Protection Guide

🛑 Stop All Contact

• • Block Florence's phone number(s)
• • Do not respond to texts, calls, or emails
• • Screenshot everything before blocking

🔒 Freeze Outbound Transfers

• • Call bank: request wire-transfer hold
• • Require in-person verification for wires
• • Disable Zelle/Venmo if linked to the account

📱 Secure Your Phone

• • Enable SIM lock / PIN with carrier
• • Change voicemail PIN
• • Enable 2FA on email and bank apps

📋 If You Shared Info

• • Shared wire info → Tell bank NOW, new account numbers
• • Shared SSN → Credit freeze (Equifax, Experian, TransUnion)
• • Shared login credentials → Change passwords everywhere

🧊 Credit Freeze (All 3 Bureaus)

• • Equifax — 800-685-1111
• • Experian — 888-397-3742
• • TransUnion — 888-909-8872
• • Freezes are FREE. They prevent new accounts from being opened in your name.

🔑 Enable 2FA Everywhere

• • Email (Gmail, Outlook, etc.)
• • Bank accounts & investment accounts
• • Social media (LinkedIn, X, etc.)
• • Cloudflare, hosting, domain registrar
• • Use authenticator app, NOT SMS when possible

🔐 Password Reset

• • Change passwords for email, bank, and any financial service
• • Use unique passwords per service (no reuse)
• • Use a password manager (e.g., 1Password, Bitwarden)

📊 Monitor Credit Reports

• • annualcreditreport.com — free weekly
• • Watch for new accounts you didn't open
• • Watch for hard inquiries you didn't authorize

☁️ Cloudflare Hardening

• • Review and rotate API tokens
• • Enable Bot Fight Mode
• • Set Security Level to "High"
• • Enable Browser Integrity Check
• • Review Access Logs for unauthorized requests

📝 Intake Form Protection

• • Add CAPTCHA to all contact/intake forms
• • Disable auto-reply with sensitive info
• • Log and review all recent form submissions
• • If Florence came through a form, block that IP/email

📧 Email Security

• • Verify SPF, DKIM, DMARC records in DNS
• • Review email forwarding rules (scammers add auto-forwards)
• • Change email password, enable 2FA

🌐 DNS Monitoring

• • Review all DNS records in Cloudflare
• • Look for unauthorized subdomains
• • Enable DNSSEC if not already enabled

Fake Investment Offers

Scammers impersonate investors or partners to gain trust, then redirect funds. Always verify identity through independent channels before any transaction.

Check-to-Wire Conversion

This exact scam. A fraudulent check is sent; victim is told to wire "proceeds" or "excess." The check bounces after the wire is sent and cannot be reversed.

Social Engineering via Platform

Attackers identify targets through public websites, LinkedIn, SEC filings, or DAO registrations. Your public profile is your attack surface.

Compromised Intermediaries

Fake law firms, escrow agents, or title companies. Always verify through state bar associations and official registries.

Regulation E (Electronic Fund Transfers)

Limits liability for unauthorized electronic fund transfers if reported within 2 business days (max $50). After 2 days, up to $500. After 60 days, unlimited loss.

Regulation CC (Funds Availability)

"Available" does NOT mean "verified." Banks must make funds available within set timeframes, but a check can still bounce AFTER funds are released. You are liable for the difference.

UDAP (Unfair/Deceptive Practices)

Federal and state laws protect against unfair, deceptive, or abusive practices. Filing complaints with FTC, CFPB, and state AG creates a record for enforcement.

Crime Victims' Rights Act (18 U.S.C. § 3771)

As a fraud victim, you have the right to: be reasonably protected, timely notice of proceedings, confer with the attorney for the government, full restitution.