what happened? pick one.
what happened to you? pick one. this page is for crisis arrival — no hero, no tool tour, no warmup. choose the closest match below. each tile links to a methodology guide and the tools to run locally on exports you already have. no upload. no account. close the tab when you're done. fatcousin is not emergency services, counsel, or a managed IR firm — it is a local triage workbench you can verify in devtools.
you typed: scammed wired money
best matches (5)
report this fraud
if you were scammed and need to file ic3 · ftc · cfpb · or state ag reports but the forms feel impossible, start here →
romance scam
if a dating-app relationship turned into money requests, start here →
wire fraud at closing · title escrow
if a homebuyer wired earnest money or closing funds to a fraud account and you have escrow email plus title-software exports, start here →
business email compromise (BEC)
if someone spoofed a vendor email or redirected a wire payment, start here →
tech support scam
if a pop-up led to remote access and gift-card or wire demands, start here →
not it? clear and see all case types.
pig butchering / long-con investment scam
if weeks of chat grooming led to a fake crypto exchange and a drained wallet, start here →
ransomware response
if files are encrypted and there is a ransom note, start here →
stalkerware sweep (mobile)
if you think someone is watching your phone, start here →
intimate partner violence — tech trail
if your partner tracks you through shared accounts or location history, start here →
election integrity investigation
if election messaging or ballot artifacts look tampered, start here →
account takeover (ATO)
if someone took over an account with password resets and unfamiliar logins, start here →
crypto theft / wallet drain
if your wallet was drained or you signed a malicious contract, start here →
insider threat / data exfiltration
if a departing employee may have copied data or abused access, start here →
phishing campaign investigation
if you need to scope a phishing wave across an organization, start here →
supply chain compromise
if a package, build, or signed update may be poisoned, start here →
cloud account compromise (M365 / Workspace)
if a tenant was hit through OAuth abuse, mailbox rules, or admin takeover, start here →
mobile device triage (consent-based)
if you need a consent-based scan of a phone for the basics, start here →
workplace harassment / hostile workplace
if you need to preserve slack, teams, or email harassment evidence, start here →
trade secret / IP theft
if an exiting employee may have taken source, customers, or CAD files, start here →
document forgery / disputed authenticity
if a PDF, docx, or signature chain looks forged or edited, start here →
AI-generated content dispute
if you need to dispute whether text, image, or code is AI-generated, start here →
deepfake investigation (video / audio / image)
if video, audio, or image identity impersonation is in dispute, start here →
cryptojacking
if a machine is mining crypto without authorization, start here →
lost or stolen device
if a lost phone came back and you need to know what happened on it, start here →
disgruntled employee exit
if a last-day endpoint shows deletions, USB attach, or sabotage, start here →
cyberstalking
if harassment spans social accounts, impersonation, and location leaks, start here →
sextortion
if someone threatens to publish intimate images for payment, start here →
minor online coercion · youth safety
if a child or teen was coerced into sending images and a payment demand followed, and you need to preserve chat logs locally before reporting, start here →
creator safety · stalker & NCII
if a client or follower escalated from booking-platform contact to real-world surveillance or off-platform threats and you need a private timeline, start here →
online doxxing (post-event triage)
if your PII was published and you need post-exposure triage, start here →
smart home compromise
if a camera, lock, or voice assistant was accessed without consent, start here →
API key leak / repo compromise
if a leaked repo credential led to cloud abuse or cost spikes, start here →
healthcare data breach
if PHI exposure or EHR audit gaps need scoping, start here →
medical device tamper / clinical IoT
if a pump, monitor, or ventilator log shows wrong dose or suppressed alarms, start here →
DDoS investigation
if you need to scope a volumetric or application-layer attack after the fact, start here →
invoice fraud / vendor account change
if a paid invoice or vendor bank-detail change looks fraudulent, start here →
payroll fraud / ghost employee
if direct deposit, ghost employees, or payroll adjustments look wrong, start here →
whistleblower / retaliation investigation
if an ethics report was followed by termination or adverse action, start here →
HR platform audit / HCM integrity
if Workday, SuccessFactors, or Oracle HCM audit exports show drift, start here →
equity grant / cap table investigation
if cap-table or vesting records show unauthorized grant changes, start here →
global mobility / relocation audit
if relocation or assignment costs look inflated or tampered, start here →
labor trafficking investigation
if recruiter contracts, wage ledgers, or movement logs suggest debt bondage or forced labor and you need to preserve evidence locally before a referral, start here →
gig worker payout fraud
if platform payouts, tips, or driver accounts were redirected, start here →
livestream impersonation / creator takeover
if a creator channel was taken over or impersonated on stream, start here →
journalist source protection
if journalist or source comms may have been compromised around a sensitive story, start here →
AI agent runaway action
if an autonomous agent took actions outside its prompt scope, start here →
LLM prompt injection
if adversarial input — user prompt, RAG chunk, MCP tool result, or uploaded doc — bent an LLM into ignoring its system prompt, start here →
MCP server compromise
if an MCP server's credentials leaked or its tool definitions were tampered with from the server side, start here →
school cyberbullying · K–12 IR
if district IT or counsel needs to correlate student monitor alerts with SIS discipline after a harassment disclosure, start here →
title fraud · deed forgery
if county record grantee or deed instrument metadata does not match the sale file parties, start here →
nursing home records audit · LTC exploitation
if a nursing home resident's bank accounts, POA, or caregiver device exports suggest financial exploitation and you need a local records audit binder, start here →
maritime AIS · sanctions / dark vessel
if insurance or sanctions casework needs marinetraffic · spire · vesselfinder AIS exports correlated for dark vessels, track gaps, or ship-to-ship transfer, start here →