If you lost money to a scam in the Philippines, the most important thing is to act fast. Your chances of recovery are highest while the money is still inside the Philippine banking or e-wallet system. Once the funds are withdrawn in cash, converted to crypto, passed through several “mule” accounts, or sent abroad, recovery becomes harder—but not always impossible. This guide explains what to do in the first few hours, which agencies handle scam reports, what laws protect victims, when you can ask a bank or e-wallet to hold disputed funds, and what legal remedies may help you recover money.
What “recovering money from a scam” usually means in the Philippines
There are three different goals that people often mix together:
| Goal | What it means | Where it usually happens |
|---|---|---|
| Hold or reverse the funds | Stop the money while it is still in a bank, e-wallet, remittance, or payment system | Your bank/e-wallet, receiving bank/e-wallet, BSP-supervised institution |
| Identify and prosecute the scammer | File a criminal complaint for estafa, cybercrime, financial account scamming, or related offenses | PNP Anti-Cybercrime Group, NBI Cybercrime Division, prosecutor’s office, court |
| Recover through a civil claim or restitution | Get a court order, settlement, restitution, damages, or small claims judgment | Prosecutor/court, Small Claims Court, civil action |
A police report alone does not automatically return the money. A bank complaint alone does not automatically jail the scammer. A civil case can order payment, but it may be useless if the scammer cannot be located or has no assets. The best approach is usually to do all urgent steps in parallel: report to the financial institution, preserve evidence, report to law enforcement, and pursue the proper legal remedy once the facts are clear.
First 24 hours: what to do immediately after being scammed
1. Call your bank or e-wallet immediately
Report the transaction through the official fraud hotline, app help center, branch, or verified customer service channel of your bank or e-wallet.
Ask for these exact things:
- A fraud/disputed transaction ticket number
- Temporary holding of funds, if the money may still be in the recipient account
- Coordinated verification with the receiving bank, e-wallet, or payment provider
- Written confirmation of your report by email, SMS, in-app message, or complaint reference number
- A copy or screenshot of the transaction details, including reference number, recipient name, masked account number, amount, date, and time
Under the Anti-Financial Account Scamming Act, Republic Act No. 12010, banks, e-wallet issuers, and other BSP-supervised institutions may temporarily hold funds subject of a disputed transaction for a period prescribed by the BSP, generally not exceeding 30 calendar days, unless extended by a court. The law also recognizes disputed transactions involving social engineering, unusual transactions, illegal sources, or transactions without clear economic purpose.
BSP regulations now require BSP-supervised institutions to coordinate on disputed fund transfers, trace transaction chains, notify affected account owners, and process temporary holding and coordinated verification. The BSP’s 2025 rules on temporary holding of disputed funds and coordinated verification also state that if disputed funds are successfully held, coordinated verification should be completed within the temporary holding period, unless a court extends it.
2. Do not delete chats, emails, call logs, or screenshots
Preserve everything, even embarrassing messages. Scammers often delete accounts, change usernames, or unsend messages once they know you are reporting them.
Save:
- Chat history from Messenger, Viber, Telegram, WhatsApp, Instagram, TikTok, Facebook Marketplace, dating apps, or email
- Screenshots showing the scammer’s profile, username, phone number, QR code, account name, and payment instructions
- Transaction receipts, reference numbers, deposit slips, remittance slips, bank confirmations, and e-wallet receipts
- URLs of fake websites, ads, landing pages, online stores, crypto platforms, or investment dashboards
- Voice call logs, SMS messages, OTP requests, email headers, and device notifications
- The exact timeline: when you first contacted the scammer, when payment was requested, when you paid, and when they stopped responding
For serious cases, use screen recording to capture the full chat scroll from the profile page to the payment instructions. Screenshots are useful, but full context is better.
3. Change passwords and secure your accounts
If you clicked a phishing link, shared OTPs, installed an app, scanned a QR code, or gave remote access to your phone, assume your accounts are compromised.
Do this immediately:
- Change passwords for email, banking apps, e-wallets, social media, and cloud storage.
