A
ACH (Automated Clearing House)
The US electronic-funds-transfer network run by Nacha, used for direct deposit, bill pay, payroll, and bank-to-bank transfers. Settlement takes one to three business days. ACH transactions are reversible only under specific conditions — unauthorized transactions under Regulation E, originator errors, billing disputes. Same-day ACH, available since 2016, narrows the recall window further and is the rail scammers prefer for time-sensitive transfers.
B
BEC (Business Email Compromise)
A targeted scam in which an attacker impersonates a company executive, vendor, or partner — usually via spoofed or compromised email — to trick employees into wire transfers, invoice redirection, or sharing sensitive data. FBI IC3 ranked BEC the second-largest financial-fraud category in 2024 with $2.77 billion in adjusted losses across 21,442 complaints. Average loss per incident exceeds $160,000.
Bitcoin ATM (BTM / crypto kiosk)
A physical machine that converts cash into cryptocurrency sent to a wallet address the user scans. Unlike a bank ATM, the operator is a private company, the transaction is irreversible by design, and federal banking protections do not apply. FBI IC3 logged $388 million in Bitcoin-ATM scam losses across 13,400+ complaints in 2025, with a median victim age of 71. See our deep dive on Bitcoin ATM scams.
C
Cash App imposter scam
A scam in which the attacker impersonates Cash App support — commonly via fake phone numbers ranked at the top of Google search ads, or via direct messages — to extract account credentials, drain Cash App balances, or trigger transfers to scammer-controlled accounts. The CFPB's January 2025 $175 million consent order against Block specifically called out Block's failure to adequately respond to Cash App fraud disputes. See our Cash App refund playbook.
Catfishing
Building a fake online persona — often with stolen photos and a fabricated biography — to deceive someone into a romantic or financial relationship. Modern catfishing routinely incorporates AI voice cloning and real-time deepfake video to defeat traditional verification checks like video calls. Reverse image search, persistent inability to meet in person, and pivots toward investment opportunities are the highest-confidence behavioral tells.
CFPB (Consumer Financial Protection Bureau)
The US federal agency that supervises banks, credit unions, payday lenders, and consumer financial products under the Dodd-Frank Act. The CFPB administers Regulation E (covering EFTA disputes), enforces consent orders against violators (the January 2025 $175 million order against Block / Cash App being a recent example), and accepts consumer complaints at consumerfinance.gov. Among the most useful escalation channels for scam victims whose bank has refused a dispute.
Chargeback
A consumer's right to dispute a credit card charge with the card issuer under the Fair Credit Billing Act, typically within 60 days of the statement date. Chargebacks reverse the transaction when the merchant fails to demonstrate the charge was valid. Stronger consumer protection than debit-card disputes (which fall under Regulation E) — which is why credit cards are the recommended payment method for higher-risk transactions.
D
Deepfake
AI-generated synthetic media — video, audio, or both — that convincingly impersonates a real person. Real-time deepfake video, which renders the synthesis live during an active video call, became operationally available to fraud operators in 2024-2025. Pindrop reported a 1,300% year-over-year increase in deepfake fraud attempts across their network in 2024. Defensive tells that still trip current real-time deepfake systems: extreme head-angle turns, hand-across-the-face occlusion, requests for an on-demand specific phrase.
Digital arrest scam
A fraud script in which the caller, claiming to be police, customs, or a federal agency, alleges the victim is under "digital arrest" or "house arrest" pending bail. The victim is kept on a continuous video call, often for hours, while being walked through payments framed as bail money, fund verification, or evidence handling. Endemic in India, growing in the US and Southeast Asia. See our digital-arrest forensic teardown.
E
EFTA (Electronic Fund Transfer Act)
The 1978 US federal law governing electronic transfers from consumer accounts — debit cards, ACH, Zelle, Venmo, Cash App. Implemented by the CFPB's Regulation E. EFTA requires banks to provisionally credit disputed unauthorized transactions within ten business days and resolve the dispute within 45-90 days. The law is the structural backstop for most consumer scam-recovery claims in the US.
EWS (Early Warning Services)
The bank-owned consortium that operates Zelle. EWS published a voluntary imposter-scam reimbursement policy in June 2023 covering three specific scenarios — government-agency, bank, and existing-service-provider impersonation. The US Senate's July 2024 Permanent Subcommittee on Investigations staff report found only 12% of Zelle scam claims were reimbursed at the three largest US banks under the policy. See our Zelle refund playbook.
F
F&F payment (Friends and Family)
A payment-app transfer category — most prominently on Venmo and PayPal — intended for non-commercial transfers between people who know each other. F&F payments carry no buyer protection: there is no chargeback, no platform dispute path, and no recovery if the recipient is fraudulent. Scammers routinely trick buyers into selecting F&F by claiming it "saves on fees" or "is faster." See our Venmo F&F trap analysis.
Family-impersonation scam
A scam in which the caller — sometimes via voice, sometimes via text — impersonates a family member in crisis (arrest, hospital, abroad, "new number, lost my phone") to demand urgent money. AI voice cloning of a real relative, often sampled from social-media audio, has made the script materially more convincing since 2023. FTC's 2024 Consumer Sentinel ranked imposter scams the #1 reported category at 845,806 reports and $2.95 billion in losses. See our family-impersonation piece.
