are stable enough to memorize. Learn the play, and the thousandth variant looks like the first:

ChannelThe playThe tell
Phone callImpersonate authority — bank fraud team, IRS, police, tech support — and manufacture an emergencyPressure to act during the call; requests for codes, remote access, or moving money to a "safe account"
TextFake delivery fee, unpaid toll, bank alert — or a "wrong number" that turns friendlyA link plus urgency; strangers who keep chatting and eventually mention investing
MarketplaceOverpayment refunds, fake payment confirmations, "verify yourself" codesAnyone who overpays, or asks you to read them a code sent to your phone (they're hijacking your account)
Tech support popupScreaming browser page with a phone number: your PC is infected, call Microsoft nowReal security warnings never include a phone number. Close the browser; nothing was wrong
Crypto / investmentGuaranteed returns, exclusive platforms, celebrity endorsements, romance-fueled tipsGuaranteed returns do not exist; platforms that block withdrawals until you 'pay taxes' are theater

And the universal constant across every channel: the payment method is the confession. Gift cards, wire transfers, crypto, cash in the mail, payment apps to strangers — scammers demand these because they're irreversible. No government agency, utility, or legitimate business settles debts in Apple gift cards. That single fact, fully absorbed, defeats entire categories of fraud.

02 Protecting Kids and Elders

Scammers target the edges of the age curve, and the defense for both is the same: conversations held before the crisis, because mid-crisis is the scammer's home field.

For elders: the big three are the grandparent scam (a panicked "grandchild" needs bail — now supercharged by AI voice cloning), tech-support fraud (a popup or cold call, remote access, then 'refund' theater that drains accounts), and romance scams. Countermeasures worth setting up this week: a family code word that any emergency money request must produce; the ironclad rule hang up and call back on a number you already have; and — this one matters most — an explicit promise that falling for something means help, never ridicule. Shame is the scammer's retention tool: embarrassed victims stay quiet, stay unhelped, and land on "sucker lists" that are resold for repeat targeting.

For kids and teens: the sharpest current threat is sextortion — criminals posing as peers online coax an image, then extort. The FBI has issued repeated warnings, particularly about financially motivated schemes targeting teenage boys, and the outcomes have included tragedies. The defense is a specific promise, delivered verbatim and early: if anything like this ever happens, you will not be in trouble — come to me, we'll handle it together, and it is never hopeless. Beyond that: gaming chats and DMs from strangers bearing gifts or moving conversations to private apps are the standard grooming and scam on-ramps; teach the pattern, not just the rule.

Field tip: Frame family security as a team sport, not surveillance. A monthly two-minute 'weirdest scam attempt' exchange at dinner normalizes reporting and keeps everyone's pattern library fresh — including yours, because the kids will eventually out-spot you.

03 When (Not If) Your Data Is Breached

Companies you trusted will lose your data; that's a base rate, not a maybe. What separates annoyance from catastrophe is your response sequence:

  1. Scope it. Check your email addresses at Have I Been Pwned to see which breaches include you and what leaked — passwords, phone numbers, addresses, or worse.
  2. Rotate the blast zone. Change the breached site's password immediately — and anywhere else that password or its cousins lived. (If you've done module two, that's one site, and this step takes ninety seconds. This is the payoff.)
  3. Tighten the doors. Confirm MFA is on for the breached account and your email. Attackers work breach lists fast while credentials are fresh.
  4. If identity data leaked — SSN, birth date, address — freeze your credit. A credit freeze blocks new accounts from being opened in your name, and since a 2018 federal law (passed in the wake of the 2017 Equifax breach that exposed data on roughly 147 million people), freezing and unfreezing is free at all three US bureaus: Equifax, Experian, and TransUnion. It takes about fifteen minutes total online, you can thaw it temporarily whenever you legitimately apply for credit, and for most people there is no good reason not to have one permanently in place. It is the single most underused defense in personal security.
  5. Watch the aftermath. Breach victims get targeted with follow-up phishing that references the breach itself ("as you know, your account was compromised..."). Data from the breach makes these eerily credible. Same rules apply: no links from unexpected messages; go to the site directly.

Fifteen minutes of response, correctly sequenced, converts most breaches into a non-event.

