So you’re on the phone and you realise something is wrong. Maybe you’ve read my post on how to notice if you are talking to a scammer. Maybe your intuition tells you something is wrong. What do you do next?
Hang up the phone. Write down the phone number, then block it because they will call you back.
This is always step one, no matter what. Then take a few deep breaths. Once you are calmer, go through the rest of this post bit by bit to find out what you can do next.
Do they have access to my computer?
Did the scammer ask you to download a program? If you downloaded it or clicked on a link in an e-mail they sent you that downloaded something, follow these steps next:
- Go to your router (the box that was installed when you got your internet) and unplug it. Do not plug it back in.
- Log into your main e-mail account(s) with a different computer/laptop. Only use your phone if you didn’t download anything or opened anything they sent you with your phone. If you did, more instructions below but for now find a different phone/computer/laptop. Change the password(s) for your main e-mail account. Do this for all e-mail accounts you use for anything important.
Without internet, they have no access to your computer any more. Now you can check what exactly happened in peace.
- On your phone google the program they asked you to download.
If it is a legitimate program you have to open the program and give them the access code before the scammers can actually use it. The access code is usually a series of numbers and letters. If you shared this code with them, the scammers had access to your computer. If you didn’t give them a code, they didn’t have access. In either case, do this next.
- Open settings on your computer and search for “remove programs”. Find the one you downloaded and uninstall it. Super important: uninstall. Not delete, archive or hide. Only uninstall removes the program.
If it is not a legitimate program, it might contain a virus. This is a bit rarer but it happens. Uninstall the program first. Then turn off your computer/laptop and find someone who knows how to start it up in “safe mode” so they can remove the virus.
Yes, there are tutorials online how to do this yourself. If you feel confident following one, search for “how to start up [name of your operating system, like Windows 11] safe mode” and when that’s done “how to remove a virus”.
People are eager to help, and friends will offer you a lot of advice in a situation like this. Take the comfort but not the advice unless they really know what they are doing, meaning they work in IT. If you don’t know anyone like that and don’t want to worry through the process, go to a professional.
If they had access to your computer
If you gave them the code and they had access, it means they could see everything on your computer. Your files, your contact details, your browser history, everything. Depending on how much time they had looking around they might have found a folder labelled “Passwords” if you have one and copied your contact lists.
We’ll get to that in a bit. For now, the important question is, did they send you money and then asked you to log into your bank account to check you got it? If you did, they saw your log-in details for your online banking and your password.
- Call your bank immediately and tell them what happened so they can freeze your account.
- Call any credit card you have that is linked to that account. If you have credit card numbers written down anywhere in your files, call those credit card companies too. Better safe than sorry. By the way, this applies to other people’s credit cards too, if you wrote down their numbers somewhere.
2FA, short for 2-Factor Authentication, is a way to keep your accounts safe. Any time you need to log in somewhere or make a transaction and need to confirm with a number you get via text message, e-mail or an authenticator app, 2FA is on. This means that the scammers cannot get into any account that has 2FA.
Your bank very probably uses it, so the scammers cannot transfer money out of your account without a confirmation. They can, however, use your credit cards to buy stuff so make sure you cancel them.
If they had access to your phone
If they asked you to download the access app onto your phone and you gave them the access code, it’s very likely that they used it to confirm a transaction in your online banking and your money is gone.
- If you haven’t done so already, follow the steps above: Call your bank and credit card companies.
- Next go into settings on your phone. Click on Apps. You want to see a list of all the apps and might have to click on another step before you do. Find the program you downloaded and uninstall it. Not delete. Uninstall.
- Make a list with the log-in information and passwords for the apps on your phone. If your contacts are saved to your SIM card, the next step will not delete them. But if they aren’t, make a list of all the names and numbers too. Write everything on a piece of paper.
- Open Settings again. Click on the search icon. Search for “factory reset”. Before you click on this you need to know that all your data will be gone if you didn’t back it up. All the files and pictures will be gone. You can back them up first, meaning copy them to a different device, like a laptop. Don’t the use the one the scammers had access to though. You will also have to reinstall every app on your phone and log in again. When you are ready, reset your phone.
The router
Scammers can hack routers. They cannot use it to get into other computers/phones that use your wi-fi but they can see what other users are doing. Switch any other device that is using your wi-fi to air-plane mode (a little plane symbol).
- Call your internet provider and tell them what happened. They will reset the password on your router or follow whichever protocol they have for these cases.
Damage control
Here are a few more steps you want to take:
- Let your family and friends know as soon as possible that you were scammed. The scammers stole all your contacts from your devices and will very probably try to scam your family and friends next or sell the information to other scammers. In either case, tell everyone to be on their guard and not to click on any link they might get, not even from you.
- Call your network provider and tell them what happened. You might have been charged for the phone call. If you report it immediately, they might not expect you to pay.
- Go to the police and file a report.
- Change every password everywhere. Consider getting a password manager, like 1Password or make up secure passwords.
- Check every account you have, like points collecting accounts, and see if anything was stolen. Contact the people in charge of those accounts and ask them return it to you, if possible.
Your SIM card
If they had access to your phone, the scammers might have cloned your SIM card. That’s the small card from your mobile service provider (Vodafone, T-mobile etc.) in your phone. Cloning a SIM card means that they copied your information to another card they can now use to call people or send them messages. These people will see your number.
They might not use the SIM card clone immediately or might sell it. If you suddenly don’t receive all of your calls or your WhatsApp/text messages, the scammers might be using your number. Call your Network provider and explain the situation. They will help you recover your number or get a new one.
Self-care
Finally, but just as important as every other step on this list, breathe and be kind to yourself. You were scammed by people who do this professionally. They know exactly what to say and how to say it. You’re not the only one. Scammers steal millions.
Once you feel a bit better, focus on the future. Learn how to notice if you are talking to a scammer.You might also find these posts with more security tips for passwords and 2-Factor Authentication helpful. Share the posts with anyone you know who might find them helpful too.
Your name and contact details are on lists now. If they stole your contacts, everyone on them will be on lists too. Even though it might seem strange, they will probably try to scam you again. But now you’re prepared so the next time they won’t succeed.