Scam Defense & Recovery Evidence Course
Eight operational lessons on recognising, surviving, and reporting crypto scams — including evidence preservation in the first 24 hours and the recovery-scam wave that follows.
About this course
Most courses about scams teach you what each pattern looks like. This one teaches you what to do at every point in the timeline: before contact (recognition), at the moment of contact (refusal), after a loss has happened (the irreversible first 24 hours), during reporting (which agencies actually do something), and during the recovery-scam wave that arrives within hours of any compromise becoming public. Eight lessons of about 22 minutes each, drawing on the FBI IC3 case data, Chainalysis crime reports, and post-mortems of real scam operations. No financial-recovery promises, no affiliate links, and one strict rule: if anyone offers to recover your funds for an upfront fee, that offer itself is the second scam.
What you'll be able to do
- Map the 35 documented scam patterns to five operational adversary categories so you can predict what comes next.
- Recognise pig-butchering's six-stage script early enough to disengage before financial exposure.
- Understand drainer attacks from the victim's perspective: what the signature you almost approved actually does.
- Triage the first 24 hours after a compromise — the irreversible window where most recoverable value is won or lost.
- Preserve forensic evidence (tx hashes, screenshots, message logs) before the platforms involved silently destroy it.
- File reports with FBI IC3, Action Fraud UK, EU agencies, and exchange compliance teams in a form that actually triggers action.
- Recognise the recovery-scam ecosystem on first contact and refuse it before paying the second tax.
Who this is for
- Anyone who has been targeted, contacted, or compromised by a crypto scam and wants a structured path forward.
- Family members supporting someone who has been pig-butchered, sim-swapped, or drained — including how to talk to them about it.
- Crypto holders who want to take their scam literacy from 'I'd recognise the obvious ones' to 'I'd refuse the subtle ones.'
- Builders, community managers, and exchange staff who handle scam reports professionally.
Who this is NOT for
- Anyone hoping to find a recovery service in this course — there isn't one, because legitimate recovery services don't operate by upfront payment.
- People with zero crypto experience — start with the Beginner 7-Day course, especially Day 4.
- Anyone who wants reassurance that scams 'only happen to other people' — that belief is the most common precondition for becoming a victim.
Lessons
- 1
Lesson 1 — The 35 scam patterns mapped to five macro-families
~20 minMemorising 35 individual scam names is useless under pressure. Today: collapse them into five operational families so you can predict what comes next from the first contact.
- 2
Lesson 2 — Pig-butchering in depth: the six-stage operational script
~22 minPig-butchering is the single largest source of US crypto-fraud losses per FBI IC3. Today: the documented six-stage script, how to recognise stage 3 before stage 6, and how to talk to a victim.
- 3
Lesson 3 — Drainer attacks from a victim's view: what the signature you almost approved actually does
~22 minWallet drainers don't break cryptography — they get you to sign something that authorises a transfer. Today: the mechanics, the signature types, and the moment to refuse.
- 4
Lesson 4 — Impersonation, fake support, and social engineering at scale
~22 minMost large losses don't come from clever technical attacks — they come from someone convincing the victim to do the technical part themselves. Today: how impersonation scales.
- 5
Lesson 5 — The first 24 hours: the irreversible window
~22 minAfter a compromise, most recoverable value is won or lost in the first day. Today: the triage order, what to stop, what to preserve, what to delay.
- 6
Lesson 6 — Evidence preservation: what to capture before it decays
~22 minPhishing sites get taken down. Discord conversations get deleted. Mixers obscure attacker wallets. The first day is when evidence is recoverable; the second day is when most of it isn't.
- 7
Lesson 7 — Reporting that goes somewhere: IC3, Action Fraud, EU agencies, and exchange compliance
~22 minMost reports are filed badly and ignored. Today: how to file the report that actually triggers compliance freezes, joins pattern databases, and supports later prosecutions.
- 8
Lesson 8 — The recovery-scam wave: the second tax
~22 minWithin hours of any compromise, victims are contacted by 'recovery specialists' offering to retrieve funds for upfront fees. None of these are real. Today: the script, the variants, the absolute rule.
Final quiz
When you've worked through every lesson, pass the final quiz to mark the course complete. You can retry any number of times.
Educational only.
Nothing in this course constitutes financial, investment, tax, or legal advice. Cryptocurrency carries significant risk, including total loss. Always consult qualified professionals for advice specific to your situation. We earn nothing from any project, exchange, or tool mentioned anywhere on this site.