The moment you realise you have been scammed online, your first instinct might be to panic or freeze. That reaction is understandable – but the first 24 hours are the window in which you have the most power to recover your money and limit the damage. Here is exactly what to do, in order.
1. Contact Your Bank or Card Issuer Immediately
This is the single most important action you can take. Call the number on the back of your card and explain that you have been the victim of online fraud. If you paid by credit card, request a chargeback. If you paid by debit card, ask about fraud recovery options.
Time matters: the sooner you call, the better your chances of the charge being reversed before it clears. Do not wait until you are sure – if you strongly suspect fraud, make the call now.
2. Document Everything
Before you do anything else on the site – before it potentially disappears – capture screenshots of:
- The store’s homepage, About page, and contact page
- Your order confirmation and any receipts
- All email correspondence with the seller
- The product listing and description
- Any payment confirmations from your bank or PayPal
Save copies to your device and email them to yourself. These will be essential for your chargeback dispute, consumer protection reports, and any other recovery steps.
3. Report to the Payment Platform
If you paid via PayPal, open a dispute immediately through PayPal’s Resolution Centre – PayPal’s buyer protection can recover funds even when your bank cannot. If you used a payment service like Apple Pay or Google Pay, contact them as well. Each platform has its own dispute window, and most require you to act within 30–180 days of the transaction.
4. Report the Site to Consumer Protection Authorities
File a report with your country’s consumer protection agency or cybercrime unit. In the United States, that means the FTC (reportfraud.ftc.gov) and the FBI’s IC3 (ic3.gov). In the UK, use Action Fraud. In the EU, contact your national consumer centre.
Individual reports rarely result in immediate personal recovery, but they build the case files that lead to takedowns and prosecutions – and they help other potential victims find warnings before they buy.
5. Change Passwords If You Created an Account
If you registered an account on the scam site, change the password you used – especially if you reuse passwords across other services. Scam operations sometimes harvest login credentials alongside payment data. Change any accounts where you used the same email and password combination.
Enable two-factor authentication on your email, bank, and any other critical accounts if you have not already done so.
6. Monitor Your Credit and Bank Statements
Some fraudulent sites sell payment data rather than – or in addition to – using it themselves. Watch your bank statements closely for the next several weeks. Any unfamiliar charge, no matter how small, should be disputed immediately. Scammers often test stolen cards with small transactions before making larger ones.
Consider placing a fraud alert or credit freeze with the major credit bureaus if you shared sensitive personal information beyond just payment details.
7. Report the Website
Report the scam store to Google (via Google Safe Browsing), to your browser’s built-in phishing report feature, and to the domain registrar if you can identify it from the WHOIS record. These reports flag the site for other users and can lead to its removal from search results and browser trust lists.
Before It Happens Again
The best protection against online shopping fraud is a quick check before you buy. ShieldFlag scans any website for domain age, blacklist status, SSL validity, and dozens of other risk signals in seconds. A 30-second check before checkout is far easier than a 30-day dispute process after the fact.
