AlertSeguridad

What to do if you've already given your details in a phone scam

If you've just given out details or money in a fraudulent call, there's still time to limit the damage. We explain the urgent steps, in order and without scaremongering.

N
By NoCall
NoCall Editorial
20 May 20266 min read
What to do if you've already given your details in a phone scam
#estafa#fraude#banco#denuncia

You've just hung up and an uneasy feeling has come over you: the call wasn't from your bank, nor your electricity company, nor technical support. And you've already handed over a piece of information, a password, or even made a transfer. Take a breath: acting quickly and methodically makes an enormous difference, and most of the consequences can be contained if you move within the next few hours.

Below you'll find a practical guide, designed so that you know exactly what to do first and what to expect. If you want to understand how to recognise these voice-based attacks, we also recommend reading our guide on what vishing is.

First: what exactly did you give them?

Not every situation is the same, and that changes how urgent each step is. It's worth distinguishing between two scenarios:

  • You gave only an isolated piece of information (your name, your ID number, an address, an email). The main risk is identity theft and future, more personalised calls. It's serious, but it rarely requires freezing accounts immediately.
  • You gave access or money: banking passwords, an SMS verification code, your full card details, you installed a "remote assistance" app, or you made a transfer. Here every minute counts, because the scammer may already be operating with your account.

Work out which of the two you're in and prioritise accordingly. The steps that follow are ordered from the most urgent to the most preventive.

1. Contact your bank NOW and block the card

If you've given out banking details, made a payment, or suspect someone might access your money, call your bank's official number immediately (the one on the back of your card or on its website, never a number given to you by whoever called).

Specifically ask them to:

  1. Block or cancel the card that's been compromised and issue a new one.
  2. Stop or attempt to reverse any transfer or charge that hasn't yet been settled.
  3. Activate transaction alerts via SMS or app, if you didn't have them.

Many banks have 24-hour fraud lines. The sooner you report it, the more chances there are of stopping transactions. Note down the name of the person who assists you and the time of the call.

2. Change your passwords and turn on two-step verification

If you handed over credentials —for banking, email, social media, or any service— change them from a device you consider secure. Start with the most sensitive accounts: your main email (because the others are recovered through it) and your online banking.

Then turn on two-step verification (2FA) wherever possible. That way, even if someone has your password, they won't be able to get in without the second factor. If you were reusing the same password across several sites, change it on all of them: now's the time to leave that habit behind.

3. Keep an eye on your transactions over the coming weeks

Fraud isn't always carried out instantly. Check frequently:

  • The transactions on your accounts and cards, even small charges (sometimes they run a tiny test before the big charge).
  • Your email and SMS, in case you receive confirmations of transactions or sign-ups you didn't make.
  • Alerts about new accounts opened in your name, if you shared complete personal details.

If you spot anything odd, go back to step 1 without hesitation.

4. Keep all the evidence

Before deleting anything, gather and preserve everything that documents what happened. It will be essential for filing a report and for making a claim with the bank:

  • The phone number they called you from and the date and time.
  • Screenshots of any SMS, emails, websites, or payment screens involved.
  • The receipts for transfers or charges.
  • A written summary of what they told you and what you provided, written while you still remember it in detail.

The more information you provide, the easier the investigation will be.

5. Report it to the National Police or the Civil Guard

File a formal report. You can do so at any National Police station or Civil Guard post, and many procedures can be started or checked through their official websites. Take the evidence from the previous step with you.

The report doesn't just protect your rights with regard to the bank and any possible claims: it also feeds into the statistics and investigations that help track down these networks. If money changed hands, filing a report is usually also a requirement for making a claim.

6. Report the incident to INCIBE (017)

The National Cybersecurity Institute (INCIBE) offers a free, confidential helpline on 017, available to individuals. They'll guide you on the steps to take based on your specific case and answer questions about how to protect your accounts and devices.

It's a particularly useful resource if you're not sure of the extent of what happened or if you installed a program the scammer asked you to. If you have more general doubts about how to react in the moment, review what to do about a suspicious call.

7. Turn to the AEPD if personal data is involved

When personal data has been compromised —your ID number, address, health data, etc.—, the Spanish Data Protection Agency (AEPD) is the relevant authority. On its electronic office you can find information and, depending on the case, file a complaint.

The AEPD also has urgent-action channels for especially serious situations involving the dissemination of personal data. Check its official website to see which one fits your situation.

8. Warn your contacts if your identity has been impersonated

If the scammer has gained access to your email, your WhatsApp, or your social media, it's common for them to try to deceive your circle by posing as you (the classic "I need you to send me an urgent Bizum"). Warn your family, friends, and colleagues as soon as possible that you've suffered an incident and that they should be wary of any request for money or information that appears to come from you.

A short message preventing others from falling for it can save a lot of grief.

Stay calm and learn from the episode

Falling victim to a phone scam doesn't make you a careless person: these networks are professional and play on urgency and fear. What matters is that you're already reacting. Once the urgent part is sorted, spend a few minutes reviewing your habits: be wary of calls that rush you, never give out verification codes over the phone, and always check numbers you don't recognise.

For that last point you can rely on a spam number directory, where the community identifies the phone numbers linked to fraud and nuisance calls.

Help make sure it doesn't happen to anyone else

If you've been called from a suspicious number, report it on NoCall. Every alert helps other people recognise the number before they pick up and avoid falling into the same trap. Share your experience in our spam number directory and become part of the network that stops these scams.

Received a suspicious call?

Look up the number in NoCall before sharing data, calling back, or clicking any link.

Search a phone number or a company name (GTBank, MTN and Airtel...) to check if it has been reported as spam.

What to do if you've already given your details in a phone scam | NoCall