Scam Recovery Checklist

Act quickly after a scam: the UK steps for bank transfers, card payments, passwords, remote access, identity details, reporting and complaints.

Information checked: 18 July 2026

If you have paid a scammer, entered banking details, shared a password, installed software, or lost control of an account, start with the row that matches what happened. Do not wait for a police report before contacting a bank or securing an account.

What to do first

You only received the messageDo not reply, click, or call a number in it. Forward a suspicious SMS to 7726 free of charge. For WhatsApp, iMessage, RCS and other app messages, also use the app or phone's built-in block and report controls.
You opened a linkIf you did not enter information, download a file or install software, the NCSC says further action is unlikely to be needed, but watch for unusual account activity. If anything downloaded or installed, disconnect the device from the internet and run a full security scan.
You shared a passwordUse a clean device to change it immediately. Change every account where the password was reused, starting with the email account used for password resets. Sign out other sessions and turn on strong multi-factor authentication.
You shared card or bank detailsContact the bank or card issuer immediately through its official app or the number printed on the card. Ask it to secure the account or card and identify any payment or account change you did not authorise.
You approved or sent a bank transferTell the sending bank immediately that the payment was induced by fraud and ask it to contact the receiving bank. Ask whether the APP reimbursement rules apply; do not describe an authorised scam payment merely as an unauthorised transaction.
You installed remote-access softwareDisconnect the device, end the remote session and contact the bank from a different trusted device. Remove the software, run a full scan, change exposed passwords, and do not use the affected device for banking until it is secure.
You shared identity documents or personal dataSecure the affected accounts, check all three UK credit-reference files for applications you do not recognise, and consider Cifas Protective Registration where identity misuse is a realistic risk.

Which money-recovery route applies?

How you paidWhat to ask forImportant limits
UK bank transferReport an APP scam claim to the bank or payment firm immediately.For eligible Faster Payments and CHAPS payments made on or after 7 October 2024, firms normally decide within five business days. They can stop the clock for information, but must reach an outcome within 35 business days. Scope, exclusions, vulnerability rules, a possible excess of up to £100 and the £85,000 reimbursement cap can affect a claim.
Debit, credit or prepaid cardAsk the issuer to secure the card and whether chargeback fits the transaction.Chargeback is a card-scheme process, not a statutory right. MoneyHelper says claims commonly need to be made within 120 days, with timing depending on the transaction, so contact the issuer promptly.
Qualifying credit purchaseAsk whether Section 75 of the Consumer Credit Act 1974 applies.The cash price must be over £100 and no more than £30,000, and the required debtor-creditor-supplier relationship and other conditions must be present. It is not generic protection for every card payment.
PayPal Goods and ServicesOpen the Resolution Centre immediately and check Buyer Protection.PayPal's UK terms give 180 days for Item Not Received. A Significantly Not as Described dispute must be opened by the earlier of 30 days after delivery or 180 days after payment.
Cash, gift card or cryptocurrencyContact the platform, exchange or gift-card issuer immediately and preserve the transaction details.Recovery can be difficult, but a fast report may help stop an unused balance or identify a destination. Never pay a recovery service that promises guaranteed results.

Report the incident

  • England, Wales or Northern Ireland: use Report Fraud online or call 0300 123 2040.
  • Scotland: report fraud and cybercrime to Police Scotland on 101. Call 999 if a crime is happening now or someone is in immediate danger.
  • Suspicious SMS: forward it to 7726 free of charge. For other message types, use the relevant app or device reporting controls as well.
  • Phishing email: forward it to report@phishing.gov.uk. The NCSC also accepts suspicious website reports.
  • Impersonated organisation: tell the bank, retailer, courier, platform or public body through contact details you find independently.

Preserve useful evidence

Keep the original message, screenshots, sender details, website address, payment receipt, account number or wallet address, call time, and a short timeline of what happened. Do not keep a malicious page open merely to collect evidence. Never send passwords, PINs or full one-time codes in a report.

If the bank rejects the claim

Ask for the decision and reasons in writing, then use the firm's formal complaints process. If the complaint is not resolved, ask the Financial Ombudsman Service whether it can consider the case. Time limits apply, so do not delay.

Primary sources

This checklist is general educational information, not legal or financial advice. Payment protections depend on the facts of the transaction.