What to Do If Your E-Wallet Account Is Scammed Through a Phishing Link

If your e-wallet account was drained after you clicked a phishing link, the first few hours matter. Your goals are to stop further transfers, preserve evidence, trigger the e-wallet provider’s fraud process, ask for temporary holding or tracing of the disputed funds, and file the right reports with Philippine authorities. This guide explains what phishing means under Philippine law, what rights you have against an e-wallet provider, how to report the incident, what documents to prepare, and what usually happens next.

What Happened Legally When You Clicked a Phishing Link?

A phishing link is a fake link designed to make you reveal information such as your password, one-time password, MPIN, account number, card details, or identity documents. In e-wallet scams, the fake page often looks like a real login page, “account verification” page, promo page, delivery page, government aid page, or customer support form.

In practical terms, the scam usually falls into one or more of these situations:

  • The scammer obtained your login credentials and took over your e-wallet account.
  • The scammer tricked you into entering an OTP or approving a transfer.
  • The scammer changed your registered device, mobile number, email, PIN, or security settings.
  • The scammer transferred funds to another e-wallet, bank account, merchant, crypto-related account, or cash-out channel.
  • Your linked bank account, debit card, or credit card was also used.

Under Philippine law, this is not treated as a mere “mistake” or ordinary failed transaction. It may involve financial account scamming, computer-related fraud, identity theft, access device fraud, estafa, and possible data privacy violations, depending on the facts.

Immediate Steps: What to Do in the First Hour

Do these in order. Speed matters because e-wallet funds can be moved through several accounts within minutes.

  1. Stop using the phishing page immediately. Do not enter more information. Do not try to “log out” from the fake site. Close the page.

  2. Disconnect and secure your device. If you suspect malware or screen sharing:

    • Turn off Wi-Fi and mobile data temporarily.
    • Uninstall unknown apps recently installed.
    • Remove remote access apps you did not knowingly install.
    • Run a trusted security scan.
    • Use a different clean device when changing passwords.
  3. Call or message the e-wallet provider’s official fraud channel. Use only the app, official website, verified social media account, or hotline shown on the provider’s official site. Do not use the phone number or link from the suspicious message.

  4. Ask the provider to freeze or restrict the account. Specifically request:

    • temporary account freeze;
    • disabling of transfers, withdrawals, or cash-out;
    • blocking of unauthorized linked devices;
    • unlinking of suspicious cards or bank accounts;
    • investigation of unauthorized transactions;
    • transaction reference numbers; and
    • coordination with the receiving financial institution.
  5. Ask for temporary holding or tracing of disputed funds. Under Republic Act No. 12010, the Anti-Financial Account Scamming Act (AFASA), e-wallets and other BSP-supervised institutions may temporarily hold funds involved in disputed transactions, subject to BSP rules. Say clearly: “I am reporting a phishing-related unauthorized transaction and requesting temporary holding/tracing of the disputed funds under AFASA and applicable BSP rules.”

  6. Change passwords and security settings. Change your e-wallet password or MPIN if you still have access. Also change:

    • email password;
    • online banking passwords;
    • social media passwords if the scam came through Messenger, Facebook, Instagram, Viber, Telegram, or WhatsApp;
    • Apple ID, Google account, or device passcode if linked to your e-wallet.
  7. Notify your bank or card issuer if linked accounts were involved. If your e-wallet was connected to a bank account, debit card, or credit card, report unauthorized use to the bank immediately and request card blocking, online banking restriction, or dispute processing.

  8. Preserve evidence before deleting anything. Take screenshots and screen recordings. Save the SMS, email, chat message, link, transaction receipts, reference numbers, and customer support ticket numbers.

Legal Basis: Your Rights and the Scammer’s Possible Liability

Republic Act No. 12010 or AFASA

Republic Act No. 12010, the Anti-Financial Account Scamming Act, is now the most directly relevant law for phishing-related e-wallet scams.

AFASA expressly covers e-wallets as financial accounts. It penalizes, among others:

  • social engineering schemes, where someone obtains sensitive identifying information through deception or fraud and gains unauthorized access or control over a financial account;
  • money muling, such as using, lending, selling, renting, or allowing the use of a financial account to receive or move scam proceeds;
  • opening accounts using fictitious names or another person’s identity documents;
  • buying or selling financial accounts; and
  • aiding, abetting, or attempting these acts.

For victims, AFASA is important because it also requires financial institutions to maintain adequate controls such as multi-factor authentication, fraud management systems, and proper enrollment and verification processes. If an institution fails to use adequate risk management systems or fails to exercise the required diligence, it may be liable for restitution of funds. AFASA states that a criminal conviction is not required before restitution may be made when the institution is liable under the law.

