🤔

Is This a Scam?

4 minute read

A quick triage guide for suspicious messages, calls, pop-ups, and requests.

First moves

Do these before the deep dive

Words to use

I do not handle urgent requests through links, numbers, or instructions sent to me. I will verify another way.

You do not need to prove it is a scam before you protect yourself.

The safe move is the same either way: leave the message, call, pop-up, or chat that brought you here and verify through a route you already trust.

If you already clicked, paid, shared, installed, or replied, stop the conversation now and use the recovery section below.

Do not resolve a problem through the same message, call, link, pop-up, QR code, or chat that announced the problem.

Bank alert: close the message or hang up. Open the real banking app, type the bank website yourself, or call the number on the back of your card.
Package problem: do not use the tracking link in the message. Open the carrier or retailer site yourself and check from there.
Family emergency: end the chat or call. Call the saved number you already have, or contact another family member who can verify.
Employer request: do not approve, buy, transfer, or share credentials inside the thread. Use the company directory, ticketing system, or a manager’s known contact.
Government notice: do not call the number in the message. Use the official agency portal or a phone number from a mailed notice or official website you typed yourself.
Account alert: do not use the reset link that arrived with the warning. Open the real app or typed website and check security settings there.

If the problem is real, it will still exist when you arrive through the front door.

The story can change. The request is what matters.

Send money, gift cards, crypto, wire, Zelle, Cash App, Venmo, or PayPal. Stop. Verify with the person, company, bank, or payment provider through a number or app you already trust.
Share a password, PIN, one-time code, recovery code, or security answer. Stop. No support agent, bank, employer, or government office needs you to read a code back to them from an unexpected contact.
Install software, open screen sharing, or let someone control the device. Stop. Real support can wait while you verify through the official app, website, help desk, or number on your account.
Keep the conversation secret. Stop. Bring in a trusted person or verify through another channel before doing anything else.
Stay on the phone while going to a bank, ATM, store, or app. Stop. Hang up first. Then call the bank, store, or person yourself.
Act before you can verify. Stop. A real issue can survive a safe check. A scam usually cannot.

What matters now is what changed.

Money moved or payment details were shared: call the bank, card issuer, payment app, wire service, or payment provider first. Use the number on the card, statement, real app, or official site.
Password, PIN, one-time code, recovery code, or security answer was shared: open the real site or app yourself, change the password, sign out of other sessions, and check recovery email, recovery phone, recent logins, and connected apps.
Remote access was installed or screen sharing was opened: disconnect that device from the internet or power it off, use a different device for banking and passwords, then go to I Installed Remote Access.
Personal information was shared: use I Think I Was Scammed and follow the identity guidance for what was exposed.
Only a link was opened: close it. The risk changes when you entered information, downloaded something, installed software, approved access, or shared a code.

If you are not sure which bucket applies, start with money, then accounts, then devices.

Read the request out loud:

What are they asking me to do, and can I verify it without using anything they sent me?

If the answer is no, pause. Ask someone you trust to look at it with you, or use Emergency Scam Checklist for the next safe move.