A public service collaboration for safer digital banking
Home/Learning hub/Philippine guides/What to do after a scam

Recover in the right order

What to do after a scam

The safest response depends on what happened: clicking a link, sharing a password or OTP, installing an app, sending money, or exposing identity documents. Start with the action that limits further loss.

8–10 minute guideScamProof guide
What to do after a scam
Understand

Do not pay to make the problem disappear

Scammers often demand another payment for tax, verification, withdrawal, cancellation, or recovery. Stop contact and do not send more. Act from a trusted device and tell providers the complete story, including any code, access, or approval you gave.

What to do

The first hour matters

Work through these priorities even if you do not yet know the full impact.

  1. 01

    Stop access and payments

    End remote-access sessions, disconnect a suspicious device from sensitive activity, and contact financial providers. Ask whether cards, accounts, beneficiaries, devices, or transactions should be blocked.

  2. 02

    Secure email, then financial accounts

    Email often controls password resets. Change its password from a trusted device, sign out unknown sessions, remove forwarding rules, review recovery details, then secure banking and messaging accounts.

  3. 03

    Preserve evidence before cleanup

    Save messages, account names, URLs, receipts, transaction IDs, and the sequence of events. Evidence helps the bank, platform, and investigators understand what occurred.

  4. 04

    Warn contacts and make reports

    Tell contacts if a messaging or social account may be used to impersonate you. Report to the platform and appropriate Philippine channels, retaining every reference number.

Know the details

Respond to what was exposed

Different forms of access require different recovery actions. Do not assume that changing one password fixes everything.

You entered a password or OTP

Change the password wherever it was reused, review sessions and recovery settings, and notify the affected provider. An OTP may have approved a login or transaction, so state exactly when and where it was entered.

You installed an app or shared your screen

Remove remote access, stop using the device for sensitive accounts, and seek trusted technical help. Change important passwords from another known-safe device.

You sent money

Contact the payment provider immediately and ask about recall, hold, dispute, or fraud procedures. Recovery is not guaranteed, but delay reduces the available options.

You shared identity documents

Ask issuers and affected providers about replacement, monitoring, or fraud flags. Watch for new accounts, SIM changes, password resets, and impersonation attempts.

Official channels

Get help through verified channels

Ignore unsolicited recovery offers. Contact each organisation yourself.

Remember

Recovery is a process, not a promise

Banks, platforms, and investigators may need time and cannot guarantee that money will be returned. Anyone who guarantees recovery in exchange for a fee, crypto payment, remote access, or secrecy is creating a second scam.