This means the provider cannot simply close your ticket by saying, “You clicked the link,” if the facts show possible failure in fraud controls, delayed freezing, weak authentication, suspicious device changes, unusual transfer behavior, or failure to coordinate after timely reporting.

BSP rules on temporary holding and coordinated verification

BSP Circular No. 1215, Series of 2025, implements AFASA rules on temporary holding of disputed funds and coordinated verification among Bangko Sentral-supervised institutions.

In plain English, when you report a phishing-related unauthorized transfer, the e-wallet or bank where your money came from may need to coordinate with the receiving institution and other institutions in the transaction chain. The process may involve tracing reference numbers, identifying receiving accounts, checking fraud indicators, and temporarily holding funds if still available.

Key practical points:

Issue Practical meaning
Complaint trigger A complaint filed through the provider’s 24/7 fraud reporting channel may trigger temporary holding and coordinated verification.
Holding period Disputed funds may generally be held for up to 30 calendar days, unless extended by a court.
Same-provider transfer If the receiving account is within the same e-wallet or institution, action may be faster because the provider controls both accounts.
Different provider transfer If funds moved to another bank or e-wallet, coordination is needed. This often takes longer.
If funds are gone The institution should still conduct verification and tracing. A refund is not automatic, but the investigation record matters.
Your role You must cooperate by submitting information, screenshots, affidavits, police reports, and other requested documents.

Republic Act No. 11765 or the Financial Products and Services Consumer Protection Act

Republic Act No. 11765, the Financial Products and Services Consumer Protection Act, gives financial consumers important rights, including:

  • the right to fair and equitable treatment;
  • the right to disclosure and transparency;
  • the right to protection of consumer assets against fraud and misuse;
  • the right to data privacy and protection; and
  • the right to timely handling and redress of complaints.

This law also strengthens the BSP’s authority over financial consumer complaints involving BSP-supervised institutions. For civil claims involving payment or reimbursement of money, the BSP may adjudicate certain purely civil financial consumer disputes up to the statutory threshold under RA 11765.

For ordinary users, the practical point is simple: your e-wallet provider must have a proper complaint-handling system. It should not ignore your report, refuse to give a reference number, or make it impossible for you to submit evidence.

Republic Act No. 10175 or the Cybercrime Prevention Act

Republic Act No. 10175, the Cybercrime Prevention Act of 2012, may apply because phishing uses computer systems, electronic communications, or online platforms.

Depending on the facts, possible cybercrime offenses include:

  • computer-related fraud, where unauthorized input, alteration, deletion, or interference causes damage with fraudulent intent;
  • computer-related identity theft, where identifying information is acquired, used, misused, transferred, possessed, altered, or deleted without right; and
  • related offenses if hacking, malware, fake websites, or unauthorized access are involved.

Cybercrime complaints are usually handled by the PNP Anti-Cybercrime Group, the NBI Cybercrime Division, or the Department of Justice Office of Cybercrime.

Republic Act No. 8484 or the Access Devices Regulation Act

Republic Act No. 8484, as amended by Republic Act No. 11449, may apply when the scam involves access devices such as account numbers, card numbers, PINs, codes, electronic serial numbers, or other means of account access used to obtain money or initiate fund transfers.

This is relevant when the scammer used your e-wallet credentials, card details, PIN, OTP, or linked account information to move money.

Estafa under the Revised Penal Code

Phishing may also amount to estafa or swindling under Article 315 of the Revised Penal Code when deceit caused damage to another person. In scam cases, prosecutors often look at whether there was false representation, reliance on the deception, and resulting financial loss.

Estafa may overlap with cybercrime and special laws. Prosecutors and investigators decide which charges fit the evidence.

Data Privacy Act issues

Republic Act No. 10173, the Data Privacy Act of 2012, may be relevant if personal information or sensitive personal information was collected, misused, exposed, or processed without authority.

However, the National Privacy Commission is not mainly a refund agency for e-wallet losses. A privacy complaint is most useful when:

  • your personal data was improperly disclosed;
  • a company failed to protect your data;
  • your ID documents were misused;
  • your account was opened or changed using stolen identity details; or
  • the provider mishandled your personal information during or after the scam.

How to Report the E-Wallet Scam Properly

Step 1: File a formal complaint with the e-wallet provider

Your first official complaint should be with the e-wallet provider’s Financial Consumer Protection Assistance Mechanism (FCPAM) or customer service channel. The BSP requires supervised institutions to have this first-level complaint process.

