Fake FTC Agent Texts You a Photo ID. It's a Scam.

Fake FTC Agent Texts You a Photo ID. It's a Scam.

You already got scammed once. You reported it to the FTC. You're out real money and pretty furious about it. Then a text shows up from someone claiming to be an FTC agent who says they've been assigned to your case — and they can get your money back.

They even send you a photo of their employee ID badge to prove it.

I'll be honest: that "proof" is the scam.

On June 3, 2026, the FTC published a consumer alert specifically warning about this. Scammers are impersonating FTC employees — complete with fake photo IDs — targeting people who've already been victimized once. The double-victim setup is as cynical as it sounds. If you just got one of these texts and you're trying to figure out if it's real, here's everything you need to know.

How This Scam Actually Works

The mechanics are clean and deliberate.

Step 1: They know who to target. Scammers maintain and sell lists of prior victims. If you've been scammed, reported it publicly, filed a complaint with a government database, or posted about it on a forum, there's a real chance your name and contact info ended up on one of those lists. It's not speculation — victim data is a commodity in the fraud ecosystem. The original scammer may have sold it, or it was scraped from a public report.

Step 2: They make contact. The reach-out usually comes by text. Some victims get WhatsApp or email instead. The message introduces someone as an FTC "agent" or "investigator" assigned to your case, and it often references your original scam with specific details — the dollar amount you lost, the platform it happened on, maybe even the date.

That specificity is designed to disarm you. If they know what happened, they must be legitimate. Right?

Not necessarily. They got those details the same way they got your number: from a list.

Step 3: The photo ID drops. Here's the specific twist the FTC flagged this month. To overcome any lingering skepticism, the "agent" texts you a photo of their FTC employee ID badge. It has the FTC seal, a name, a badge number. It looks like the kind of thing a federal employee might carry.

It's fake. Creating a convincing fake badge takes about 20 minutes — the FTC seal is publicly available, basic design tools are free, and stock photos supply the face. There's no system you can use to verify whether a photo of a badge is real. The photo is theater, not proof.

Step 4: The ask arrives. Once the trust setup is complete, the "agent" makes a request. The request takes a few forms depending on the script:

• Pay an "administrative fee" or "processing charge" to release your funds
• Provide bank account information so they can "deposit" the recovery
• Move your money to a "secure" account while the investigation is "active"

Every version ends in the same place: more money out, and often account access too.

Why This One Is Harder to Spot

Generic government impersonation — the "FBI" calls threatening arrest, the "IRS" agents demanding gift cards — tends to be aggressive and pressure-forward. It triggers your alarm response.

This scam leads with help, not threats. That's a fundamentally different emotional pitch, and it works on a different kind of vulnerability.

People who've been scammed are often in a painful spot. They're angry, embarrassed, and desperate for the situation to be fixable. An "FTC agent" offering to fix it feels like hope. Hope is a much more persuasive door-opener than fear — especially for someone who's been through something traumatic.

The photo ID amplifies this. Most people have never seen what an actual FTC employee ID looks like. A laminated badge with the government seal, texted to your phone as a personal, direct contact — it doesn't feel like a mass scam operation. It feels like a person reaching out.

There's also a context match that makes this particularly insidious: people who've been scammed often have reported to the FTC. They know the FTC exists, they know it handles fraud cases, and they know their complaint is somewhere in that system. An FTC agent following up feels exactly as plausible as it's supposed to.

The existing Cautellus posts on recovery scams and government impersonation follow-ups cover the broader patterns. This is the photo ID variant — new mechanics, same endpoint.

The Red Flags Hiding in Plain Sight

1. Any unsolicited offer to recover your money. The FTC collects reports and investigates fraud. It does not contact individual consumers to recover their lost funds. If someone reaches out to you offering personalized recovery assistance, that's not a government service that exists.

2. Contact by text or messaging app. Real federal employees don't initiate investigations by texting you out of nowhere. Government processes involve official channels — not a message from a random number on a Tuesday afternoon.

3. A texted photo of an ID badge as proof of identity. Real law enforcement does not prove their identity by texting you a photo. If you ever want to verify whether a government agency actually contacted you, hang up, look up the agency's published number on their official .gov website, and call that number yourself. Don't use any contact information provided in the message.

4. They know your personal scam details. The specificity feels like proof of legitimacy. It isn't. Names, email addresses, phone numbers, and loss amounts tied to reported scams are sold between criminal operations. Their knowledge of your case means they bought a list — not that they're investigating it.

