Recovery of money lost to scams improves when victims act quickly and report through official channels. Immediate reporting helps banks initiate chargebacks, reversals, or fraud investigations aimed at recovering stolen funds. Below are trusted government reporting portals that support scam complaints and financial recovery efforts. Using verified authorities increases the chances of successful recovery and legal action.

Here are official government scam reporting websites:

Report the Crime to Authorities in Your Country

Official reports help police track and potentially recover funds or arrest perpetrators.

🇺🇸 United States

In the United States, phishing — a scheme in which criminals pose as banks, government agencies, businesses, or other trusted organizations to obtain personal information, login credentials, or money — is considered a serious federal and state cybercrime. Phishing attempts may occur through emails, text messages (smishing), phone calls (vishing), or fraudulent websites that closely resemble legitimate ones. If you believe you have encountered a phishing attempt or have already shared sensitive information, it is important to act promptly to minimize potential harm.

If you are in immediate danger or experiencing threats, call 911 for emergency assistance. For non-urgent situations, you can report phishing to several official agencies. You should submit a complaint to the FBI’s Internet Crime Complaint Center (IC3) at ic3.gov. IC3 gathers cybercrime reports and distributes them to appropriate federal, state, or local law enforcement authorities. Include detailed information such as email addresses, phone numbers, website links, and any related financial transactions.

Phishing incidents can also be reported to the Federal Trade Commission (FTC) at reportfraud.ftc.gov. The FTC monitors fraud trends across the country and takes action against deceptive practices.

If the phishing message claims to be from the Internal Revenue Service (IRS), forward it to phishing@irs.gov. If it impersonates the Social Security Administration, report it through ssa.gov/scam. Many banks and companies also provide dedicated fraud-reporting email addresses on their official websites for customers to submit suspicious messages.

Additionally, you can forward phishing emails to reportphishing@apwg.org, which is managed by the Anti-Phishing Working Group in coordination with the Cybersecurity and Infrastructure Security community. Reporting helps authorities track fraudulent campaigns and disable malicious websites.

If you suspect identity theft, visit IdentityTheft.gov to create a personalized recovery plan and obtain official documentation that can assist with credit repair and financial disputes.

Report & Help:

FBI – Internet Crime Complaint Center (IC3)
File complaint: https://www.ic3.gov/Home/FileComplaint

Federal Trade Commission (FTC)
Report fraud: https://reportfraud.ftc.gov
Phone: 1-877-382-4357

If identity details were exposed:
Identity Theft Recovery : https://www.identitytheft.gov

🇨🇦 Canada

In Canada, phishing — a scheme in which fraudsters impersonate banks, government institutions, delivery services, or other trusted organizations to obtain personal information, passwords, or money — is considered a serious cybercrime under the Criminal Code of Canada. Phishing attempts may occur through emails, text messages (smishing), phone calls (vishing), or counterfeit websites that closely resemble legitimate ones. If you believe you have encountered a phishing attempt or have already disclosed sensitive information, it is important to respond promptly to limit potential damage.

If you are facing threats or are in immediate danger, call 911 for emergency police assistance. For non-urgent cases involving phishing or online fraud, contact your local police service to file a report. Be sure to request a case or file number, particularly if financial loss has occurred, as this may be needed when working with banks or credit reporting agencies.

Phishing incidents should also be reported to the Canadian Anti-Fraud Centre (CAFC). You can contact them at 1-888-495-8501 or submit a report through the Government of Canada’s official fraud reporting portal. The CAFC gathers information about scams nationwide and shares intelligence with law enforcement authorities.

If the phishing communication falsely claims to be from a government agency such as the Canada Revenue Agency (CRA), report it directly through the CRA’s official website at canada.ca/cra or via its fraud reporting channels. Messages impersonating Service Canada or Employment Insurance programs should likewise be reported through the official Canada.ca platform.

