What Real Companies Will Never Ask You To Do

Woman on the phone reviewing information on a laptop, appearing concerned but focused

The fastest way to spot a scammer

Scammers impersonate banks, government agencies, tech companies, and delivery services every day. Some of these impersonations are remarkably convincing — they use real logos, spoofed phone numbers, and scripts that sound professional. But no matter how polished the act, scammers always ask you to do things that real companies never would.

This guide lists the specific requests that are always a scam. If someone claiming to represent a company asks you to do anything on this list, you can be certain it’s a scam — regardless of how legitimate they sound, what number they’re calling from, or what email address they use.

Real companies will never ask you to pay with gift cards

No legitimate business, government agency, or utility company will ever ask you to pay a bill, fine, or fee using gift cards. This is the single most reliable scam indicator there is.

Scammers ask for gift cards because once you read them the card numbers and PINs, the money is gone — it can’t be traced or reversed. They’ll claim it’s for “security purposes,” a “verification process,” or that it’s “the fastest way to resolve the issue.” These are all fabrications.

The rule: If anyone asks you to buy gift cards and read the numbers to them over the phone, it’s a scam. Always. No exceptions.

This applies to Apple gift cards, Google Play cards, Amazon cards, Steam cards, and every other type. For a detailed explanation of why scammers prefer these payment methods, see our article on why scammers ask for gift cards, crypto, and Zelle.

Real companies will never ask for your password

Your bank, email provider, and every other legitimate company already has access to your account on their end. They never need your password, and they have policies specifically prohibiting their employees from asking for it.

Scammers ask for passwords by pretending there’s a “security issue” that requires them to “verify your identity” or “access your account to fix a problem.” They may claim to be from your bank’s fraud department or a tech company’s security team.

The rule: If anyone asks for your password — on the phone, by email, by text, or through a pop-up on your screen — it’s a scam. Real companies will ask you to log in yourself, on their official website, to verify your identity. They will never ask you to tell them your password.

This also applies to one-time security codes (the codes sent to your phone for two-factor authentication). These codes are meant only for you. A real company will never call you and ask you to read one back to them. This tactic is at the heart of the fake two-factor authentication approval scam.

Real companies will never ask for remote access to your device

A legitimate company will never cold-call you and ask you to install remote access software (like AnyDesk, TeamViewer, or UltraViewer) or give them control of your computer. This is one of the most dangerous scam tactics because once a scammer has remote access, they can see your screen, access your files, log into your accounts, and install malware — all while you watch.

Scammers use this tactic in tech support scams, where they claim your computer has a virus or security problem. They may also pose as your bank, a government agency, or a software company claiming your license has expired.

The rule: If someone calls you and asks you to download software that lets them see or control your screen, hang up. Real tech support does not work this way. If you need help with a product, you contact the company — they don’t call you out of the blue.

Real companies will never ask you to move money to a “safe account”

This is a common tactic in bank impersonation scams. Someone calls pretending to be your bank’s fraud department, tells you your account has been compromised, and instructs you to transfer your money to a “safe account” or “secure account” for protection.

There is no such thing as a “safe account” that your bank asks you to transfer money to. Your money is already in a safe account — your own. Real banks secure your account on their end without requiring you to move funds anywhere.

The rule: If anyone tells you to transfer money to protect it — whether they claim to be from your bank, the government, or law enforcement — it’s a scam. Hang up and call your bank directly using the number on the back of your card.

Real companies will never threaten immediate arrest

Scammers impersonating the IRS, Social Security Administration, local police, or immigration authorities frequently threaten immediate arrest if you don’t pay right now. They may claim there’s a warrant for your arrest, that your Social Security number has been “suspended,” or that you owe back taxes.

Real government agencies don’t operate this way. The IRS communicates primarily by mail. The Social Security Administration doesn’t suspend Social Security numbers. Law enforcement doesn’t call to collect fines over the phone. And no legitimate agency accepts payment in gift cards or cryptocurrency.

The rule: If someone threatens you with arrest, deportation, or legal action unless you pay immediately, it’s a scam. Real legal proceedings involve written notices, court dates, and due process — not panicked phone calls demanding gift cards. Learn more about how these scams work in our article on government impersonation scams.

Real companies will never ask you to keep it secret

Scammers frequently tell you not to tell anyone what’s happening — not your spouse, not your family, not your bank. They claim it’s “for security reasons,” part of an “ongoing investigation,” or that involving others could “compromise your account.”

This is a manipulation tactic. Scammers isolate you because they know that if you talk to someone you trust, that person is likely to recognize the scam. Real companies have no reason to ask you to keep a customer service interaction secret from your family.

The rule: If someone tells you not to discuss the conversation with anyone, it’s a scam. A legitimate interaction with your bank, the IRS, or a tech company would never require secrecy.

Real companies will never rush you into an irreversible decision

Creating urgency is the foundation of most scam tactics. Scammers tell you that your account will be closed in 30 minutes, that the offer expires today, that the warrant will be executed this afternoon. They need you to act before you have time to think, verify, or consult someone else.

Real companies give you time. A real bank gives you days or weeks to resolve an issue. A real government agency sends written notices. A real company doesn’t require you to make a high-stakes financial decision in the next five minutes.

The rule: If you feel pressured to act immediately — especially when money is involved — stop. Tell the caller you’ll call back. A real company will understand. A scammer will escalate the pressure, which tells you everything you need to know.

Real companies will never send you an unexpected refund that requires action

In the overpayment scam, someone “accidentally” sends you too much money and asks you to return the difference. The original payment is fake — it will bounce or be reversed — but the money you send back is real and gone.

Similarly, scammers send fake refund emails or payment confirmations and ask you to “verify” the transaction by clicking a link or calling a number. Real refunds appear in your account without requiring you to take additional steps beyond confirming through the company’s official website.

The rule: If you receive an unexpected payment and someone asks you to return part of it, it’s a scam. If you receive an unexpected refund notification, log into the company’s real website to verify — don’t click links or call numbers from the message.

Real companies will never contact you through social media DMs to resolve account issues

Scammers create fake accounts on Instagram, Facebook, and X that look like official company support accounts. They reach out to people who’ve posted complaints, offering to “help” resolve their issue through direct messages. Once in a private conversation, they ask for login credentials, account numbers, or payment information.

The rule: Legitimate companies handle account issues through their official website, their app, or by phone — not through social media DMs. If someone messages you on social media claiming to be from a company’s support team, don’t share any account information. Go to the company’s website directly for help.

Quick reference: The red flag checklist

If someone claiming to represent a company does any of the following, it’s a scam:

  • Asks you to pay with gift cards, cryptocurrency, or wire transfer
  • Asks for your password or one-time security code
  • Asks you to install remote access software
  • Tells you to move money to a “safe” or “secure” account
  • Threatens arrest, lawsuit, or account closure unless you act now
  • Tells you to keep the conversation secret
  • Pressures you to make an irreversible decision immediately
  • Sends you an unexpected refund and asks you to return part of it
  • Contacts you through social media DMs about an account issue

Print this list, bookmark this page, or share it with someone you care about. These red lines don’t change — no matter what company the scammer claims to represent.

What to do when you spot these red flags

If you recognize any of the warning signs above, here’s what to do:

  1. Stop engaging. Hang up, close the chat, or stop replying to the message.
  2. Verify independently. If you think the contact might be legitimate, call the company using a number from their official website or the back of your card. Don’t use any number provided in the suspicious communication.
  3. Report it. Report the attempted scam to the FTC at ReportFraud.ftc.gov and to the company being impersonated.

Related resources