What to Do If Fraudsters Drain Your Bank Account or Salary

When fraudsters empty your bank account or take your salary moments after it is credited, speed matters. The first few hours can determine whether the receiving bank can still freeze the money. Report the fraud immediately, secure every linked account, preserve evidence, and make a formal written dispute. Philippine law now gives banks stronger powers to hold suspicious funds, but reimbursement is not automatic—the outcome depends on how the transaction happened, how quickly you acted, and whether the bank’s security and investigation procedures were adequate.

What to Do in the First 60 Minutes

1. Contact your bank through an official channel

Use the number printed on your card, the bank’s official mobile application, or its verified website. Do not call a number sent by text message or supplied by the person claiming to help you.

Tell the bank:

  • The transaction was unauthorized or fraudulently induced.
  • The exact amount, date, time, and transaction reference number.
  • The receiving bank, e-wallet, or account number, if visible.
  • Whether you disclosed an OTP, clicked a link, installed an application, or lost control of your SIM.
  • Whether other transactions may still be pending.

Ask the bank to:

  • Block online and mobile banking access.
  • Freeze or replace affected cards.
  • Remove unknown devices and sessions.
  • Stop pending transfers, if still possible.
  • Initiate a temporary holding of funds and coordinated verification under Republic Act No. 12010.
  • Preserve transaction logs, authentication records, device identifiers, IP addresses, and call recordings.
  • Give you a written acknowledgment and case reference number.

Banks and other financial institutions must maintain free, 24-hour channels for reporting fraud involving electronic fund transfers. The institution where the money came from—called the originating financial institution—should receive and process the dispute even when the money was sent to another bank or e-wallet.

2. Ask for an AFASA temporary hold

Under the Anti-Financial Account Scamming Act or Republic Act No. 12010, a bank may temporarily hold funds involved in a disputed electronic transfer when there are reasonable grounds to suspect fraud.

An initial hold may last for up to five calendar days. It may be extended for up to 25 additional calendar days, for a maximum total of 30 days, while the participating institutions verify the transaction. A court order is generally needed to keep the funds restricted beyond that period.

A hold is not guaranteed. It works best when the money is still in the recipient’s account or has been forwarded to another account that can be traced. If the fraudster has already withdrawn, converted, or transferred the funds beyond reach, the bank may have nothing left to freeze—but it should still conduct coordinated verification and tracing.

3. Secure your phone, SIM, email, and other financial accounts

Fraudsters often use one compromised account to reach others. Immediately:

  • Change the password of your primary email account from a clean device.
  • Change banking, e-wallet, and social-media passwords.
  • Contact your telecommunications provider if you suspect a SIM swap.
  • Remove suspicious applications, especially remote-access or screen-sharing apps.
  • Disable call forwarding and review email-forwarding rules.
  • Inform other banks where you use the same phone number or password.
  • Turn on multi-factor authentication using an authenticator application where available.

Do not factory-reset the affected phone until screenshots, messages, application details, and other evidence have been preserved.

4. Notify your employer if the money was salary

Inform payroll or human resources promptly. Ask for:

  • Your payslip.
  • Payroll credit confirmation.
  • The date, time, amount, and destination account used for payment.
  • Written confirmation of any recent request to change your payroll account.
  • Suspension of future salary credits to the compromised account, if necessary.

This evidence helps determine whether the employer correctly paid your designated account or whether a fraudster changed the payroll instructions before payment.

Identify What Kind of Fraud Happened

The legal and practical response may differ depending on how the money left the account.

Type of incident Common examples Why the distinction matters
Unauthorized transaction Account takeover, SIM swap, card cloning, stolen credentials, transfer made without your knowledge The central issue is whether the bank’s authentication and security controls were adequate and whether you contributed to the loss.
Social-engineering scam Fake bank call, phishing link, investment scam, impersonation, fake buyer, fraudster persuading you to disclose an OTP or approve a transfer The transfer may appear authenticated, but deception does not automatically erase your rights. The bank must still investigate its controls and the surrounding circumstances.
Erroneous transfer You accidentally typed the wrong account number or sent money to the wrong person without any scam BSP rules on AFASA temporary holding generally apply to suspected fraudulent electronic fund transfers, not ordinary mistaken transfers.
Payroll diversion A fraudster changes the employee’s payroll account through a forged email or compromised HR system The question may be whether the employer validly paid the employee at all, rather than merely whether the bank should reverse a transaction.
Post-credit salary theft Salary was correctly credited, then fraudsters accessed the employee’s account The dispute is usually against the fraudsters and potentially the financial institution, not a claim for the employer to pay the same salary again.

