If you just realized you sent money to an online scammer in the Philippines, the first few hours matter. Your best chance of recovery is usually while the money is still inside the banking or e-wallet system, before it is withdrawn, transferred again, converted to crypto, or passed through a money mule. This guide explains what to do immediately, which Philippine laws may apply, where to report the scam, what documents to prepare, and what realistic outcomes to expect.
First Steps After Losing Money to an Online Scammer
Before arguing with the scammer or posting online, focus on stopping further loss and preserving evidence.
1. Report the transaction to your bank or e-wallet immediately
Call or message the official fraud hotline or in-app support of the bank, e-wallet, or financial institution you used to send the money.
Tell them clearly:
“I am reporting a disputed transaction involving an online scam. Please create a fraud case and check if the funds can be temporarily held or traced under the Anti-Financial Account Scamming Act.”
Prepare these details:
| Information | Why it matters |
|---|---|
| Transaction reference number | Helps the bank or e-wallet locate the exact transfer |
| Date and time of transfer | Important for tracing and temporary holding requests |
| Amount sent | Needed for reports, affidavits, and possible recovery |
| Sender account or wallet | Identifies the source financial institution |
| Recipient name, account number, wallet number, or QR details | Helps trace the receiving financial institution |
| Screenshots of chats, posts, ads, receipts, and profiles | Supports your claim that the transaction was fraudulent |
| Any phone number, email, social media account, website, or link used | Helps cybercrime investigators identify digital leads |
Under Republic Act No. 12010, or the Anti-Financial Account Scamming Act, banks and other financial institutions may temporarily hold disputed funds in certain circumstances. The BSP AFASA booklet and implementing circulars provide a coordinated process for handling disputed electronic fund transfers.
2. Ask for a case number and written acknowledgment
Do not rely only on a phone conversation. Ask for:
- A complaint or ticket number
- Confirmation that your fraud report was received
- The name or department handling the case
- Instructions on whether you must submit a sworn complaint, affidavit, police report, or other supporting documents
- The deadline for submitting documents to support a temporary hold
This is important because AFASA-related temporary holding timelines are short. If your bank or e-wallet asks for documents, submit them as soon as possible.
3. Secure your accounts
If the scam involved a link, OTP, phishing page, remote access app, fake customer service agent, or suspicious login, assume your account may be compromised.
Do these immediately:
- Change your passwords for banking, e-wallet, email, and social media accounts.
- Enable multi-factor authentication.
- Remove unknown linked devices.
- Lower transaction limits.
- Disable or replace compromised cards.
- Check recent transactions.
- Report unauthorized transactions separately from the scam payment.
If you gave an OTP, PIN, password, recovery code, or remote access to your phone, tell your financial institution exactly what happened. Do not hide this out of embarrassment. Social engineering is specifically recognized under Philippine law.
4. Preserve evidence before confronting the scammer
Scammers often delete chats, block victims, deactivate accounts, or change usernames once confronted.
Before sending more messages, save:
- Full chat history, not just selected screenshots
- Profile pages showing username, URL, phone number, and account details
- Payment receipts and confirmation pages
- Product listings, job posts, investment offers, or ads
- Website URLs and landing pages
- Emails, SMS, and call logs
- Delivery tracking, if any
- Names of other victims, if known
For screenshots, include the date, time, platform, username, and URL when possible. Avoid cropping out details that may later help investigators.
What Kind of Legal Case Is an Online Scam in the Philippines?
