Sent Money to a Scammer? Do These 7 Things Immediately (2026)
If you've just realized you sent money to a scammer, every minute matters. Wire transfers and ACH payments are not automatic losses — but the recovery window is short, and the actions you take in the first hour are more important than anything you do after. This guide walks through exactly what to do, in order, to maximize your chances of getting money back.
Call your bank's fraud line right now. Not tomorrow. Not after you finish reading this guide.
Ask for the fraud or wire transfer department specifically — not general customer service. Tell them you need to recall a wire or dispute an ACH payment immediately. Every minute the money sits in the receiving account is a minute before it gets moved again.
Recovery Depends on How Fast You Act
The honest truth about wire and ACH fraud recovery is that timing matters more than almost anything else. Here's what the timeline looks like:
Best window for wire recall. The receiving bank may not have released funds yet. Your bank can issue a recall request through the SWIFT or Fedwire network. Call immediately.
Wire recall is still possible but less certain. For ACH fraud, this is your primary dispute window — businesses typically have around 24 hours from settlement to request a return as unauthorized.
Funds are likely moved or withdrawn. Wire recall success drops sharply. File IC3 report immediately — the FBI's Financial Fraud Kill Chain program operates on this window for large losses.
Direct recovery becomes unlikely. Focus shifts to insurance claims, law enforcement follow-up, and preventing further fraud from the same actor or compromised accounts.
7 Steps to Take Right Now
Do these in order. Don't skip ahead — the first two steps are time-critical and everything else builds on them.
Call your bank right now and ask specifically for the fraud department or wire transfer department — not general customer service. Tell them you need to recall a wire transfer or dispute an unauthorized ACH payment.
For wire transfers, ask them to issue a wire recall request. Banks can contact the receiving bank through Fedwire or SWIFT to request the funds be returned — this works best before the receiving bank releases the funds to the fraudster's account, which can happen within hours.
For ACH payments, tell them you need to dispute the transaction as unauthorized. For business accounts, this window is typically around 24 hours from settlement — act the same day you discover it.
Go to ic3.gov and file an Internet Crime Complaint. The FBI's IC3 compiles fraud reports and shares them with law enforcement. For wire fraud losses over $50,000, IC3 reports can trigger the FBI's Financial Fraud Kill Chain — a coordinated effort to freeze and recover funds at the receiving bank before they're withdrawn.
This process works best when a report is filed within 24–48 hours of the fraud occurring. Even if recovery isn't possible, the IC3 report creates a paper trail that most cyber insurance policies require before processing a claim.
Before anything gets deleted, forwarded, or lost — save everything. This evidence is critical for your bank's recall request, your IC3 report, law enforcement, and any insurance claim.
- Screenshots or exports of all emails, texts, or messages from the fraudster
- The invoice, payment instructions, or document that prompted the transfer
- Bank records showing the transaction — wire confirmation, ACH detail, or transaction ID
- Any phone numbers, email addresses, or company names used by the fraudster
- A written timeline of events — when you received the request, when you processed it, when you realized it was fraud
Contact your local police department and file a fraud report. Local police often can't directly recover funds from wire fraud — jurisdiction and resources are limited — but the police report serves several important purposes.
- Creates an official record of the crime
- Required by many banks to process a fraud claim
- Required by most insurance policies to file a claim
- Can be escalated to state or federal authorities if the loss is significant
Many small businesses have coverage for payment fraud they don't know about. Check your business owner's policy (BOP), commercial crime policy, or cyber liability policy for coverage related to:
- Social engineering fraud — covers losses from being tricked into sending money
- Computer fraud — covers losses resulting from unauthorized access to your systems
- Funds transfer fraud — covers fraudulent wire and ACH transfers
- Crime / fidelity coverage — may cover external fraud losses
If the fraud happened because of a compromised email account, phishing attack, or account takeover, the fraudster may still have access. Secure everything before they strike again.
- Change passwords on email, banking, and accounting software immediately
- Enable multi-factor authentication on all financial and email accounts if not already active
- Check for email forwarding rules, filters, or inbox delegates you didn't set up
- Review recent login activity on your bank account and accounting software for unauthorized access
- If payroll or employee data was involved, notify affected employees and consider credit monitoring
- Ask your bank to add ACH debit blocking and review authorized payees in your payment system
Depending on how the fraud happened, others may be at risk or may need to know. If a vendor's email was compromised to trick you, that vendor's other customers could be targeted with the same attack. If employee data was accessed, those employees need to know so they can protect themselves.
