Hacked.com icon

hacked.com

Move Your Money To Protect It? What To Do About Impersonation Scams

Updated March 23, 2026By Hacked.com Editorial
Older adult pausing during a phone scam about moving money for safety

The line changes, but the goal stays the same: a stranger tells you your money is in danger and must be moved right now. Sometimes the story starts with a fake Amazon purchase alert. Sometimes it starts with a fake bank-fraud call, a Microsoft warning, or someone claiming to be from the government. What follows is the real scam, the demand to move funds into a 'safe' account that the criminal controls.

The FTC says no real FTC employee will tell you to move money to protect it, deposit money into a cryptocurrency ATM, or hand cash or gold to a courier. The FTC's 2024 older-consumers report also says older adults reported the highest phone-call losses on business impersonation and government impersonation scams, and business impersonation reports were often about bank impersonations. This is not a niche tactic. It is a repeatable script aimed at savings, retirement funds, and urgency.

Safety note: no legitimate bank, broker, or government agency protects your money by moving it to an account chosen by an inbound caller.

Start here

Work from the state you are in now, not the state you wish you were in.

Where you are Do this first Why
No money sent yet Hang up, do not reply, and call the institution using a number you already trust Verification breaks the script before the loss happens
A wire or transfer is pending Call the bank fraud team immediately and ask for a recall or hold Wire options shrink fast once funds settle
You bought crypto, gold, or gift cards Save every receipt, wallet address, and instruction, then report it Recovery is harder, so documentation matters more
You shared SSN, account logins, or codes Secure the account layer and move into identity-theft containment Money loss and identity loss often travel together
  • Stop the call or text exchange.
  • Do not move more money to 'test' whether the story is real.
  • Call the bank, broker, or card issuer using the number on your statement, card, or official app.
  • Tell them clearly that a scammer instructed you to move money for protection.
  • Preserve the caller ID, text thread, transfer instructions, and timeline.

How this scam usually unfolds

Many incidents start with a text or call that looks routine: suspicious purchase, hacked account, fraud alert, or malware warning. Then the victim is transferred to a second voice who sounds more official, more technical, or more urgent. The FTC warns that the second voice may claim to be from a real government agency, including the FTC, and may tell you the only safe option is to move your money immediately.

This is a layered social-engineering attack. The first contact creates fear. The second contact creates authority. The final contact creates a payment instruction. In some cases, the caller stays on the line while the victim goes to the bank or crypto ATM and coaches the victim on what to say. That coaching is itself a red flag. Real fraud teams do not need you to hide the purpose of the transfer from your own bank.

If no money has been sent yet

This is the highest-leverage moment because the payment trail does not exist yet. Keep the response mechanical.

  • Hang up or stop replying.
  • Call the institution directly using a known-good number.
  • Check the real account in the official app or website for the supposed fraud event.
  • If no suspicious event exists, document the scam and block the number.

If the first contact came by text, compare the pattern against SMS text scams. The FTC says older adults' text-loss reports often involved fake alerts from Amazon and banks. The message is not there to inform you. It is there to route you into a payment conversation.

Rule of thumb: the moment the solution becomes 'move your money somewhere else,' you are no longer talking to a protector. You are talking to the thief.

If a wire or bank transfer was started

Call the bank fraud team immediately. Use the word 'scam' and say the transfer was induced by impersonation. On the IC3 elder-fraud page, the FBI says people should contact their bank, request a recall, and ask for hold harmless or indemnification documents as quickly as possible. Even if the money is already gone, speed improves the odds that an institution can freeze something downstream.

  • Ask whether the transfer is still pending or already settled.
  • Ask whether a recall, hold, or beneficiary freeze is still possible.
  • Record the case number, time of the call, and the representative's name.
  • If online banking credentials were shared, rotate them from a clean device and review payees and linked accounts.

If the scammer had you log in while guiding you, do not treat this as a pure payment incident. Treat it as possible account compromise too, and run the account side through bank-account incident response.

If you bought crypto, gold, or gift cards

These payment rails are favored because they are hard to reverse and easy to move. The recovery path is less about undoing the payment and more about preserving the trail cleanly.

  • Save every receipt, wallet address, store location, or pickup instruction.
  • Photograph or screenshot gift card numbers if they are still visible.
  • If crypto was involved, record the exchange, the wallet address, the amount, and the transaction ID.
  • If cash or gold was handed off, write down the time, place, vehicle details, and physical description immediately.

Do not let embarrassment erase evidence. The criminal already knows what happened. Investigators and institutions do not unless you preserve the details.

If retirement or brokerage money was touched

The damage pattern is often worse when the caller steers someone toward a retirement account, brokerage account, or home-equity funds. These are large-balance targets, and the caller may use phrases like 'temporary safe account,' 'federal protection,' or 'segregated holding account' to make the move sound procedural.

  • Call the brokerage or retirement provider directly and describe the impersonation.
  • Ask whether outbound transfers can still be frozen, recalled, or flagged.
  • Review beneficiary, trusted-contact, and mailing-address changes.
  • Preserve any instructions about liquidation, distribution, or cashier's checks.

When retirement money moves because of pressure and deception, the scam is not less serious because the victim technically authorized the transfer. The practical question is whether the institution can still interrupt the movement and whether the evidence packet is strong enough to support that request.

If you shared account details, SSN, or verification codes

Impersonation scams often steal more than money. If the caller collected logins, one-time codes, full card numbers, or Social Security details, add identity and account containment to the plan.

  • Secure email first if it can reset the exposed accounts.
  • Change passwords from a clean device and revoke unknown sessions.
  • If the caller had remote access, treat the device as compromised and review spyware cleanup.
  • If identity data was exposed, use identity-theft recovery steps and consider a credit freeze.

This is why a pure 'fraud dispute' mindset fails. The loss may start with one transfer, but the real recovery problem may involve email, banking, and identity at the same time.

Build the incident file before details drift

Write down the exact order of events while it is still fresh. Good cases usually have a clear timeline, not perfect memory.

  • caller ID or text screenshot
  • what the first message claimed
  • who you were transferred to
  • what payment method they demanded
  • which institution you contacted and when
  • case numbers, transaction IDs, and receipts

Then report the incident through the channels that match the harm:

If the impersonator claimed to be from Social Security or another government office, keep that detail explicit in the report. Scam networks reuse the same scripts across agencies and brands.

How to make the next call fail

The durable defense is a verification rule strong enough to survive panic. Use simple language and repeat it until it becomes automatic.

  • No inbound caller gets to decide where your money goes.
  • No text message gets to pick the phone number you use for verification.
  • No fraud team needs secrecy from your bank, spouse, or trusted family member.
  • No government agency protects funds by moving them to a special account.

If you want a phone-scam label for this pattern, it often combines vishing with impersonation and payment coaching. The label matters less than the process: hang up, verify independently, and refuse to move funds until the story survives a callback on your terms.

These scams work because they borrow the language of protection. They talk about fraud prevention, account safety, government procedure, and emergency shielding. That language can sound responsible, especially when the caller knows just enough about the bank or account to sound plausible.

The counterweight is not instinct. It is structure. A structure that says every high-stakes money decision gets a fresh verification step from a number you already trust will block most of these losses before the transfer starts.

Once money has moved, the goal shifts to speed, evidence, and containment. Once no money has moved, the goal is to end the conversation before the scammer can choose the next step for you.