FBI IC3 (Internet Crime Complaint Center)
The FBI's central intake for cyber-enabled fraud complaints, at ic3.gov. IC3 publishes the annual Internet Crime Report with total reported losses and complaint counts by scheme category. In 2024, IC3 logged $16.6 billion in reported losses across 859,532 complaints. The FBI's Operation Level Up uses IC3 intake to trigger rapid response on active fraud transfers — speed of reporting materially affects recovery odds.
FCBA (Fair Credit Billing Act)
The 1974 US law granting credit-card holders the right to dispute billing errors — including fraudulent charges — directly with the card issuer. Disputes must be filed within 60 days of the statement date. Provides stronger consumer protection than debit-card Regulation E disputes, which is why credit cards are the recommended payment method for higher-risk online transactions.
FTC (Federal Trade Commission)
The US federal agency for consumer protection. The FTC maintains the Consumer Sentinel Network database (reportfraud.ftc.gov is the public-facing intake), publishes the annual Consumer Sentinel Data Book, and brings enforcement actions against deceptive practices. The FTC reported $12.5 billion in consumer-fraud losses across approximately 2.6 million reports in 2024. Useful first reporting step for almost any scam category — feeds national fraud-trend intelligence even where individual recovery is unlikely.
G
G&S payment (Goods and Services)
A payment-app transfer category that explicitly tags the transfer as a commercial purchase, triggering platform buyer protection (dispute eligibility, refund process). Available on PayPal and Venmo. Carries a small fee paid by the seller. The opposite of F&F payment — pay G&S whenever buying from someone you don't know in person.
Gift card scam
A fraud script in which the victim is directed to purchase retail gift cards (Apple, Google Play, Target, Amazon) and read the activation codes over the phone. The codes are sold or laundered within minutes. FTC Consumer Sentinel reported $217 million in gift-card scam losses across more than 56,000 reports in 2024. Gift cards are the lowest-recovery payment method for victims — almost no legitimate institution or business will ever request payment in gift cards.
Government imposter scam
A fraud in which the caller impersonates a US federal agency (Social Security, IRS, FBI, FTC) or state office (police, DMV, court) to demand payment, personal information, or remote computer access. FTC reported $789 million in government-imposter scam losses in 2024 and the category remains FTC's largest scam by volume. No US federal or state agency will ever demand immediate payment by gift card, wire, or cryptocurrency.
Grandparent scam
A subset of family-impersonation fraud where the caller poses as a victim's grandchild in crisis — arrested, hospitalized, stranded abroad — and demands immediate money. AI voice cloning of a real grandchild, produced from social-media audio or video, has supercharged the script since 2023. See our family-impersonation piece.
I
Imposter scam
Any fraud in which the scammer impersonates a known entity — a person, institution, brand, or government — to extract money or information from the victim. Imposter scams are FTC's largest reported fraud category by both complaint volume and dollar loss. Subcategories include government imposter, family imposter, business imposter (BEC), and tech-support imposter.
IRS imposter scam
A government-imposter fraud where the caller claims to be from the Internal Revenue Service, threatens arrest or asset seizure over alleged unpaid taxes, and demands payment by gift card, wire transfer, or Bitcoin ATM. The real IRS will never demand immediate payment by any of these methods, and will never call demanding payment without first sending a series of letters by US Mail.
M
Money mule
A person — sometimes a knowing accomplice, more often a victim themselves — whose bank account or identity is used by scammers to receive and forward stolen funds. Romance scams, job scams, and reshipping scams all recruit mules. Acting as a mule, even unknowingly, can result in criminal liability, permanent account closures, and difficulty opening new accounts in the future.
P
Phishing
A scam delivered by email, text (smishing), voice (vishing), QR code (quishing), or other electronic channel that impersonates a trusted institution to extract login credentials, account numbers, or other sensitive information. The Anti-Phishing Working Group (APWG) tracks attack volumes; FBI IC3 ranked phishing the most-reported fraud category by complaint count in 2024 at 193,407 complaints.
Pig butchering
A long-form romance + investment scam in which the scammer builds a romantic or friendly relationship with the victim over weeks or months, then introduces a fraudulent investment platform — usually crypto. The victim "fattens up" by depositing increasing amounts before the scam "harvests" the funds. Chainalysis estimated $3.6 billion in pig-butchering losses globally in 2024. See our AI romance-scams piece for the modern script.
PSR (UK Payment Systems Regulator)
The UK regulator overseeing payment systems. The PSR's mandatory reimbursement rule, effective October 7, 2024, requires UK banks to refund victims of APP fraud up to £85,000 per claim within five business days, with cost shared equally between the sending and receiving bank. No US equivalent exists. See our UK reporting guide.
Q
Quishing (QR phishing)
Phishing delivered via QR codes — printed on stickers placed over legitimate QR codes (parking meters, restaurant menus, payment kiosks) or distributed in email and physical mail. Scanning the malicious code routes the victim to a phishing site or downloads malware. The UK NCSC tracked 784 quishing reports and approximately £3.5 million in losses between April 2024 and April 2025.
R
Recovery scam
A fraud targeting people who have already lost money to a previous scam, offering to recover the stolen funds for an upfront fee. The recovery service is itself a scam. FBI IC3 has repeatedly warned that no legitimate service charges upfront fees to recover scam losses — real recovery happens through banks, IC3, FTC, and state Attorney General offices, all free. See our recovery-scams piece.
Regulation E
The CFPB-administered rules implementing the Electronic Fund Transfer Act. Section 1005.6 covers unauthorized transactions — provisional credit within ten business days, full resolution within 45-90 days. Section 1005.11 covers billing-error disputes. Banks routinely deny scam-victim claims by classifying the transfer as "authorized" (see APP fraud), but Reg E protections apply where the consumer can show the transfer was unauthorized or the institution failed to follow procedure.
Romance baiting
A merger of romance scam and investment fraud, distinct from classical romance scams. The scammer cultivates a romantic relationship online, then introduces a "trading opportunity" — typically a fake crypto platform — that produces apparent gains before vanishing with the funds. Closely related to pig butchering; the two terms increasingly overlap in industry usage.
Romance scam
A fraud in which the scammer establishes a romantic or emotional relationship with the victim online and exploits it for financial gain — through requests for emergency funds, travel money, gift cards, or — increasingly — investments (see romance baiting). FBI IC3 logged $672 million in 2024 romance-scam losses across 17,910 complaints, median victim loss approximately $19,000.
S
Sextortion
A fraud in which the scammer threatens to release intimate images or videos (real, manipulated, or fabricated) unless the victim pays. The National Center for Missing & Exploited Children (NCMEC) tracked over 75,000 reports of teen-targeted sextortion in 2025, with 90% of victims male and aged 14-17. Has been linked to 36+ teen suicides since 2021. Reporting channels: NCMEC CyberTipline (cybertipline.org) and FBI IC3.
Smishing
SMS-delivered phishing. Examples include fake toll-charge texts (E-ZPass, SunPass, FasTrak), bank-fraud-alert texts requesting login verification, package-redelivery texts demanding a small fee. The Smishing Triad — a China-linked operation — runs the dominant US smishing campaign. FBI IC3 logged 59,271 smishing-related complaints in 2024 across the unpaid-toll variant alone. See our toll-text piece.
T
Task scam
A gamified job scam in which the victim is paid small amounts to complete "tasks" (rating products, liking videos, processing orders), then progressively required to deposit their own money to "unlock" higher-paying tasks. The deposited money is the actual fraud target — the victim never recovers it. See our task scams piece and the verification framework.
Toll smishing scam
A subset of smishing in which the text message claims an unpaid toll on a US state toll system (E-ZPass, FasTrak, SunPass, TxTag, PeachPass). The message links to a phishing site harvesting payment-card credentials. FBI IC3 logged 59,271 complaints across the campaign in 2024 — and the same operators run parallel campaigns in the UK (Dart Charge, Mersey Gateway, ULEZ). See our toll-text deep dive.
U
V
Vishing
Voice phishing — phishing delivered by phone call, including IVR (interactive voice response) systems that imitate banks and government agencies. AI voice cloning has made executive-impersonation vishing materially more effective since 2023. The defensive rule: hang up, find the institution's verified number independently (bank card, official website you type in yourself), and call back.
W
Wire fraud
The use of interstate or international wire communications to commit fraud — the federal crime defined at 18 U.S.C. § 1343, applying to nearly all online scams crossing state lines. The term is also used informally to refer to scammer-induced bank wire transfers. Wire transfers settle within hours on a final-funds basis and are difficult to recall: speed of bank notification (within 24 hours is the meaningful window) determines whether a recall is even attempted.
Z
Zelle imposter scam
A specific scam pattern in which the caller — impersonating the victim's bank fraud department — instructs the victim to send themselves money via Zelle as a "verification" or "account safety" step. The receiving Zelle account is controlled by the scammer. The US Senate's July 2024 Permanent Subcommittee on Investigations staff report documented this as the dominant Zelle scam pattern at the three largest US banks. See our Zelle refund playbook.
Every numeric claim is attributed inline to a named primary source — FBI IC3 Annual Report, FTC Consumer Sentinel, CFPB consent orders, US Senate PSI staff reports, state Attorney General complaints. No invented statistics, no fabricated quotes. Where data is bleak, this glossary publishes it bleakly — honest information protects victims better than reassurance.
Looking at a specific situation? Get a real review.
Tell us what happened. A real expert reviews every case and replies within 24 hours. Free, confidential, no pressure.
Social engineering
The manipulation of human psychology — through urgency, authority, fear, reciprocity, or trust-building — to bypass technical security controls. Every fraud script in this glossary uses some form of social engineering as the entry point. The recognition rule: if a contact applies urgency, threatens consequences, or asks you to do something you would not do under normal conditions, you are being social-engineered.