Do not describe a fraud-induced transfer merely as an “incorrect transfer” when reporting it. Clearly state the deception, impersonation, account takeover, or unauthorized access involved.

Your Rights Under Philippine Law

Anti-Financial Account Scamming Act

Republic Act No. 12010, enacted in 2024, specifically addresses money-mule accounts, social-engineering schemes, and fraudulent financial accounts.

The law requires supervised financial institutions to employ adequate fraud-management systems, multi-factor authentication, and risk controls. It also permits temporary holding and coordinated verification of disputed funds.

A compliant institution is not automatically liable for every scam loss. However, an institution may be ordered to restore the victim’s money when it failed to use adequate controls, failed to exercise the required degree of diligence, or failed to hold funds despite circumstances requiring action. A criminal conviction of the fraudster is not always necessary before restitution may be imposed against a responsible institution. (Lawphil)

Financial consumer protection rules

The Financial Products and Services Consumer Protection Act, Republic Act No. 11765, gives financial consumers rights that include:

  • Fair and equitable treatment.
  • Protection of financial assets.
  • Data privacy and security.
  • Clear information.
  • Effective complaint handling and redress.

BSP-supervised institutions must maintain a financial consumer protection assistance mechanism. Fraud complaints should receive priority, although there is no single investigation period that applies to every case. The bank must communicate its process, expected turnaround time, and complaint status. Once the investigation is concluded, the formal result should generally be released within three banking days.

During the investigation, the bank may provide reasonable accommodation, such as suspending disputed fees or interest, holding funds that remain intact, or providing a non-withdrawable provisional credit. A provisional credit is not automatic and may depend on the bank’s policies and initial findings.

Banks must exercise a very high degree of diligence

Article 1980 of the Civil Code treats bank deposits as simple loans, meaning the bank becomes the depositor’s debtor for the amount deposited. Philippine Supreme Court decisions also recognize that banking is affected with public interest and that banks must exercise the highest degree of diligence in handling customer accounts.

In Banco de Oro Universal Bank, Inc. v. Seastres, the Supreme Court held a bank liable after it failed to follow its own withdrawal procedures. Although that case involved an over-the-counter withdrawal rather than an online scam, it illustrates an important principle: a bank cannot rely solely on the apparent regularity of a transaction when its own controls, warning signs, or procedures were deficient. (Lawphil)

Possible criminal offenses

Depending on the facts, fraudsters and money mules may face charges under:

  • Republic Act No. 12010 for money muling, social engineering, and related offenses.
  • Article 315 of the Revised Penal Code for estafa.
  • Republic Act No. 10175, the Cybercrime Prevention Act of 2012, for computer-related fraud or identity theft.
  • Republic Act No. 8484, the Access Devices Regulation Act of 1998, for fraudulent use of cards or access devices.
  • Other forgery, falsification, theft, or data-privacy laws.

You do not need to identify the perfect criminal charge before making a report. State exactly what happened and provide the available evidence. Investigators and prosecutors determine the appropriate offense.

Step-by-Step Process for Recovering the Money

1. File a formal written complaint with the bank

A telephone report is important, but follow it with a written complaint through the bank’s official email, branch, application, or dispute form.

Include:

  1. Your complete name and contact details.
  2. The affected account, showing only the necessary digits.
  3. A chronological account of what happened.
  4. Each disputed transaction and reference number.
  5. The time you first discovered and reported the fraud.
  6. Any phishing link, phone number, social-media profile, or receiving account involved.
  7. The remedies requested, including tracing, temporary holding, reversal, and restoration of funds.
  8. A request for the bank’s final written findings.

Keep the acknowledgment, ticket number, screenshots, and names of personnel who handled the report.

2. Submit sworn or supporting documents promptly

For an extended hold beyond the initial five-day period, the bank may require a sworn complaint, affidavit, police report, or comparable supporting document within the initial holding period. Delaying these documents can cause the temporary hold to expire.

A useful affidavit should explain:

  • How you discovered the transaction.
  • Whether you initiated or approved it.
  • What the fraudster said or did.
  • Whether an OTP or credential was disclosed and under what circumstances.
  • Your actions immediately after discovering the fraud.
  • Why the transaction was inconsistent with your normal activity.
  • The total amount lost.

Have the affidavit notarized. Bring a government-issued ID and sign it before the notary.

