What to Do If You Gave Personal Info to a Scammer
Realizing you gave personal information to a scammer can feel awful. You may feel embarrassed, angry, or panicked. But the most important thing is to act quickly and calmly. Many scams can be contained if you respond in the right order.
If you are searching for what to do if you gave personal info to a scammer, start by identifying exactly what you shared: password, card number, bank login, Social Security number or national ID, verification code, address, photos of documents, or remote access to your device. The response depends on the type of information exposed.
This guide walks through practical steps for ordinary consumers. If the scam started with a link, also read what to do if you clicked a phishing link and how to spot phishing email.
Step 1: Stop Contact Immediately
Do not continue the conversation with the scammer. Do not explain that you know it is a scam. Do not negotiate. Do not send more information to “fix” the situation.
Scammers often keep victims engaged by saying:
- the first payment failed
- your account will be locked
- you must verify one more code
- they can refund you if you provide bank details
- they need remote access to reverse a charge
- you will be arrested or fined if you stop responding
What you should do
Stop replying, block the contact, and preserve evidence. Take screenshots of messages, phone numbers, email addresses, websites, payment receipts, and anything you submitted.
Step 2: List Exactly What You Shared
Before you start changing everything, write down what information you gave away. This helps you respond properly and explain the situation to banks, companies, or fraud agencies.
Common information types
- email address
- phone number
- home address
- date of birth
- password
- one-time code
- bank login
- card number
- payment app login
- Social Security number or national ID
- driver's license or passport photo
- medical insurance information
- remote access to your computer or phone
What you should do
Make a simple list: what you shared, when, where, and with whom. This becomes your recovery checklist.
Step 3: Change Exposed Passwords
If you gave away a password, change it immediately. Start with the affected account, then change any other account that used the same or similar password.
Password reuse is one of the biggest reasons a single scam turns into multiple account takeovers. If a scammer gets your email password, they may also reset passwords for banking, shopping, cloud storage, or social media accounts.
What you should do
Use a unique password for every important account. If that sounds difficult, use a reputable password manager. For help, read how to create strong passwords and are password managers safe.
Step 4: Turn On Two-Factor Authentication
Two-factor authentication, often called 2FA or MFA, adds another step after your password. It can stop a scammer who has your password but not your second factor.
Prioritize 2FA on these accounts
- bank and payment apps
- phone provider
- password manager
- cloud storage
- social media
- shopping accounts with saved cards
What you should do
Use an authenticator app or hardware security key where available. SMS codes are better than no 2FA, but they are not the strongest option.
Step 5: Contact Your Bank or Card Provider
If you shared card numbers, bank details, payment app access, or online banking credentials, contact your financial institution immediately. Use the official phone number on your card, statement, or banking app. Do not call a number the scammer gave you.
Ask about
- freezing or replacing cards
- reversing unauthorized payments
- blocking future transactions
- resetting online banking credentials
- adding extra account monitoring
- filing a fraud claim
What you should do
Act even if no money has left yet. Financial fraud can happen hours or days after information is collected.
Step 6: If You Shared a One-Time Code, Secure the Account Now
One-time codes are often used to take over accounts. Scammers may say they need a code to verify your identity, process a refund, or prove you are human. In reality, the code may allow them to log in, reset a password, or register your number.
What you should do
Go directly to the affected service, change your password, review active sessions, remove unknown devices, and turn on stronger 2FA. If you cannot log in, use the official account recovery process immediately.
Step 7: If You Shared Your Social Security Number or ID
A national ID number, Social Security number, driver's license, or passport photo can increase identity theft risk. You cannot simply change most of these numbers, so monitoring and official reporting matter.
What you should do
Depending on your country, consider:
- placing a fraud alert
- freezing your credit
- monitoring credit reports
- reporting identity theft to the relevant government site
- notifying your bank and tax authority if needed
- replacing documents if instructed by authorities
In the United States, IdentityTheft.gov is a useful official starting point. In other countries, use your government's consumer protection or fraud reporting site.
Step 8: If You Gave Remote Access, Disconnect and Scan
Fake tech support scams often convince victims to install remote access software. If this happened, treat the device as potentially compromised.
What you should do
Disconnect from the internet, uninstall remote access tools you do not recognize, run a reputable security scan, and change passwords from a different trusted device. If banking or work accounts were accessed, contact those providers immediately.
For more warning signs, read how to spot fake tech support scams and how to tell if your phone is hacked.
Step 9: Check Account Recovery Settings
Scammers often change recovery information to maintain access. After changing a password, review the account settings.
Check for
- unknown recovery email addresses
- unfamiliar phone numbers
- new forwarding rules
- connected apps
- active sessions
- unknown devices
- changed security questions
What you should do
For email accounts, look carefully for forwarding rules. A scammer may quietly forward your messages even after you change the password.
Step 10: Report the Scam
Reporting may not instantly solve the problem, but it helps create a record and can support disputes or identity theft recovery.
Where to report
- your bank or card provider
- the platform where the scam happened
- local police if money or identity documents were involved
- national fraud reporting agencies
- the impersonated company
- your phone provider for scam texts or SIM-related concerns
What you should do
Include screenshots, dates, usernames, phone numbers, email addresses, and transaction details. Keep copies for your records.
What Not to Do After a Scam
Avoid actions that make recovery harder.
Do not
- pay a “recovery expert” who promises guaranteed results
- send more money to unlock a refund
- give remote access to someone who contacts you unexpectedly
- delete evidence before reporting
- reuse the same password again
- assume everything is fine because nothing happened immediately
What you should do
Be especially cautious of follow-up scams. People who have been scammed once may be targeted again by criminals pretending to help recover lost money.
FAQ
What should I do first if I gave personal info to a scammer?
Stop contact, write down what you shared, then secure the most sensitive accounts first. Passwords, bank logins, card numbers, and one-time codes need immediate action.
Should I change all my passwords?
Change any password you shared and any account that reused the same or similar password. Prioritize email, banking, payment apps, cloud storage, and social media.
What if I gave my bank details but no money was taken?
Contact your bank anyway. They can monitor, block, reset, or replace account access before fraud occurs.
What if I sent a photo of my ID?
Report it through the appropriate identity theft or fraud channels in your country. Consider credit monitoring, fraud alerts, and document replacement if advised.
Can scammers use my phone number and address?
Yes. They may use them for targeted phishing, impersonation, SIM-swap attempts, or identity verification attempts. Be extra cautious with future calls and texts.
Should I report the scam to police?
If money, identity documents, threats, or account takeovers were involved, reporting is often a good idea. At minimum, report to your bank and the platform where the scam occurred.
Final Thoughts
Giving personal information to a scammer is stressful, but it is not the end of the story. Fast action matters more than embarrassment. Stop contact, secure accounts, contact financial institutions, monitor identity risk, and report the scam.
The goal is not to do everything perfectly in the first five minutes. The goal is to reduce damage in the right order: protect money, protect accounts, protect identity, and preserve evidence.
Related Scam Recovery Guides
If you shared personal information with a scammer, these guides can help you secure accounts and reduce follow-up damage: