Recovering money from cyber scams

If you have lost money as part of an online scam or wider cybercrime then this guide can help. You may have been tricked into sending money to a criminals account, a criminal may have logged into your online banking and tricked you into enabling payments, you may have been tricked into putting money into a scam investment or been sending money to a romance scammer (catfish). Regardless of how they money was stolen, follow the steps below.

The advice provided in this guide is designed to cover all kinds of financial losses resulting from cyber scams.

We want to better understand the impact of you experiencing this issue, can you share your experience by filling in this online form? This will help us better protect future victims.

Recovering money from cyber scams - Do this first!

  1. Report it to the police - It is important that you report the issue to the police ASAP. You will need a crime number from the police to help you work with your bank and other organisations. With the majority of online scams and cyber crimes you report to Action Fraud. Reporting will also help get the scam shut down and may help you progress getting your money back.

  2. Contact your bank - If it was your bank account, contact your bank and explain what has happened. If you know which bank the money was sent to, you should also contact them. If this is done quick enough, they may be able to freeze the money if it is still in transit and both should kick off a fraud investigation. Fraudulent transfers can often be reversed if caught early enough.

    • Use Cybera’s Case Reporting and Asset Recovery Tool: This tool helps victims of financial fraud report incidents and recover stolen funds. It allows you to make a global report to quickly freeze money involved in bank transfers and cryptocurrency transactions, increasing the chances of recovery by notifying the right financial institutions right away.

  3. Beware recovery scams - After stealing money, it is common for criminals to contact their victims pretending to be their bank, the police or money recovery experts. The aim is to steal more money by asking you to move money into a “safe” account or trick you into sharing information that will enable a further crime. Do not trust any communications by phone, email or text. Instead, call the organisation directly and check that it was really them that tried to get in touch.

Approaches to dealing with cybercrime-related financial loss

How you can try and get your money back very much depends on how the money was stolen. Here we are going to focus on four different approaches: 1) Authorised payments (where you were tricked into making a payment), 2) Unauthorised payments (where the criminal actually carried out the payment using your accounts), 3) ID fraud (where you have been impersonated with a financial organisation) and 4) card fraud (where they money was transferred by a credit or debit card payment).

1) When you have been tricked into making a payment (authorised push payment)

Since 2019, the majority of banks have signed up to a voluntary code on how payments made to scammers should be handled. This focuses on payments where the payment has been authorised by the victim only - so where you have made or approved the payment. The code means that banks can not just dismiss claims by victims, but must investigate and check if the bank has met its duty to protect you from making these types of payments.

How does this work?

  1. Report the scam to your bank’s fraud team - the first step if for you to report the issue to your bank’s fraud team. This will kick off an investigation at the bank.

  2. Fraud investigation - your bank has 15 days to investigate and then report back with an outcome on whether it will give you money back.

  3. Reimbursement - there are three outcomes:

    1. Full reimbursement - your bank recognise they didn’t do enough to warn you as the transfer was being made so you get all of your money back.

    2. No reimbursement - your bank concludes their warnings were sufficient and they believe you ignored them or were ‘negligent’ in your own checks so they offer you no money back.

    3. 50% reimbursement - you could have done more and the bank could have done more, known as Shared Responsibility. You get half your money back.

  4. Making a complaint - if you do not get a full reimbursement, then you should make a complaint to the Financial Ombudsman Services. They may side with you because they believe the banks warnings were not sufficient, effective or impactful enough - or that the bank should have recognised the highly unusual transactions.

[If you're finding this guide helpful, please consider supporting our work with a donation. Our guides are created by volunteer cybersecurity experts, and your contribution helps us continue providing assistance to those impacted by cybercrime.]

2) When a criminal has carried out the payment using your accounts (unauthorised payment)

In this scenario the criminal managed to get access to your online bank account and actually makes the transaction - so you did not authorise the payment. This is common when individuals are tricked into providing remote access to their computers and then the criminal is able to take control and access the online bank account.

The Financial Conduct Authority has rules on how this must be handled by the bank. You should get your money back if the payment was within the last 13 months, the bank can’t prove that you authorised the payment and that the bank does not believe that you acted with gross negligence.

The process here is exactly the same as in step one above.

3) When you have been impersonated with a financial organisation (identity fraud / theft)

In this scenario a criminal has used your personal data to impersonate you with a financial organisation. They may have taken out a loan, credit card or mobile phone contract in your name. For help with this area visit our Identity Theft Guide.

4) When you have made the payment using a debit or credit card (card fraud)

Credit card purchases for goods between the value of £100.01 and £30,000 are protected by Section 75 of the Consumer Credit Act 1974. If you have been tricked into spending on your credit card, a section 75 claim can be made as the credit card provider is jointly liable to refund. It may also be possible to dispute a payment worth less than £100, but you will need to check with your specific credit card provider.

Common scenarios include:

  • You have not received the goods or services that you purchased from the supplier

  • The goods provided by the supplier are faulty

  • The goods or services provided are not as described by the supplier

  • You were persuaded to buy goods or services on the basis of incorrect information

To make a Section 75 claim contact your credit card provider and they will likely direct you to their online form for making a claim. However, it is important that you try to resolve the issue with the merchant first - although it is unlikely you will be able to get in touch with a criminal to do this.

You will likely have to make the Section 75 claim within 120 days of the transaction - or from when you were due to receive the goods or services.

You may also be able to reclaim money on debit cards, but will need to contact your card provider and discuss.

If your claim is unsuccessful then, as above, you should make a complaint to the Financial Ombudsman Service who may challenge your card providers decision.

Donate

To help people like you we rely 100% on donations from people like you.

Without donations we cannot keep our service free and provide help to the most vulnerable victims of cybercrime when they need it most. As a not-for-profit organisation, 100% of your donation goes towards keeping The Cyber Helpline up and running - so 100% goes towards helping people like you. Donate now and help us support victims of cybercrime. 

About The Cyber Helpline

The Cyber Helpline is a non-profit organisation led by expert cybersecurity volunteers, dedicated to supporting victims of cybercrime, digital fraud, and online harm.

Our unique model allows us to harness the skills and expertise of the cybersecurity community and change lives by helping thousands of victims a month. Over 800,000 individuals have accessed our help and our helpline has directly supported more than 60,000 victims.

We provide a free 24/7 self-help service and a confidential helpline for individuals and sole traders. We help victims understand, contain, recover and learn from cyber attacks by linking them with cybersecurity technology & experts who provide relevant advice and guidance.

 

To help people like you we rely 100% on donations from people like you.