Set a verification method now, before there's an emergency. The FTC's advice for families: agree on a code word or callback procedure with close family members. If a "family member" calls claiming trouble and can't produce the word, that's a strong sign the call isn't real however convincing the voice sounds.

For businesses, the equivalent is process-based. The FTC's small business invoice guidance, published this month, recommends clear written approval procedures for purchases and invoices tied to a known vendor list. A scammer can send a convincing invoice; they can't appear on a pre-approved vendor list they've never heard of.

Fake invoices also sometimes arrive as phishing emails designed to harvest business network credentials an accounts payable request that's really a data grab, per the same FTC small business alert. Pre-established procedures catch both types.

The contact arrives with a built-in credential: a government agency name on caller ID, an official-looking seal on a letter, a real employee's badge number, a well-known company's logo on an invoice or a voice that sounds like someone you love.

This is the foundation every subsequent pressure tactic depends on. Scammers spoof caller ID to display government agency names, cite real employee names and badge numbers, and send official-looking letters with agency seals, according to the FTC's guide on business and government impersonation. None of it requires sophisticated tools to fake.

Fake invoices targeting businesses are frequently branded as recognizable companies. The FTC cites Geek Squad as a common example invoices charging for domain registration, SEO, or tech support services the business never ordered. The branding is the trick. A logo is not a contract.

AI voice cloning adds a layer that's genuinely harder to dismiss. A scammer can replicate a family member's voice from a short clip pulled from social media, making an impersonation call difficult to detect on sound alone, per the FTC's AI voice cloning alert. The FTC's guidance is unambiguous: "Don't trust the voice." A convincing voice is not verification at home or at work.

Treat every unsolicited contact as unverified regardless of how authoritative it looks or sounds. Verification means a number you look up yourself on the organization's official website, your utility bill, or the back of your card. Not anything provided in the message.

A routine situation escalates fast. A possible account problem becomes a pending court seizure. A billing question becomes a shutoff notice expiring in one hour. An invoice arrives already stamped "past due."

Urgency is a technique, not a fact. Government imposters routinely escalate from a routine account issue to claims that courts are "about to seize" a victim's bank account or retirement savings a lie designed to compress the time available to think or verify, according to the FTC's impersonation guide. The story gets worse the longer you stay on the line, because the scammer needs you panicked before you can step back.

Fake invoices sent to businesses frequently arrive pre-stamped as past due, manufacturing a sense of obligation that doesn't exist, per the FTC's small business fraud alert. Utility scammers threaten immediate service shutoffs and demand wire transfers on the spot behavior the FTC notes real utility companies don't engage in. A callback to the number printed on your actual bill would expose the scam in seconds.

Slow down deliberately. A real company or agency can be reached through an independent callback. A scammer counting on panic needs you to act before you think.

The request names a specific payment method wire transfer, gift cards, cryptocurrency, a payment app, cash, or gold. Sometimes it's framed as the only available option.

This is one of the clearest structural indicators of fraud, because the payment method isn't incidental it's the point. Wire transfers through services like Western Union, MoneyGram, or Ria work like sending cash: once the money moves, recovery is rarely possible and the recipient is nearly impossible to trace, according to the FTC's wiring money guide. Scammers can collect from any location worldwide.

No real government agency will ever ask for payment by gift card, wire transfer, payment app, or cryptocurrency. The FTC states this categorically. Telemarketers are also legally prohibited from requesting payment by wire transfer.

Tech support scammers consistently demand gift cards, bank transfers, cryptocurrency, or payment apps for the same reason they work like cash and "once you pay, it's hard to get your money back," as the FTC's tech support scam guide explains. This pattern shows up across family emergency scams, fake invoice schemes, and government impersonation calls alike. The method is chosen deliberately.

The contact directs you to use their phone number or link if you have questions. They stay on the line while you act. They provide a badge number or case number both of which they invented.

The mechanism here is simple: if a scammer controls the channel you use to verify, every check you run confirms the scam rather than exposing it. The FTC's guidance is direct on this point if you think there's a real problem with an account, contact the company using a number or website you already know is legitimate. Never use contact details from the message itself.

Some scammers stay on the phone while directing victims to a bank branch or a cryptocurrency ATM, keeping them isolated from any bank employee or third party who might intervene, per the FTC's money transfer alert. The goal is to keep you inside a loop the scammer controls until the transfer is done.

Hang up. Find the organization's contact information independently. Call that number. The 30 seconds this takes will either confirm the contact is legitimate or expose the scam. For business employees, search unfamiliar vendor names with terms like "scam," "review," or "complaint" before paying anything, per the FTC's small business guidance.

This is where the scam stops pretending to be administrative. The contact asks you to transfer funds to a "safe" account, hand cash or gold to a courier, or grant remote access to your computer. Secrecy is framed as necessary for your protection.

The "protect your money" transfer is a defined fraud pattern. No government agency will ever tell you to transfer money to protect it, deposit funds in a "federal safety locker," or hand cash or gold to anyone for safekeeping, according to the FTC's tech support scam guide. There is no such thing as a federal safety locker.

Remote access requests follow a similar logic. Once a tech support scammer has access to your computer, they can pretend to find evidence of a hack, claim your accounts are compromised, and escalate demands based on what they see, per the same FTC guide. Remote access is a tool for extraction, not diagnosis.

The secrecy demand is a tell on its own. Anyone instructing you to lie to bank staff about the reason for a withdrawal to say it's for a home renovation, for example is running a scam. The FTC identifies this explicitly: anyone telling you to deceive someone else about a transfer has told you everything you need to know.

End the contact. Do not grant remote access. Do not make any transfer.

1. Stop the conversation. Hang up, close the chat, or set down the invoice. Do not continue under time pressure the contact manufactured.
2. Verify independently. Find the organization's real contact details yourself official website, printed bill, the number on your card and call that. Never use anything provided by the contact.
3. Don't use their links, numbers, or payment instructions. These connect back to the scammer or a spoofed page they control.
4. Tell someone. If the contact said to keep it confidential, that's your confirmation. Tell a family member, colleague, or your bank's fraud desk.
5. Business check: Match the invoice against existing purchase orders and your approved vendor list. No match, no payment regardless of how urgent the invoice looks (FTC).

If you paid by wire transfer: Contact the transfer service immediately and report it as fraudulent MoneyGram, Ria, and Western Union each have dedicated lines for this. If the wire went through your bank, contact them directly and ask them to reverse it. Act fast; recovery isn't guaranteed, but the FTC's wiring money guide is clear that contacting the provider right away is the right first step.

If you gave remote access to your device: Change your passwords immediately starting with any account that was accessible during the session, and any other accounts where you use the same password, per the FTC's tech support scam guide. Check linked financial accounts for unauthorized transactions and report any you find to your bank.

Report it either way: File a report at ReportFraud.ftc.gov whether or not money moved. The FTC uses those reports to build cases against scammers. Forward phishing emails and fake invoices to [email protected], the Anti-Phishing Working Group's intake address, per the FTC's small business alert.

AI has made the surface of these scams cheaper to fake. A cloned voice is harder to dismiss than a clumsy email, and that advantage may grow as the technology improves. But none of that changes the defense. False authority, manufactured urgency, irreversible payment methods, verification sabotage, and secrecy demands are the mechanics every variant runs on. The answer to all five is the same: slow down, verify through a channel you control, and never let the sender set the terms of confirmation.