For education only · Not an official page of any company · We use referral links; signing up through them won't cost you more, and the site owner may earn a commission.

"Pay a release fee first and you'll get the money" — that's how it disappearsMoney transfer scams and safety: fake support, phishing and shared devices

By Zhou Lan · Updated 18 Jun 2026 · about 11 min

This is for anyone sending or receiving money across borders: a worker wiring wages home, a parent funding a child abroad, a freelancer collecting foreign pay, or someone touching stablecoins for the first time. It isn't a legal guide to recovering stolen funds after a report is filed — for that you need your local police and regulators. By the end you'll recognise the five most common scam playbooks, know how to verify an official domain, protect yourself on shared devices, and act fast if something goes wrong.

One iron rule first. Any story that requires you to pay money before you can receive money — a release fee, a deposit, a "processing" charge, a tax, an activation fee — is a scam, without exception. A genuine transfer never asks the recipient to pay first. The moment you hear it, stop: don't pay, and don't keep talking.

Why money transfers attract scams

Cross-border money is a favourite target for scammers, for very practical reasons. First, the amounts are usually meaningful — what you send home can be a whole month's pay. Second, the process is unfamiliar to many people, and unfamiliarity makes it easy to be led along by "expert" talk. Third, chasing money across borders is extremely hard: once funds leave the country, and especially once they become cash or a crypto-asset, they are almost impossible to claw back.

Scammers don't win with clever technology; they win by manufacturing urgency and trust. They pretend to be official, pretend to be helping you, pretend the chance is slipping away — so you act before you check. The key to spotting a scam isn't memorising every new variation. It's recognising the shared skeleton underneath them. The five playbooks below cover the great majority of cases.

Five common money-transfer scam playbooks

1. Advance "release fee / deposit" before you can receive

Someone says there's money waiting for you — a prize, a refund, a transfer from family, a platform reward, an incoming stablecoin payment — but it's "stuck" at some step, and you must pay first: a release fee, a deposit, a customs charge, a tax. Once you pay, the money either vanishes or a new charge appears under a fresh name. In any legitimate channel the recipient never has to pay first. This is the easiest playbook to spot, and the most common.

2. Impersonating an "official agent / security team"

Someone claims to be from your bank, transfer company or exchange — support, risk, or a security team — and says your account is "flagged, frozen, or at risk." They ask you to "verify": read out a one-time code, share your password, move money to a "safe account," or screen-share so they can "fix it for you." No legitimate support agent will ask for your password, one-time code, private key or seed phrase, and none will tell you to move money elsewhere "to keep the platform safe." Anyone who contacts you out of the blue, creates panic, and demands you act immediately should be hung up on — then verify by opening the official app yourself or typing the official address by hand.

3. Phishing sites and fake apps

A scammer builds a page that looks almost identical to the real site, on a domain that differs by a letter or two (an "o" swapped for a zero, an extra hyphen, a different ending), then pushes the link at you by SMS, email, a social-media group or a search ad. You log in on the fake page, and your username and password are stolen. The whole trick is getting you to click a link and then type your password on a fake page, so the most effective defence is simple: always type the official domain yourself or use your own saved bookmark, and never log in through a link someone sent you.

4. Private chat and remote control

They pull you off the public platform into a private chat (a direct message, an encrypted group, a messaging app), then guide you to install "remote assistance" software, share your screen, or follow their steps one by one. Once you install remote software or share your screen, they can see your password and one-time codes — and can even operate your account and move money directly. No legitimate support agent needs remote control of your device. The instant anyone asks you to install remote software or share your screen, stop.

5. Fake recipient / changed payout details

This one targets the sender. The recipient's email or account is hacked, and a scammer poses as them to send "new payout details," steering your money to a stranger's account; or in a deal, a rental, or a shopping arrangement, they give you an account that looks reasonable but is really theirs. Treat any "let's change the payout account just this once" request as a major warning. Always confirm with the real recipient through a separate channel you already trust — a phone call, an in-person check — before you send a cent.