An online scam is not just “bad luck” or a private debt. Depending on the facts, it may involve several Philippine laws.
| Situation | Possible legal basis | Practical meaning |
|---|---|---|
| Fake seller receives payment but never delivers the item | Article 315 of the Revised Penal Code on estafa or swindling | The scammer may have committed fraud by using deceit to obtain money |
| Scammer uses fake identity, fake business, or false promises online | Article 315, Revised Penal Code; RA 10175 Cybercrime Prevention Act | If committed through ICT, cybercrime rules and higher penalties may apply |
| Phishing, fake bank page, OTP theft, account takeover | RA 10175; RA 12010 | May involve computer-related fraud, identity theft, or social engineering |
| Use of another person’s bank or e-wallet account to receive scam funds | RA 12010 | May involve money muling |
| Buying, renting, selling, or lending bank/e-wallet accounts | RA 12010 | This is a separate punishable act, even if the person says they were “just helping” |
| Card fraud, unauthorized account access, access device misuse | RA 8484, Access Devices Regulation Act, as amended by RA 11449 | Covers access devices such as cards, account numbers, PINs, codes, and similar means of account access |
| Fake investment, crypto, forex, lending, or “tasking” scheme | Revised Penal Code, RA 10175, Securities Regulation Code, SEC rules | May require reporting to the SEC if investment solicitation is involved |
| Bank or e-wallet mishandles a fraud complaint | RA 11765, Financial Products and Services Consumer Protection Act; BSP regulations | You may elevate unresolved complaints to the BSP |
Estafa under Article 315 of the Revised Penal Code
Many online scams are treated as estafa, the Philippine crime commonly known as swindling. Estafa generally involves defrauding another person through abuse of confidence, deceit, or fraudulent means.
In online scam cases, estafa may apply when a person obtains money by pretending to be a legitimate seller, employer, investor, buyer, customer service agent, romantic partner, government employee, courier, or business representative.
Common examples include:
- “Seller” accepts payment for a phone, laptop, ticket, or appliance, then disappears.
- “Recruiter” asks for placement fees, training fees, or document processing fees for a fake job.
- “Investor” promises guaranteed high returns from crypto, forex, casino junkets, or online trading.
- “Buyer” sends a fake payment receipt and tricks the seller into shipping goods.
- “Friend” or “relative” uses a hacked account to ask for emergency money.
If the deception was done online, RA 10175 may also apply.
Cybercrime under RA 10175
The Cybercrime Prevention Act of 2012 covers computer-related fraud, computer-related identity theft, illegal access, and other cyber offenses. It also provides that crimes under the Revised Penal Code and special laws committed by, through, or with the use of information and communications technologies may be treated as cybercrime.
This matters because many online scams involve:
- Fake websites
- Hacked accounts
- Phishing links
- Fake customer service pages
- Fraudulent emails or SMS
- Identity theft
- Unauthorized access to online banking or e-wallet accounts
- Use of social media or messaging apps to deceive victims
Investigators may need cybercrime warrants to obtain certain types of computer data, subscriber information, or digital evidence. The procedure is governed by the Supreme Court’s Rule on Cybercrime Warrants, A.M. No. 17-11-03-SC.
Anti-Financial Account Scamming Act
RA 12010 is especially important for bank and e-wallet scams because it targets how scam proceeds move through financial accounts.
It penalizes acts such as:
- Money muling, including allowing another person to use your bank, e-wallet, or financial account
- Opening accounts under fictitious names or using another person’s identity
- Buying, renting, selling, or lending financial accounts
- Recruiting people to open or lend accounts for scam transactions
- Social engineering schemes that obtain sensitive information through deception or fraud
The law also allows financial institutions to temporarily hold disputed funds in appropriate cases. This is why reporting to your bank or e-wallet quickly is critical.
Can the Bank or E-Wallet Freeze or Return the Money?
Possibly, but not always.
Under the BSP’s AFASA rules, a financial institution may temporarily hold disputed funds connected with certain electronic fund transfers. In simplified terms:
- The victim reports the disputed transaction to the source financial institution.
- The source institution validates basic transaction details.
- It may send a holding request to the receiving financial institution and any subsequent financial institutions.
- An initial temporary hold may apply for up to 5 calendar days.
- The hold may be extended, with supporting documents, for an additional period so that the total temporary hold generally does not exceed 30 calendar days, unless a court orders otherwise.
