Recovery scammers hit you when you’re down: Here’s how to avoid a ‘second strike’

If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse.

The worst thing you can do after falling victim to fraud is let your guard down. Online scammers only care about one thing: making money, so when new opportunities arise to do just that, they take them. It doesn’t matter if it involves re-victimizing someone who has already been defrauded, raising false hopes and exploiting their desperation to get their stolen funds back. All while stealing even more from them

Fortunately, many of these “recovery” or “refund” scams work the same way. Take some time out to understand what they look like, and you’ll stand a good chance of staying safe next time the fraudsters come knocking. Recently, we looked specifically at cryptocurrency recovery scams, but there’s more to these kind of ploys. Recovery fraud is an umbrella for several predatory tactics, all sharing a common goal: the “second strike.”

How does recovery fraud work?

These scams usually follow a tried-and-tested pattern. Fraudsters either buy “sucker lists” off other criminals or target victims of fraud they’ve just perpetrated. They impersonate specialist recovery service providers, consumer protection agencies, government officials, law enforcers, regulators, etc.

They know a lot about your case and promise to look into getting the funds back for an upfront fee. Or they may claim to already have the money and are either redistributing it to unhappy customers or completing the paperwork to release reimbursement funds on behalf of the government or agency.

This is basically a kind of advance fee fraud. In the US in 2024 (the latest year for which figures are available) there were over 7,000 reported cases – which made scammers more than $102 million. Even these figures are likely to represent just the tip of the iceberg.

If you push back and ask the scammers to simply take their fee from the money they claim to have recovered (or will recover), they will typically make excuses as to why this isn’t possible. In an even more dangerous variation of the scheme, they may also ask for bank account/crypto details to pay your refunded money into. This information could then be used for more serious account hijacking and financial fraud.

What are sucker lists?

Cybercriminals and fraudsters often share information and knowledge to help each other succeed with their avaricious schemes. Sucker lists are a great example. They work almost like a list of marketing leads – except instead of potential customers, they contain the contact details of prospective victims.

Lists may vary in quality, but usually contain the names and contact details of individuals who have either fallen victim to fraud in the past, or who have previously replied to spam messages. They may even include details of the potential target’s demographic details and propensity to fall for particular scams or tactics.

Red flags to look out for

Watch out for these classic warning signs to stay clear of recovery fraud:

• Bold claims: They’ll usually say either they have your funds and are waiting to return them, or they’ll “guarantee” that they can get your money back

• Unsolicited contact: The scammers will get in touch out of the blue, with an email, social media message, text, or even phone call

• Upfront fee: They’ll request a charge upfront for recovering/returning your stolen funds. They might call this a “retainer fee,” a “processing fee,” an “administrative charge,” or something related to tax

• Social engineering: They’ll put pressure on you, hoping to rush you into making a rash decision to pay them. They may claim, for example, that the funds are only available for reimbursement for a limited time

• Impersonation: The scammers will claim to be working for a government or law enforcement agency, a specialist recovery firm, a bank’s fraud department or other “official” organization in order to build trust

• Untraceable payments: They might ask you to pay them in unusual ways, such as cryptocurrency, gift cards or cash apps, which are harder to trace or seek reimbursement from

• Webmail: They may send you an email using a regular Gmail address or similar, rather than a legitimate corporate email address

How to keep recovery fraudsters at bay

The good news is that it shouldn’t be hard to spot the warning signs of recovery fraud. But it’s not always the rational side of our brain that makes decisions. That’s what scammers are good at – exploiting our irrational thinking and desire to get our money back. The same emotional and psychological predisposition for being victimized that first got you into trouble is effectively being targeted again.

To ensure they don’t get the better of you a second time, never pay any upfront fees – especially to individuals who have contacted you out of the blue offering recovery services. Always verify who they say they are independently, by searching for their contact details online. In the UK, you can check the FCA Firm Checker to see if the fraudster’s purported company does offer the services it claims to.

Note the above red flags, and avoid sharing any personal details of being scammed online, as fraudsters continuously trawl the web looking for potential double-dip targets.

I’ve been scammed, now what?

If you’ve been victimized by recovery scammers, there are a limited set of options available to you. It’s always a good idea to report the incident – in the UK to Report Fraud and in the US to the FTC. This will help the authorities track the fraud landscape and improve their support to victims, as well as raise awareness so others don’t fall for the same tricks.

If you’ve made a payment via your bank, tell it ASAP. Monitor your account carefully for any unusual activity and freeze any relevant cards. If you’ve handed over more personal information to the fraudster, change the passwords on any relevant accounts, add multi-factor authentication (MFA) to bolster security, and expect potentially convincing phishing attacks in the future.

Remember: scammers are a persistent bunch. If you’ve been the victim of fraud in the past, expect another visit in the future.