3. File a report with law enforcement

You may report the incident to:

  • The National Bureau of Investigation Cybercrime Division.
  • The NBI Fraud and Financial Crimes Division.
  • The Philippine National Police Anti-Cybercrime Group or a capable local cybercrime unit.
  • The national anti-scam hotline 1326 for reporting and referral.

The NBI’s procedure for victims of computer crimes generally involves a complaint sheet, preliminary interview, sworn statement, and submission of devices or documentary evidence when relevant. Intake may be completed quickly, but the full investigation can take much longer because investigators may need bank records, subscriber information, preservation orders, and court-issued processes. (National Bureau of Investigation)

A police or NBI report strengthens the paper trail but does not itself guarantee a refund or freeze. The bank report should be made first or at the same time.

4. Cooperate with the bank’s investigation

The originating institution should coordinate with receiving and subsequent institutions to determine whether the funds:

  • Remain intact.
  • Were withdrawn.
  • Were transferred onward.
  • Were divided among several accounts.
  • Were converted into cash, cryptocurrency, goods, or other value.

The bank may ask for device information, transaction history, screenshots, call logs, or confirmation of prior legitimate transactions. Answer accurately. Concealing that an OTP was disclosed can damage credibility when the bank later reviews its records.

Ask for the specific basis of any denial. A generic statement that the transaction was “successfully authenticated” is not necessarily a complete investigation. Authentication proves that a credential or device was used; it does not always prove who controlled it, whether the bank ignored unusual behavior, or whether its fraud controls were adequate.

5. Escalate the complaint to the BSP

You must ordinarily complete or meaningfully pursue the bank’s internal complaint process before escalating to the Bangko Sentral ng Pilipinas.

You may submit a complaint through the BSP Online Buddy on the BSP Financial Consumer Protection page or email consumeraffairs@bsp.gov.ph. Attach:

  • Your complaint to the bank.
  • The bank’s acknowledgment and final response, if available.
  • Transaction records.
  • Affidavit or police report.
  • Screenshots and communications.
  • A clear statement of the remedy requested.

BSP Consumer Assistance and Mediation is generally the required preliminary process before formal BSP mediation or adjudication.

For purely civil claims involving reimbursement or payment, BSP adjudication may cover claims of up to ₱10 million, excluding legal interest, attorney’s fees, and litigation costs. No lawyer or filing fee is ordinarily required. BSP guidance indicates that mediation may take about 30 days from the initial conference, while adjudication may take roughly 180 to 240 days from filing to decision, depending on the case.

6. Consider court action when necessary

Court action may be appropriate when:

  • The loss exceeds BSP’s adjudicatory limit.
  • Damages beyond reimbursement are claimed.
  • Several banks, companies, or individuals may be liable.
  • The dispute involves payroll diversion, negligence, breach of contract, or complex evidence.
  • An urgent preservation, attachment, or injunction remedy is needed.
  • The bank rejects the claim despite evidence of control failures.

Jurisdiction depends on the amount and nature of the claim. A civil action may proceed separately from the criminal complaint, although facts established in one proceeding may affect the other.

The Financial Products and Services Consumer Protection Act generally provides a five-year period from the transaction or discovery of deceit or nondisclosure, subject to an absolute ten-year period from the violation. Other claims and offenses may have different prescriptive periods, so delay remains risky. (Bangko Sentral ng Pilipinas)

When Can the Bank Be Required to Refund the Loss?

There is no rule that every scam victim must be reimbursed, nor is there a rule that anyone who disclosed an OTP automatically loses the case.

The bank, BSP, or court may examine factors such as:

Factor Questions commonly examined
Authorization Did the customer actually initiate the transaction, or did another person control the account or device?
Authentication controls Was multi-factor authentication properly implemented? Were credentials compromised through a weakness the bank should have detected?
Transaction pattern Was the amount, recipient, device, location, or timing unusual for the customer?
Fraud alerts Did the bank’s system generate warnings, and were they acted upon?
Customer conduct Did the customer disclose credentials, install remote-access software, ignore clear warnings, or delay reporting?
Bank conduct Did the bank maintain a 24-hour reporting channel, promptly block access, trace the transfer, and coordinate with other institutions?
Post-report losses Did more money leave after the customer had already reported the compromise?
Receiving account controls Was the recipient account properly verified, monitored, or already associated with suspicious activity?
Compliance with internal rules Did the bank follow its own fraud, withdrawal, authentication, and complaint procedures?

