ISFCA receives your report, registers the case, and initiates a review of the suspected fraud. All information provided is collected and analysed, evidence is preserved, and a sequence of actions is structured for further response. Where a report is made promptly and the information package is complete, ISFCA supports the process to the maximum extent possible for asset recovery and disruption of the scheme.

No. ISFCA does not request seed phrases, private keys, one-time codes, passwords, remote access credentials, or any other sensitive information. Legitimate communication never requires transferring control over your account or device.

Recommended course of action:

• stop any further payments and cease communication with the suspicious party;
• contact the bank, payment provider, or exchange immediately;
• preserve URLs, emails, phone numbers, screenshots, receipts, and transaction hashes;
• submit a report via the “Report” section to register the case, record evidence, and initiate the formal review process aimed at asset recovery.

The most useful information consists of specific and verifiable indicators:

• domains, URLs, and screenshots of pages and files;
• email addresses, telephone numbers, messaging accounts, and advertising identifiers;
• wallet addresses, payment details, transaction identifiers, and other technical traces;
• a brief chronology of events and a description of what was requested from you.

Avoid excessive personal data where it is not necessary to understand the threat.

Each report is treated as a separate case, with an assessment of risk scale and pattern recurrence. Where serial indicators are identified, ISFCA initiates formal reviews, records evidence, issues warnings, and applies available response mechanisms to disrupt the scheme and support asset recovery.

ISFCA Exchange is a voluntary programme for sharing financial threat indicators. Its purpose is to accelerate the correlation of fraud signals and the dissemination of practical protective measures among organisations and functions responsible for security and compliance.

Exchange is focused on practical indicators:

• domains, telephone numbers, message templates, and fraudster accounts;
• technical traces — URLs, wallet addresses, transaction identifiers, and screenshots;
• descriptions of protective measures that materially reduced risk in the operating environment.

The programme is intended for organisations and teams capable of influencing the level of protection for clients and the market, including banks, payment services, investment platforms, crypto providers, marketplaces, and risk, compliance, security, and investigation functions. Private users may submit signals via the “Report”.

The most common red flags include pressure through urgency, requests to keep communication confidential, demands for codes or remote access, fraudulent websites, and promises of guaranteed returns.

Immediately cease all communication and do not comply with any requests. Do not transfer funds, disclose data, or follow links. Record all materials, including correspondence, numbers, websites, payment details, and screenshots. Then submit a report to initiate the review process and asset recovery procedure.

Move immediately to contain the harm:

• if a password has been disclosed, change it immediately and enable two-factor authentication;
• if a seed phrase or private key has been disclosed, treat the wallet as compromised and transfer assets to a new secure address;
• if remote access software has been installed, disconnect from the internet, remove the software, and perform a full device scan;
• направьте обращение через “Report”.

KYC and additional documentation are required to mitigate risks related to money laundering, sanctions evasion, and fraud. Additional verification may be required in cases of large transactions, unusual activity, access from a new device, use of high-risk jurisdictions, or other deviations from the normal profile.

Legitimate withdrawal procedures are conducted within the official service or platform and do not require transfers to third-party details, except in cases where authorised third parties are involved as part of a formal recovery process. Any fees, where applicable, are transparent and justified. Requests for payments outside established procedures without a verified basis should be treated as indicators of fraud.

Sanctions screening refers to the verification of clients, counterparties, and transactions against applicable sanctions lists and regulations. In practice, this may result in additional inquiries, delays in processing, or refusal to execute a transaction where matches or elevated risks are identified.

Unless strictly necessary, do not submit full copies of documents, complete card numbers, seed phrases, private keys, one-time codes, or remote access credentials.

When publishing warnings and typologies, ISFCA uses aggregated and anonymised information focused on the scheme rather than personal data. The purpose is to inform the market and users about threat patterns without disclosing unnecessary details about individuals.

Participation is arranged through the website’s contact channel. Organisations are advised to designate responsible persons in advance, establish internal rules for sharing indicators, and define the scope of data that may be shared without breaching internal policies or confidentiality obligations.

A structured format is the most useful:

• type of indicator (domain, URL, wallet, telephone number, email, account, file, advertising ID);
• контекст наблюдения и краткое описание сценария;
• уровень уверенности и подтверждающие материалы;
• proposed response measures: blocking, warning, enhanced verification, monitoring.

Do not interact with such a page. Record the URL, take screenshots, and submit a report via “Report”. Если вы вводили пароли или иные данные, немедленно смените их, включите 2FA и проверьте устройство на наличие признаков компрометации.

For general enquiries, use the «Contact». For reports concerning suspicious schemes, fraudulent websites, emails, calls, and other incidents, use the “Report”. Always verify the communication channel using official information on the website.