A call claiming to be from the “AMLC” can sound terrifying, especially when the caller says your bank account is “under investigation,” “frozen,” or “linked to money laundering.” The most important rule is simple: do not give your OTP, online banking password, card details, MPIN, or e-wallet PIN to anyone. The real Anti-Money Laundering Council does not verify your identity by asking for a one-time password over the phone. This article explains how the fake AMLC OTP scam works, what Philippine laws may apply, and exactly where and how to report it.
What is the fake AMLC OTP call scam?
In this scam, a caller pretends to be from the Anti-Money Laundering Council (AMLC), a bank, a law enforcement office, or a “financial investigation unit.” The caller may say:
- Your account was flagged for suspicious transactions.
- Your GCash, Maya, bank, or credit card account will be frozen.
- You must “verify” your identity to avoid arrest or account closure.
- A case has been filed against you for money laundering.
- You need to read an OTP to “cancel” a transaction.
- You must transfer money to a “safe account.”
The goal is not to help you. The goal is to pressure you into giving information that lets scammers access your bank account, e-wallet, credit card, or online account.
An OTP, or one-time password, is a security code used to approve logins, transfers, card transactions, or account changes. If you give it to a scammer, you may be unknowingly authorizing the transaction yourself.
Why scammers use the AMLC name
The AMLC is a real Philippine government body created under the Anti-Money Laundering Act, or Republic Act No. 9160 of 2001, as amended. Because the AMLC deals with money laundering, terrorism financing, and suspicious financial transactions, scammers use its name to scare people.
The real AMLC has warned the public about fraudulent communications using its name and has advised victims to report fraudulent activities to law enforcement agencies through official channels. See the AMLC advisory on fraudulent letters and fund-transfer scams. (Anti-Money Laundering Council)
How to identify a fake AMLC call asking for OTP
Treat the call as suspicious if any of these warning signs appear:
| Red flag | Why it is suspicious |
|---|---|
| The caller asks for your OTP, PIN, MPIN, CVV, password, or recovery code | Legitimate agencies and banks do not need these to “verify” you |
| The caller says you will be arrested today unless you cooperate | Scammers use panic to stop you from thinking clearly |
| The caller tells you not to call your bank or family | Real agencies do not isolate victims |
| The caller asks you to transfer money to a “safe account” | This is a common fraud tactic |
| The caller uses a mobile number or messaging app only | Official agencies use official channels, not random personal numbers |
| The caller sends a fake ID, badge, warrant, or AMLC letter by chat | Scammers often use edited images and fake documents |
| The caller knows some of your personal details | Data leaks, social media, delivery records, or phishing may give scammers partial information |
| The caller says the OTP is only for “cancellation” | OTPs usually authorize access, changes, or transactions |
A real investigation does not require you to disclose your OTP over the phone.
What to do while the scam call is happening
Do not argue. Scammers are trained to keep you on the line.
Do not give any OTP or password. Even if the caller already knows your name, bank, phone number, or last transaction, do not continue.
End the call. You do not need to explain yourself.
Take screenshots or notes immediately. Save the phone number, time of call, caller name, exact words used, SMS messages, links, account names, and any documents sent.
Call your bank or e-wallet provider using the official number. Use the hotline on your card, official app, or official website. Do not call a number sent by the scammer.
Change your passwords if you clicked a link or shared information. Use a different device if you suspect malware or remote access.
Report the incident. Report even if no money was lost. Early reports help law enforcement and financial institutions trace patterns.
If you already gave the OTP
Act quickly. In many digital fraud cases, the first few minutes matter.
Call your bank or e-wallet immediately. Ask for urgent blocking, account freezing, card replacement, or reversal investigation.
Change your passwords and PINs. Change your email password first if your bank or e-wallet uses email for recovery.
Disable linked devices. Check your banking app, e-wallet app, email, and social media accounts for unknown devices or sessions.
Save proof before deleting anything. Keep screenshots of call logs, SMS, transaction history, chat messages, and emails.
Request a written incident reference number. Banks and e-wallets usually issue a ticket number, case number, or complaint reference.
File a cybercrime report. You may report to the PNP Anti-Cybercrime Group, NBI Cybercrime Division, DOJ Office of Cybercrime, or CICC hotline 1326.
Philippine laws that may apply
Anti-Financial Account Scamming Act: RA 12010 of 2024
The most directly relevant law is the Anti-Financial Account Scamming Act, or Republic Act No. 12010 of 2024. It defines and penalizes financial account scamming and related offenses involving bank accounts, e-wallets, and other financial accounts. You can read the law on Lawphil’s copy of RA 12010. (Lawphil)
This law is important because OTP scams often involve:
- Unauthorized access to a financial account
- Deceptive acquisition of account credentials
- Use of mule accounts
- Social engineering
- Transfers through banks, e-wallets, or payment platforms
A mule account is an account used to receive, move, or hide stolen money. Sometimes the account holder is part of the scam. Sometimes the account holder was tricked into “renting” or lending the account.