A real situation. Aisha works as a carer abroad and sends living costs to her mother back home. One day she got an SMS saying her usual transfer app had "flagged her account — click the link to verify or it will be frozen." The link opened a login page that looked just like the real one, and she nearly typed her password. What saved her: she always logs in from the phone app and had never used the web version, and the domain had an extra hyphen this time. She didn't type anything, closed the page, opened the official app, and saw her account was perfectly fine. The SMS and the site were both fake.

Verify the official domain: the single best anti-phishing move

Almost every stolen account starts with a password typed on a fake page. Learn to check a domain in three seconds and you block most of the risk. Read the address bar right-to-left and run these steps:

  1. Read the domain from right to left. What actually decides a site's identity is the "main name + ending" pair (in example.com, that's example.com). Scammers pad the front with reassuring words, like login-example-secure.com, where the real main domain is example-secure.com — not example.com at all.
  2. Compare letter by letter. Swapping "o" for a zero, "l" for a "1," adding a hyphen, or changing the ending (.com to .co, .net, .xyz) are all common tricks. Hold it against the official domain you know for certain — not a single character may differ.
  3. Don't reach a login page through a link someone sent. Links in SMS, email, group chats and even search ads can all be phishing. To log in, type the domain yourself or use a bookmark you saved earlier.
  4. Stick to the official app. Searching your phone's official app store, checking the developer name, then installing, is harder to fake than hunting for an entry point in a browser.
Why this site keeps links on an outbound page: none of our articles place a sign-up link or referral code directly in the text. They all point to one outbound notice. That's deliberate — it gives you a pause to read which official domain you're about to visit, verify it yourself, and then decide, instead of being carried off by a single click.

Staying safe on shared and public devices

Many people working abroad use an internet café, a shared dorm computer, or a friend's phone to send money — and those devices carry more risk. If you have no choice:

  • Prefer your own device and your own mobile data; log in and move money on public computers or unknown Wi-Fi as little as possible.
  • Use the browser's incognito / private mode, log out immediately when done, and never tick "remember password" or "stay signed in."
  • Afterwards, clear the browsing history and cookies; if you lent your own phone to someone, check whether any unfamiliar app was installed.
  • Watch for shoulder-surfing: shield the screen while typing a password or one-time code, and mind who is behind you and any cameras.
  • Turn on two-step verification for your phone and important accounts; if a password leaks on a public device, that extra step buys you time.
  • Never save or screenshot any password, private key or seed phrase on a public device.

What you must never hand over

Hold this boundary and you sidestep almost every "fake support" and "fake helper": these things go to no one, for no reason, through no channel.

  • Your login password — no legitimate support agent needs your password.
  • SMS / app one-time codes — a one-time code exists to prove "it's really you," so handing it over is handing over the account.
  • Private key and seed phrase (wallet recovery words) — this is the master key to a crypto wallet; anyone who gets it can move every asset you hold. No legitimate platform, agent or staff member will ever ask you for a seed phrase.
  • The full combination of card number + the security code on the back + the expiry date, and any one-time password your bank sends.
About the seed phrase, once more. A seed phrase is not a "password" — it is the wallet itself. Typing it into any page that promises to "verify / sync / recover / unlock," or sending it to any "agent," is handing the wallet over whole. In normal use, a seed phrase is written down only when you first create the wallet, kept offline, and never typed into any site or given to any person again. Anyone telling you to "enter your seed phrase to verify" is running a scam, full stop.

Red flags vs normal: a side-by-side checklist

Burn this table into memory. If any one row matches, stop and verify — better slow than sorry, and never rush the money.

Red flags vs normal · quick checklistSignature · spot it fast
Red flag (be on alert)What's normal
Asks you to "pay a release fee / deposit / tax" before you can receiveA recipient never has to pay first
Claims to be an official agent, asks for your password / code / seed phraseLegitimate support never asks for these
Rushes you: "right now, or it will be frozen / expire"Genuine matters survive you checking slowly
Sends a link for you to click and log inType the domain yourself or use a bookmark
Wants you to install remote software or screen-shareNo legitimate support needs to control your device
Pulls you into private chat or an encrypted group for "guidance"Real business runs on official, public channels
Recipient suddenly "switched to a new account"Confirm with the person through a separate channel
Promises sure wins, no losses, protected high returnsNo such deal exists — most likely a scam
Domain off by a letter or two, odd endingCompare letter by letter with the official domain
 These are general signals, not aimed at any specific company. When unsure, go by the official channel you have verified yourself.

