someone pretending to help

Recovery scammers target existing scam victims for second round

These days, it pays to be on your guard for something referred to as a recovery scam. This is an increasingly popular technique which is absolutely rampant on certain quarters of social media. You may well have seen it yourself, without realising.

Either way, it’s quite the menace and essentially involves taking the victim of a scam and then scamming them all over again. Considering that the impact of one piece of criminal activity can be devastating, to have it happen twice in quick succession is unimaginable.

What is a recovery scam?

Picture the scene. You’ve managed to lose your email login to a phishing scam, or clicked on the wrong thing on social media and had your account stolen. Maybe you even lost a considerable sum of money. No matter how it went wrong, the point is that you lost out somehow.

But someone has magically appeared to fix the problem!

If your money went missing in a banking scam, the bank is now magically on the phone specifically addressing your loss. If your social media account was hijacked, then the site’s support agent is now sending you messages and encouraging you to send them a direct message.

The problem? These people performing the follow-up are also fake. In fact, it’s possible they’re responsible for the original scam in the first place and are now simply back for more. If the original scam involved money stolen from your account, the second scam will involve you paying some sort of admin fee to reclaim your missing cash. If a social media account went bye-bye, the follow-up may involve asking you for your connected email login to “work some tech magic”. At this point, your email is probably gone too.

As LifeHacker points out, this is not a good thing to experience.

Where the recovery scams hang out

Twitter replies are notorious for filling up with recovery scammers. You’ll occasionally see them in the comments sections of Facebook and Instagram, but Twitter is great for rapid-fire bot responses which never get cleaned up.

Here’s several examples from one tweet where a plea for assistance with Instagram results in bogus help offers galore.

Typically, a bot will automatically reply and point potential victims in the direction of another account on the same platform or somewhere else entirely. If you mention that you’ve lost your account in some way, the world’s greatest hacker recovery agent will be in your replies before you can blink. In fact, the above tweet itself has a bogus recovery support scammer making waves in the replies. You simply cannot escape them.

Another popular form of recovery scam can be found on Reddit, in the popular /scams subreddit where people post warnings, ask questions, and generally focus on all things scam related. The Subreddit (and others like it) are watched closely by actual scammers. Should they see someone post a request for help or more information, they will swoop in and start messaging the individual in question. It’s a sad day where places you can go for help are filled with posts like this warning you not to accept help directly from strangers, but here we are. In fact, it’s so common that one of the many bot moderator auto-replies you’ll frequently see is a post warning people not to fall for recovery scam follow up messages. Part of the auto-post reads as follows:

“If you have been scammed in the past, make sure you are aware of recovery scams so that you are not scammed a second time. If you are currently engaging with a recovery scammer, you should block them and be very wary of random contact for some time. It’s normal for posters on this subreddit to be contacted by recovery scammers after posting, and they often ask you to delete your post so that you both cannot receive legitimate advice, and cannot be targeted by other recovery scammers.”

What to watch out for

All too often, there is not much you can do once the scammers have swiped your money or hijacked your logins. Everything after that point is reliant on things like whether you wired money, or if the account is for a platform with poor customer service. You don’t need the hassle of trying to fix a second fallout after the initial attack.

Stay safe out there!

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.