Suspicious phishing emails may also be forwarded to the Canadian Centre for Cyber Security at cyber.gc.ca, which monitors cyber threats and provides guidance on online safety.

If you suspect identity theft, contact Equifax Canada (1-800-465-7166) or TransUnion Canada (1-800-663-9980) to place a fraud alert on your credit file and help protect your financial records.

Report & Help:

Canadian Anti-Fraud Centre (CAFC)
Report here: https://antifraudcentre-centreantifraude.ca/report-signalez-eng.htm

https://reportcyberandfraud.canada.ca
Phone: 1-888-495-8501

They coordinate fraud cases with financial institutions for potential fund tracing.

🇬🇧 United Kingdom

In the United Kingdom, phishing — a tactic where criminals pose as banks, government agencies, delivery services, or other trusted organisations to obtain personal details, passwords, or money — is regarded as a serious cyber offence. These scams may arrive through emails, text messages (smishing), phone calls (vishing), or fake websites designed to appear legitimate. If you believe you have encountered a phishing attempt or have already shared sensitive information, you should take action without delay.

If you are facing immediate danger or threats, call 999 for emergency assistance. For non-urgent matters involving fraud or cybercrime, you can contact the police by calling 101.

Phishing incidents should be reported to Action Fraud, the UK’s national centre for fraud and cybercrime reporting. Reports can be submitted online at actionfraud.police.uk or by calling 0300 123 2040. After filing a report, you will receive a crime reference number, and your case may be assessed by the National Fraud Intelligence Bureau.

If the phishing message claims to be from HM Revenue & Customs (HMRC), forward suspicious emails to phishing@hmrc.gov.uk and scam text messages to 60599. If it appears to come from the National Health Service (NHS), report it through the official NHS website. Most UK banks also provide dedicated phishing-reporting email addresses — often in the format phishing@[bankname].co.uk — which can be found on their official websites.

You can additionally forward suspicious emails to the National Cyber Security Centre (NCSC) at report@phishing.gov.uk. The NCSC analyses phishing campaigns and works to disable fraudulent websites.

If you suspect identity theft, consider registering for protective monitoring with CIFAS and reviewing your credit reports with major credit reference agencies such as Experian, Equifax, or TransUnion UK to check for any unauthorised activity.

Report & Help:

Action Fraud (National Reporting Centre)
Report: https://www.actionfraud.police.uk/reporting-fraud-and-cyber-crime

https://www.reportfraud.police.uk/reporting-a-fraud
Phone: 0300 123 2040

Banks in the UK may refund victims depending on case review.

🇮🇳 India

In India, phishing — a form of fraud in which criminals pretend to be banks, government departments, courier services, or other trusted entities to obtain personal details, OTPs, passwords, or money — is considered a serious cyber offence under the Information Technology (IT) Act, 2000 and applicable sections of the Indian Penal Code. Phishing attacks may occur through emails, SMS messages, WhatsApp, social media platforms, fake websites, or deceptive phone calls. If you believe you have encountered a phishing attempt or have already shared sensitive information, it is important to act promptly to minimise potential harm.

If funds have been lost or you feel threatened, call 112, India’s national emergency helpline, for immediate assistance. For cases involving financial cyber fraud, including phishing, contact the national cybercrime helpline at 1930 without delay. Prompt reporting is crucial, particularly if money has already been transferred, as authorities may attempt to freeze or trace the transaction when notified quickly.

You should also lodge a complaint through the official National Cyber Crime Reporting Portal at cybercrime.gov.in, the Government of India’s dedicated platform for reporting online fraud and cyber offences. When submitting your report, include comprehensive details such as phone numbers, email addresses, website links, transaction IDs, bank information, screenshots, and copies of any communication with the scammer. After filing the complaint, you will receive a reference number to monitor the progress of your case.

Report & Help:

National Cyber Crime Portal : https://cybercrime.gov.in

Fast reporting significantly improves chances of freezing funds.