- Enable multi-factor authentication, preferably through an authenticator app instead of SMS.
- Log out all devices from your email and social media accounts.
- Call your bank to block cards, online banking access, or suspicious devices if needed.
- If your SIM may have been compromised, contact your telco and consider replacing the SIM.
Legal basis for scam recovery in the Philippines
Estafa under the Revised Penal Code
Many scams are prosecuted as estafa, also called swindling, under Article 315 of the Revised Penal Code. In simple terms, estafa happens when a person defrauds another through deceit, abuse of confidence, false pretenses, or fraudulent acts.
Common examples include:
- Fake online sellers who accept payment but never intend to deliver
- Fake recruiters demanding placement or processing fees
- Romance scammers asking for emergency funds
- Fake investment agents promising guaranteed returns
- People using fictitious names, fake authority, fake business credentials, or imaginary transactions to obtain money
Article 315 covers fraud committed through false pretenses, including using a fictitious name, pretending to possess power, influence, qualifications, property, credit, agency, business, or imaginary transactions.
Cybercrime Prevention Act
If the scam was done through the internet, mobile apps, social media, email, online banking, or electronic communications, the Cybercrime Prevention Act of 2012, Republic Act No. 10175, may apply.
This is important because online estafa may be treated as a cybercrime-related offense when committed through information and communications technology. The law also gives authorities tools for cybercrime investigation, including preservation and disclosure of computer data, subject to legal requirements.
Under RA 10175, the National Bureau of Investigation and the Philippine National Police are the primary law enforcement authorities for cybercrime cases, through their cybercrime units.
Anti-Financial Account Scamming Act
The Anti-Financial Account Scamming Act or AFASA, Republic Act No. 12010, is especially relevant for online banking and e-wallet scams. It covers:
- Money muling, such as selling, lending, renting, buying, or allowing the use of a bank or e-wallet account to receive scam proceeds
- Social engineering schemes, such as deception to obtain passwords, OTPs, account details, card details, or other sensitive financial information
- Opening accounts under fake names or using another person’s identity documents
- Buying or selling financial accounts
- Economic sabotage when committed by groups, against multiple victims, using mass messaging, or through human trafficking
A very important victim-friendly feature of AFASA is that financial institutions may be liable for restitution if they fail to employ adequate risk management systems and controls or fail to exercise the highest degree of diligence in preventing loss or damage. The law expressly states that conviction is not a prerequisite to restitution when the institution is liable under the law.
Financial Products and Services Consumer Protection Act
The Financial Products and Services Consumer Protection Act, Republic Act No. 11765, protects consumers dealing with banks, e-money issuers, financing companies, lending companies, payment providers, insurers, investment firms, and other regulated financial service providers.
For scam victims, RA 11765 matters because it supports your right to:
- File complaints through the financial institution’s consumer assistance mechanism
- Receive fair treatment and proper handling of complaints
- Escalate unresolved complaints to the appropriate regulator, such as the BSP, SEC, Insurance Commission, or other agency depending on the institution involved
For BSP-supervised institutions, the BSP says consumers should first report to the institution’s Financial Consumer Protection Assistance Mechanism, then escalate unresolved complaints through the BSP Consumer Assistance Channels and BSP Online Buddy.
Civil liability and restitution
If a criminal case is filed, the offender’s civil liability may include restitution, reparation of damage, and indemnification for consequential damages under the Revised Penal Code. This means the criminal case can also be used to pursue return of the money.
Separately, the Civil Code may allow an independent civil action for fraud. Article 33 of the Civil Code of the Philippines allows a separate civil action for damages in cases of fraud, independent of the criminal case, using the civil standard of preponderance of evidence.
