Protect yourself: the practical steps

Take a breath. Acting in the first hour or two limits how far this goes — but even a day or a week later, most of these steps still help. Work down the list in order.

• Stop the money. Call your bank or card issuer using the number on the back of your card (not a number anyone gave you). Tell them you were scammed and ask them to freeze the card or account, reverse the transaction, and watch for more. The sooner you call, the better the odds of getting funds back.
• Change passwords on anything they touched. Start with your email — it's the master key to everything else — then your bank and any account that shares that password. Turn on two-factor (a code sent to your phone or an app) wherever you can.
• If you gave them remote access to your device, disconnect from the internet, run a security scan, and change your passwords from a different device if possible.
• Write down what happened while it's fresh: dates, amounts, phone numbers, names, screenshots. You'll need this for the bank and for any report.
• Report it. Reporting won't always recover your money, but it flags the scammer and protects others. Use your country's official fraud-reporting service (search "[your country] report a scam").
• Watch for the second wave. Scammers often come back posing as your bank, the police, or a "recovery" service offering to get your money back — for a fee. That's the same scam wearing a new mask. See /scams for how these follow-ups work.

You are not the first person this happened to, and it does not mean you were careless. These operations are professional.

Most scam contact starts as a flood of texts and robocalls. You can cut the volume sharply.

• Don't reply, don't press a key, don't tap links — not even to say "STOP" to an unknown sender. Any response confirms your number is live and gets you more.
• Report and block. On both iPhone and Android you can report a text as junk or spam and block the sender in a couple of taps. Forward spam texts to your carrier's spam-reporting shortcode (in the US that's 7726 / "SPAM") so they can shut the source down.
• Turn on your phone's built-in spam filtering. iPhone has "Filter Unknown Senders" and "Silence Unknown Callers" in Settings. Android's Phone and Messages apps have spam protection and caller ID you can switch on.
• Register on your national Do Not Call list if your country has one (the US has the National Do Not Call Registry). It won't stop scammers, who ignore it, but it cuts the legitimate telemarketing so the bad calls stand out.
• Let unknown calls go to voicemail. Real people and real businesses leave a message. Most scams don't.

A big reason you get targeted is that data brokers compile and sell profiles of you — your name, address, phone, relatives, and more — scraped from public records and online activity. You can ask them to delete it.

• Search yourself first. Type your name plus your city into a search engine, and look at the "people search" sites that come up (the ones showing your address and relatives). That list is your to-do list.
• Use each site's opt-out page. Nearly every broker has one, usually buried in the footer under "Privacy," "Do Not Sell My Info," or "Opt Out." It's tedious but free. Removals can take days to weeks, and some profiles reappear, so plan to recheck every few months.
• Use your legal right to delete. If you're in a place with a privacy law — California (CCPA), the EU/UK (GDPR), and a growing list of US states — you can formally demand deletion, and brokers must comply. Look for the "data subject request" or "Do Not Sell" link.
• Lock down the source. Set your social media profiles to private, and remove your phone number and birthday from public view. The less that's out there, the less brokers can resell.
• Paid removal services exist that do this sweep for you on a subscription. They can save time, but everything above is something you can do yourself for free — decide based on your time, not pressure.

Older adults are targeted deliberately, often with scams built around urgency, authority, or a grandchild "in trouble." The goal here isn't to take over — it's to put a few quiet guardrails in place and make it safe for them to ask you before acting.

• Agree on one rule together: no money, codes, or gift cards over the phone, ever — no matter who's calling or how urgent it sounds. A real bank or government office will never demand this.
• Set up a family password — a simple word only the family knows. If a "grandchild" or "relative" calls in a panic asking for money, the real one will know the word.
• Turn on the phone's spam filtering for them (same steps as the spam section above), and add your number as a favorite so trusted calls still get through.
• Make "let me check with [you] first" the normal response to any unexpected request. Frame it as a habit you both follow, not a sign they can't cope — that keeps them willing to call you instead of hiding a mistake.
• Walk through the common scripts together so they recognize them: the fake bank fraud department, the tech-support pop-up, the romance contact who needs money, the prize that requires a fee. There's a plain-language rundown at /scams.
• If a parent has already been hit, go straight to the recovery steps at the top of this page — and reassure them first. Shame keeps people silent, and silence is what scammers count on.