🇦🇺 Australia

In Australia, phishing — a scam in which offenders pose as banks, government departments, delivery companies, or other trusted organisations to obtain personal details, passwords, or money — is recognised as a serious cyber offence. These scams may arrive via email, text message (smishing), phone calls (vishing), social media, or fraudulent websites that closely resemble legitimate services. If you believe you have encountered a phishing attempt or have already disclosed sensitive information, it is important to respond promptly to limit potential harm.

If you are facing immediate danger or threats, call 000, Australia’s national emergency number, for urgent police assistance. For non-urgent cybercrime incidents, you should submit a report through ReportCyber at cyber.gov.au, managed by the Australian Cyber Security Centre (ACSC). This is the official government platform for reporting online fraud and cyber incidents. Once your report is lodged, you will receive a reference number, and the matter may be referred to appropriate law enforcement authorities.

Phishing scams can also be reported to Scamwatch at scamwatch.gov.au, which is operated by the Australian Competition and Consumer Commission (ACCC). Scamwatch monitors fraud trends and publishes warnings to help protect the public.

If the phishing message claims to be from the Australian Taxation Office (ATO), report it via the official ATO website. If it impersonates myGov, Centrelink, or another government service, it should be reported through the official portal at my.gov.au.

Suspicious emails may also be forwarded to the Australian Cyber Security Centre using the reporting tools available on cyber.gov.au. Keep copies of all evidence, including screenshots of emails, text messages, website addresses, and transaction details.

If you suspect identity theft, contact IDCARE at 1300 432 273, Australia’s national identity and cyber support service, which provides free and confidential assistance to individuals affected by scams.

Report & Help:

ReportCyber – Australian Cyber Security Centre : https://www.cyber.gov.au/report
Phone: 1300 292 371

Scamwatch (ACCC) : https://www.scamwatch.gov.au/report-a-scam

https://portal.scamwatch.gov.au/report-a-scam

🇫🇷 France

In France, phishing — referred to as hameçonnage — is a cyber offence in which criminals impersonate banks, public authorities, delivery companies, or other trusted organisations in order to obtain personal information, passwords, or financial details. These fraudulent messages may be sent by email, SMS, phone calls, or through counterfeit websites designed to appear official. If you believe you have encountered a phishing attempt or have already disclosed sensitive information, you should respond without delay.

If you are facing immediate danger or threats, call 17 to contact the Police or Gendarmerie for emergency assistance. For non-urgent cases involving online fraud or impersonation, you can submit a report through PHAROS at internet-signalement.gouv.fr, the French government’s official platform for reporting internet-related crimes. PHAROS processes complaints relating to digital scams and fraudulent online activity.

Fraudulent websites and suspicious messages can also be reported via Cybermalveillance.gouv.fr, a government-supported service that offers guidance and directs victims to appropriate support resources.

If the phishing communication claims to come from a public authority such as the Direction Générale des Finances Publiques (DGFiP) or Ameli (Health Insurance), it should be reported directly through their respective official websites using their designated fraud-reporting channels.

Report & Help:

Service-Public Fraud Reporting : https://www.service-public.fr/particuliers/vosdroits/F1520

Cybermalveillance.gouv.fr : https://www.cybermalveillance.gouv.fr

https://www.cybermalveillance.gouv.fr/signalement

Emergency (Police): 17

Emergency (Gendarmerie): 112

🇸🇬 Singapore

In Singapore, phishing — where scammers impersonate banks, government agencies, delivery companies, or other trusted organisations to steal personal information, login credentials, OTPs, or money — is treated as a serious cybercrime. Phishing attempts may occur through emails, SMS messages (smishing), phone calls (vishing), social media, or fake websites that closely resemble official platforms. If you suspect a phishing attempt or have already shared sensitive information, act immediately to minimise potential damage.