Under BSP rules, liability may turn on the acts or omissions of the customer, the bank, its employees or service providers, and the institution’s compliance with applicable regulations.

Special Rules When Your Salary Was Drained

Salary was correctly credited, then stolen

If the employer correctly deposited the salary into the account you designated, the employer has generally completed the wage payment. Your immediate remedies are against the fraudster and, depending on the facts, the bank or payment provider.

Still notify HR. The employer can provide payroll proof and redirect future salary payments while the account is secured.

Fraudster changed your payroll account before payday

The position may be different if a fraudster impersonated you and instructed HR to send the salary to another account.

Article 105 of the Labor Code generally requires wages to be paid directly to the employee, except in legally recognized situations. An employer relying on changed payment instructions should be able to show that the instructions were genuinely authorized and that its verification procedures were reasonable.

If the money never reached you or your authorized account, the employer’s obligation may remain unsettled. Liability will depend on the communications, payroll procedures, employee conduct, and whether the employer reasonably verified the change. The Labor Code of the Philippines governs the basic rules on wage payment. (Lawphil)

Salary advance or emergency assistance

An employer is not automatically required to pay the same salary twice when it was validly credited and later stolen. Some employers nevertheless provide emergency salary advances, calamity assistance, or payroll loans. These are usually discretionary or governed by company policy, a collective bargaining agreement, or an employment contract.

Documents and Evidence to Prepare

Document or evidence Why it helps
Bank statement or transaction history Identifies the amount, time, reference number, and recipient institution
Bank complaint acknowledgment Proves when the fraud was reported
Screenshots of texts, chats, emails, and caller details Shows the deception and timeline
Phishing website address or application name Helps trace the method used
Call logs and recordings Supports impersonation or social-engineering allegations
Affidavit of incident Provides a sworn chronological account
Police, NBI, or cybercrime report Supports an extended hold and formal investigation
Payslip and payroll confirmation Establishes when and where salary was credited
SIM replacement or telco report Supports a suspected SIM-swap claim
Device-security report May show malware, remote access, or account compromise
Bank denial or investigation result Necessary for BSP escalation and identifying disputed findings
Government-issued IDs Needed for verification, notarization, and formal complaints

Store copies in a secure location. Do not send passwords, PINs, complete card numbers, or active OTPs as evidence.

Typical Timelines, Costs, and Offices

Step Practical timeline Typical cost
Report to bank and secure account Immediately Free
Initial AFASA hold Up to 5 calendar days Free
Extended hold Up to 25 additional calendar days; 30 days total Free
Bank investigation Varies with complexity Free
Written result after investigation concludes Generally within 3 banking days Free
Police or NBI complaint intake Same day may be possible; investigation varies Usually no filing fee
BSP Consumer Assistance and Mediation Often several weeks No filing fee
BSP formal adjudication Guidance indicates roughly 180–240 days No filing fee
Civil court action Commonly months or years, depending on disputes and appeals Filing, service, notarization, and possible legal costs

These are practical estimates, not guaranteed completion dates. Delays often arise from incomplete documents, multiple receiving institutions, anonymous or synthetic identities, overseas transfers, and the need for subpoenas or court orders.

Common Mistakes That Reduce the Chance of Recovery

Waiting for the fraudster to return the money

Promises of a refund are often used to delay reporting until the funds can be moved. Report first. Continue communicating only when advised by investigators and without sending more money.

Reporting only to the receiving bank

The bank from which the money originated should open the dispute and coordinate with the receiving institution. You may notify both, but do not allow either to send you in circles.

Deleting messages or resetting the phone

Screenshots alone may omit metadata. Preserve original messages, emails, call histories, URLs, applications, and device information before cleaning the device.

Assuming an OTP makes the case hopeless

Disclosure of an OTP is relevant, but it is not always decisive. Investigators should still examine deception, unusual transaction behavior, device changes, alerts, transaction limits, bank warnings, and the adequacy of fraud controls.

Accepting a verbal denial

Request a written investigation result stating the evidence reviewed, the basis of the decision, and the complaint-escalation process. A written denial is essential for a meaningful BSP complaint.

Paying a “fund recovery agent”

Fraudsters often return while posing as hackers, police contacts, bank insiders, or recovery specialists. Do not pay an advance fee or provide remote access to anyone promising guaranteed recovery.

Posting complete evidence publicly

Public posts containing complete account numbers, IDs, QR codes, case references, or phone details can create a second identity-theft risk. Give complete records only to verified institutions and authorities.

