What to Do When You Receive a Fake Message

What to Do When You Receive a Fake Message

Fake messages—whether SMS, email, social media DMs, or messaging apps—are designed to trick you into revealing information, clicking malicious links, or taking rash actions. Reacting calmly and deliberately protects your accounts, devices, and finances. Follow this step-by-step guide when you suspect a message is fake.

1. Pause and don’t interact

• Do not click links or download attachments.
• Do not reply or call any number provided. Engaging can confirm your contact is active and invite more scams.

2. Verify the sender

• Check the sender’s address/number carefully. Look for subtle misspellings or extra characters.
• Independently contact the organization using a phone number or website you know is real (not any contact info in the message).
• For contacts you know: confirm with the person via a separate channel (call, different app).

3. Inspect the content for red flags

• Urgency or threats (e.g., “act now or your account will be closed”).
• Requests for personal info or passwords. Legitimate services won’t ask for passwords via message.
• Poor spelling/grammar or odd phrasing.
• Unexpected attachments or shortened URLs.

4. Protect your accounts and device

• If you clicked a link or provided any info, change your passwords immediately—start with your email and any affected accounts.
• Enable two-factor authentication (2FA) for important accounts if not already on. Use an authenticator app or security key where possible.
• Run a malware scan on your device with reputable security software if you downloaded anything or suspect infection.

5. Report the message

• Report to the platform (email provider, social network, messaging app). Most have “report” options that help block the sender.
• Report phishing or scams to authorities in your country (e.g., national cybercrime unit or consumer protection agency). In many countries you can also forward phishing emails to a designated abuse address (e.g., [email protected] or a government phishing-reporting address).
• Notify your contacts if the message came from a compromised friend’s account, so they don’t engage.

6. Block and delete

• Block the sender to stop further messages from that source.
• Delete the message after reporting and noting any important details (like the sender ID or text) for records.

7. Review account activity

• Check recent activity/logins on affected accounts for unauthorized access.
• Revoke suspicious third-party app access and remove remembered devices you don’t recognize.

8. Educate yourself and others

• Learn common scam formats (phishing, vishing, smishing, impersonation) so you can spot them faster.
• Share the steps above with family or coworkers, especially less tech-savvy contacts.

Quick checklist (do these immediately)

1. Don’t click, reply, or download.
2. Verify sender independently.
3. Change passwords if you entered credentials.
4. Enable 2FA.
5. Report the message and block the sender.
6. Scan your device for malware.

Handling fake messages calmly and promptly minimizes harm. When in doubt, treat unexpected requests for personal data or urgent actions as suspicious and verify through a trusted channel.