Where to report a scam in the Philippines
| Situation | Where to report | Purpose |
|---|---|---|
| Bank transfer, InstaPay, PESONet, credit card, debit card, e-wallet | Your bank/e-wallet first; then BSP if unresolved | Hold funds, trace transaction, consumer complaint |
| Online scam using social media, email, fake website, phishing, OTP, remote access, crypto platform | PNP Anti-Cybercrime Group or NBI Cybercrime Division | Criminal investigation and cybercrime complaint |
| Investment scam, Ponzi scheme, fake trading platform, fake corporation, unauthorized securities offering | Securities and Exchange Commission | Regulatory enforcement, investment scam advisories, possible criminal referral |
| Insurance scam | Insurance Commission | Insurance-related complaints |
| Telco/SIM-related scam messages | Telco and National Telecommunications Commission | SIM/account reporting and telco regulatory action |
| Money laundering, large organized scam proceeds | Law enforcement, bank compliance team, possibly AMLC referral through proper channels | Financial intelligence and possible freeze/civil forfeiture mechanisms |
The NBI Cybercrime Division Citizen’s Charter states that cybercrime complaints may involve filling out a complaint sheet, preliminary interview and initial investigation, execution of sworn statements or affidavits, submission of supporting documents, and examination of relevant devices.
For cybercrime, the DOJ Office of Cybercrime is also relevant because RA 10175 created it within the Department of Justice and designated it as the central authority for cybercrime-related international cooperation.
Step-by-step guide to recovering scam money
Step 1: File a formal dispute with your financial institution
Do this even if you already called customer service. Written documentation matters.
Your message should include:
- Your full name and account details
- Date and time of transaction
- Amount
- Transaction reference number
- Recipient account name, number, bank/e-wallet, QR code, or phone number
- Short explanation of the scam
- Statement that you are disputing the transaction
- Request for temporary holding of funds and coordinated verification under AFASA and BSP rules
- Request for written updates and a ticket/reference number
Use words like: “I am filing a disputed transaction complaint and requesting immediate temporary holding of the funds, coordinated verification with the receiving institution, and preservation of all related records.”
Step 2: Report to the receiving institution if known
Technically, BSP rules place primary responsibility on the originating financial institution to coordinate with the receiving institution. In practice, victims often also report directly to the receiving bank or e-wallet, especially when they have the recipient account name or number.
Send a short report and attach the transaction proof. Ask them to:
- Flag the account
- Preserve records
- Hold funds if still available and legally allowed
- Coordinate with your bank/e-wallet
- Provide a complaint reference number
Do not expect the receiving institution to give you private information about its account holder. Due to banking, privacy, and internal security rules, it will usually coordinate institution-to-institution or through law enforcement.
Step 3: File with PNP ACG or NBI Cybercrime
For online scams, prepare a complaint packet before going to PNP ACG, NBI Cybercrime Division, or a regional cybercrime office.
Bring or prepare:
| Document or evidence | Why it matters |
|---|---|
| Valid government ID | Establishes your identity as complainant |
| Complaint-affidavit or sworn statement | Formal narration of facts |
| Proof of payment | Shows amount, date, reference number, account used |
| Screenshots and screen recordings | Shows deceit, identity used, promises, payment instructions |
| Scammer profile links and phone numbers | Helps trace digital identifiers |
| Bank/e-wallet ticket numbers | Shows you reported promptly |
| Timeline of events | Helps investigator understand the case quickly |
| Device used, if relevant | May be examined if phishing, malware, or account takeover occurred |
Your affidavit should be factual and chronological. Avoid exaggerations. State what you personally saw, heard, paid, and received. If a friend or relative talked to the scammer, that person may need a separate sworn statement.
Step 4: Ask law enforcement about preservation requests and subpoenas
Scam evidence disappears quickly. Social media accounts, telco records, login data, IP logs, and account information may require formal legal process. Ask the investigator what can be preserved and what additional documents they need from you.
Law enforcement may request:
- Preservation of computer data
- Subscriber information
- Transaction records
- Bank/e-wallet account records through proper legal channels
- Cybercrime warrants or related court orders when required
Victims cannot usually obtain another person’s bank records directly. Investigators, prosecutors, courts, BSP, or AMLC-related mechanisms may be needed depending on the facts.
