The complete recovery guide — the first 60 minutes, the £85,000 reimbursement claim, frozen accounts, recovery scams, and the cybercrime complaint with full evidence checklist
Published 10 May 2026 · ScamSupport research · ~18 minute read
If money has just left your account or you've realised you shared credentials with a scammer, the next 60 minutes matter more than the next 60 days. Most of the recovery options that exist depend on speed: bank-side payment recalls have to be initiated before funds clear out of the receiving account; the case for fraud reimbursement is materially stronger when it's logged immediately; and stopping further loss (rotating passwords, changing card details, alerting other accounts) gets harder the longer the scammer has access.
This guide is structured so you can act on it while the scam is still in progress or fresh. If money has gone, jump to The First 60 Minutes. If you've already done that and you're working through next steps, the rest of the article covers the £85,000 reimbursement framework, what to do if your bank freezes your account, the recovery scams that target you next (and how to spot them), and the full evidence checklist for filing a cybercrime complaint with Report Fraud.
Everything below is verified against the relevant UK authorities — UK Finance, the Payment Systems Regulator, Report Fraud (which replaced Action Fraud in December 2025), the Financial Ombudsman Service, and Citizens Advice. Where a statistic appears, it's sourced at the bottom of the article.
If you can take six actions in the first hour, do them in this order. They're ordered so that the highest-recovery actions come first.
Block the number, the WhatsApp/Telegram contact, the email address. Don't reply, don't click "stop", don't engage with anyone offering to "help recover the funds" — almost every recovery offer in the first 48 hours is the same criminal group running a second scam. We'll cover that pattern in detail later in this guide.
Use the number printed on the back of your card or in the bank's app, never any number from the scam message. When you reach the fraud team, three things to ask for explicitly:
Open your scam-related email/SMS/WhatsApp/Telegram threads and screenshot every message, the sender details, any timestamps, and any payment confirmations you've received. If the scam involved a phishing site, screenshot the URL bar (not just the page). Save them in a single folder named with today's date. The more complete the evidence trail, the stronger your case for both reimbursement and any subsequent cybercrime investigation.
Email is the master key for password resets on every other account you own. If a scammer gained your email password (whether through a fake login page, a credential-reuse exploit, or because you've told them anything sensitive over the phone), they can reset every other account that uses that email. Change the email password to a new one a password manager generates, ideally before you change anything else.
After email, prioritise: your primary bank, any other bank or building society, PayPal/Revolut/Wise, retail accounts with saved card details (Amazon, eBay, John Lewis), and any account that uses the same password as the compromised one. If you don't already use a password manager, this is the moment to install one — Bitwarden is free and excellent.
While the details are fresh, write a one-page summary: what happened, who contacted you, what was said, what you sent, when, through what channel, and what you've done since. Save this with the screenshots. You'll repeat this story to your bank, to Report Fraud, possibly to the Ombudsman, and possibly to your insurer — and the version you write in the first hour will be much more accurate than one you write a week later.
Once these six actions are done, the immediate crisis is contained. The next sections cover what happens next.
If the scam was an authorised push payment (APP) fraud — meaning you authorised the payment yourself, under deception — the UK has a mandatory reimbursement scheme that came into force on 7 October 2024. The framework is set by the Payment Systems Regulator; it requires UK banks to refund victims of APP scams in most cases, up to a maximum of £85,000 per claim.
The original cap was £415,000 in early proposals, but the PSR reduced it to £85,000 before implementation. The lower cap still covers the vast majority of consumer cases — most APP fraud falls well under that figure.
The scheme covers Faster Payments transfers in pounds sterling between UK accounts. Things that fall outside it:
The single most important sentence to use when calling the bank is: "This was an authorised push payment scam. Please log it under the PSR reimbursement scheme." That phrasing forces the conversation onto the correct workflow.
This is one of the more disorienting outcomes of reporting a scam: you call the fraud line, explain what happened, and the bank responds by freezing your own account. It happens often enough that it's worth understanding why before reacting.
UK banks operate under the Proceeds of Crime Act 2002 and related anti-money-laundering rules. When a scam involves funds that have moved through your account — even if you're the victim — the bank may submit a Suspicious Activity Report (SAR) to the National Crime Agency (NCA). While the NCA reviews the report, the bank often freezes the account pending clarification. This is more common in three scenarios:
None of these mean you're under criminal suspicion. But the bank's default under the rules is to freeze first and ask questions afterwards.
When an account is frozen, you can typically still log in and view balances, but withdrawals, payments, transfers, and direct debits are blocked. The bank will usually allow essential payments (rent, council tax, utility bills) to continue if you call and request it case-by-case. They may not always say so unprompted — you have to ask.
The freeze typically lasts seven business days initially while the SAR is processed. The NCA can extend it for up to 31 days in total under the standard moratorium period. In rare cases involving suspected criminal activity, the bank can apply for a court-ordered Account Freezing Order which lasts up to two years.
For most scam victims, the resolution is on the seven-day timeline: the bank confirms with the NCA that the account holder is the victim, the freeze is lifted, and normal access resumes.
Within hours, days, or weeks of being scammed, most UK victims receive at least one approach from a "recovery service" offering to help get their money back. These are almost always the same criminal economy running a second-stage scam.