Relying only on a barangay complaint

Barangay officials can document local disputes and may assist when the suspected fraudster is known and within the same locality. They cannot impose an AFASA hold, compel bank disclosure, or conduct a full cybercrime investigation. Report directly to the bank and appropriate law-enforcement agency.

What Foreigners and Filipinos Abroad Can Do

A person outside the Philippines can report directly to the bank and BSP through official online channels. Time-zone differences should not delay the initial fraud report because banks must maintain round-the-clock reporting facilities.

When a representative in the Philippines will handle mediation, adjudication, or document submission, the institution may require a special power of attorney or SPA.

An SPA signed abroad may generally be:

  • Notarized or acknowledged before the nearest Philippine Embassy or Consulate; or
  • Notarized locally and apostilled when executed in a country covered by the Apostille Convention.

Confirm the exact wording and authentication requirements with the bank, BSP, police unit, or court before execution. BSP procedures permit representation, but formal mediation and adjudication may require an SPA rather than a simple authorization letter.

Foreign nationality does not prevent a depositor from filing a Philippine bank complaint or reporting a Philippine cybercrime. Practical difficulties usually involve identity verification, remote notarization, access to the registered Philippine SIM, and appointing a local representative.

Frequently Asked Questions

Can a bank reverse an InstaPay or PESONet transfer?

Possibly, but completed transfers are not automatically reversible. The bank must first locate the money and coordinate with the receiving institution. Recovery is most likely when the report is immediate and the funds remain intact. The AFASA process can temporarily restrict suspicious funds while verification is conducted.

What if the money was sent to a GCash, Maya, or other e-wallet?

Report to the bank or wallet from which the money originated and also notify the receiving wallet if identifiable. E-wallet providers covered by BSP supervision are subject to financial-consumer protection and fraud-management requirements. Obtain case numbers from both institutions.

Will I lose my claim because I gave the fraudster an OTP?

Not automatically. OTP disclosure may be treated as negligence, but the full circumstances still matter. The bank must examine whether the transfer was unusual, whether warnings were clear, whether its controls worked, and whether it responded properly after notification.

Can the bank deny the claim merely because its system says the transaction was authenticated?

Authentication is relevant but not always conclusive. Ask what authentication method was used, what device and IP address were involved, whether a new device was enrolled, whether transaction warnings appeared, and why fraud monitoring did not stop or challenge the transfer.

What happens if the fraudster already withdrew the money?

A temporary hold may no longer recover that particular amount. The banks can still trace onward transfers, preserve records, identify recipient accounts, and cooperate with law enforcement. Restitution may later be pursued against the fraudster, money mule, or a responsible institution.

Does filing a police or NBI report force the bank to refund me?

No. The report documents the incident and supports investigation, preservation, and possible prosecution. Bank reimbursement depends on the evidence, applicable law, security controls, and allocation of responsibility.

Must my employer pay my salary again?

Usually not when the employer correctly credited the salary to the account you designated and it was stolen afterward. The answer may differ when a fraudster diverted payroll before valid payment reached you.

Can I sue a money mule whose account received the funds?

Potentially. A recipient may face criminal liability under Republic Act No. 12010 and civil liability for restitution or damages, depending on knowledge, participation, and receipt of the funds. Even people who allow others to use their accounts for compensation or with knowledge of suspicious activity may be prosecuted.

Do I need a lawyer to complain to the BSP?

No lawyer is ordinarily required for BSP consumer assistance, mediation, or adjudication. A lawyer may nevertheless be useful for large losses, disputed evidence, multiple institutions, court proceedings, or parallel criminal and civil cases.

How long should I wait before escalating to the BSP?

Do not wait indefinitely. Escalate after the bank has issued a final response, failed to act within its stated turnaround time, or stopped providing meaningful updates despite a complete complaint. Attach proof that you first used the bank’s internal complaint mechanism.

Key Takeaways

  • Report the fraud immediately through the originating bank’s official 24-hour channel and obtain a case number.
  • Specifically request an AFASA temporary hold, coordinated verification, transaction tracing, and preservation of electronic records.
  • Submit an affidavit, police report, and supporting evidence within the initial five-day hold period when an extension may be needed.
  • OTP disclosure or apparent authentication does not automatically decide liability; the bank’s controls, warnings, response, and diligence must also be examined.
  • Escalate unresolved complaints to the BSP and pursue law-enforcement or court remedies when the amount, evidence, or complexity requires them.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.