How to spot phishing and payment fraud — clear red flags to watch for

Phishing and payment fraud use different tactics but share common signals. Train yourself to notice these red flags before you click or pay:

  • Sender or link mismatches: the displayed company name may be correct, but the underlying domain is wrong (hover links to check destination). Look for small typos or extra characters (ex.: paypall.com vs paypal.com).
  • Urgent or threatening language: “Immediate action required,” “your account will be closed,” or threats to call law enforcement.
  • Unsolicited payment requests: invoices, wiring instructions, or “confirm payment” messages you didn’t expect.
  • Requests for unusual payment methods: wire transfers, prepaid cards, gift cards, or cryptocurrency are common scam rails.
  • Generic greetings, odd grammar, and unexpected attachments: these are classic phishing traits.
  • Spoofed phone numbers or caller IDs: callers may mask numbers to look like your bank or the IRS.
  • Business Email Compromise (BEC): an email from a vendor or executive asking you to change wiring details or approve a payment — verify via a known phone number.

Technically savvy signals include mismatched “reply-to” addresses, missing or failing DKIM/SPF authentication, and headers that show the message routed through unfamiliar servers. You don’t need to read headers daily, but learning to capture them (or forwarding the full message) is crucial when reporting.

Typical fraud scenarios to recognize

  • Impersonation phishing: fake bank, payment app, or government messages that request credentials.
  • Invoice or vendor fraud: fraudster changes payee banking details on a legitimate invoice.
  • Overpayment/refund scam: buyer ‘accidentally’ overpays and asks for the difference returned via a fast payment app.
  • Authorized Push Payment (APP): you are tricked into authorizing a payment to a scammer’s account.
  • Fake tech-support or account verification calls/texts asking for access codes or remote access.

In my practice advising clients, I’ve seen sophisticated look‑alike domains and voice deepfakes used to create urgency. The primary defense is verification by an independent channel — call the institution using a phone number from your statement or their official website, not numbers or links in the message.

Immediate steps if you suspect phishing or payment fraud

  1. Stop and do not click any more links or open attachments.
  2. If you’ve clicked but not entered credentials, disconnect from the network, change passwords on the affected account using a separate device, and enable multi‑factor authentication (MFA).
  3. If you shared login details or entered credentials, change the password immediately and anywhere else you reused that password.
  4. If a payment was sent: contact the sending bank or payment app immediately (fraud or support line) and ask for an urgent reversal, recall, or trace. Time is critical.
  5. Freeze or cancel compromised cards and request replacement cards. Place alerts with your bank to watch for unusual activity.
  6. Document everything: screenshots, full email headers, the exact text of messages, call times, and names/numbers of anyone you spoke to.

How to report — a step‑by‑step reporting playbook

For best recovery odds, report to both your financial institution and the appropriate enforcement or consumer agency. Use the following prioritized actions:

1) Contact your bank or payment provider immediately

  • Report fraud to your bank/credit union, card issuer, or the payment app (e.g., Venmo, Zelle, PayPal). Ask the fraud team to block the transaction, reverse or recall funds, and place monitoring on your account.
  • For wire transfers, ask the sending bank to submit a recall request right away.

2) Report to federal and national resources

  • Federal Trade Commission (FTC): report identity theft and scams at reportfraud.ftc.gov or use IdentityTheft.gov for recovery planning (FTC) [https://reportfraud.ftc.gov/, https://www.identitytheft.gov/].
  • FBI Internet Crime Complaint Center (IC3): file a cybercrime complaint at ic3.gov for larger scams or when money is lost online (FBI/IC3) [https://www.ic3.gov/].
  • Consumer Financial Protection Bureau (CFPB): if the fraud involves a bank, credit card, or payment provider and you aren’t satisfied with the response, file a complaint at consumerfinance.gov/complaint/ (CFPB).
  • IRS phishing and tax‑related impersonations: forward suspicious emails to phishing@irs.gov and report impersonation calls to the Treasury Inspector General for Tax Administration (TIGTA) when they claim to be the IRS (IRS guidance).

3) Report the phishing email or message to the platform and provider

  • Use the “Report phishing” button in Gmail/Outlook or forward full messages to the service the fraudster is impersonating (many companies maintain abuse@ or phishing@ addresses). Forward IRS‑related phishing to phishing@irs.gov.

