Recovery scams and follow-up fraud: what you need to know

Put yourself in the shoes of a scam victim.

Through no fault of your own, you’ve lost money, or valuable personal information, to a scammer.

You might feel embarrassed or ashamed. You might have lost confidence in your ability to navigate the online world, where giving away the wrong piece of information can cost you everything.

But then the phone rings. There’s been a development that could help to recover your money.

Obviously, you’re suspicious, but the person doesn’t just know your name. They know details that only your bank could know: who you bank with, that you’ve recently lost money in a scam, and how much you lost. They say they can help you get your money back and they take you through a verification exercise to ensure they’re speaking to the right customer.

And just like that, you’ve been scammed again.

Scam victims are vulnerable to recovery scams

The above scenario is an example of what’s known as a recovery scam or “follow-up fraud”.

Tom Roberts, threat and incident response team leader at the National Cyber Security Centre (NCSC), says these scams “target individuals who have fallen victim to a previous scam. The scammers get in touch pretending to offer assistance in recovering funds, posing as representatives of banks or telcos, and sometimes even specialised recovery firms.”

There are two primary ways recovery scams work.

In the first, scammers already have an individual’s details – such as who they bank with, or how much they lost – because they were involved in the original scam, or because they’ve been passed the victim’s details. The scammers will then contact a victim posing as their bank or other legitimate organisation, with the sensitive information they hold giving them a significant advantage when it comes to tricking their victim again.

A second, less sophisticated version of the recovery scam involves scammers finding new victims online. In this version, scammers will either pose as “recovery agencies” that can get victim’s money back or will contact people who have mentioned on social media or in forums that they have been scammed in the past.

More scam victims mean more recovery scams

Recovery scams are not new, but as the prevalence of scams has grown in recent years, the number of potential victims of recovery scams has also grown significantly. CERT NZ does not collect data on recovery scams specifically, but across the ditch there has been a significant uptick in follow-up fraud.

The Australian Competition and Consumer Commission reported that in the 6 months between December 2023 and May 2024 there were 158 reports of recovery scams, a 129% increase when compared to the previous 6 months. Australians aged 65 and over were the largest group reporting recovery scams and suffered the highest losses. In July, the Australian National Anti-Scam Centre urged Australians who have had money stolen by scammers to be wary of offers to recover their money for an upfront fee.

What to watch out for

If you’ve been the victim of a scam in the past, you need to be particularly vigilant when it comes to follow-up fraud.

“Recovery scams are particularly nasty scams because previous victims are seen as the best targets because they want to get their money back, so scammers exploit this desperation,” Roberts says.

In addition to the desperation of the victim, because a recovery scammer may have information about the previous scam, they can be particularly convincing.

“The scammers have so much information about you. They know who you are, how much money you lost and other details – often because they were the original scammer. This information gives the scammer an air of authority that helps them gain the target's trust. We've even had instances where the scammer warns the target that: ‘scammers may call you pretending to be your bank’,” Roberts says.

What do recovery scammers want?

“The majority of the time it's money. These are exceptionally financial motivated organizations,” Roberts says.

“People need to look out for upfront fees. If someone calls from a government agency, bank or other authoritative agency, typically, they’re not asking for upfront fees over the phone.”

However, recovery scammers are dealing with people who have been burned before, and hence likely to be highly suspicious of any financial requests. Instead, scammers might try to extract personal information, get you to download ransomware onto your computer, or take control of your device. But it’s all for cash at the end of the day.

“Even if they get you to download to buy some ransomware onto your device, ultimately, they’re still after money,” Roberts says.

A devastating impact on victims

The repeat nature of recovery scams can be particularly damaging for victims according to Dr Petrina Hargrave, general manager strategy and advocacy for Victim Support.

“It’s hard enough being a victim of a scam, let alone being victimised again by fraudsters who are promising to help amend the harm you’ve just suffered. Everything that a victim experiences through being scammed once is amplified in a recovery scam – it’s a double blow to their trust, confidence, sense of safety, self-esteem, mental health, fear, not to mention what they’ve lost financially.”

And it is the psychological impact that can cause the most damage.

“We’ve seen people lose their entire life savings in scams, but it’s that erosion of trust that can take them to a really dark place, especially if they’ve been targeted more than once. That’s why fraud is much more than losing money – it’s a deeply personal crime that really damages a person’s sense of self,” Hargrave says.

How to defend against a recovery scam

The principles for protecting yourself from a recovery scam are the same as for other types of scams, but if you have recently been a victim of cybercrime you need to be even more vigilant than usual.

Here are some scam protection tips that are particularly relevant to recovery scams.

Be suspicious of spontaneous contact

“Very rarely will authority figures just reach out unsolicited,” Roberts says. If you receive a call or email from someone claiming they can help you recover money lost to a scam, it is very likely to be a scammer. Put the phone down or report the email as spam.

Resist urgency

“An agency or a bank has the resource of time, and that’s something scammers don’t have, so they’ll use pressure tactics,” Roberts says. Scammers use urgency to stop people making thoughtful decisions. If someone is trying to pressure you to take urgent action, there is probably a bad reason for it. Ignore them.

Find contact information independently

When in doubt, hang up, find the contact details for the organisation the person claims to represent yourself, then get back in touch through those details. Roberts says, “the best defence, even if you think the caller might be legitimate, is to stop communicating with them and use official channels instead.”

Consider changing your contact details

Scammers may target the same individual more than once or pass on their contact details to other scammers. If you’ve been scammed, it might be worth changing your telephone number or email address to put yourself out of reach of recovery scammers.

Check the Companies Register

If you see advertisements for money recovery services, do your research. If a company claims to be registered in New Zealand, Own Your Online recommend looking them up on the Companies Register.

Protect your personal information

It’s not just money at stake. You may have decided you’ll never send money to anyone claiming to be legitimate again, but if you give scammers information like your driving licence or IRD number, they could use it to steal from you in future. Protect your information like it’s your money.

Do not give remote access to your device

Scammers may not ask for money, but they could pose as a legitimate entity – like a specialist from your bank who’s getting in touch to help check your computer for scams – and in that way take control of your device. If you’ve given anyone remote access to your device and suspect it may have been a scam, Own Your Online recommends disconnecting the device from the internet to prevent further access.

For more information on recovery scams, check out Own Your Online.