Fraud response · 9 minute read

The First 24 Hours After Suspected Financial Fraud

A calm sequence for containing account fraud, preserving evidence, reporting identity theft, and protecting access.

By: Credit Orchard Education TeamPublished and reviewed:

Contain the money movement

Use the number on the back of the card, a verified statement, or the institution’s official app—not a link or number in the suspicious message. Explain exactly what happened and ask what can be frozen, recalled, replaced, or flagged. Different payment methods have different procedures and protections, so identify whether the event involved a card, bank transfer, wire, check, cash app, gift card, or crypto asset.

Do not send more money to unlock, insure, recover, or verify the first payment. Recovery scammers often contact victims while the event is still unfolding. Government agencies and legitimate institutions do not need a gift card, crypto transfer, or secret cash shipment to protect an account.

Secure the control points

Email is often the reset key for financial accounts. Change its password from a trusted device, enable multifactor authentication, review forwarding rules and logged-in sessions, then secure financial accounts and the mobile carrier account. Use unique passwords rather than changing one reused password everywhere.

If identity information was exposed, consider a credit freeze with each nationwide bureau. A fraud alert and a freeze serve different functions; learn what each does before choosing. Keep confirmation numbers and note which accounts were secured.

  • Primary email and recovery email
  • Bank, card, brokerage, and payment apps
  • Mobile carrier PIN and account access
  • Credit reports and freezes
  • Tax and government-benefit accounts when implicated

Preserve facts and make reports

Save screenshots, transaction IDs, usernames, phone numbers, email headers, receipts, and the exact timeline. Do not continue engaging merely to gather evidence. Report identity theft at IdentityTheft.gov when applicable and follow the tailored recovery plan. Report the scam to the relevant company and regulator; local law enforcement may also be appropriate for theft, threats, or documentation needs.

Track every conversation: date, time, department, representative, case number, promise, and deadline. Recheck statements and reports because fraud can spread. Trauma and embarrassment are normal responses; neither means the victim caused the crime.

Decision checklist

  1. 1Stop communicating with the suspected scammer
  2. 2Call the institution through a verified channel
  3. 3Secure email, mobile, and financial access
  4. 4Preserve the transaction and message trail
  5. 5File applicable official reports and track case numbers
Continue in the AcademyFinancial cybersecurity and account protectionApply the ideaUse the financial emergency worksheet

Primary sources and further reading

Editorial and educational notice: Credit Orchard’s education team wrote and reviewed this guide against the linked primary sources on July 15, 2026. It provides general education and cannot account for every contract, jurisdiction, benefit, tax situation, or personal circumstance.