The Financial Conduct Authority and Report Fraud have both issued explicit warnings about this. The FCA estimates that more than 60% of victims of investment fraud are subsequently approached by recovery scammers; the actual second-victim rate is meaningfully high.
The criminal economy maintains "sucker lists" — databases of confirmed fraud victims along with the type of scam, the date, the amount lost, and contact details. These lists are bought, sold, and traded in the same forums as the original target lists. Once you're on a sucker list, you can expect contact from one or more of:
A recovery scam follows a predictable arc:
Any single one of these means the offer is a scam:
You don't need a paid recovery service to claim what you're entitled to. The legitimate routes are:
The honest summary: if more than £5,000 has been lost, an SRA-regulated solicitor on no-win-no-fee terms is sometimes worth pursuing. Below that threshold, the bank + Ombudsman path is usually the best return on effort.
Reporting fraud is essential even if you don't expect financial recovery. The reports feed the national fraud database, contribute to investigations of organised crime networks, and are used by your bank as supporting evidence for the reimbursement claim. The UK's national reporting service is Report Fraud, which replaced Action Fraud in December 2025. The portal is operated by the City of London Police on behalf of the National Fraud Intelligence Bureau.
Before starting the report, gather the following. Having everything ready means the report takes 30 minutes rather than 90.
The realistic expectation is that most individual fraud reports are not investigated as standalone cases due to the volume of UK fraud (over 421,000 cases recorded by Cifas in 2024 alone). Reports feed into the National Fraud Intelligence Bureau's pattern-matching, which clusters cases by tactic, sender pattern, and brand. When clusters cross volume thresholds, they get assigned to investigators — usually with the City of London Police, the National Crime Agency's Cyber Crime Unit, or regional Police Cyber Crime Units.
Your individual case may not be investigated, but the data points contribute to disruption operations that take down infrastructure, prosecute organisers, and rescue victims of larger schemes. It is worth filing.
Depending on the scam type, several additional channels are worth using.
fca.org.uk/consumers/report-scam-unauthorised-firm is the form to use. Investment scams that involve unauthorised firms are FCA territory and the FCA actively warns the public against named firms once it has evidence.
Cifas Protective Registration costs £25 for two years and flags every new credit application against your identity for additional verification. Worth it after any confirmed identity-fraud incident, particularly if scammers obtained your name, address, date of birth, or National Insurance number.
Victim Support provides free, confidential, 24/7 help to crime victims in England and Wales. They can help with coping after the financial loss, with the practicalities (forms, phone calls, follow-ups), and with referrals to specialist advisers. Age UK is the equivalent for older adults and has more tailored advice for the kinds of scams targeting that demographic.
Once the immediate response is done and the bank claim is in motion, three habits pay disproportionate dividends in preventing the next attempt — and being scammed once meaningfully increases the odds of being targeted again because your details are now on lists that get re-used.
Install a password manager and let it auto-fill only on real domains. A password manager won't fill on a lookalike domain; that mismatch is your warning. Walk through the family security stack guide for the full setup.
Turn on multi-factor authentication, ideally via an authenticator app rather than SMS. SMS-based MFA is bypassable through SIM-swap fraud; app-based MFA is much harder to defeat at scale.
Use ScamSupport or a similar tool when in doubt. Paste a suspicious message and let the tool check it. The cost is seconds. If you're reading this guide, this is the time to bookmark it for the next suspicious message rather than the next loss event.
UK banks have up to five business days to make an initial decision under the PSR scheme in straightforward cases. Complex cases (multiple transactions, dispute over whether the customer exercised reasonable caution) can take several weeks. If you escalate to the Financial Ombudsman, expect three to six months.
The PSR scheme covers the Faster Payments transfer to the exchange. Whether reimbursement applies depends on whether you knowingly sent it to an exchange you were using or whether you were tricked into doing so as part of a scam. If the latter, file the claim normally; if the bank refuses, escalate to the Ombudsman. Once funds leave the exchange to a wallet, the UK reimbursement scheme can't reach them — that's a separate (much harder) recovery problem.
Banks sometimes offer a partial refund (e.g. 50%) where they argue the customer's caution fell short. You can accept the partial refund without prejudice and still escalate the remaining portion to the Financial Ombudsman. Make sure that any acceptance of partial payment doesn't include language that closes out the case — if it does, push back and ask for revised wording before signing.
Under the PSR scheme, the sending bank bears responsibility for the refund regardless of whether the receiving bank cooperates with the recall. Don't accept "we can't get the money back" as a refusal; the obligation to reimburse is yours alone with your bank.
Some home insurance policies and some bank account benefits include limited fraud insurance. It's worth checking your policy — but be cautious about acting on advice from an "insurance recovery service" that contacts you after a fraud report. Genuine cover is on policies you already hold.
Being a fraud victim doesn't affect your credit score directly. What can affect it: if a scammer used your details to take out credit in your name (identity fraud), the unpaid debt may appear on your file. The Cifas Protective Registration is the principal defence; you can also place a notice on your credit file at the major credit reference agencies (Experian, Equifax, TransUnion) to require additional verification on new applications.