What to Do If You Lose a Large Amount to an Online Scammer

Losing a large amount to an online scam is frightening, especially when the money was sent through a bank transfer, e-wallet, remittance app, crypto platform, or a “trusted” person you met online. The first goal is not to argue with the scammer. The first goal is to stop further loss, preserve evidence, alert the financial institutions fast enough to trace or hold funds, and create a usable criminal complaint. In the Philippines, online scam cases may involve estafa, cybercrime, money muling, social engineering, access-device fraud, and sometimes syndicated estafa or money laundering, depending on how the scam was done.

In practice, you should work on two tracks at the same time: the financial recovery track with your bank, e-wallet, or payment provider, and the criminal investigation track with law enforcement and prosecutors. Both tracks need clear documents, dates, transaction references, screenshots, and sworn statements.

First 24 Hours: What to Do Immediately After an Online Scam

1. Stop sending money, even if the scammer promises a refund

Many victims lose more money after the first scam because the scammer says the funds can be released only after paying a “tax,” “clearance fee,” “withdrawal fee,” “anti-money laundering fee,” “customs fee,” or “lawyer’s fee.”

Do not send more. Also be careful of “recovery agents” who message you after you post online. Some are secondary scammers who claim they can hack the scammer, freeze crypto wallets, or recover funds for an upfront payment.

2. Secure your accounts and devices

If the scam involved your online banking, e-wallet, email, phone, or social media account:

  1. Change passwords immediately.
  2. Enable multi-factor authentication.
  3. Log out unknown devices.
  4. Revoke suspicious app permissions.
  5. Call your bank or e-wallet to freeze cards, block online access, or secure the account.
  6. Ask your telecom provider for help if your SIM may have been compromised.
  7. Do not share OTPs, PINs, recovery codes, passwords, or full card details with anyone.

Under the Anti-Financial Account Scamming Act, financial institutions are required to use adequate risk management systems to protect financial accounts, including controls such as multi-factor authentication, fraud management systems, and proper verification processes. The law also recognizes that banks and other covered institutions may face restitution liability when they fail to employ adequate systems or the highest degree of diligence required by the law. (Supreme Court E-Library)

3. Save evidence before the scammer deletes it

Do this before blocking the scammer, if it is safe. Save:

Evidence Examples
Identity details Name used, usernames, phone numbers, email addresses, profile links, photos, group/page names
Conversation records Screenshots, exported chats, voice notes, call logs, timestamps
Payment proof Bank deposit slips, Instapay/PESONet references, e-wallet transaction IDs, QR codes, crypto transaction hashes
Scam representations Promises of investment returns, job offers, romance promises, fake invoices, fake government documents, fake platform dashboards
Your timeline When you first met the scammer, what they promised, when and why you sent money, what happened after
Platform details Facebook/Telegram/Viber/WhatsApp links, marketplace listings, website URL, IP logs if available

Keep the original files. Do not edit screenshots except to make separate annotated copies. If you later submit evidence to the police, NBI, prosecutor, bank, or court, unedited originals are stronger.

4. Report to your bank or e-wallet immediately

Call or message the official fraud channel of your bank, e-wallet, remittance provider, or crypto platform. Ask for a case number or ticket number.

Use clear words:

“I am reporting a scam and disputed transaction. Please flag this under your fraud reporting process, initiate tracing, and request temporary holding or coordinated verification of the receiving account if applicable.”

The BSP’s consumer-assistance rules expect customers to first use the financial institution’s own Financial Consumer Protection Assistance Mechanism, often called the bank or e-wallet’s FCPAM or customer assistance channel, before escalating to the BSP.

Do not give your PIN, password, OTP, full account number, or full card details in an unsecured complaint message. The BSP specifically warns consumers not to include sensitive account credentials such as PINs, passwords, and similar confidential details in consumer-assistance submissions.

5. Report to cybercrime authorities

For online scams, report to law enforcement, especially when the amount is large, the scammer is still active, there are multiple victims, or you need help identifying the receiving account holder.

