Scam Message Checker

What to do if you shared investment, trading, or crypto platform login details

Acting quickly to lock down the account limits what an attacker can do. Change access first, then secure anything linked to it.

Quick answer

Acting quickly to lock down the account limits what an attacker can do. Change access first, then secure anything linked to it.

  • Change the password from the official app or website and log out of all sessions.
  • Turn on two-factor authentication.
  • Contact the platform's official support to flag the account.
  • Freeze withdrawals if the platform allows it.
Most urgent

Do this now

Contact the platform immediately, and your bank if a linked account or card is exposed.

Understanding what happened

Investment and trading accounts are valuable targets because they can hold funds and link to banks. Locking down access quickly is the most useful first move.

Attackers often follow up posing as 'support' or 'recovery', asking for codes or seed phrases, or telling you to move funds to a 'safe' account. Never do this.

The steps here focus on regaining control of the account, removing attacker access (sessions, API keys, connected apps), and protecting anything linked to it.

First 5 minutes

  1. Change the password from the official app or website and log out of all sessions.
  2. Turn on two-factor authentication.
  3. Contact the platform's official support to flag the account.
  4. Freeze withdrawals if the platform allows it.

First 24 hours

  1. Review open trades, withdrawals, wallet addresses, and connected apps.
  2. Revoke any API keys or suspicious app connections.
  3. If a linked bank account or card is exposed, contact your bank.
  4. Save evidence and report to your cybercrime or fraud authority.

What not to do

  • Do not share a seed phrase, private key, or one-time code with anyone, including 'support'.
  • Do not move funds to a 'safe account' someone gives you - that is a scam.
  • Do not reuse the exposed password anywhere else.

Evidence to save

  • The platform name and account identifier (not the password)
  • Screenshots of unexpected trades, withdrawals, or messages
  • Any wallet addresses or API connections involved

How to save scam evidence →

How to report

Report through official channels for your area.

Find official reporting links for your country in the reporting directory.

  • Do not use phone numbers or links from the suspicious message - look up the official ones yourself.
  • Report quickly if money was sent or ID documents were shared; speed improves your options.
  • Keep your evidence - see how to save scam evidence.

Beware of follow-up 'fund recovery' or 'account recovery' services. No legitimate service guarantees recovery for an upfront fee.

Stop it happening again

Use a unique password and an authenticator app on every financial account.

Never enter trading or wallet logins via a link in a message.

Review and remove unused API keys and connected apps regularly.

This is general educational guidance, not legal or financial advice, and it is not a guarantee. Always verify through official channels.

Still have the message?

Check it to understand the red flags and how to report it.

Check a message

Frequently asked questions

I only shared my login, not my seed phrase - am I safe?

Changing your password and enabling 2FA quickly greatly reduces the risk. If you also shared a seed phrase or private key, treat the wallet as fully compromised and move any remaining funds.

Should I move funds to the 'safe wallet' support gave me?

No. Being told to move funds to a wallet or account someone provides is itself a scam. Only move funds to a wallet you control.

Get scam safety updates

Practical scam alerts, new examples, and simple safety tips. No spam. No sensitive message data.

We only collect your email address, optional name, consent status, signup page, and signup time. See our privacy policy.