If you are in immediate danger or facing threats, call 999, Singapore’s emergency police number, for urgent assistance. For non-emergency cases involving phishing or online scams,

Report & Help:

Singapore Police – Scam Reporting : https://www.police.gov.sg/Advisories/Scams

Anti-Scam Hotline: 1800-722-6688

🇳🇿 New Zealand

In New Zealand, phishing — a scheme in which fraudsters pose as banks, government bodies, courier companies, or other trusted organisations to obtain personal details, passwords, or money — is regarded as a serious cybercrime. These scams may arrive through email, text messages (smishing), phone calls (vishing), social media platforms, or counterfeit websites designed to appear legitimate. If you believe you have encountered a phishing attempt or have already disclosed sensitive information, you should take action without delay.

If you are experiencing immediate danger or threats, call 111, New Zealand’s emergency number, for urgent police assistance. For non-urgent matters involving phishing or online fraud, you can contact the Police by calling 105 or by submitting a report through the official New Zealand Police website. If you have suffered financial loss, request a reference number for your records.

Phishing incidents should also be reported to CERT NZ (Computer Emergency Response Team New Zealand) via cert.govt.nz. CERT NZ monitors cybersecurity threats and provides practical advice on protecting your information. Additionally, you can report scams to Netsafe at netsafe.org.nz, which offers guidance and support to individuals affected by online fraud.

If the phishing communication claims to be from a government agency such as Inland Revenue (IRD) or ACC, report it directly through the respective agency’s official website. Most major banks in New Zealand also provide dedicated phishing-reporting email addresses or fraud hotlines, which can be found on their official websites.

Report & Help:

Netsafe : https://www.netsafe.org.nz/report/

New Zealand Police (105) : https://www.police.govt.nz/use-105
Phone: 105

🇿🇦 South Africa

In South Africa, phishing — a scam in which fraudsters pose as banks, government institutions, courier companies, or other trusted organisations to obtain personal details, passwords, OTPs, or money — is classified as a serious cyber offence under the Cybercrimes Act 19 of 2020 and related fraud legislation. These attacks may be carried out through email, SMS messages, phone calls, social media platforms, or fraudulent websites that closely resemble legitimate services. If you believe you have encountered a phishing attempt or have already disclosed sensitive information, you should take immediate steps to minimise potential damage.

If you are facing immediate danger or threats, call 10111, the South African Police Service (SAPS) emergency number, for urgent assistance. For non-emergency cases involving phishing or online fraud, visit your nearest SAPS police station to register a criminal complaint. Be sure to request a CAS (Crime Administration System) number, which will serve as your official case reference for follow-up and banking matters.

Phishing incidents can also be reported to the South African Banking Risk Information Centre (SABRIC) by calling 0860 101 248 or visiting sabric.co.za. SABRIC collaborates with banks and law enforcement agencies to combat financial fraud and cybercrime. If the phishing communication claims to be from your bank, contact your bank’s fraud department

Report & Help:

SAPS (South African Police Service) : https://www.saps.gov.za

SABRIC Fraud Reporting : https://www.sabric.co.za

SAPS National Call Centre: 08600 10111

Emergency (Police): 10111

🇧🇷 Brazil

In Brazil, phishing — often called golpe de phishing — is a cyber offence in which fraudsters pose as banks, public authorities, delivery services, or other trusted organisations to obtain personal information, passwords, banking details, or money. These scams may be delivered through email, SMS, WhatsApp, social media, phone calls, or counterfeit websites designed to appear legitimate. If you believe you have encountered a phishing attempt or have already disclosed sensitive information, you should take immediate action.

If you are facing immediate danger or threats, call 190, Brazil’s emergency police number, for urgent assistance. For non-urgent cybercrime matters, contact the Polícia Civil by calling 197 or by submitting a complaint through your state’s Delegacia Eletrônica (online reporting system). When filing your report, request a Boletim de Ocorrência (B.O.), the official police report that provides a case reference number for follow-up.

Phishing websites and online fraud can also be reported to SaferNet Brasil at safernet.org.br, an organisation that cooperates with authorities to address internet crimes and harmful digital content.

