Blog post: Online security
Hello and welcome to Scam Or Reliable!
Blog post: Online security
Sharing your personal data with a fake website, a fake adviser or a fraudulent form does not always mean that the worst will happen. But it does create a real risk of identity theft, account hacking, bank fraud or targeted follow-ups.
Your first reactions are therefore important, because some mistakes can make the situation worse.
The goal is to secure what can be secured, preserve the evidence and avoid falling into a second trap.
After sharing personal data, many victims hesitate to act. They tell themselves that the information provided may not be enough, or that the scammer will not use it. However, this wait can give a fraudster time to exploit an account, an identity document, a phone number or banking details.
The response must be adapted to the information shared. A simple name and email address do not carry the same level of risk as an identity document, a password, bank details, a bank card or a verification code. The more sensitive the data, the faster the response must be.
The right approach is to immediately take stock of what has been shared. Note the data concerned, the website or contact used, the approximate time and the context. This overview then makes it possible to act in the right order.
It is natural to want to delete the message or close the page that was used as the trap. However, evidence may be useful for a bank, a platform, a police report or a fraud report. Deleting it too quickly can sometimes make the steps more difficult.
Keep the messages, links, screenshots, email addresses, phone numbers, profile names, receipts, confirmations and exchanges. If you filled in a form, note precisely which information was provided. If a page may disappear, take a screenshot before closing it permanently.
You should not reply to the scammer to obtain more evidence. It is enough to save what you already have. The goal is to document the situation without prolonging the interaction.
After a first mistake, some victims try to “correct” the situation by continuing the discussion. The scammer may claim that a piece of information is missing, that a refund is possible or that a final verification is required. This is often a way to obtain additional data.
Never send a new identity document, a selfie, proof of address, bank details, a code received by text message or a banking screenshot to an unverified person. The more elements you provide, the higher the risk of identity theft or fraud. One isolated piece of data can already be useful, but several pieces of data combined become much more dangerous.
Cut off the exchange and use independent channels. For a bank, use the official app or the number you already know. For a government service, type the official website address yourself. For a platform, open the app or website from your bookmarks.
If you entered a password on a suspicious page, you must change it immediately from the official website of the service concerned. If the same password is used elsewhere, you must also change it on the other accounts. Reusing a password turns a single leak into a multiple risk.
Start with the most sensitive accounts: main email account, bank, payment services, social networks, government accounts and professional accounts. Email is a priority, because it often allows other access to be reset. A scammer who controls your email can take control of many services.
Then enable two-factor authentication whenever possible. Also check recent logins, authorised devices, recovery addresses and any email forwarding rules. A password change is not enough if fraudulent access remains active.
A copy of a passport, driving licence, state ID card, payslip or proof of address is highly sensitive data. It can be used to open an account, create a fake file, bypass certain checks or prepare identity theft. The risk is not always immediate, but it can last.
If you sent this type of document to a fake service, keep a record of the sending and watch for unusual signs. Beware of credit applications, unknown accounts, administrative follow-ups, strange bills or letters linked to steps you did not take. If there are signs of identity theft, a police report may be necessary.
Do not publicly share the document to ask for help. Even partially blurred, it may contain exploitable information. Share it only with legitimate contacts when it is genuinely necessary.
Bank details, a debit or credit card, payment access or a verification code must be handled quickly. Even if no debit is visible yet, you must contact the bank or the official payment service. The goal is to block, monitor or dispute according to the situation.
Never use a number given in the suspicious message. Go through the banking app, the official website, the number on the back of your card or your usual contact details. Explain precisely what you shared and ask what measures need to be taken.
If a fraudulent transaction appears, keep the reference, date, amount and exchanges. Reporting fraud does not replace the banking procedure. Both may be useful, but protecting the account must come first.
An email address or phone number may seem relatively harmless. Yet they can be used to target more convincing attacks. A scammer can use them to send personalised fake messages, attempt password resets or link together several pieces of information that are already available.
If your main email address was shared with other data, pay attention to unusual messages. Beware of login alerts, reset requests, fake technical support and messages that seem to know your situation. If your phone number is involved, also watch for phishing text messages and suspicious calls.
Do not click on links received after the incident. Fraudsters can target a victim again with a message that refers to the first trap. This continuity makes the second message more credible.
After a data leak or a scam, some services sometimes claim they can delete your information, recover your money or permanently block the scammer. Some are serious in their field, but many exploit urgency and fear. Fake victim-support services are a second threat.
Be wary of guaranteed promises. No one can guarantee the total disappearance of data already sent to a fraudster. Nor should anyone demand urgent payment, access to your accounts or new sensitive documents without a clear justification.
Before paying for a private service, check its identity, legal notices, terms, limits and external reviews. If in doubt, first prioritise official resources such as the National Cyber Security Centre (UK), the Information Commissioner’s Office (UK), IdentityTheft.gov (US) or the Federal Trade Commission (US), depending on your country and situation.
Identity theft does not always appear immediately. It may emerge later, when an account is created, a request is made, a payment is attempted or a document is reused. You therefore need to remain vigilant after the incident.
Monitor your bank accounts, emails, customer areas, social networks and post. Check login notifications, password changes, messages sent without your consent and unknown administrative requests. If you receive a follow-up linked to a procedure you did not initiate, do not ignore it.
Shame is common after a scam, but it mainly helps fraudsters. Someone who does not dare ask for advice often acts later, or does not report the facts. Yet sharing data with a fake service can happen even to careful people.
Talk to someone you trust if you feel lost. If a professional account is involved, quickly warn the IT manager or the competent person. If your relatives may receive messages sent from a compromised account, warn them through another channel.
Asking for help does not mean publishing all the details online. You need to remain discreet about sensitive information, but you should not stay alone. A guided response is better than silent waiting.
After sharing personal data with a suspicious service, the main mistakes are waiting, deleting evidence, sending new information and failing to secure accounts. You need to act methodically: identify the exposed data, protect access, warn the right contacts and monitor signs of identity theft. A quick response must not be rushed, but organised.
To be guided according to your situation, use our practical guide for fraud victims. If you need to report the incident, our assistant for finding the right reporting channel can help you. To strengthen your reflexes before the next trap, also read our article on the right actions to take when facing scams.