This process is not the same as an automatic refund. It is a way to preserve funds while the case is being assessed.
Important limits
A temporary hold may not help if:
- The scammer already withdrew the money in cash.
- The money was transferred through several accounts.
- The money was converted to cryptocurrency or other assets.
- The receiving account has no remaining balance.
- The transaction was not covered by the specific AFASA temporary holding rules.
- The case is treated as an erroneous transfer rather than a fraudulent disputed transaction.
The BSP rules distinguish a disputed scam transaction from an erroneous transaction, such as sending money to the wrong account number or entering the wrong amount. If you simply made a mistake in the recipient details, the process may be different.
When financial institutions may be responsible
AFASA also recognizes duties of financial institutions to maintain systems such as fraud management, verification, risk controls, and multi-factor authentication. Under the law, a financial institution may be liable for restitution in certain situations if it fails to employ adequate risk management systems or fails to exercise the required diligence.
This does not mean every scam loss is automatically reimbursable. The facts matter, including how the scam happened, what warnings were given, what controls were in place, whether the transaction was authorized, and how quickly the complaint was handled.
Where to Report an Online Scam in the Philippines
The best reporting path depends on your goal. If your priority is fund recovery, start with the financial institution. If your priority is criminal investigation, report to cybercrime authorities. In many cases, you should do both.
| Where to report | Best for | What to prepare |
|---|---|---|
| Your bank, e-wallet, or payment provider | Urgent tracing, temporary holding, fraud ticket, possible recovery | Transaction details, screenshots, ID, affidavit or police report if required |
| PNP Anti-Cybercrime Group eComplaint Desk | Cybercrime complaints involving online platforms, phishing, social media, fake websites, digital fraud | Evidence, IDs, transaction records, scammer details |
| NBI Cybercrime Division | Computer-related fraud, identity theft, hacking, complex cybercrime complaints | Complaint form, evidence, IDs, digital records |
| NBI report page | General reporting to NBI | Narrative, evidence, contact details |
| CICC / eGov anti-scam reporting | Suspicious links, digital scam reports, public intake | Scam links, screenshots, phone numbers, URLs |
| BSP Consumer Assistance Channels | Complaints against BSP-supervised banks, e-wallets, remittance companies, or financial service providers | Proof you first complained to the institution, ticket number, reply or lack of action |
| SEC iMessage portal | Investment scams, unregistered securities, fake corporations, unauthorized solicitation | Investment offer, proof of payment, company/person details, screenshots |
| Prosecutor’s Office | Criminal complaint if suspect is identifiable | Complaint-affidavit, evidence, witness affidavits, IDs |
| First-level court small claims | Civil recovery from an identifiable person for money claims within the small claims limit | Evidence of debt/payment, defendant’s address, demand, filing documents |
Step-by-Step Practical Guide
Step 1: Make the fraud report to the source financial institution
Use the official customer service channel only. Do not trust random “recovery agents” or people who message you after you post about being scammed.
Ask these specific questions:
- Was a fraud case created?
- Was the receiving financial institution identified?
- Can an initial temporary hold be requested?
- What documents are required to support an extended hold?
- What is the deadline to submit the documents?
- Will the institution provide written updates?
- What happens if the receiving account has no remaining funds?
If the transaction involved a bank-to-bank or e-wallet transfer, tell them you want the matter handled under their fraud, consumer protection, and AFASA procedures where applicable.
Step 2: Prepare a short written narrative
Your report should be clear and chronological. Avoid emotional accusations and focus on facts.
Include:
- How you found the scammer
- What the scammer promised
- What representations were made
- Why you trusted the transaction
- How much you sent
- When and how you sent it
- What happened after payment
- Why you believe it was a scam
- What evidence supports your claim
A simple structure works best:
- “On [date], I saw/contacted [person/page/account].”
- “The person represented that [promise or offer].”
- “Because of this, I sent [amount] via [bank/e-wallet] to [recipient details].”