If the fraudulent message claims to be from a government institution such as the Receita Federal, report it directly through the official government portal at gov.br, using the appropriate fraud-reporting channels.

Report & Help:

SaferNet Brazil : https://new.safernet.org.br/denuncie

Brazilian Federal Police : https://www.gov.br/pf / https://falabr.cgu.gov.br/web/home

Federal Police National Contact: +55-61-2025-4000

🇲🇽 Mexico

In Mexico, phishing — a fraudulent practice in which offenders pretend to be banks, public authorities, courier services, or other trusted organisations to obtain personal data, passwords, banking details, or money — is recognised as a cybercrime under federal and state laws addressing fraud and digital offences. These scams may be delivered through email, SMS, WhatsApp, social media, phone calls, or counterfeit websites designed to imitate legitimate platforms. If you believe you have encountered a phishing attempt or have already disclosed sensitive information, you should act without delay.

If you are facing immediate danger or threats, call 911, Mexico’s national emergency number, for urgent assistance. For non-urgent cases involving phishing or online fraud, file a complaint with your state’s Fiscalía (State Attorney General’s Office). When submitting your report, request a formal case reference number (número de carpeta de investigación), particularly if financial loss has occurred.

Phishing incidents can also be reported to the Guardia Nacional – Policía Cibernética (Cyber Police). In Mexico City, for instance, the Cyber Police can be reached at 55 5242 5100 ext. 5086, although contact details may differ by state. They investigate digital fraud, identity theft, and online impersonation.

If the fraudulent message claims to originate from a government agency such as the Servicio de Administración Tributaria (SAT), it should be reported directly through the official SAT portal at gob.mx/sat using the designated reporting channels.

Report & Help:

New Mexico Department of Justice : https://nmdoj.gov/
Phone: 55 5340 0999

🇯🇵 Japan

In Japan, phishing — a fraudulent practice in which criminals pose as banks, credit card providers, delivery companies, or government authorities to obtain personal data, passwords, or financial information — is regarded as a serious cyber offence under laws addressing fraud and unauthorised computer access. These scams may be carried out through emails, SMS messages, counterfeit websites, social media platforms, or phone calls designed to appear legitimate. If you believe you have encountered a phishing attempt or have already disclosed sensitive information, it is important to respond promptly.

If you are facing immediate danger or threats, call 110, Japan’s national police emergency number, for urgent assistance. For non-urgent cases involving phishing or online fraud, contact the Police Consultation Line at #9110, which will connect you to your local prefectural police department. You may be asked to visit a nearby police station to submit a formal damage report (被害届) and receive a case reference number for follow-up.

Phishing websites and suspicious emails can also be reported to the Japan Cybercrime Control Center (JC3) through jc3.or.jp. JC3 collaborates with law enforcement agencies and financial institutions to address cybercrime and shut down fraudulent operations.

If the suspicious message claims to originate from a government body such as the National Tax Agency (NTA), it should be reported directly through the official NTA website at nta.go.jp, using their designated reporting channels.

Report & Help:

National Police Agency (Cybercrime Reporting) : https://www.npa.go.jp

Consultation Hotline: #9110

🇰🇷 South Korea

In South Korea, phishing — including email scams and voice phishing (보이스피싱) — is regarded as a serious cyber and financial offence under laws addressing fraud and electronic communications crimes. Offenders commonly impersonate banks, government authorities, prosecutors, courier companies, or financial institutions to obtain personal data, banking details, authentication codes, or money. These scams may be carried out through text messages, phone calls, fraudulent websites, social media platforms, or messaging applications. If you believe you have encountered a phishing attempt or have already disclosed sensitive information, it is important to respond promptly.

If you are facing immediate danger or threats, call 112, South Korea’s national police emergency number, for urgent assistance. For non-urgent matters, you can contact the police consultation line at 182, which will connect you to your local police station and provide guidance on submitting a formal complaint.

