What to Do Immediately After Being Scammed

Stop all further payments without exception. Preserve every piece of evidence communications, payment records, platform documentation before contacting the operator or taking any other action. Secure your financial and personal accounts if credentials were shared. Initiate a bank recall or chargeback through your payment provider as quickly as possible. Report the fraud to the relevant European financial regulator and law enforcement authority. Then obtain professional advisory on the recovery pathways available for your specific situation. The sequence matters. Actions taken out of order confronting the operator before evidence is secured, paying a second “recovery” fee, or deleting communications consistently reduce what can be recovered. The steps below follow the order that preserves the most options. Financial fraud moves fast. The window in which victims can take protective action before funds are further dispersed, before platforms disappear, before evidence degrades is narrow. The steps taken in the first 24 to 72 hours after discovering a scam determine the scope of what recovery is still possible. This guide covers what to do, in what order, and why each action matters.  

The First 24 Hours: Immediate Protective Actions

The first day after discovering a scam is when the most consequential decisions are made and when the most damaging mistakes occur. The priority is protection, not confrontation.  

Stop All Further Payments

Do not send any more money under any framing release fees, tax clearance payments, compliance deposits, verification transfers, or penalty payments. Every additional payment reduces your recoverable loss. Fraudulent operators use the threat of losing prior deposits to extract further payments from victims who are already committed to the engagement. This pattern applies consistently across investment platform fraud, advance fee schemes, and withdrawal obstruction scenarios. If the operator claims that a further payment will unlock your funds or resolve a compliance hold, stop. No legitimate European financial operator requires payment from clients to release their own funds.  

Preserve All Evidence Before Anything Else

Evidence is the foundation of every recovery pathway civil proceedings, regulatory complaints, asset tracing, and criminal referrals all depend on what is documented. Before contacting the operator, before changing any account settings, and before taking any other action, preserve the following:

• Bank transfer confirmations, wire receipts, and payment processor records
• Cryptocurrency transaction hashes and receiving wallet addresses
• Account statements and balance records from the fraudulent platform
• All email correspondence in original format with full headers intact, not forwarded copies
• All messaging platform conversations WhatsApp, Telegram, WeChat, LINE with timestamped screenshots and exported chat backups
• The platform website archive the current state using a web archiving tool before it is taken offline
• All contracts, investment agreements, terms of service, and promotional materials received
• Any identity or KYC documents submitted to the operator
• Phone call records and any voice messages received

Do not delete anything. Victims who delete communications, uninstall applications, or clear devices to remove a painful record eliminate evidence that cannot be reconstructed.  

Secure Your Financial and Personal Accounts

If you provided banking credentials, card details, or identity documents to the operator:

• Contact your bank immediately to flag the fraud and freeze relevant accounts
• Change passwords on all financial accounts, email accounts, and any platform sharing the same credentials
• Enable two-factor authentication across all financial and communication accounts
• If identity documents were submitted passport, national ID, proof of address notify your national identity authority and credit reference agencies to flag potential identity fraud

Fraudulent operators who collect KYC documentation frequently use or sell it for further fraud or identity theft. Account security is an independent protective action regardless of the fund recovery process.  

Hours 24–72: Banking Channel Recovery

The window for the fastest financial recovery mechanisms wire transfer recall and card chargeback closes rapidly. These actions should be taken within the first 24 to 72 hours of discovering the fraud.

Contact Your Bank and Initiate a Recall

For bank wire transfers, contact your sending bank immediately and request a formal recall of the transfer. Recall success rates decline sharply after 24–48 hours as funds are forwarded onward from the receiving account. Early submission while funds may still be sitting in the first receiving account produces the highest probability of reversal. When contacting your bank, use the word “fraud” specifically rather than “dispute” or “error.” Fraud flagging triggers different internal processes, different legal frameworks, and different response timelines at financial institutions.  

Initiate a Chargeback for Card Payments

For payments made by credit or debit card, contact your card issuer and initiate a chargeback dispute under the applicable card scheme rules. Visa and Mastercard both provide chargeback mechanisms for fraud, non-delivery, and misrepresentation. Dispute windows vary by card network and dispute category some fraud-specific categories allow longer filing periods than the standard 120-day window. Do not assume the window has closed without confirming the applicable timeframe with your card issuer.  

For Cryptocurrency Transfers – Act Immediately

Cryptocurrency transactions are irreversible on-chain, but the fraud proceeds are traceable. On-chain blockchain analysis follows the fund flow from the receiving wallet through subsequent transfers to exchange deposits and fiat conversion points. The traceability of crypto fraud proceeds diminishes over time as funds move further from the origin transaction. Initiating professional blockchain analysis as early as possible captures the most complete fund flow picture and identifies the enforcement intervention points exchange accounts subject to legal disclosure requests and identified wallets accessible to court-ordered freezing before further movement occurs.  