- “After payment, [non-delivery/blocking/more demands/account deletion] happened.”
- “I am requesting investigation, tracing, and recovery of the funds if still available.”
Step 3: File a cybercrime report
For online scams, especially those involving fake websites, phishing, hacked accounts, identity theft, or social media deception, report to the PNP Anti-Cybercrime Group or NBI Cybercrime Division.
Bring or submit:
- Government-issued ID
- Printed and digital copies of screenshots
- Proof of payment
- Chat history
- URLs, usernames, phone numbers, and email addresses
- Bank or e-wallet complaint ticket number
- Affidavit or complaint narrative, if available
If you are abroad, ask the receiving office what format they require for your affidavit. Some Philippine proceedings may require notarization, consular acknowledgment, or an apostille for documents executed overseas. The DFA Apostille portal is relevant for Philippine public documents used abroad, while foreign notarized documents generally follow the authentication rules of the country where they were executed.
Step 4: Escalate financial institution complaints to the BSP if unresolved
If the bank, e-wallet, or other BSP-supervised financial institution ignores your complaint, gives no meaningful response, or mishandles the process, you may elevate the matter to the BSP.
The BSP’s Consumer Assistance Channels allow consumers to file complaints through the BSP Online Buddy or by submitting a complaint form. Include:
- Your complaint summary
- The resolution you are requesting
- Your contact details
- Your complaint or ticket number with the financial institution
- Copies of the institution’s reply, if any
- Supporting documents
This is especially useful when your complaint is about the financial institution’s handling of the fraud report, not merely the existence of the scam.
Step 5: Report investment scams to the SEC
If the scam involved “investments,” guaranteed returns, crypto trading pools, forex packages, online casino profits, franchising, lending, or a corporation claiming to be legitimate, check the SEC.
A common trap in the Philippines is this: the scammer says, “We are SEC-registered.”
SEC registration as a corporation only means the entity is registered as a juridical entity. It does not automatically mean the company is allowed to solicit investments from the public. Investment-taking usually requires separate authority.
For investment-related complaints, use the SEC iMessage portal and check the SEC advisories page.
Step 6: Consider a criminal complaint or civil recovery case
If the scammer is identifiable and reachable, you may consider:
- A criminal complaint for estafa, cybercrime, or related offenses
- A civil action for recovery of money or damages
- A small claims case, if the claim is purely for payment or reimbursement and falls within the small claims limit
The Rules on Expedited Procedures in the First Level Courts cover small claims cases. Small claims can be useful when the person who received the money is known, has an address, and the issue is recovery of a sum of money. It is less useful when the scammer used fake identities, money mules, or untraceable accounts.
Civil claims may also rely on principles under the Civil Code of the Philippines, such as liability for acts contrary to law, bad faith, unjust enrichment, or damages caused by wrongful conduct.
Evidence Checklist for Online Scam Victims
Prepare both digital and printed copies when possible.
| Evidence | Practical tips |
|---|---|
| Payment receipt | Include reference number, amount, date, time, and recipient details |
| Bank or e-wallet statement | Show the transaction in context, not just a cropped image |
| Chat messages | Export full conversation if the app allows it |
| Social media profile | Capture username, display name, profile URL, photos, and account ID if visible |
| Product listing or ad | Screenshot the full page, price, description, and seller details |
| Website or phishing page | Save the URL and screenshots before it disappears |
| Phone numbers and emails | Preserve call logs, SMS, emails, and headers if available |
| Delivery or courier records | Useful for fake seller and fake buyer scams |
| Complaint ticket numbers | Keep all bank, e-wallet, police, NBI, BSP, or SEC references |
| Affidavit or sworn complaint | Some institutions may require this for extended temporary holding |
| Police report or cybercrime report | Often requested by banks, e-wallets, or prosecutors |
Avoid editing screenshots. If you must highlight something, keep the original file and create a separate annotated copy.