Financial phishing incidents can also be reported to the Financial Supervisory Service (FSS) by calling 1332. The FSS manages financial fraud complaints and coordinates with banks and law enforcement agencies to help prevent further losses.

Suspicious websites and online phishing activity may be reported to the Korea Internet & Security Agency (KISA) through its Cyber Security Hotline at 118. KISA monitors digital threats and works to identify and block malicious websites.

Report & Help:

Korea National Police Agency : https://www.police.go.kr

Cybercrime Reporting: https://ecrm.police.go.kr
Phone: 182

🇦🇪 United Arab Emirates

In the United Arab Emirates (UAE), phishing — a scam in which criminals pose as banks, government entities, courier services, or other trusted organisations to obtain personal information, passwords, OTPs, or money — is considered a serious cyber offence under Federal Decree-Law No. 34 of 2021 on Combating Rumours and Cybercrimes. These fraudulent attempts may be delivered through email, SMS, WhatsApp, phone calls, social media, or fake websites that closely resemble official platforms. If you believe you have encountered a phishing attempt or have already disclosed sensitive information, you should take immediate action.

If you are facing immediate danger or threats, call 999, the UAE’s emergency police number, for urgent assistance. For non-urgent cases involving phishing or online fraud, you may report the incident through official law enforcement channels:

• Dubai Police: Submit a complaint through the Dubai Police website or mobile application, or call 901 for non-emergency enquiries.
• Abu Dhabi Police: File a report via the Abu Dhabi Police website or app, or use the Aman service for confidential reporting.
• Ministry of Interior (MOI): Lodge a cybercrime complaint through the MOI UAE app or official website, which provides services across all emirates.

Suspicious websites and phishing-related online activity can also be reported to the UAE Computer Emergency Response Team (aeCERT) through the Telecommunications and Digital Government Regulatory Authority (TDRA), which monitors and responds to cybersecurity threats nationwide.

Report & Help:

UAE Ministry of Interior : https://www.moi.gov.ae

Abu Dhabi Police: 800 2626
Dubai Police: https://www.dubaipolice.gov.ae

🇮🇪 Ireland

In Ireland, phishing — including deceptive emails, fraudulent text messages (smishing), and scam phone calls (vishing) — is considered a serious criminal offence under legislation covering fraud, deception, and unlawful access to computer systems. Scammers frequently pose as banks, Revenue, An Garda Síochána, courier services, utility providers, or other government bodies to trick individuals into revealing personal information, banking credentials, one-time verification codes, or sending money. These schemes may be delivered through email, SMS, phone calls, fake websites, social media, or messaging apps.

If you suspect a phishing attempt or believe you may have shared sensitive information, you should take immediate action.

In an emergency situation where you feel at risk or threatened, call 999 or 112, Ireland’s national emergency numbers, for immediate assistance.

For non-urgent cases, report the incident to your local Garda station. An Garda Síochána investigates fraud and cybercrime matters and can guide you through making an official complaint. When reporting, provide as much evidence as possible, including screenshots, suspicious messages, phone numbers, email headers, and any relevant financial transaction details.

If your bank details or funds may have been compromised, contact your bank or financial provider immediately. Irish financial institutions have specialist fraud departments that can block cards, secure accounts, and attempt to prevent or recover unauthorised transactions.

You may also seek information and consumer advice from the Competition and Consumer Protection Commission (CCPC), which offers guidance on recognising and responding to scams.

Fraudulent websites, suspicious online content, or scam communications can be reported to the National Cyber Security Centre (NCSC). Additionally, unwanted scam calls and text messages may be reported to ComReg, the Commission for Communications Regulation, which oversees telecommunications issues in Ireland.

Acting quickly can help limit financial damage and supports authorities in tackling phishing and related cybercrime.