Step 5: Escalate unresolved bank or e-wallet complaints to the BSP
If your bank or e-wallet ignores your complaint, gives only generic replies, refuses to process a proper disputed transaction report, or fails to coordinate, you can escalate to the BSP if the institution is BSP-supervised.
The BSP’s consumer process generally requires you to report first to the financial institution’s own complaint mechanism. If you are not satisfied, you may use BSP Online Buddy or BSP Consumer Assistance.
Attach:
- Your bank/e-wallet complaint ticket
- Transaction proof
- Screenshots of the scam
- Timeline
- Replies from the financial institution
- Your specific request: reversal, temporary holding, investigation, explanation, or written final response
The BSP is not a criminal court and does not arrest scammers, but BSP escalation can pressure supervised institutions to properly handle consumer complaints and comply with financial consumer protection rules.
Step 6: Consider a criminal complaint, civil action, or small claims case
If the scammer is identified, you may have several legal routes.
| Remedy | When useful | Practical note |
|---|---|---|
| Criminal complaint for estafa/cybercrime/AFASA | Fraud, online deception, phishing, mule accounts, organized scams | Can include civil liability, but takes time |
| Small claims case | You know the person who owes you money and the claim is for payment or reimbursement up to ₱1,000,000 | Lawyers generally do not appear for parties at the hearing under the small claims rules |
| Ordinary civil action | Larger claims, damages, complex facts, corporate defendants | More formal, slower, and usually needs counsel |
| Settlement | The scammer is known and willing to return money | Put any payment plan in writing; avoid withdrawing a criminal complaint without understanding consequences |
Under the Supreme Court’s Rules on Expedited Procedures in the First Level Courts, small claims cases may cover payment or reimbursement of money where the claim does not exceed ₱1,000,000, exclusive of interest and costs. This can help in cases where the scammer is identifiable and located, such as a known seller, borrower, contractor, or acquaintance. It is less useful when the scammer used fake identities or mule accounts.
Can the bank or e-wallet be forced to return the money?
Sometimes, but not always.
A financial institution is not automatically liable just because you were scammed. The key questions are:
- Was the transaction unauthorized, or did you personally send the money after being deceived?
- Did the bank or e-wallet have adequate security controls?
- Did the institution act promptly after your report?
- Were there warning signs, unusual patterns, mule-account indicators, or account-takeover indicators?
- Were disputed funds still available when reported?
- Did the institution follow AFASA, BSP rules, and its own fraud procedures?
Under AFASA, institutions can be liable for restitution if they fail to employ adequate risk management systems and controls or fail to exercise the highest degree of diligence in preventing loss or damage from covered offenses. BSP rules also state that a BSP-supervised institution that fails to temporarily hold funds subject of a disputed transaction, when required, may be liable for loss or damage arising from that failure, including restitution of disputed funds.
This is why timing and documentation matter. A complaint filed within minutes or hours is much stronger than a complaint filed weeks later after the money has already moved.
Common scam scenarios and what usually happens
GCash, Maya, online bank, or InstaPay transfer scam
This is common in online selling, fake jobs, fake loans, and fake investment groups. Report immediately to your originating institution and request coordinated verification. If the funds remain in the recipient account or connected accounts, temporary holding may be possible. If already withdrawn or layered through several accounts, recovery becomes more difficult but records may still help identify mule accounts.
Fake online seller
If the seller used a real name, real address, or repeat account, you may consider both criminal estafa and small claims. If the amount is small, law enforcement may still accept reports, but practical recovery often depends on whether the seller can be identified and located.
Phishing or OTP scam
If you did not authorize the transfer, emphasize that it was an unauthorized transaction caused by phishing, social engineering, account takeover, or compromised credentials. Ask the institution to investigate device, login, IP, OTP, session, and beneficiary enrollment records.
Investment scam or Ponzi scheme
Report to the SEC if the scheme involves investment contracts, profit-sharing, crypto trading pools, forex trading, “guaranteed” returns, staking, franchising packages that are really investments, or recruitment commissions. SEC registration as a corporation does not mean the entity is licensed to solicit investments from the public. You can check company legitimacy through official SEC channels such as SEC iMessage and SEC verification tools.