Include these details:

  • full name registered to the e-wallet;
  • registered mobile number and email;
  • date and time you clicked the phishing link;
  • date and time of unauthorized transaction;
  • amount lost;
  • transaction reference number;
  • recipient account number, mobile number, name, or merchant, if visible;
  • screenshots of the phishing message and fake website;
  • explanation that you did not authorize the transfer;
  • request to freeze your account and trace/hold funds;
  • request for written findings after investigation.

Use clear wording. For example:

“I am reporting unauthorized e-wallet transactions caused by a phishing link. I request immediate account restriction, preservation of logs, tracing of the disputed funds, coordination with the receiving institution, and temporary holding of funds if still available under AFASA and BSP rules. Please provide a complaint reference number and written updates.”

Step 2: Escalate to the BSP if the provider does not resolve it properly

The BSP’s Consumer Assistance Mechanism is generally a second-level recourse, meaning you normally report to the e-wallet provider first. If the provider ignores you, gives an unclear response, delays unreasonably, or denies the claim without adequate explanation, you may escalate through the BSP Consumer Assistance Channels and Chatbot.

The BSP states that consumers may use BSP Online Buddy (BOB) or email the appropriate form and documents to consumeraffairs@bsp.gov.ph if they cannot access BOB. Attach proof that you already filed with the provider.

For a BSP escalation, prepare:

Document Why it matters
Provider complaint ticket Shows you used the first-level complaint process.
Provider’s reply or denial Shows what you are contesting.
Transaction receipts Identifies the amount, time, and reference number.
Screenshots of phishing message/link Shows the scam method.
Timeline of events Helps BSP and provider understand urgency and delay.
Police/NBI/PNP report, if available Supports the criminal fraud aspect.
ID and proof of account ownership Confirms you are the account owner or authorized representative.

Step 3: Report to law enforcement

A provider complaint is for account recovery, tracing, holding, and possible refund. A law enforcement complaint is for criminal investigation.

You may report to:

Office Best for Practical notes
NBI Cybercrime Division Cybercrime investigation, scammer tracing, sworn statements The NBI citizen’s charter for computer crime assistance indicates no filing fee for the initial investigative assistance process.
PNP Anti-Cybercrime Group Cybercrime complaints, online fraud, phishing, identity theft You may go to a national or regional anti-cybercrime unit. Bring printed and digital evidence.
DOJ Office of Cybercrime Cybercrime coordination and policy functions Useful for guidance on cybercrime reporting and preservation issues.
CICC / 1326 National Anti-Scam Hotline Fast reporting of online scams and cyber fraud Helpful as an early reporting channel, especially for active scam links, numbers, and accounts.

When filing with NBI or PNP, bring or prepare:

  • government-issued ID;
  • printed screenshots;
  • soft copies saved on a USB drive or cloud folder;
  • transaction receipts;
  • e-wallet complaint ticket;
  • timeline of events;
  • phone number, email, URL, username, or account used by the scammer;
  • police blotter, if already obtained;
  • draft complaint-affidavit, if available.

A complaint-affidavit is a sworn written statement narrating what happened. It is usually signed before a prosecutor, investigator, notary public, or authorized officer, depending on the process.

Step 4: Report the scam text or SIM-related issue

If the phishing link came through SMS, also report the sender to your telco and the National Telecommunications Commission. The SIM Registration Act, RA 11934, requires SIM registration, but scam texts still happen. Reporting helps authorities and telcos block numbers and investigate registered SIM misuse.

Keep the original SMS. Do not delete it after taking screenshots.

Step 5: Consider a National Privacy Commission complaint if personal data was misused

If your personal data, ID, biometrics, address, account credentials, or sensitive information was mishandled or used without authority, you may file with the National Privacy Commission.

NPC complaints generally require a notarized complaint-assisted form or verified complaint, evidence, and applicable filing fees. The NPC schedule of fees includes a filing fee for complaints, with possible exemptions for qualified indigent litigants.

Evidence Checklist: What You Should Save

Evidence is often the difference between a weak complaint and a complaint that can be acted on quickly.

Evidence How to preserve it
Phishing SMS or chat Screenshot the full message, sender number, date, and time. Do not crop.
Phishing URL Copy the full URL if safe to do so, but do not reopen it.
Fake website Screenshot the page if still open, including address bar.
E-wallet transaction receipt Save PDF, screenshot, reference number, amount, date, and recipient details.
Account activity logs Screenshot login alerts, device change notices, OTP messages, and security emails.
Customer support ticket Save ticket number, timestamps, chat transcript, and email replies.
Bank/card alerts Save SMS, email, push notifications, and card statements.
Scammer profile Screenshot name, username, number, QR code, profile link, and conversation.
Device evidence Do not factory reset immediately if law enforcement may need forensic review.
Timeline Write a simple minute-by-minute or hour-by-hour sequence while memory is fresh.