Common Pitfalls That Hurt Recovery
Waiting too long before reporting
Many victims wait because they feel embarrassed, hope the scammer will return the money, or want to gather more proof. Delay can be costly. Scam proceeds often move quickly through several accounts.
Report first, then continue gathering evidence.
Sending more money to “unlock” the refund
Scammers often ask for:
- Withdrawal fees
- Tax clearance fees
- Account verification fees
- Anti-money laundering clearance fees
- Courier insurance
- Processing fees
- “Final payment” before release
These are usually follow-up scams. Do not send more money to recover the first payment.
Trusting “fund recovery” agents online
After you post about being scammed, fake recovery agents may contact you claiming they can hack accounts, reverse transfers, or recover crypto. Many are scammers targeting victims a second time.
Only deal with official banks, e-wallets, law enforcement agencies, regulators, and verified legal representatives.
Posting accusations without preserving evidence
Public warnings can help others, but be careful. If you post accusations with incomplete facts, personal data, or threats, you may create separate legal problems. Preserve evidence first. Report through proper channels. When warning others, stick to verifiable facts.
Assuming a barangay blotter is enough
A barangay blotter may be useful if the scammer is known and located in the same community, but online scams usually require bank tracing, cybercrime investigation, and formal complaints. For unknown scammers, fake accounts, phishing, or digital fraud, go directly to the bank or e-wallet and cybercrime authorities.
Believing that SIM registration guarantees identification
The SIM Registration Act, RA 11934, may help authorities trace registered SIM information through proper legal process. But scammers may use stolen identities, mule SIMs, foreign numbers, messaging apps, or compromised accounts. A phone number is a lead, not a guaranteed solution.
Realistic Timelines and Costs
| Action | Usual timing | Possible cost | Notes |
|---|---|---|---|
| Report to bank or e-wallet | Same day, ideally immediately | Usually free | Most urgent step for tracing and temporary holding |
| Initial temporary hold request | Time-sensitive; may be up to 5 calendar days where applicable | Usually free | Depends on whether funds are still traceable and covered by rules |
| Extended temporary hold | May require documents within the initial period | Affidavit/notarial cost, if needed | Total temporary hold is generally up to 30 calendar days unless court-extended |
| Cybercrime report | Same day to several days, depending on office and completeness | Usually free | Bring complete evidence to avoid repeated visits |
| BSP escalation | After unresolved or mishandled financial institution complaint | Free | BSP usually expects you to first raise the issue with the institution |
| SEC complaint | Depends on complexity | Usually free for complaint filing | Best for investment solicitation and securities-related scams |
| Prosecutor complaint | Weeks to months for preliminary investigation | Notarial, copying, legal assistance if retained | Requires evidence identifying respondents and showing probable cause |
| Small claims case | Varies by court docket | Filing fees apply | Useful only if defendant is identifiable and can be served |
Special Notes for OFWs and Foreign Victims
If you are outside the Philippines but the scam involved a Philippine bank account, e-wallet, phone number, seller, business, or victim, you can still take practical steps.
If you are an OFW or Filipino abroad
You can:
- Report immediately to your Philippine bank or e-wallet through official channels.
- Ask a trusted relative to help gather Philippine documents, but do not give them your passwords or OTPs.
- Prepare a clear written narrative with screenshots and receipts.
- Ask the PNP ACG, NBI, bank, or prosecutor what form of affidavit they require if executed abroad.
- Coordinate with the Philippine Embassy or Consulate if consular acknowledgment is needed.
If you are a foreigner
Foreign victims should preserve the same evidence and report to the Philippine financial institution involved. If filing documents from abroad, ask whether notarized or authenticated documents are required. Requirements may differ depending on the agency, the type of document, and whether the country is part of the Apostille Convention.
Foreigners should also be aware that Philippine law enforcement may need local leads: account numbers, wallet numbers, phone numbers, URLs, IP-related records, or identifiable persons in the Philippines. The more specific your evidence, the more useful your report becomes.