Documenting Your Loss

Before initiating formal legal or regulatory action, compile a complete and precise record of the total financial loss. The documented loss figure is the foundation of every civil claim, regulatory complaint, and criminal referral.

What to Include in Your Loss Documentation

• Every payment made – the date, method, amount, and receiving account or wallet for each transfer
• The specific purpose for which each payment was stated to be required
• Any returns, withdrawals, or partial repayments successfully received to be deducted from the gross total
• The current account balance displayed on the fraudulent platform, if any
• The total net loss figure, expressed in the original payment currency and in USD or EUR equivalent

 

Identifying the Entities Involved

Alongside the loss documentation, record all available information about the entities and individuals behind the fraud:

• The full legal name and any company registration numbers presented
• All website URLs and domain names used by the platform
• Names both real and aliases of individuals you communicated with
• Email addresses, phone numbers, and messaging platform accounts used
• Bank account details provided for payment IBAN, account name, institution
• Any regulatory credentials or license numbers presented

This information forms the starting point for corporate investigation, beneficial owner identification, and asset tracing.  

Reporting the Fraud to Authorities

Formal reporting to European financial regulators and law enforcement authorities serves two functions: it initiates official enforcement action against the operator, and it creates a public record that protects other potential victims.

Which European Authorities to Report To

Financial regulators – Report to the national competent authority of the jurisdiction where the operator claimed authorization. The most directly relevant regulators for cross-border investment fraud cases are the FCA (UK), BaFin (Germany), CySEC (Cyprus), AMF (France), and AFM (Netherlands). Regulatory complaints trigger enforcement powers that include license suspension, mandatory restitution orders, and criminal referral. Financial intelligence units – Report suspicious fund flows to the FIU in the jurisdiction where funds were received. In the UK, this is the National Crime Agency’s Financial Intelligence Unit. In Cyprus, MOKAS. In the Netherlands, FIU-Netherlands. FIU reports initiate AML investigation and can trigger asset freezing independent of civil proceedings. Law enforcement – File a criminal complaint with the financial crime law enforcement unit in the relevant jurisdiction. In the UK, Action Fraud. In Germany, the BKA. In the Netherlands, the FIOD. In Cyprus, CAID. For organized cross-border fraud, Europol’s European Cybercrime Centre (EC3) coordinates multi-jurisdiction criminal investigation. Reports submitted with documented evidence files not just narrative descriptions receive significantly more active enforcement attention than those submitted without supporting documentation.  

Should You Report in Your Home Country Too?

Yes. Filing a report with your domestic law enforcement authority creates a local criminal record of the fraud, may be required for insurance claims, and provides your national authorities with intelligence about schemes actively targeting investors in your jurisdiction. It does not replace reporting to European authorities both are required for the most complete enforcement response.  

Avoiding Secondary Fraud After a Scam

Within days of a fraud becoming apparent, victims frequently receive approaches from companies claiming to specialize in recovering their losses offering to trace funds, engage regulators, or initiate legal action in exchange for an upfront fee. The majority of these are secondary fraud operations. They target prior fraud victims specifically, exploit the urgency and distress of the situation, and disappear after collecting fees. The indicators are consistent: unsolicited approach, requests for upfront payment before any work is completed, unverifiable regulatory credentials, and urgency framing designed to prevent proper verification. Before engaging any recovery service, verify its corporate registration against the primary registry of its stated jurisdiction, confirm its regulatory status if it claims one, and do not pay any fee before the operator has been independently verified through primary sources.  

Obtaining Professional Fraud Recovery Advisory

Once immediate protective steps have been taken, the next action is a professional assessment of the available recovery pathways specific to the jurisdiction of the operator, the payment methods used, and the evidence available.  

What Recovery Pathways Are Available

Depending on the specific facts, recovery pathways in European fraud cases include:

• Civil litigation against identified defendants in European courts producing enforceable damages judgments
• Regulatory complaint enforcement against licensed operators triggering license action and mandatory restitution
• Asset tracing and freezing applications – locating and preserving assets before they are dissipated
• Chargeback and banking channel recovery – through card scheme rules and institutional AML liability claims
• Insolvency creditor claims – where the fraudulent entity has entered administration or liquidation
• Criminal asset confiscation proceedings – where criminal prosecution produces seizure and victim compensation

The appropriate pathway and filing sequence depend on the specific facts of the case. Professional assessment at the earliest stage before evidence degrades and assets move produces the most complete recovery picture and the widest range of available options.