Cybercrime Prevention Act: RA 10175 of 2012
The Cybercrime Prevention Act of 2012, or Republic Act No. 10175, may apply when the scam uses computers, mobile phones, internet banking, e-wallet apps, phishing links, spoofed websites, or electronic communications. The law covers cyber-related offenses including computer-related fraud and identity-related offenses. Read the text of RA 10175 on Lawphil. (Lawphil)
Revised Penal Code offenses
Depending on the facts, traditional crimes under the Revised Penal Code may also be involved, especially:
- Estafa under Article 315, when deceit causes the victim to part with money or property
- Falsification, if fake documents, IDs, warrants, or government letters are used
- Usurpation of authority, if someone pretends to exercise official government functions
In practice, cybercrime investigators usually look at the whole incident: the fake identity, the call, the OTP, the transfer, the receiving account, and the digital trail.
Data Privacy Act: RA 10173 of 2012
If scammers have your personal information, the Data Privacy Act of 2012, or Republic Act No. 10173, may also be relevant. This is especially true if your data was obtained from a leak, unauthorized disclosure, or misuse by an organization handling your information.
The National Privacy Commission (NPC) handles privacy-related complaints and breach concerns. For breach-related matters, the NPC states that a full personal data breach report must generally be submitted within five days unless additional time is granted. See the NPC’s breach reporting page. (National Privacy Commission)
Where to report fake AMLC calls in the Philippines
| Office or institution | When to report there | Practical notes |
|---|---|---|
| Your bank or e-wallet provider | Immediately if your account, card, OTP, PIN, or funds may be affected | Ask for blocking, investigation, and a reference number |
| AMLC | If someone is falsely using AMLC’s name or documents | Use only official AMLC channels; do not reply to suspicious messages |
| PNP Anti-Cybercrime Group | For cyber-enabled fraud, phishing, impersonation, and online scam evidence | Initial online reporting may be possible, but serious cases often require follow-up |
| NBI Cybercrime Division | For cybercrime investigation and evidence preservation | Bring screenshots, transaction records, IDs, and affidavits if asked |
| DOJ Office of Cybercrime | For cybercrime coordination and reporting guidance | The DOJ Office of Cybercrime was created under RA 10175. See the DOJ Office of Cybercrime page. (Department of Justice Philippines) |
| CICC / I-ARC Hotline 1326 | For scams and cybercrime assistance | The government’s 1326 hotline is used for reporting scams, including phishing and caller ID spoofing. (Philippine News Agency) |
| National Privacy Commission | If your personal data was misused, leaked, or mishandled | Useful when the issue involves unauthorized use of your personal information |
Step-by-step guide to reporting the scam
1. Secure your accounts first
Before filing reports, stop further loss:
- Freeze or block affected bank accounts, cards, or e-wallets.
- Change passwords for your email, banking apps, and e-wallets.
- Remove unknown devices from account security settings.
- Enable multi-factor authentication.
- Tell your bank if you gave an OTP, clicked a link, installed an app, or shared a screen.
The Bangko Sentral ng Pilipinas has advised the public to protect OTPs and immediately report phishing, vishing, spoofing, and similar fraud to the bank or financial institution. See the BSP’s guide on protecting yourself from fraud and scams. (Bangko Sentral ng Pilipinas)
2. Prepare your evidence
Make a simple folder with:
- Screenshot of SMS, chat messages, emails, links, or fake documents
- Call logs showing number, date, and time
- Names or aliases used by the caller
- Bank or e-wallet transaction history
- Account numbers or wallet numbers that received the money
- Reference numbers from the bank or e-wallet
- Copy of your valid ID
- Written timeline of what happened
Do not edit screenshots. If possible, keep the original messages on the device.
3. Write a short incident timeline
Use this format:
| Detail | Example |
|---|---|
| Date and time | June 26, 2026, around 10:15 a.m. |
| Caller identity claimed | “AMLC investigator” |
| Phone number used | 09XX XXX XXXX |
| What the caller said | Account allegedly flagged for money laundering |
| What you disclosed | OTP, last four digits, email, or none |
| What happened next | Unauthorized transfer of ₱25,000 |
| Immediate action taken | Called bank, blocked account, ticket no. ABC123 |
| Evidence available | Screenshots, call logs, transaction receipts |
A clear timeline helps investigators, banks, and prosecutors understand the case quickly.
4. Report to your bank or e-wallet in writing
Call first, then follow up in writing through the official app, email, or branch.
Ask for:
- Blocking or freezing of affected accounts
- Dispute or fraud investigation
- Transaction trace
- Preservation of logs
- Written case reference number
- Confirmation of the receiving account or merchant details, if allowed
Banks and e-wallets may not immediately return funds. They usually need to check whether the transaction was authorized, where the funds went, and whether recovery is still possible.