Possible reporting channels include:

Office When useful Notes
NBI Cybercrime Division Online fraud, fake identities, phishing, investment scams, account takeover The NBI Citizens Charter describes an investigative assistance process for victims of computer crimes, including complaint intake, interview, sworn statements, and possible device examination. (National Bureau of Investigation)
PNP Anti-Cybercrime Group Online scam reports, urgent cybercrime assistance, local police coordination The BSP lists PNP ACG as one of the agencies consumers may contact for scam or fraud reports.
Cybercrime Investigation and Coordinating Center (CICC) Scam reporting and coordination The BSP also lists CICC contact channels for scam or fraud reports.
City or Provincial Prosecutor Filing a criminal complaint against an identified respondent Usually stronger after you have affidavits, transaction proof, and identifying details.

What Philippine Laws May Apply to an Online Scam?

Online scam cases are not all filed under one law. The correct legal basis depends on the method used by the scammer.

Estafa under Article 315 of the Revised Penal Code

Many online scam cases are prosecuted as estafa, which is fraud. Under Article 315 of the Revised Penal Code, estafa may occur when a person uses false pretenses, fraudulent acts, or deceit to make another person part with money or property.

The Supreme Court has described the basic elements of estafa by deceit as: a false pretense or fraudulent representation, made before or at the time of the transaction; the victim’s reliance on that representation; and resulting damage to the victim. (Supreme Court E-Library)

Examples that may fit estafa:

  • A fake seller accepts payment for goods they never intended to deliver.
  • A person pretends to be an investor, broker, recruiter, or supplier to obtain money.
  • A romance scammer invents emergencies to induce repeated remittances.
  • A fake job recruiter collects “processing fees” for a nonexistent job.
  • A scammer creates a fake trading dashboard to make the victim believe profits exist.

For large losses, the penalty may increase depending on the amount defrauded. Republic Act No. 10951 adjusted the value thresholds and penalties for estafa under Article 315, including higher penalty treatment when the amount exceeds certain monetary levels. (Supreme Court E-Library)

Cybercrime under Republic Act No. 10175

Republic Act No. 10175, the Cybercrime Prevention Act of 2012, may apply when the scam was committed through computer systems, electronic communications, or online platforms. Computer-related fraud under the law covers fraudulent acts involving computer data, computer programs, or interference with computer systems that cause damage or economic loss. (Lawphil)

This is important because cybercrime investigators may need electronic evidence such as IP logs, account records, platform data, device information, and transaction trails. The Supreme Court’s Rule on Cybercrime Warrants provides procedures for cybercrime warrants involving computer data, including preservation, disclosure, search, seizure, and examination of computer data. (Office of the Court Administrator)

Anti-Financial Account Scamming Act: Republic Act No. 12010

Republic Act No. 12010, the Anti-Financial Account Scamming Act, is especially relevant when scammers use bank accounts, e-wallets, payment accounts, cards, or other financial accounts to receive or move scam proceeds.

The law covers financial accounts such as bank accounts, deposit accounts, transaction accounts, credit card accounts, e-wallets, and other accounts used to obtain financial products or services. (Supreme Court E-Library)

RA 12010 punishes several acts commonly seen in online scams:

  • Money muling — using, borrowing, buying, renting, selling, lending, opening, or allowing the use of a financial account to receive or transfer scam proceeds.
  • Social engineering schemes — deception or fraud used to obtain sensitive identifying information or gain unauthorized access or control over a financial account.
  • Economic sabotage — certain large-scale or organized forms of financial account scamming, such as acts committed by three or more persons, against three or more victims, or through mass-mailing methods. (Supreme Court E-Library)

Penalties under RA 12010 are serious. Money muling may be punished by imprisonment of six to eight years and a fine of ₱100,000 to ₱500,000. Social engineering schemes may be punished by imprisonment of 10 to 12 years and a fine of ₱500,000 to ₱1,000,000, with higher consequences when the victim is a senior citizen. Economic sabotage may carry life imprisonment and a fine of ₱1,000,000 to ₱5,000,000. (Supreme Court E-Library)

Access-device fraud under Republic Act No. 8484

Republic Act No. 8484, the Access Devices Regulation Act of 1998, may apply when the scam involves credit cards, debit cards, ATM cards, account numbers, access codes, or unauthorized use of access devices. The law covers acts such as producing, using, trafficking in, or possessing counterfeit or unauthorized access devices. (Lawphil)

This may matter if the scammer used stolen card details, unauthorized account access, fake cards, compromised online banking credentials, or similar access-device methods.