Report & Help:

Garda National Cyber Crime Bureau : https://www.garda.ie

Emergency: 999 or 112

🇳🇬 Nigeria

In Nigeria, phishing — including scam emails, misleading text messages (smishing), and fraudulent phone calls (vishing) — is treated as a serious offence under the Cybercrimes (Prohibition, Prevention, etc.) Act, 2015. Fraudsters often pretend to represent banks, the Central Bank of Nigeria (CBN), the Economic and Financial Crimes Commission (EFCC), the Nigerian Police Force, telecom companies, courier services, or other reputable organisations to trick individuals into revealing personal details, bank account information, BVN numbers, one-time passcodes (OTPs), or sending money. These schemes may be carried out through email, SMS, phone calls, fake websites, social media platforms, or messaging apps.

If you suspect a phishing attempt or believe you have shared sensitive information, you should take immediate action.

If you are in immediate danger or receiving threats, call 112 (national emergency number) or 199 (Police Emergency Line, where available) for urgent assistance.

For non-emergency situations, report the incident to your nearest police station or reach out to the Nigerian Police Force National Cybercrime Centre (NPF-NCCC), which is responsible for investigating cybercrime and online fraud. They can advise you on how to file an official complaint and provide the necessary evidence.

If your financial information has been compromised or you have suffered monetary loss, contact your bank or financial institution immediately. Most Nigerian banks have dedicated fraud units that can secure your account, block cards, and attempt to halt or recover unauthorised transactions.

Cases involving financial or internet fraud can also be reported to the Economic and Financial Crimes Commission (EFCC), which handles investigations into financial crimes. Where complaints involve regulated financial institutions, they may be escalated to the Central Bank of Nigeria (CBN) Consumer Protection Department for further review.

Suspicious websites, phishing links, and other cyber threats can be reported to the Nigeria Computer Emergency Response Team (ngCERT), which works to detect, analyse, and respond to cybersecurity incidents nationwide.

Taking swift action can reduce potential losses and assist authorities in addressing phishing and other cyber-related offences in Nigeria.

Report & Help:

https://consumer.ncc.gov.ng/consumer-complaints/complaint-form

EFCC Contact/Report: +234-9-9040745

EFCC Toll-Free Hotline: 767

🇰🇪 Kenya

In Kenya, phishing — a scheme in which criminals impersonate banks, government bodies, telecom providers, or other trusted institutions to obtain personal information, login credentials, or money — is classified as a cybercrime under the Computer Misuse and Cybercrimes Act, 2018. If you suspect you have received a phishing message or have already disclosed sensitive information, it is important to act quickly to limit potential harm.

If funds have been stolen or you feel threatened, call 999, 112, or 911, Kenya’s national emergency numbers, for immediate police assistance. For non-urgent cases involving phishing emails, SMS messages, fake websites, or deceptive phone calls, report the incident to the Directorate of Criminal Investigations (DCI), specifically through the DCI Cybercrime Unit. You can visit your nearest DCI office or police station to lodge a formal complaint and obtain a case reference number for follow-up.

Phishing attempts should also be reported to the National Kenya Computer Incident Response Team – Coordination Centre (KE-CIRT/CC), which operates under the Communications Authority of Kenya. KE-CIRT manages cybersecurity incidents and coordinates responses to digital threats nationwide. Reports can be submitted through the official incident reporting channels available on the Communications Authority’s website.

Report & Help:

NC4 : https://nc4.go.ke/nc4/report-cybercrime-incident/

DCI Hotline: +254-20-2223854

DCI Toll-Free: 999 or 112

Scam Money Recovery: What Victims Have Experienced :

Phishing Scam Money Recovery Victim 1 :

I’m feeling completely devastated.

Last Wednesday, I was trying to sell a few things I no longer needed on Gumtree. Someone messaged me asking if my laptop was still available. He said he couldn’t see the photos and asked if I could send them through WhatsApp instead. I didn’t think much of it at the time, so I agreed.