Under the Electronic Commerce Act, RA 8792, electronic documents and data messages may have legal effect when properly authenticated. In practice, investigators and courts prefer evidence that is complete, dated, and traceable to the original device or account.

Avoid editing screenshots. If you need to hide sensitive information when sending to a public channel, keep an unredacted original copy for the provider, investigator, prosecutor, or court.

Will the E-Wallet Refund the Money?

A refund is possible, but it is not automatic.

The result usually depends on:

  • how fast you reported the incident;
  • whether funds were still in the receiving account;
  • whether the provider froze or traced the funds promptly;
  • whether there were suspicious account changes or unusual transaction patterns;
  • whether the provider’s authentication and fraud monitoring were adequate;
  • whether you shared OTPs, MPINs, passwords, or device access;
  • whether the provider gave warnings and used reasonable security measures;
  • whether the receiving account appears to be a mule account; and
  • whether the investigation shows provider fault, user fault, third-party fraud, or mixed circumstances.

Under AFASA, a financial institution that is compliant with adequate risk management requirements may have protection from liability for losses arising from covered offenses. But if it failed to employ adequate systems or failed to exercise the required diligence, it may be liable for restitution. This is why your complaint should focus not only on “I was scammed,” but also on the provider’s response, fraud controls, account security events, and delay, if any.

Common Mistakes That Hurt E-Wallet Scam Complaints

Waiting too long before reporting

Many victims feel embarrassed and wait a day or two. That delay can make recovery harder because funds may be transferred, cashed out, or split across several accounts. Report even if you are still unsure.

Reporting only through social media comments

Posting on Facebook or tagging the e-wallet may get attention, but it is not a substitute for a formal fraud ticket. Use the provider’s official fraud channel and get a reference number.

Deleting the phishing message

Do not delete the SMS, email, or chat. It may contain metadata, sender details, headers, URLs, or timestamps useful to investigators.

Sending sensitive information to fake “support” accounts

After a scam, victims are often targeted again by fake refund agents. Real providers and government agencies should not ask for your MPIN, password, full OTP, or remote access to your phone.

Assuming a barangay blotter is enough

A barangay record may help show you reported an incident locally, but phishing and e-wallet fraud are cyber and financial account issues. For investigation, go to the e-wallet provider, BSP escalation if needed, NBI, PNP Anti-Cybercrime Group, CICC, or other proper agency.

Letting someone use your e-wallet “temporarily”

If someone asks to borrow, rent, buy, or use your e-wallet to receive money, refuse. Under AFASA, money muling can be a serious offense. Even if you say “pinagamit ko lang,” your account may be treated as part of the scam transaction chain.

Special Situations

If you are an OFW or abroad

You can still report to the e-wallet provider online and escalate to BSP through online channels. For law enforcement, you may need to coordinate with NBI, PNP, or a representative in the Philippines.

If an affidavit, special power of attorney, or identity document is required, documents signed abroad may need consular notarization at a Philippine Embassy or Consulate, or an apostille if executed in a country that is part of the Apostille Convention and the receiving Philippine office accepts it for that purpose.

If you are a foreigner using a Philippine e-wallet

Foreigners should prepare a passport, ACR I-Card if applicable, Philippine mobile number registration details, proof of e-wallet ownership, and transaction evidence. If you are outside the Philippines, expect additional identity verification. If your foreign card or overseas bank account was linked, also report to the foreign bank or card issuer immediately.

If the scammer is someone you know

If the person is identifiable, preserve conversations and avoid threatening messages. The case may involve estafa, cybercrime, unjust enrichment, or civil recovery depending on the facts. If the person lives in the same city or municipality, barangay conciliation may become relevant for some civil disputes, but serious criminal fraud and cybercrime matters are not resolved simply by barangay mediation.

If the receiving account belongs to an innocent person

Sometimes scammers use mule accounts, stolen accounts, or accounts opened with fake IDs. The named recipient may claim they were also victimized or that their account was used without permission. This is why coordinated verification under BSP rules matters. Institutions look at transaction patterns, device history, account behavior, and supporting documents from both the source and receiving account owners.