Syndicated estafa and fake investment scams

If the scam involves an organized group soliciting money from the public, prosecutors may also examine syndicated estafa under Presidential Decree No. 1689. This is commonly raised in fake investment, Ponzi, crypto, franchise, or “double your money” schemes.

However, not every online group chat or fake trading team automatically becomes syndicated estafa. Investigators look at the number of persons involved, whether there was a formed syndicate, the nature of the solicitation, the public character of the scheme, and the evidence connecting each person to the fraud.

How to Build a Strong Complaint

A large online scam case can fail or slow down if the complaint is emotional but disorganized. Investigators and prosecutors need facts they can verify.

Step 1: Prepare a one-page timeline

Write a simple timeline before going to the bank, NBI, PNP, or prosecutor.

Include:

  1. Date and time you first communicated with the scammer.
  2. Platform used.
  3. Name, username, phone number, email address, or link used by the scammer.
  4. What the scammer promised.
  5. Why you believed the scammer.
  6. Each payment you made.
  7. Account name, account number, bank/e-wallet, reference number, and amount.
  8. What happened after payment.
  9. Whether the scammer blocked you, threatened you, or demanded more money.
  10. Your total loss.

Keep it factual. Avoid exaggeration. A calm, chronological complaint is easier to investigate.

Step 2: Organize transaction proof

Create a table like this:

Date Amount Method Sent From Sent To Reference No. Reason Given by Scammer
Jan. 10, 2026 ₱250,000 Bank transfer BDO account BPI account ending 1234 Instapay ref. no. “Investment capital”
Jan. 12, 2026 ₱100,000 E-wallet GCash Maya wallet Transaction ID “Withdrawal tax”

This helps the bank trace funds and helps investigators identify receiving accounts.

Step 3: File with the bank or e-wallet first, then escalate when needed

For regulated banks and financial institutions, the BSP treats its consumer assistance mechanism as a second-level recourse. This means the customer should generally file first with the bank or financial institution’s own complaint channel, then escalate to the BSP if the matter is not resolved or the response is unsatisfactory.

When escalating to the BSP, include proof that you already contacted the financial institution, such as a complaint ticket, email thread, acknowledgment receipt, or final response.

Step 4: Ask about temporary holding and coordinated verification

RA 12010 allows financial institutions to temporarily hold funds that are subject to disputed transactions. The law provides that this temporary holding may last up to 30 calendar days, unless extended by court order. (Supreme Court E-Library)

BSP Circular No. 1215, issued in 2025 to implement RA 12010 procedures, describes an initial holding request period of not more than five calendar days, with possible extension procedures when further verification is needed. (Bureau of the Treasury)

In practical terms, this is why speed matters. If the scammer already emptied the receiving account, the bank may have nothing left to hold. If you report quickly, the receiving institution may still be able to flag, trace, or temporarily hold funds under the applicable process.

You may be asked to submit supporting documents within the initial holding period, such as a sworn complaint, affidavit, police report, or other document explaining why the transaction is probably disputed. (Bureau of the Treasury)

Step 5: File a cybercrime or fraud complaint

For the NBI Cybercrime Division, the NBI Citizens Charter describes a process where the complainant may proceed to the Cybercrime Division, fill out a complaint sheet, undergo interview and initial investigation, and execute sworn statements or affidavits. The same Citizens Charter states that there is no fee for this listed investigative assistance process. (National Bureau of Investigation)

Bring both printed and digital copies if possible:

  • Valid government ID.
  • One-page timeline.
  • Transaction table.
  • Screenshots and exported chats.
  • Bank/e-wallet receipts.
  • Email headers, URLs, profile links, and phone numbers.
  • Proof that you reported to your bank or e-wallet.
  • Device used in the transaction, if investigators need to examine it.
  • Draft complaint-affidavit, if available.

If the scammer is unknown, the complaint may initially be against John Doe, Jane Doe, or unidentified persons. The purpose of the cybercrime investigation is often to identify account holders, trace digital evidence, request preservation of electronic data, and connect online identities to real persons.