04 Recovering a Hacked Account

Locked out, or seeing activity that isn't yours? Move in this order — the order matters:

  1. Run the recovery flow now. Every major platform has a dedicated compromised-account path (search the provider's name plus "account recovery" — from the official site only; "account recovery help" ads and DMs are a scam genre of their own). Speed matters because the attacker's first move is changing recovery details to lock you out properly.
  2. Evict the squatter. Once in: change the password, then find "sign out all other sessions." Until you do that, the attacker's logged-in session may happily survive your password change.
  3. Check the traps — especially in email. The classic persistence trick: a quiet forwarding rule or filter that copies your mail (hello, password resets) to the attacker indefinitely. Check forwarding, filters, connected apps, app passwords, and recovery addresses — attackers plant their own to re-enter later.
  4. Chase the blast radius. What could this account reset or access? If it's your email, assume every linked account is exposed; rotate the important ones.
  5. Warn your people. The attacker likely messaged your contacts — "I'm stranded, can you wire me money" and malicious links perform beautifully when they come from a real friend's real account. A quick heads-up breaks that chain, and it's the step embarrassment most often skips.
Threat advisory: After any account compromise, expect the second wave: 'security team' calls and emails referencing the incident, offering help recovering. That's the same attacker, or a colleague, harvesting fresher credentials from a panicked victim. Recovery happens through official channels you navigate to yourself — never through inbound rescue offers.

05 Report It — and Why the First Hours Matter

Victims skip reporting because it feels pointless or humiliating. Both instincts are wrong, and the first one can cost you the money.

Speed has a literal payoff. If money moved by wire or bank transfer, call your bank immediately and say the word "fraud" — banks can attempt recalls, and the earlier the attempt, the better the odds. In the US, the FBI's Internet Crime Complaint Center (IC3) runs a Recovery Asset Team that works with banks through what it calls the Financial Fraud Kill Chain to freeze fraudulent transfers; its own annual reports show the majority of funds are frozen in cases reported quickly, with success rates dropping sharply as hours pass. Card payments can be disputed; gift cards are a longer shot, but report the card numbers to the issuer anyway — sometimes unspent balances get frozen.

Where to file (US):

  • IC3 (ic3.gov) — internet-enabled crime of any size. Reports feed investigations and takedowns; your data point helps even when your case alone wouldn't.
  • FTC (reportfraud.ftc.gov) — all fraud; and if identity theft is involved, identitytheft.gov generates a personal recovery plan plus the official reports banks and bureaus expect.
  • Your local police — a report number is often required by banks and insurers, even when no investigation follows.

And say it out loud to someone you trust. Fraud thrives on silence — silence keeps victims off guard lists and on sucker lists, keeps families unwarned, and keeps the same play working down the street. Reporting isn't an admission of foolishness. It's the moment you switch from target to sensor.

Field Glossary

Credit freeze
A free block (all three US bureaus, guaranteed by 2018 federal law) preventing new credit accounts in your name — the strongest everyday defense against identity theft.
IC3
The FBI's Internet Crime Complaint Center (ic3.gov), the US clearinghouse for reporting cybercrime — and the trigger for rapid wire-freeze attempts via its Recovery Asset Team.
Tech-support scam
Fraud opening with a fake infection warning — popup or cold call — then charging for phantom repairs or draining accounts through remote access and refund theater.
Sextortion
Extortion using intimate images, often coaxed by criminals posing as peers online. A serious threat to teens; defeated by shame-free family reporting agreed in advance.
Sucker list
A resold roster of previous fraud victims used for re-targeting. Staying silent after a scam is how you stay on it unwarned; reporting and telling family is how you fight it.
Financial Fraud Kill Chain
The IC3 and banking-system process for freezing fraudulent wire transfers before withdrawal — most effective within the first hours after a fast report.

Knowledge Check

Field Assessment

0 / 3

01 A caller from your 'bank's fraud department' says your account is compromised and you must move your money to a safe account immediately. What's the correct move?

02 Why is a credit freeze such a strong response when your SSN and identity data leak in a breach?

03 After recovering a hacked email account and changing the password, why must you also check filters and forwarding rules?

ESC
↑↓ navigate jack in