- Notify the real vendor if their identity was impersonated — they should alert their other customers
- Notify employees if their personal data (W-2s, direct deposit info) was accessed
- If your email was compromised and used to contact clients, notify those clients
- Check whether any payments to legitimate vendors were intercepted — vendors may not know they're missing a payment
Recovery by Payment Type
What you can do differs significantly depending on how you paid. Here's what applies to each situation.
In fraud investigations, the cases with the best recovery outcomes share one thing: someone called the bank within the first hour. The technical mechanism for wire recall exists and works — but it requires the receiving bank to cooperate before the funds are disbursed. Once the money is out of the receiving account, recovery shifts from a banking process to a law enforcement process, with much lower odds.
The second most important factor is a filed IC3 report. For losses over $50,000, the FBI's Financial Fraud Kill Chain has successfully frozen funds at receiving banks when notified quickly. It's not guaranteed — but it requires an IC3 report to trigger.
What Not to Do
Some common reactions to payment fraud make the situation worse. Avoid these:
- Don't contact the fraudster — alerting them you've discovered the fraud can cause them to move funds faster or escalate their tactics.
- Don't pay a "recovery fee" to anyone promising to get your money back — recovery scams specifically target people who've already been defrauded. No legitimate service charges upfront fees to recover fraud losses.
- Don't wait to see if the bank figures it out on their own — fraud recall is not automatic. You need to call and initiate the process.
- Don't delete evidence — even if the emails are embarrassing or the situation feels obvious in hindsight. Everything you have may be needed for your claim.
- Don't assume it's over after one fraud — if your email or systems were compromised, the same actor may attempt additional fraud. Secure everything now.
- Don't skip the IC3 report because the loss seems small — every report builds the FBI's picture of fraud patterns and may contribute to a larger investigation that leads to recovery.
Frequently Asked Questions
It's possible but not guaranteed — and speed is everything. Banks can issue a wire recall request, but once the receiving bank has released the funds to the fraudster's account, recovery becomes very difficult. If you act within the first few hours, before the money is moved again, you have a better chance.
Call your bank's fraud line immediately — not their general customer service number. Ask specifically for the wire transfer or fraud department and tell them you need to recall a fraudulent wire.
The FBI's Internet Crime Complaint Center compiles fraud reports and shares them with law enforcement. Individual recovery isn't guaranteed, but IC3 reports give the FBI data to identify patterns and pursue large-scale fraud operations.
For wire fraud losses over $50,000, an IC3 report can trigger the FBI's Financial Fraud Kill Chain program — a coordinated effort to freeze funds at receiving banks before they're withdrawn. This program requires a timely IC3 report to activate. Filing also creates a paper trail required by most cyber insurance policies.
Yes — check your business owner's policy or commercial crime policy for social engineering fraud coverage. Many small businesses have coverage they don't know about. Contact your insurance agent promptly, as most policies have reporting windows.
A filed IC3 report and documented evidence of the fraud will typically be required to make a claim. Don't wait until you know whether recovery is possible — notify your insurer within 48 hours of discovering the fraud.
Yes, even if local police can't directly recover the funds. A police report creates an official record of the crime, which may be required by your bank, insurance company, or the IC3. In some cases, local law enforcement can escalate to state or federal authorities with more jurisdiction over wire fraud.
Zelle and Venmo transactions are treated differently from wire transfers. Zelle transfers are generally considered authorized payments even when made under false pretenses, making reversal rare — contact your bank immediately and report it as fraud.
Venmo has a fraud reporting process but recovery is not guaranteed. Neither platform offers the same dispute rights as credit card payments, which have the strongest consumer protections of any payment method.
How to Prevent This From Happening Again
After a fraud incident, most businesses want to understand what failed. Here are the controls that prevent the most common payment fraud scenarios:
- Run a fraud check on any payment request before sending — PaySentinel checks vendor details, routing numbers, and email signals in under a minute. Use it before every wire or new ACH payee.
- Require dual authorization for all wires and new ACH payees — no single person should be able to authorize a payment alone above a set threshold.
- Never update banking details from email alone — require a phone call to a verified number and a signed authorization letter for any routing or account number change.
- Enable MFA on all email and banking accounts — account takeover is the entry point for many BEC attacks. MFA stops most of them.
- Enable ACH debit blocking on your business account — prevents unauthorized ACH debits using your account details.
- Train everyone who handles payments on BEC and invoice fraud patterns — the red flags are learnable. Read the guides below.
The best time to use PaySentinel is before the payment goes out — not after. Paste in any vendor, invoice, email, or routing number and get a fraud risk score in under a minute. Free for small businesses, no account required.
Check a payment before you send it
Vendor details, routing number, invoice, or suspicious email — PaySentinel checks for fraud signals and gives you a risk score in under a minute.
Check a payment free →