Step 6: File with the prosecutor when the respondent is identifiable

A criminal case generally reaches court only after a complaint is evaluated through preliminary investigation or the applicable prosecutor process. For offenses requiring preliminary investigation, Rule 112 of the Rules of Criminal Procedure provides that the complaint is filed with the proper officer for preliminary investigation. (Lawphil)

A prosecutor complaint usually includes:

  • Complaint-affidavit.
  • Affidavits of witnesses, if any.
  • Transaction records.
  • Screenshots and chat logs.
  • Police or NBI report, if available.
  • Copies of IDs.
  • Supporting certifications or platform records, if available.
  • Evidence showing deceit, reliance, payment, and damage.

If you know only the receiving account name, that may not be enough by itself. Prosecutors usually need evidence connecting the account holder to the fraudulent representations, or evidence that the account holder knowingly acted as a money mule.

Can You Get the Money Back?

Sometimes, yes. But recovery depends on timing and traceability.

The best chance of recovery is when:

  • You reported immediately.
  • Funds are still in a regulated bank, e-wallet, or payment account.
  • The receiving account can be identified.
  • The institution initiates temporary holding or coordinated verification.
  • The scammer or mule has assets.
  • There are multiple victims and law enforcement prioritizes the scheme.
  • The evidence clearly shows fraud.

The hardest cases are those where:

  • The scammer withdrew cash immediately.
  • Funds were broken into many mule accounts.
  • Crypto was moved to private wallets or foreign exchanges.
  • The scammer used fake identities.
  • The victim waited weeks or months before reporting.
  • The only evidence is a nickname and deleted chat thread.

RA 12010 gives financial institutions and regulators stronger tools. It allows coordinated verification among involved institutions and provides that bank secrecy and data privacy rules do not prevent the verification process in covered circumstances. It also states that failure to hold funds when required may make the institution liable for losses, including restitution. (Supreme Court E-Library)

Still, a police report or bank complaint does not automatically mean an immediate refund. Banks and e-wallets will usually verify whether the transaction was unauthorized, induced by social engineering, voluntarily authorized by the customer, or part of a covered disputed transaction.

Documents You Should Prepare

Document Why it matters
Valid ID Needed for bank, law enforcement, affidavits, prosecutor filings
Complaint timeline Helps investigators understand the case quickly
Complaint-affidavit Sworn written statement used for investigation or prosecutor filing
Transaction receipts Proves amount, date, channel, reference number, and receiving account
Bank/e-wallet complaint ticket Shows you reported through the financial institution’s process
Screenshots and exported chats Shows false promises, inducement, and scammer identity
URLs and profile links Helps preserve online accounts before deletion
Phone numbers and email addresses Useful for subpoenas, tracing, and account-link analysis
Police/NBI report Often requested by banks, e-wallets, insurers, or prosecutors
Authorization letter or SPA Useful if an OFW or foreign victim appoints someone in the Philippines

For large losses, a notarized affidavit is usually better than an informal letter. If you are abroad, the receiving Philippine office may require a consularized affidavit, a document notarized before a Philippine Embassy or Consulate, or a locally notarized document with apostille depending on where it was executed and how it will be used. Philippine consular offices commonly notarize affidavits, special powers of attorney, and similar documents for use in the Philippines. (Philippine Embassy)

Common Scenarios

You sent money through GCash, Maya, or another e-wallet

Report through the e-wallet’s official fraud or customer-protection channel immediately. Provide the transaction ID, mobile number or wallet details shown in the receipt, screenshots, and the exact time of transfer.

Ask whether the transaction can be flagged as a scam-related disputed transaction and whether the receiving wallet can be checked or held under the applicable process. Then file a cybercrime complaint if the amount is significant.

You sent money through a bank transfer

Call both your bank and, if known, the receiving bank. Your own bank may not disclose another customer’s private account details, but it can initiate interbank fraud coordination. Ask for written acknowledgment and a case number.

For large transfers, provide Instapay or PESONet reference numbers, deposit slips, account names, account numbers, and branch details if any.