For organized investment scams, also report to NBI or PNP because SEC action alone may not recover your individual money.
Crypto scam
Crypto recovery is difficult once assets leave a centralized exchange or move through private wallets. Still, report immediately if you sent money from a Philippine bank/e-wallet to buy crypto or transfer to a platform. Preserve wallet addresses, transaction hashes, platform URLs, Telegram groups, exchange receipts, and KYC details. Law enforcement may use blockchain tracing, but recovery depends heavily on whether assets reach a regulated exchange or identifiable account.
Scam involving a foreigner or OFW abroad
If you are outside the Philippines, you can still prepare a complaint-affidavit and evidence packet. Philippine authorities may require sworn statements to be notarized, acknowledged before a Philippine Embassy or Consulate, or authenticated/apostilled depending on where the document is executed and where it will be used.
For documents executed abroad, check the DFA’s Apostille and authentication information and the requirements of the receiving Philippine agency. If your country is part of the Apostille Convention, an apostille may replace consular authentication for many public documents. If not, consular authentication may still be required.
Practical timelines to expect
| Step | Typical timing | Reality check |
|---|---|---|
| Bank/e-wallet fraud report | Same day | Do this within minutes or hours if possible |
| Temporary hold request | Same day to a few days | Only useful if funds are still traceable and holdable |
| Coordinated verification | Within BSP-prescribed periods; often up to 30 days if funds are held | Complex chains may take longer if no funds were held |
| NBI/PNP complaint intake | Same day to several days depending on office workload | Bring complete documents to avoid repeat visits |
| Prosecutor preliminary investigation | Several months or more | Delays are common, especially if respondents are hard to locate |
| Court criminal case | Often years if contested | Restitution may come through settlement or judgment |
| Small claims case | Faster than ordinary civil cases | Useful only when defendant is known and can be served |
Common mistakes that reduce your chances of recovery
Waiting too long before reporting
The first hours matter. Scam proceeds are often moved quickly through mule accounts. Delayed reporting may leave only records, not recoverable funds.
Reporting only to social media
Reporting a Facebook, Telegram, TikTok, or Instagram account may help remove the account, but it does not automatically preserve bank records or start a Philippine criminal investigation. Report to the financial institution and law enforcement too.
Sending more money to “recover” the first payment
Scammers often ask for “unlocking fees,” “taxes,” “verification deposits,” “lawyer fees,” or “withdrawal charges.” This is usually a second-stage scam.
Paying fake recovery agents
Be very careful of people claiming they can hack wallets, reverse GCash, bribe insiders, or guarantee recovery for an upfront fee. Real recovery usually goes through banks, regulated institutions, law enforcement, prosecutors, and courts—not private “fund recovery” hackers.
Posting all details publicly
Public posts can warn the scammer, expose your personal data, and complicate the investigation. It is usually better to preserve evidence privately and submit it through official channels.
Filing a vague complaint
A strong complaint is specific. Include dates, times, amounts, account names, phone numbers, links, screenshots, and a clean timeline. Investigators handle many complaints; make yours easy to understand.
Documents checklist for scam victims
Prepare a folder with these files:
| Document | Notes |
|---|---|
| Valid ID | Passport, driver’s license, UMID, national ID, PRC ID, etc. |
| Complaint-affidavit | Chronological, signed, and notarized if required |
| Transaction receipts | Include reference numbers and timestamps |
| Bank/e-wallet statement | Highlight disputed transactions |
| Screenshots and screen recordings | Show full context, not cropped fragments only |
| Scammer profile data | Links, usernames, phone numbers, emails, QR codes |
| Proof of bank/e-wallet report | Ticket number, email confirmation, chat transcript |
| Demand letter, if any | Useful for known individuals or civil claims |
| Witness statements | If another person saw the transaction or communications |
| Device information | Relevant for phishing, malware, or account takeover |
Frequently Asked Questions
Can I get my money back from GCash, Maya, or my bank after a scam?
