Scams
If you’ve been a victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse.
10 Apr 2026 • , 5 min. read
The worst thing you can do after falling victim to fraud is let your guard down. Online scammers only care about one thing: making money, so when new opportunities arise to do just that, they take them. It doesn’t matter if it involves re-victimizing someone who has already been defrauded, raising false hopes and exploiting their desperation to get their stolen funds back. All while stealing even more from them.
Fortunately, many of these “recovery” or “refund” scams work the same way. Take some time out to understand what they look like, and you’ll stand a good chance of staying safe next time the fraudsters come knocking. Recently, we looked specifically at cryptocurrency recovery scams, but there’s more to these kind of ploys. Recovery fraud is an umbrella for several predatory tactics, all sharing a common goal: the “second strike.”
These scams usually follow a tried-and-tested pattern. Fraudsters either buy “sucker lists” off other criminals or target victims of fraud they’ve just perpetrated. They impersonate specialist recovery service providers, consumer protection agencies, government officials, law enforcers, regulators, etc.
They know a lot about your case and promise to look into getting the funds back for an upfront fee. Or they may claim to already have the money and are either redistributing it to unhappy customers, or completing the paperwork to release reimbursement funds on behalf of the government or agency.
This is basically a kind of advance fee fraud. In the US in 2024 (the latest year for which figures are available) there were over 7,000 reported cases – which made scammers more than $102 million. Even these figures are likely to represent just the tip of the iceberg.
If you push back and ask the scammers to simply take their fee from the money they claim to have recovered (or will recover), they will typically make excuses as to why this isn’t possible. In an even more dangerous variation of the scheme, they may also ask for bank account/crypto details to pay your refunded money into. This information could then be used for more serious account hijacking and financial fraud.
Examples of messages peddling cryptocurrency recovery services in discussion forums (click to enlarge)
Cybercriminals and fraudsters often share information and knowledge to help each other succeed with their avaricious schemes. Sucker lists are a great example. They work almost like a list of marketing leads – except instead of potential customers, they contain the contact details of prospective victims.
Lists may vary in quality, but usually contain the names and contact details of individuals who have either fallen victim to fraud in the past, or who have previously replied to spam messages. They may even include details of the potential target’s demographic details and propensity to fall for particular scams or tactics.
Watch out for these classic warning signs to stay clear of recovery fraud:
The good news is that it shouldn’t be hard to spot the warning signs of recovery fraud. But it’s not always the rational side of our brain that makes decisions. That’s what scammers are good at – exploiting our irrational thinking and desire to get our money back. The same emotional and psychological predisposition for being victimized that first got you into trouble is effectively being targeted again.
To ensure they don’t get the better of you a second time, never pay any upfront fees – especially to individuals who have contacted you out of the blue offering recovery services. Always verify who they say they are independently, by searching for their contact details online. In the UK, you can check the FCA Firm Checker to see if the fraudster’s purported company does offer the services it claims to.
Note the above red flags, and avoid sharing any personal details of being scammed online, as fraudsters continuously trawl the web looking for potential double-dip targets.
If you’ve been victimized by recovery scammers, there are a limited set of options available to you. It’s always a good idea to report the incident – in the UK to Report Fraud and in the US to the FTC. This will help the authorities track the fraud landscape and improve their support to victims, as well as raise awareness so others don’t fall for the same tricks.
If you’ve made a payment via your bank, tell it ASAP. Monitor your account carefully for any unusual activity and freeze any relevant cards. If you’ve handed over more personal information to the fraudster, change the passwords on any relevant accounts, add multi-factor authentication (MFA) to bolster security, and expect potentially convincing phishing attacks in the future.
Remember: scammers are a persistent bunch. If you’ve been the victim of fraud in the past, expect another visit in the future.
Sign up for our newsletters
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。