You lost money in a fake investment or trading platform

Save the website URL, dashboard screenshots, wallet addresses, deposit instructions, “profit” screenshots, group chat messages, and names of recruiters or uplines. Fake investment scams often involve both estafa and possible securities-law concerns, especially when the scheme solicits money from the public.

If the scheme involved lending, financing, investment solicitation, or online lending, the BSP notes that some complaints may fall under the Securities and Exchange Commission’s channels, depending on the nature of the entity and transaction.

You sent crypto

Crypto cases are more difficult, but not hopeless. Save:

  • Wallet addresses.
  • Transaction hashes.
  • Exchange account details.
  • Blockchain explorer links.
  • Screenshots of deposit instructions.
  • Chat messages showing who told you to send the crypto.
  • Any KYC information or platform support tickets.

If a Philippine-regulated platform or local financial account was used at any stage, report quickly to that institution and to cybercrime authorities.

You are a foreigner or OFW outside the Philippines

RA 12010 recognizes jurisdiction when an element of the offense is committed in the Philippines, when the computer system or infrastructure is in the Philippines, when damage is caused to a person in the Philippines, or when the financial account is maintained with a covered institution operating in the Philippines. (Supreme Court E-Library)

If you are abroad, prepare digital copies first, then ask the relevant Philippine office how it wants your sworn documents executed. You may need:

  • Passport or government ID.
  • Proof of remittance or transfer.
  • Screenshots and exported chats.
  • A sworn affidavit.
  • A special power of attorney if a representative will file or follow up in the Philippines.
  • Consular notarization or apostille, depending on the country and receiving office.

Common Mistakes That Make Recovery Harder

Waiting too long before reporting

In scam recovery, hours matter. The money may move from one mule account to another, then to cash, crypto, or foreign channels. Report first, organize later. You can submit supplemental documents after the urgent fraud report.

Filing only with Facebook, Telegram, or the platform

Platform reports can help remove the scammer’s account, but they do not replace reports to the bank, e-wallet, NBI, PNP, CICC, or prosecutor.

Sending more money to “unlock” your funds

A real bank, court, prosecutor, NBI, PNP, BSP, or tax office will not ask you to pay random wallet accounts to release scam proceeds.

Deleting chats after taking screenshots

Screenshots help, but exported chats and original files are better. Deleted conversations make it harder to prove the sequence of deceit, reliance, and payment.

Posting unverified accusations online

It is understandable to warn others, but be careful. Posting names, photos, addresses, IDs, or account numbers without proper verification may create separate legal problems, especially if the information belongs to a mule, identity-theft victim, or unrelated person.

Assuming the account holder is automatically the mastermind

The receiving account holder may be the scammer, a recruiter, a paid mule, a hacked-account victim, or someone whose identity was used. This is why investigators look for links between the receiving account, the fraudulent representations, and the movement of funds.

Practical Timeline: What Usually Happens

Stage Practical timing What may happen
Emergency bank/e-wallet report Same day, ideally within hours Account flagging, tracing, request for temporary hold, complaint ticket
Initial temporary holding process Up to 5 calendar days under BSP implementation rules You may need to submit affidavit, police report, or supporting documents quickly. (Bureau of the Treasury)
Possible extended holding Additional period may be requested when verification is needed BSP rules describe extension procedures tied to reasonable grounds and further verification. (Bureau of the Treasury)
Cybercrime complaint intake Same day to several days, depending on office and queue Interview, complaint sheet, sworn statement, evidence review
Investigation Weeks to months Tracing accounts, requesting data, identifying suspects, coordinating with institutions
Prosecutor evaluation Often months, depending on docket and evidence Respondents may be required to submit counter-affidavits
Court case Months to years Trial, plea, settlement discussions, restitution, civil liability issues

Timelines vary widely. A clean evidence packet and fast financial-institution report usually help more than repeated informal follow-ups.

Frequently Asked Questions

Can I still recover money lost to an online scam in the Philippines?

Possibly, but it depends on how fast you report, where the money went, whether funds remain in a regulated account, and whether the scammer or mule can be identified. The strongest recovery chances usually come from immediate reporting to the bank or e-wallet, supported by a police, NBI, or cybercrime complaint.

Should I report first to the bank, BSP, PNP, or NBI?