Possibly, especially if you report quickly and the money can still be held. Recovery depends on whether the funds remain in the system, whether the transaction was unauthorized or induced by social engineering, whether the institution complied with AFASA and BSP rules, and whether there is evidence of fraud. Always file a formal disputed transaction report and ask for temporary holding and coordinated verification.
What should I say when reporting a scam to my bank or e-wallet?
Say that you are filing a disputed transaction complaint involving fraud or social engineering. Give the transaction reference number, amount, date, time, recipient details, and a short explanation. Specifically request temporary holding of funds, coordinated verification, preservation of records, and a written complaint reference number.
Should I report to PNP or NBI?
For online scams, you may report to either the PNP Anti-Cybercrime Group or the NBI Cybercrime Division. The NBI’s own Citizen’s Charter for computer-crime victims describes complaint intake, preliminary interview, sworn statements or affidavits, supporting documents, and possible device examination. Choose the office accessible to you, but bring complete evidence.
Is an online scam estafa in the Philippines?
Often, yes. If someone used deceit, false pretenses, fake identity, fake authority, or fraudulent promises to obtain your money, the facts may support estafa under Article 315 of the Revised Penal Code. If the scam used online platforms, email, apps, or electronic communications, cybercrime laws may also be relevant.
Can I file a small claims case against a scammer?
Yes, if the scammer is identified, can be served with court papers, and your claim is for payment or reimbursement within the small claims limit. Small claims can be practical for known sellers, borrowers, contractors, or acquaintances. It is usually not effective against anonymous scammers using fake accounts or mule accounts.
Do I need a lawyer to file a scam complaint?
You can report scams to banks, e-wallets, BSP, PNP, NBI, and SEC without a lawyer. For small claims, attorneys generally are not allowed to represent parties at the hearing unless the attorney is the plaintiff or defendant. For large losses, complex cybercrime, corporate scams, foreign respondents, or multiple victims, legal assistance can help organize evidence and choose the right remedy.
Can the recipient account holder be liable if they only “lent” their bank account?
Yes. Under AFASA, money muling activities may include using, borrowing, allowing the use of, selling, lending, renting, buying, or recruiting others to use financial accounts for proceeds known to be derived from crimes, offenses, or social engineering schemes. A person who lends or sells an account may face serious consequences even if they claim they were not the main scammer.
What if the scammer is outside the Philippines?
Report both locally and in the Philippines if Philippine accounts, e-wallets, companies, victims, or platforms were involved. Cross-border cases are slower because they may require coordination through law enforcement, cybercrime channels, platform requests, or mutual legal assistance. Preserve all foreign phone numbers, emails, wallet addresses, platform usernames, and transaction hashes.
Can I recover money if I voluntarily sent it?
Yes, it may still be possible. Many scams involve victims voluntarily sending money because of deception. AFASA recognizes social engineering schemes, and estafa covers fraud through false pretenses. However, banks may treat voluntary transfers differently from unauthorized account takeovers, so your evidence of deception becomes very important.
How long do I have to file a case?
Prescriptive periods depend on the offense and penalty involved, so the exact deadline varies. Practically, you should not wait. Digital evidence, account records, CCTV footage, IP logs, and financial traces may disappear or become harder to obtain. Report immediately even if you are still deciding whether to pursue a full case.
Key Takeaways
- Report within minutes or hours to your bank or e-wallet. Ask for temporary holding of funds and coordinated verification.
- Preserve all chats, screenshots, receipts, URLs, phone numbers, account names, and transaction reference numbers.
- Online scams may involve estafa, cybercrime, AFASA violations, money muling, data privacy issues, securities violations, or money laundering.
- File with PNP ACG or NBI Cybercrime for online scams, and with the SEC for investment scams.
- Escalate unresolved bank or e-wallet complaints to the BSP after first reporting to the financial institution.
- Small claims can help only when the scammer is known, locatable, and the claim is within the limit.
- Recovery is most realistic when funds are still inside the banking or e-wallet system, the report is prompt, and the evidence is complete.