What to do the moment you realise you've been scammed

When something feels wrong, don't panic and don't delay — the faster you act, the more you can limit the loss. Work through this in order:

  1. Stop every payment and action immediately. Don't keep doing what they say, and never pay a "recovery fee" to "get the earlier money back" — that only digs the hole deeper.
  2. Contact your bank / transfer platform / exchange as fast as possible. Find support through the official app or an address you typed by hand, explain that you've been scammed, and ask them to stop or reverse the transaction. A wire or app transfer that hasn't landed yet may sometimes be caught; cash pickups and completed crypto transfers usually can't be reversed, but you should still report it and freeze the account at once.
  3. Change passwords and turn on two-step verification. If a password or code leaked, change the affected account passwords on a separate, clean device, sign out of all sessions, and enable two-step verification. If a crypto wallet is involved and the seed phrase may be exposed, move the assets to a new wallet immediately (with a fresh seed phrase only you know).
  4. Report it and keep the evidence. File with your local police or anti-fraud body, and save chat logs, transfer receipts, the other party's account, and screenshots of the URLs. Cross-border recovery is hard, but a report helps the investigation and may support later claims.
  5. Warn the people around you. The same playbook is usually run in bulk — tell family and friends, especially anyone using the same remittance corridor as you.
A note: this site can only offer general safety knowledge. It can't judge your individual case, doesn't give legal advice, and can't help you recover funds. For a specific scam, go by the guidance of your local police, bank and regulators.

The most common mistakes

  • Believing it because "they sounded so professional." A scammer's script is designed to sound professional. Judge by what they're asking you to do, not by how smoothly they say it.
  • Acting under pressure without checking. "Now, or it's frozen" is the most common pressure line. Real official business doesn't mind you taking ten minutes to verify.
  • Clicking a login link someone sent, to save effort. Even if it looks identical, type the domain yourself to get there.
  • Paying more to "recover what's already lost." "Pay a little and we'll get it back" is usually a second scam, aimed at people who were just caught and are desperate to undo it.
  • Treating a seed phrase like an ordinary password. It's the master key to the wallet; any page asking you to type your seed phrase is a trap.

Common questions

How do I quickly tell whether a "support agent" is real or fake?
Watch what they ask you to do. The moment they want your password, a one-time code or a seed phrase, or tell you to transfer money "for safety," install remote software, or click a link to log in — whatever company they claim to be — treat it as a scam. Hang up and verify through support inside the official app yourself.

The link they sent looks exactly like the official site — what now?
A page can be cloned perfectly, but the domain can't lie. Compare the main domain in the address bar letter by letter; if anything differs, close it. The safest move is not to click the link at all — type the official domain yourself or use a bookmark.

I've already given them a code / password — is it too late?
Change the password on a separate device right away, sign out of every session, turn on two-step verification, and contact the platform to freeze the account. The faster you move, the better your chance of holding the account before they act. If a crypto wallet's seed phrase is exposed, move the assets to a new wallet at once.

Will you check whether a particular site or agent is genuine for me?
No. We can't judge an individual case and we don't give legal advice. We only teach the general method: type the official domain yourself, never hand over a password or seed phrase, and say no to any "pay first to receive" demand. When unsure, go by the official channels you have verified and your local regulator.

Where to verify: methods for spotting scams can be cross-checked against the "security centre / fraud tips" pages on the official sites of banks, transfer companies and exchanges, and against the public guidance of your own country's anti-fraud and consumer-protection bodies. This article is education, not aimed at any specific company, and is not investment or legal advice.
Update note (18 Jun 2026): first version — covers the five common playbooks, the domain-check method, shared-device safety, the post-scam response, and the red-flags checklist.

ZL

Zhou Lan

Worked in remittance support and has seen savings lost to “pay a release fee first.” Lays out the common scams so you can spot them.About the author →