Report to your bank or e-wallet immediately because they are in the best position to trace and possibly hold funds. At the same time, report to cybercrime authorities such as the NBI Cybercrime Division, PNP Anti-Cybercrime Group, or CICC. Escalate to the BSP after using the financial institution’s complaint process, especially if the bank or e-wallet does not respond properly.

Is an online scam estafa or cybercrime?

It can be both. Estafa focuses on deceit and loss of money or property. Cybercrime applies when the fraud uses computers, online platforms, electronic communications, or computer data. A single online scam may involve estafa under the Revised Penal Code, cybercrime under RA 10175, financial account scamming under RA 12010, and access-device fraud under RA 8484.

What if the scammer used a mule account?

A mule account is a financial account used to receive or move scam proceeds. RA 12010 directly penalizes money muling, including selling, lending, renting, opening, or allowing the use of a financial account for scam-related activity. (Supreme Court E-Library)

If you have the mule account details, report them immediately to the sending and receiving financial institutions and include them in your cybercrime complaint.

What if I voluntarily sent the money?

You can still have a scam case if you sent the money because of deceit, false promises, fake identities, or fraudulent representations. In estafa, the issue is not simply whether you clicked “send.” The key question is whether the scammer’s fraud induced you to part with your money.

However, voluntary transfers may make bank reimbursement harder if the institution’s systems worked properly and the transaction was authenticated. This is why the criminal complaint and evidence of deception are important.

Do I need a lawyer to file a cybercrime complaint?

You can file an initial report with the NBI, PNP, CICC, bank, e-wallet, or BSP without a lawyer. For large losses, multiple victims, foreign documents, complex bank tracing, or prosecutor filing, legal help can make the complaint-affidavit and evidence presentation stronger.

What if I am outside the Philippines?

You can still prepare evidence, report to your financial institution, and coordinate with Philippine cybercrime authorities. If a representative will act for you in the Philippines, you may need a special power of attorney. Sworn documents executed abroad may need consular notarization or apostille, depending on the country and the receiving Philippine office.

Can I sue the bank or e-wallet for not stopping the scam?

It depends on the facts. RA 12010 recognizes duties of covered institutions and provides possible restitution liability when an institution fails to use adequate risk management systems or the highest degree of diligence required by law. (Supreme Court E-Library)

But banks and e-wallets do not automatically reimburse every scam loss. The investigation usually looks at authentication, warnings, timing of report, account controls, suspicious transaction monitoring, and whether the institution mishandled a disputed transaction.

How long does an online scam case take?

The emergency reporting stage should happen within hours. The bank or e-wallet review may take days to weeks. Cybercrime investigation can take weeks to months, especially if platforms, banks, or telecom providers must provide records. Prosecutor and court proceedings may take months or years depending on evidence, docket congestion, number of respondents, and whether suspects are located.

Is there a filing fee for reporting to the NBI Cybercrime Division?

The NBI Citizens Charter entry for investigative assistance to victims of computer crimes states that there is no fee for that listed service. (National Bureau of Investigation)

You may still spend money on notarization, printing, transportation, legal assistance, consular documentation, apostille, or private document preparation.

Key Takeaways

  • Report the scam to your bank or e-wallet immediately, preferably within hours.
  • Ask for the transaction to be treated as a scam-related disputed transaction and request tracing, temporary holding, or coordinated verification where applicable.
  • Preserve original evidence: screenshots, exported chats, transaction receipts, URLs, phone numbers, emails, and platform details.
  • File with cybercrime authorities such as the NBI Cybercrime Division, PNP Anti-Cybercrime Group, or CICC, especially for large losses.
  • Online scams may involve estafa, cybercrime, access-device fraud, money muling, social engineering, syndicated estafa, or money laundering issues.
  • RA 12010 gives stronger tools against money mules and financial account scamming, but fast reporting is still critical.
  • A police report does not guarantee a refund; recovery depends on timing, traceability, remaining funds, and identifiable suspects or assets.
  • For OFWs and foreigners, Philippine jurisdiction may still exist if the account, victim, system, damage, or transaction has a Philippine connection.
  • A clear timeline, organized transaction table, and sworn complaint-affidavit can make the difference between a vague report and a case investigators can actually act on.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.