Frequently Asked Questions
Can I still get my money back after sending it to an online scammer?
Possibly, but recovery depends on timing and whether the funds are still in the financial system. Report immediately to your bank or e-wallet and ask if the receiving account can be traced or temporarily held under AFASA procedures. If the money was already withdrawn or transferred onward, recovery becomes harder.
Should I report first to the bank or to the police?
Report to the bank or e-wallet first if money was recently transferred. This gives you the best chance of stopping or tracing the funds. Then report to the PNP Anti-Cybercrime Group or NBI Cybercrime Division for investigation, especially if the scam involved fake accounts, phishing, identity theft, or online deception.
Is an online scam considered estafa in the Philippines?
Many online scams may qualify as estafa under Article 315 of the Revised Penal Code if the scammer used deceit or false pretenses to obtain money. If the scam was committed through the internet, messaging apps, fake websites, or social media, the Cybercrime Prevention Act may also apply.
What if I only have the scammer’s phone number or Facebook account?
A phone number or social media account is still useful evidence, but it may not be enough by itself. Save the full profile link, username, display name, screenshots, chat history, and payment details. Investigators may need legal processes to request subscriber data, account records, or other digital information.
Can GCash, Maya, or a bank reverse the transfer?
Not automatically. A bank or e-wallet may be able to trace or temporarily hold funds if you report quickly and the funds are still available. But if the transaction was authorized and the money has already been withdrawn or moved, reversal may not be possible without further process, agreement, or legal action.
What if I gave my OTP or password to the scammer?
Report it anyway. Giving an OTP or password does not mean you have no remedy. Many scams involve social engineering, which is recognized under AFASA. However, the facts may affect whether the financial institution considers the transaction authorized, whether reimbursement is possible, and what security failures may be examined.
Is a barangay blotter enough for an online scam?
Usually no. A barangay blotter may help document an incident, especially if the scammer is known locally, but it does not replace a bank fraud report, cybercrime complaint, or prosecutor complaint. For online scams, prioritize the financial institution and cybercrime authorities.
Can I file a small claims case against the scammer?
Yes, but only if the scammer or recipient is identifiable, has an address where court papers can be served, and your claim is for a sum of money within the small claims rules. If the scammer used fake names, mule accounts, or unknown locations, criminal and cybercrime reporting may be more practical first.
What if the scammer used someone else’s bank account?
That account holder may be a money mule, a victim of identity theft, or a participant in the scam. Do not assume immediately, but include the account details in your report. RA 12010 penalizes money muling and the buying, renting, selling, lending, or use of financial accounts for scamming.
Should I post the scammer’s details online?
Preserve evidence and file reports first. Public warnings can help other people, but avoid posting sensitive personal data, threats, or accusations you cannot support. Stick to verifiable facts, such as the transaction details, account/page used, and the fact that you have filed a report.
Key Takeaways
- Report the scam to your bank or e-wallet immediately; fund recovery is most realistic before the money is withdrawn or transferred again.
- Ask for a fraud case number and whether a temporary hold or tracing request can be made under AFASA procedures.
- Save complete evidence: receipts, chats, usernames, URLs, phone numbers, emails, screenshots, and complaint ticket numbers.
- Online scams may involve estafa, cybercrime, access device fraud, money muling, investment law violations, and consumer protection rules.
- File with the PNP Anti-Cybercrime Group or NBI Cybercrime Division for cybercrime investigation.
- Escalate to the BSP if a BSP-supervised financial institution mishandles or fails to address your complaint.
- Report investment-related scams to the SEC, especially when there are promises of guaranteed returns or public investment solicitation.
- Do not send more money for “refund,” “withdrawal,” “tax,” “unlocking,” or “recovery” fees.
- A barangay blotter alone is usually not enough for online scams involving banks, e-wallets, fake accounts, or cybercrime.
- Acting quickly, giving complete information, and preserving clean evidence gives you the best chance of tracing the scammer and recovering funds.