How does recovery fraud work?<\/h2>\n
These scams usually follow a tried-and-tested pattern. Fraudsters either buy \u201csucker lists\u201d off other criminals or target victims of fraud they\u2019ve just perpetrated. They impersonate specialist recovery service providers, consumer protection agencies, government officials, law enforcers, regulators, etc.<\/p>\n
They know a lot about your case and promise to look into getting the funds back for an upfront fee. Or they may claim to already have the money and are either redistributing it to unhappy customers, or completing the paperwork to release reimbursement funds on behalf of the government or agency.<\/p>\n
This is basically a kind of advance fee fraud. In the US in 2024 (the latest year for which figures are available) there were over<\/a> 7,000 reported cases \u2013 which made scammers more than $102 million. Even these figures are likely to represent just the tip of the iceberg.<\/p>\n If you push back and ask the scammers to simply take their fee from the money they claim to have recovered (or will recover), they will typically make excuses as to why this isn\u2019t possible. In an even more dangerous variation of the scheme, they may also ask for bank account\/crypto details to pay your refunded money into. This information could then be used for more serious account hijacking and financial fraud.<\/p>\n Examples of messages peddling cryptocurrency recovery services in discussion forums (click to enlarge)<\/em><\/p>\n Cybercriminals and fraudsters often share information and knowledge to help each other succeed with their avaricious schemes. Sucker lists are a great example. They work almost like a list of marketing leads \u2013 except instead of potential customers, they contain the contact details of prospective victims.<\/p>\n Lists may vary in quality, but usually contain the names and contact details of individuals who have either fallen victim to fraud in the past, or who have previously replied to spam messages. They may even include details<\/a> of the potential target\u2019s demographic details and propensity to fall for particular scams or tactics.<\/p>\n Watch out for these classic warning signs to stay clear of recovery fraud:<\/p>\n The good news is that it shouldn\u2019t be hard to spot the warning signs of recovery fraud. But it\u2019s not always the rational side of our brain that makes decisions. That\u2019s what scammers are good at \u2013 exploiting our irrational thinking and desire to get our money back. The same emotional and psychological predisposition for being victimized that first got you into trouble is effectively being targeted again.<\/p>\n To ensure they don\u2019t get the better of you a second time, never pay any upfront fees \u2013 especially to individuals who have contacted you out of the blue offering recovery services. Always verify who they say they are independently, by searching for their contact details online. In the UK, you can check the FCA Firm Checker<\/a> to see if the fraudster\u2019s purported company does offer the services it claims to.<\/p>\n Note the above red flags, and avoid sharing any personal details of being scammed online, as fraudsters continuously trawl the web looking for potential double-dip targets.<\/p>\n If you\u2019ve been victimized by recovery scammers, there are a limited set of options available to you. It\u2019s always a good idea to report the incident \u2013 in the UK to Report Fraud<\/a> and in the US to the FTC.<\/a> This will help the authorities track the fraud landscape and improve their support to victims, as well as raise awareness so others don\u2019t fall for the same tricks.<\/p>\n If you\u2019ve made a payment via your bank, tell it ASAP. Monitor your account carefully for any unusual activity and freeze any relevant cards. If you\u2019ve handed over more personal information to the fraudster, change the passwords on any relevant accounts, add multi-factor authentication (MFA) to bolster security, and expect potentially convincing phishing attacks in the future.<\/p>\n Remember: scammers are a persistent bunch. If you\u2019ve been the victim of fraud in the past, expect another visit in the future.<\/p>\n![\"crypto-recovery-scams-1\"](\"https:\/\/web-assets.esetstatic.com\/wls\/2026\/04-26\/crypto-recovery-scams-1.png\" "\\"\\"")
<\/p>\n![\"crypto-recovery-scams-2\"](\"https:\/\/web-assets.esetstatic.com\/wls\/2026\/04-26\/crypto-recovery-scams-2.png\" "\\"\\"")
<\/p>\nWhat are sucker lists?<\/h3>\n
Red flags to look out for<\/h2>\n
\n
How to keep recovery fraudsters at bay<\/h2>\n
I\u2019ve been scammed, now what?<\/h2>\n