Typical Timeline After Reporting

Timelines vary, but this is a realistic guide:

Stage Usual timing What happens
Initial fraud report to e-wallet Same day Account may be frozen or restricted; ticket created.
Initial review by provider 1–7 days Provider checks transaction logs and may ask for documents.
Temporary holding/tracing request As soon as possible Provider coordinates with receiving institution if funds are traceable.
Coordinated verification Up to 30 calendar days in many cases Institutions verify if transaction was disputed, fraudulent, or legitimate.
Extended verification if no funds were held May reach up to 60 calendar days in allowed cases Further tracing and review may continue.
BSP CAM escalation After provider response or inaction BSP may evaluate and refer to the supervised institution for response.
NBI/PNP investigation Weeks to months Depends on evidence, subpoenas, account tracing, platform cooperation, and prosecutor action.
Prosecutor or court process Months or longer Applies if a criminal complaint is built and filed for preliminary investigation or trial.

Frequently Asked Questions

I clicked a phishing link and entered my OTP. Can I still recover my money?

Yes, recovery is still possible, especially if you reported quickly and the funds were still traceable or holdable. Entering an OTP may affect the provider’s evaluation, but it does not automatically end the inquiry. Under AFASA and BSP rules, the provider’s fraud controls, authentication system, account activity monitoring, and response time may still be examined.

Should I report to the e-wallet provider first or to the police first?

Do both, but report to the e-wallet provider immediately because only the financial institution can freeze, restrict, trace, or coordinate holding of funds in its system. After that, file with NBI, PNP Anti-Cybercrime Group, CICC, or another proper law enforcement channel for criminal investigation.

What if the e-wallet provider says the transaction was “authorized” because OTP was used?

Ask for a written explanation and the basis of the finding. Request details on device registration, login location, account changes, transaction risk flags, and fraud monitoring. If the answer is inadequate, escalate to the BSP Consumer Assistance Mechanism with your provider ticket and supporting documents.

Can the BSP order my e-wallet to refund me?

Under RA 11765, the BSP has consumer redress and adjudicatory powers over certain financial consumer disputes involving BSP-supervised institutions, including claims for payment or reimbursement within the law’s coverage. In practice, you must first file with the provider’s complaint mechanism, then escalate to BSP if unresolved or mishandled.

Is a police blotter enough for an e-wallet scam?

Usually, no. A blotter is only a record that you reported something. For e-wallet phishing, you also need a provider fraud ticket, transaction evidence, and, when pursuing criminal investigation, a cybercrime complaint with NBI or PNP Anti-Cybercrime Group.

What if the scammer already cashed out the money?

Recovery becomes harder, but you should still report. Transaction records may identify the receiving account, cash-out point, device, linked number, or mule account. Even if funds are no longer available, the records may support a criminal complaint or a finding that the provider failed to act properly after timely notice.

Can I sue the e-wallet provider?

A claim may be possible if the facts show negligence, breach of financial consumer protection duties, failure to use adequate fraud controls, or failure to act after timely reporting. Possible legal bases may include RA 11765, AFASA, BSP regulations, contract principles, and Civil Code provisions such as Articles 19, 20, 21, and 1170, depending on the facts. Many consumer disputes should first go through the provider and BSP mechanisms before court action.

Can I file a case against the owner of the receiving e-wallet account?

Possibly. If evidence shows the receiving account owner knowingly received, transferred, withdrew, lent, sold, or allowed use of the account for scam proceeds, AFASA money muling provisions may apply. But if the account owner was also hacked or impersonated, investigators must verify that first.

What if I am embarrassed because I clicked the link?

Report anyway. Phishing is designed to trick people quickly, often by copying real brands and creating urgency. Providers and investigators see these cases often. Delay helps the scammer more than anyone else.

Should I post the scammer’s name and number online?

Be careful. You may warn others without exposing unnecessary personal data or making unsupported accusations. Preserve the evidence for the provider and investigators. Public posting can sometimes alert the scammer, cause deletion of accounts, or create separate privacy or defamation issues if the wrong person is identified.

Key Takeaways

  • Report the phishing incident to your e-wallet provider immediately and get a complaint reference number.
  • Ask for account freezing, transaction tracing, and temporary holding of disputed funds under AFASA and BSP rules.
  • Save complete evidence: phishing message, URL, screenshots, receipts, reference numbers, support tickets, and timeline.
  • Escalate unresolved or poorly handled complaints to the BSP Consumer Assistance Mechanism.
  • File a cybercrime report with NBI, PNP Anti-Cybercrime Group, CICC, or other proper law enforcement channels.
  • A refund is possible but not automatic; the investigation will look at timing, evidence, user actions, provider controls, and whether funds can still be traced or held.
  • Do not delete messages, do not use fake support links, and do not lend or sell your e-wallet account to anyone.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.