Recovery Scams

What Are Recovery Scams?

Recovery scams are fraudulent requests for payment or sensitive personal information, made under the false pretense of helping a recent victim of another fraud recover some of their stolen money. They are a kind of advanced fee fraud, such as the promise of huge amounts of money in return for an initial small payment.

The fraudster poses as a reputable business, legal institution, or official body, such as the fraud team at a bank, claiming to be able to help the victim recover some or all of their initial loss. The fraudster then cheats the victim out of further money.

Reduce Fraud Rates by 70–99%

Partner with SEON to reduce fraud rates in your business with real-time data enrichment, whitebox machine learning, and advanced APIs.

Ask an Expert

How to Recognize Refund and Recovery Scams

There are multiple ways in which victims can recognize attempts at refund and recovery scams. These include looking out for:

  • Advance fees: If a company is asking for a fee upfront, that’s a major red flag. Most service providers undertake work, then bill for it. Any request for upfront payment should set alarm bells ringing.
  • Suspicious emails: Spelling mistakes in emails, or emails that come from Yahoo or Gmail addresses rather than business addresses, are another warning sign.
  • Requests for upfront information: If a company asks for too many details upfront – email addresses, phone numbers, and the like – be wary.
  • Requests for confidential information: If any company asks for personal or business bank account details, it should raise suspicions. Recovery scammers often use false pretenses when requesting such details, such as the need to deposit recovered funds.
  • Promises of privileged access: Scammers often lure victims by saying they can provide privileged access to government agencies, departments, or contacts. Any such claims should be treated with a significant degree of caution.
  • Lack of contact details: When you research the company that has approached you claiming to be able to recover the monies you lost to fraud, look out for their contact details and the address of their physical premises on their website.
  • Too much information: Ask yourself how the company knows details of the fraud you were victim to in the first place. Do they know too much? That’s another warning sign.

Types of Recovery Scams

There are three main types of recovery scams, with fraudsters using phishing and a range of social engineering techniques to target those who have already been victims. Ways in which recovery scammers do this include:

  • Convincing the victim to pay for services that are free or that the victim could do themselves.
  • Charging an advance fee but then vanishing as soon as the victim has paid it, without doing any work.
  • Stealing information that can be used to commit further fraud – for example, by obtaining business bank account details from the victim under the pretense that they’ll use it to deposit recovered funds, but then draining the bank account instead.

Five Examples of Refund Recovery Scams

1. Cryptocurrency Recovery Scams

According to the US Federal Trade Commission, over 46,000 people have reported losing more than $1 billion in cryptocurrency to scammers since the start of 2021. The huge scale of cryptocurrency fraud means that there is a vast pool of victims for recovery scammers to target.

Cryptocurrency recovery scammers reach out to their targets and offer to help them recover their accounts and get their money back. They usually ask for an upfront fee and then vanish. Some take it further and ask for wallet details and seed phases, which they then use to drain the victim’s wallet.

2. Stolen Vehicle Recovery Scams

Scammers look out for mentions of stolen vehicles on social media, or purchase details of such losses on the dark web. They then contact the victim of the theft, claiming to have recovered the vehicle.

All the victim needs to do is pay an upfront fee to cover the cost of the tow truck – which of course never turns up, as the scammer vanishes as soon as they receive the funds.

3. Tech Support Refund Scams

Businesses should always be on the lookout for tech support refund scams. These usually start with an email confirmation that a service or product has been purchased or renewed, branded to look like it’s from a legitimate tech company.

The email will have a phone number to call in case of issues. But the employee who phones that number (to complain that they never ordered the service or product) doesn’t reach the genuine company – they get through to the scammers.

Once they have the employee on the phone, the scammers persuade them to download software, allegedly so that they can issue a refund for the product or service but actually so that they can gain access to the employee’s computer. They pretend to issue the refund, then ask the employee to log into the business bank account to confirm receipt.

Next, the scammers use the installed software to make it appear that they have accidentally refunded a much larger amount than they have – and ask the employee to refund the difference. The employee refunds it and the scammers disappear into the ether, leaving the employee to explain to their boss why there’s a large chunk of money missing from the company account.

4. Utility Bill Recovery Scam

The scammer contacts their victim, pretending to be doing so from (or on behalf of) the latter’s utility provider, such as their gas or electric company.

The scammers then (as just one example) explain to their target that they have overpaid on their utility bill, perhaps owing to a technician misreading their meter. The scammers will use any number of manipulation tactics to try to convince their target that the overpayment is legitimate. This is in the hopes that the victim will be tricked into providing their personal information “so that the refund can be processed”.

Assuming they trick the victim into giving the necessary information, the scammer will then have enough information to be able to exploit it for personal gain, such as setting up fake accounts for identity theft purposes, carrying out a new account takeover attack, or even breaking into the target’s bank account to make withdrawals.

5. Tax Refund Scam

Scammers contact a taxpayer and tell them that they have overpaid on their tax return and are owed a refund.

Similarly to the utility bill recovery scam, the fraudsters may need to use social engineering tactics (such as the threat of financial urgency) to convince the taxpayer of their legitimacy before the victim will relent and provide their personal information – all in the hopes that the so-called tax refund can be paid to them.

Fight Fraud Fast

Partner with SEON to reduce fraud rates in your business with unique digital footprint analysis and strong device fingerprint and velocity checks.

Ask an Expert

How to Protect Against Recovery Scams

Any business (or individual) that has been the victim of fraud, whether it’s wire fraud or any other kind of scam, needs to be vigilant in looking out for refund and recovery scams. As ever, education is essential, with businesses needing to train their teams to recognize attacks such as spear-phishing, as well as attempts at recovery fraud.

Often, it just takes a pause for thought – and a bit of online research – to realize that something is amiss. Any suspicions should be immediately escalated following the business’ internal procedures.

Related Terms

Related Articles


Speak with one of our fraud experts

Feel free to reach out with any fraud-related questions or comments - we’ll get back to you as soon as possible.