4) File a local police report when significant sums are lost

  • A police report can support bank disputes and insurance claims. Provide copies of all documentation.

5) Report to specialized regulators when appropriate

  • State attorney general: most states have consumer protection divisions that accept fraud complaints (search “[your state] attorney general consumer complaint”).

Documentation checklist to speed recovery and investigations

Keep a secure folder (PDFs/screenshots) with:

  • Full email with headers or screenshots of text messages and web pages.
  • Transaction receipts, bank statements showing unauthorized transactions, wire transfer confirmations.
  • Names, dates, times, phone numbers, and notes of any conversations with banks or fraud teams.
  • Police report number and agency contact info.
  • Copies of any complaint receipts from the FTC, IC3, CFPB, or state AG.

If you need to provide evidence to regulators, this file will save time and strengthen your case — see our guide on how to document a financial scam for regulators for a checklist and sample documentation format.

Related: How to Document a Financial Scam for Regulators

Prevention strategies for individuals and small businesses

  • Use unique, strong passwords and a reputable password manager. Never reuse passwords across sensitive accounts.
  • Turn on multi‑factor authentication (MFA) everywhere it’s offered.
  • Set transaction alerts for significant account activity and small dollar thresholds on accounts used for business.
  • For businesses: require dual approval for wire transfers and vendor‑bank‑detail changes; call the vendor on a known phone number to confirm changes.
  • Limit the number of employees authorized to send or receive large payments and keep a current vendor contact list outside your invoice system.
  • Keep systems patched, use endpoint protection, and restrict remote access.
  • Regularly review credit reports (AnnualCreditReport.gov) and consider a fraud alert or credit freeze with Equifax, Experian, and TransUnion if identity theft is suspected (FTC guidance).

Related: Identity Theft and Tax Refund Fraud: Prevention and Recovery Steps

Common misconceptions and realistic expectations

  • Myth: “Banks will always refund fraud losses.” Reality: banks often reimburse unauthorized card transactions quickly, but recovery for authorized payments (you were tricked into sending funds) can be harder. Speed of reporting and the payment method matter.
  • Myth: “If an email looks official, it must be safe.” Reality: fraudsters copy logos and layouts. Always verify via a separate channel.

Fast action improves the odds of recovery, but outcomes vary. The FTC, CFPB, and your bank can help — and filing complaints increases visibility into emerging scams.

Sample scripts: what to say when you call your bank or file a report

  • To your bank: “I believe I was the victim of a payment scam. On [date], I sent/received [amount] to [name/account]. I want to report fraud and request a recall/reversal and monitoring on my account. My complaint number is ___.”
  • To the police: “I’d like to file a report for fraud. I have transaction evidence and copies of the phishing messages.”

Final practical checklist (quick‑reference)

  • Don’t click links or open attachments in suspicious messages.
  • Verify requests through a separate known channel.
  • Contact your bank/payments provider immediately for any unauthorized or misdirected payment.
  • File complaints with the FTC, IC3, and CFPB as applicable.
  • Document everything and consider a police report and credit freeze if identity theft is suspected.

Authoritative resources and where to file reports

  • Federal Trade Commission (FTC): reportfraud.ftc.gov / IdentityTheft.gov
  • FBI Internet Crime Complaint Center (IC3): ic3.gov
  • Consumer Financial Protection Bureau (CFPB): consumerfinance.gov/complaint/
  • IRS phishing reports: forward emails to phishing@irs.gov; TIGTA for IRS impersonation scams
  • Annual credit reports: AnnualCreditReport.gov

For more on verifying callers and text scams, see our guide: Phone and Text Scams: How to Verify Caller Claims.

Professional disclaimer

This article is educational and not individualized legal, tax, or financial advice. In my practice helping clients recover from scams, I prioritize rapid reporting and rigorous documentation — consult your attorney or a trusted financial professional for case‑specific guidance.

Sources

  • Federal Trade Commission (FTC) — identity theft and fraud resources (FTC)
  • FBI/IC3 — Internet Crime Complaint Center guidance (FBI)
  • Consumer Financial Protection Bureau (CFPB) — consumer complaint process (CFPB)
  • IRS — phishing and impersonation reporting procedures (IRS)