Macro

FTC Flags Recovery Fraud as Identity Crime Shifts to Repeat-Victim Targeting

WASHINGTON — The U.S. Federal Trade Commission is warning that scammers are systematically re-targeting people who have already lost money to fraud, posing as government agents capable of recovering stolen funds. New data from…

By Mara Whitfield·July 4, 2026·二〇二六年七月四日·2 min read

HONG KONGJuly 4, 2026

WASHINGTON — The U.S. Federal Trade Commission is warning that scammers are systematically re-targeting people who have already lost money to fraud, posing as government agents capable of recovering stolen funds. New data from the Identity Theft Resource Center shows the pattern is worsening: 25.6 percent of identity crime victims in 2026 were managing two or more incidents simultaneously, up from 23.5 percent the year before, as identity crime migrates from isolated events into layered cases spanning multiple accounts and institutions.

The Sucker List Economy Driving Repeat Fraud

The mechanism behind serial targeting is a criminal data trade the FTC describes as "sucker lists." These compiled records include a victim's name, address, phone number, the type of scam deployed, and the amount paid. Criminal groups buy and sell the lists on the premise that someone who paid once is likely to pay again. A single successful fraud can seed multiple follow-on attempts — either from the same operator using a new story, or from a different group that purchases the list and runs a separate pitch.

The FBI's Internet Crime Complaint Center has separately flagged fictitious law firms approaching cryptocurrency scam victims with fake fund-recovery offers, a variant of the same scheme. A caller who already knows what happened to the target and how much was lost can project false legitimacy before requesting a retainer, a processing fee, or banking credentials.

Why Stolen Social Security Numbers Create Structural Exposure

The Identity Theft Resource Center's 2026 Trends in Identity Report found that 62.1 percent of attempted identity misuse cases involved new account applications — credit cards, loans, or financial accounts opened at institutions the victim has never used. Unlike a compromised card number, which a bank can replace within days, a Social Security number cannot be routinely reassigned. The Social Security Administration issues new numbers only in limited circumstances and generally requires an in-person appointment.

That permanence means stolen credentials remain exploitable long after the initial breach is addressed. A leaked SSN can be used to file a fraudulent tax return, draw a paycheck under the victim's name, or open a loan at an unfamiliar lender — none of which necessarily surfaces on a card statement. The ITRC notes that periodic credit checks can miss accounts opened in the gap between reviews.

What Regulators Say Victims Should Do

The FTC is unambiguous on one point: real government agencies and legitimate organizations do not charge upfront fees to recover lost funds, and they do not request bank account numbers or Social Security numbers as part of the process. Demands for payment via gift card, cryptocurrency, wire transfer, or a payment application are consistent with fraud, regardless of how credible the caller sounds.

Anyone who receives a suspicious recovery offer should report it to the FTC at ReportFraud.ftc.gov. Schemes involving cryptocurrency or fictitious law firms should be filed separately with the FBI's Internet Crime Complaint Center at IC3.gov. The ITRC's 2026 data makes the structural implication plain: incident response frameworks built around a single remediation event are increasingly mismatched to a criminal market that treats prior victims as a recurring revenue opportunity.

Related reading

Source · 來源

NewsHK

Share · 分享

Key takeaways

Frequently asked

What is a 'sucker list'?

It is a compiled criminal record including a victim's name, address, phone number, the type of scam used, and the amount paid, bought and sold on the premise that someone who paid once is likely to pay again.

Why is a stolen Social Security number more dangerous than a stolen card number?

Unlike a card number that a bank can replace within days, a Social Security number cannot be routinely reassigned—the Social Security Administration issues new numbers only in limited circumstances and generally requires an in-person appointment—so stolen credentials remain exploitable long after the initial breach.

How can someone tell a fund-recovery offer is a scam?

Real agencies do not charge upfront fees or request bank account or Social Security numbers, so demands for payment via gift card, cryptocurrency, wire transfer, or a payment app indicate fraud regardless of how credible the caller sounds.

Where should victims report a suspicious recovery offer?

Suspicious recovery offers should be reported to the FTC at ReportFraud.ftc.gov, and schemes involving cryptocurrency or fictitious law firms should be filed separately with the FBI's Internet Crime Complaint Center at IC3.gov.