5. Any fee before you receive money. There are no "processing fees," "administrative charges," or "compliance deposits" in any legitimate government recovery action. Zero. If money is moving as part of a "recovery," it's supposed to move toward you — not from you.

6. Time pressure on the recovery window. "The funds will be released to another claimant in 48 hours" is fabricated urgency. Government processes do not work on 48-hour closing windows. Urgency is a pressure tactic designed to prevent you from thinking or asking someone else.

7. Requests to move money or share account access. Real restitution gets sent to you. It does not require you to move your own money to a "secure" account or hand over banking credentials to receive it.

If This Already Happened to You

First: don't waste energy feeling stupid. These scams are built specifically to work on people who've already been through something traumatic and are actively hoping for resolution. The design is deliberate. The target is your hope, not your ignorance.

Here's what to do:

If you sent money: Call your bank's fraud line immediately. Wire transfers have a recall window — sometimes 24 to 48 hours — and acting fast matters. Ask specifically about reversing the transaction.

If you shared account credentials: Change your passwords now, starting with banking and email. Enable two-factor authentication everywhere it's available. Check your transaction history for anything you didn't authorize.

If you gave personal information: If you shared your Social Security number, driver's license number, or date of birth, consider placing a credit freeze at the three major bureaus — Equifax, Experian, and TransUnion. It's free and blocks new accounts from being opened in your name.

File a new report: Yes, you have a second scam to report. File at ReportFraud.ftc.gov and include both incidents — the FTC specifically wants data on impersonation scams targeting prior victims.

Read the recovery checklist: The full post-click recovery guide walks through each step in detail.

And if you got the text but didn't engage: report it anyway at ReportFraud.ftc.gov. Volume of reports matters for the FTC's enforcement work.

How to Not Become the Next Victim

Know what the FTC actually does. The FTC accepts fraud reports at ReportFraud.ftc.gov and uses them to build enforcement actions and issue warnings. That's the primary consumer-facing function. There are no FTC agents assigned to individual consumer cases who reach out by text to offer personalized fund recovery. That service does not exist.

Never verify someone's identity by their own ID. A person claiming to be legitimate and then showing you proof they created themselves proves nothing. Verification has to happen through an independent channel — like calling the agency directly at a number you looked up yourself.

Never pay to receive money. This should be short: any process that requires you to pay fees, taxes, deposits, or any other charge before you receive money you're owed is a scam. There are no legitimate exceptions in a government recovery context.

Scan suspicious messages before engaging. If you get a message claiming to be from a government agency about recovering your money, run it through Cautellus before responding. The scanner checks for known impersonation patterns, government-impersonation language, and phone numbers or domains tied to confirmed scam operations.

FAQ

Does the FTC ever contact scam victims directly? Not to offer recovery services. The FTC collects reports and uses them to investigate and take action. They do not reach out to individual consumers by text, email, or phone to discuss your specific case or help you recover your money. If someone contacts you claiming to be from the FTC with a recovery offer, that is a scam.

How do I verify if someone from a government agency is real? Stop responding and don't use any contact information they provided. Look up the agency's phone number independently on their official .gov website, then call that number and ask whether they tried to reach you. Real agencies will confirm; scammers cannot survive this check.

Does a photo ID badge prove a government agent is real? No. There is no public system to verify government employee IDs from a photo. Creating a convincing fake badge using publicly available logos takes minimal effort. A photo of a badge proves nothing about the person holding it.

What if the "agent" knows specific details about my original scam? That information came from a victim list, not from a case file. Loss amounts, payment methods, platforms, and dates from reported scams get sold between criminal operations. The specificity is a trust tactic, not proof of legitimacy.

I got the text but didn't respond. What should I do? Report it at ReportFraud.ftc.gov and forward the text to 7726 (SPAM) if your carrier supports it. You don't need to have lost money to file a report — the data helps the FTC track patterns and issue warnings.

Can I get my money back if I already sent it? Possibly, depending on how you paid and how quickly you act. Wire transfers may be recallable within the first 24–48 hours — call your bank immediately. Credit card payments often have chargeback options. Cryptocurrency and gift card payments are very difficult to reverse. Speed matters more than anything else here.

---

Scammers found the most painful possible follow-up to getting victimized: impersonating the people who are supposed to stop it. If you got one of these texts, you were targeted by a professional operation that specifically chose you because you'd already been through something hard and might be hoping for a fix.

Report it. Don't engage with it. And if someone you know has been scammed, tell them about this one — because they're on a list now too.

---

Sources: FTC Consumer Alert, June 3, 2026 — "A real FTC employee won't text you their photo ID to 'verify' their identity", FTC Impersonators, FTC Consumer Sentinel Network