5. File a cybercrime report
For many victims, the practical choices are:
- PNP Anti-Cybercrime Group
- NBI Cybercrime Division
- DOJ Office of Cybercrime
- CICC / I-ARC Hotline 1326
The DOJ also maintains a page on reporting cybercrime incidents. (Department of Justice Philippines)
For urgent scam reporting, the 1326 hotline may be used. The Philippine News Agency has reported that 1326 is a 24/7 hotline for scams including phishing, text scams, email scams, caller ID spoofing, and other online scams. (Philippine News Agency)
6. Execute an affidavit if required
Law enforcement or your bank may ask for an affidavit of complaint or affidavit of loss/fraud. An affidavit is a sworn written statement signed before a notary public.
It should usually include:
- Your full name and contact details
- Date, time, and manner of the scam
- What the caller claimed
- Information you disclosed, if any
- Amount lost, if any
- Account or wallet details involved
- List of attached evidence
- Statement that you are filing the complaint voluntarily
Bring a valid government ID for notarization.
Common scenarios
“The caller knew my full name and bank. Does that mean it was real?”
No. Scammers may obtain partial information from leaked databases, social media, delivery records, old forms, phishing pages, or previous scams. Knowing your name does not prove the caller is from AMLC or your bank.
“They said my account will be frozen for money laundering.”
Real account freezing connected to money laundering follows legal and regulatory processes. It is not resolved by giving an OTP to a caller. If you are worried, contact your bank through official channels and ask whether there is any legitimate hold, freeze, or compliance issue.
“I did not lose money. Should I still report?”
Yes, especially if the caller used AMLC’s name, sent fake documents, or used a number that may target others. Reports help authorities and institutions identify active scam numbers, mule accounts, and methods.
“I am an OFW or foreigner outside the Philippines. Can I report?”
Yes. If the affected account, e-wallet, bank, scammer, or transaction is connected to the Philippines, you can still report. Practical steps include:
- Contacting the Philippine bank or e-wallet immediately
- Saving international call logs and screenshots
- Reporting through online or hotline channels where available
- Executing an affidavit abroad if required
If a Philippine agency or bank requires a notarized document executed abroad, you may need notarization according to the rules of the country where you are located, and sometimes an apostille or consular authentication depending on the document and receiving office.
Frequently Asked Questions
Does the AMLC call people to ask for OTP?
No legitimate AMLC process requires you to disclose an OTP over the phone. An OTP is for account security, not government identity verification.
What should I do if I gave my OTP to a fake AMLC caller?
Call your bank or e-wallet immediately, request blocking, change your passwords, save all evidence, and file a cybercrime report. Do not wait to see if the money “comes back.”
Can I recover money lost through an OTP scam?
Sometimes, but recovery is not guaranteed. It depends on how fast you reported, whether the money is still in the receiving account, and whether the financial institution can trace or freeze funds.
Is a fake AMLC call a cybercrime?
It can be, especially if the scam used phones, messages, online banking, e-wallets, phishing links, spoofing, or digital transfers. RA 10175 and RA 12010 may both be relevant depending on the facts.
Should I report to AMLC or to the police?
If the scammer used AMLC’s name, you may report the impersonation to AMLC through official channels. If you lost money or were targeted through digital means, also report to law enforcement such as PNP ACG, NBI Cybercrime, DOJ Office of Cybercrime, or CICC 1326.
What evidence should I keep?
Keep call logs, screenshots, phone numbers, messages, links, transaction receipts, account names, wallet numbers, bank reference numbers, and your written timeline. Do not delete the original messages if possible.
Can scammers be traced through the receiving account?
Sometimes. Investigators and financial institutions may trace the receiving bank or e-wallet account, but scammers often use mule accounts, fake identities, or quickly move funds through multiple accounts.
Is it safe to answer unknown calls?
Answering is not usually the main danger. The danger is giving information, clicking links, installing apps, sharing screens, or following instructions under pressure.
What if the caller threatens arrest?
End the call. Real law enforcement action is not cancelled by giving an OTP. Threats of immediate arrest are a common pressure tactic.
Key Takeaways
- Never share your OTP, PIN, MPIN, password, CVV, or recovery code.
- A caller claiming to be from AMLC who asks for an OTP is almost certainly a scammer.
- Call your bank or e-wallet immediately if you shared information or lost money.
- Save evidence before deleting messages or blocking numbers.
- Relevant laws may include RA 12010, RA 10175, the Revised Penal Code, and RA 10173.
- Report cyber-enabled scams to the proper Philippine authorities, including your bank, PNP ACG, NBI Cybercrime, DOJ Office of Cybercrime, CICC 1326, and AMLC when its name is being misused.