After we moved to WhatsApp, he said he wanted to pick up the laptop at 8pm. I sent a GumtreePay request, and then he sent me a link, saying I needed to verify my bank details before I could receive the payment. He told me to let him know once the money had come through. I trusted it and entered my details. Only later did I realise it was a phishing link. By then, it was too late — every dollar in my savings account was gone. I had $1,500 saved, and within minutes, it had all been taken.

I contacted my bank immediately and filed a police report as soon as I discovered the theft. But a week later, the bank denied my claim for reimbursement. They said that because I had entered my bank details myself, the transaction was considered “authorised.”

I feel completely hopeless. It took me months of working a minimum wage job to save that $1,500, and losing it so quickly has been heartbreaking. I usually pride myself on being able to spot scams, but this time I made a mistake — and now I’m living with the consequences.

Phishing Scam Money Recovery Victim 2 :

I was contacted by text message with what appeared to be a legitimate job offer. The person explained that I would be completing simple online tasks for a Google movie platform. They said I needed to make a small deposit to start, complete three sets of daily tasks, and then I would be able to withdraw my money along with commission and bonuses.

At first, I deposited £100. After completing the tasks, I was able to withdraw £262. This made the opportunity seem genuine, so I decided to increase my balance by depositing £200.

Soon after, I noticed that my account began showing a negative balance. I was told I could not continue the tasks or withdraw funds unless I made another payment equal to the deficit. They insisted that this additional transaction was required to remove the minus balance and unlock my earnings.

Trusting their explanation, I made the payment — only to realise later that I had been scammed. I feel devastated and overwhelmed. I am in tears.

Phishing Scam Money Recovery Victim 3 :

I want to share my recent experience, which began with an unexpected message on WhatsApp. An unknown person contacted me and offered a small commission in exchange for liking a Google Maps location. To my surprise, I actually received 200 PKR, which made the offer seem legitimate.

Later, I was invited to join a Telegram group where I started completing assignments and so-called merchant tasks, each promising attractive payouts. After finishing the initial tasks, I received my first payment of 600 PKR, which further built my trust.

Things began to change when I accepted a merchant assignment that required an upfront payment. I paid 7,000 Rs, but fortunately, I received my original amount back along with a 40% bonus. This made the scheme appear genuine and encouraged me to continue.

Unfortunately, during a later high-value merchant assignment, I ignored several warning signs. I ended up depositing large sums of money, believing I would recover everything with profits. In the end, I suffered a devastating loss of approximately 32,000 USD, including 7,000 dollars borrowed from friends.

Phishing Scam Money Recovery Victim 4 :

My phone kept ringing from a number I didn’t recognize. The calls were so persistent that I finally answered. To my shock, it sounded like my daughter crying. She said she had been in an accident and kept apologizing through tears. My heart dropped instantly.

She then handed the phone to a man who claimed to be involved in the situation. What followed was terrifying. I can’t even bring myself to repeat the details of what he said. Because I believed I was hearing my daughter’s voice, it never crossed my mind to verify her safety. He even “let me speak to her” several times, and each time she responded, which made everything feel real.

By the end of it, I had lost a significant amount of money — money I truly could not afford to lose. I felt humiliated, overwhelmed, and deeply shaken. This happened only a few days ago, and I think my body went into shock. I slept for more than 24 hours afterward.

Please, learn from my experience. I consider myself a cautious and informed person who stays aware of scams, yet hearing what I believed was my child’s voice in distress pushed me into panic. The fear overpowered logic.

Looking back, the scammer was highly skilled. He kept me under constant pressure, guided my actions, and even had me driving from place to place. Whenever doubt crept in, he used personal details about me and my daughter to regain my trust.

When I later confirmed that my daughter was safe, I didn’t even care about the money. I was simply relieved it wasn’t real. But the emotional damage remains. I still struggle to sleep and can’t stop replaying the experience in my mind.

This was more than a scam — it was cruel and deeply traumatic. It’s frightening to realize how convincingly these criminals can manipulate fear, especially when they imitate the voice of someone you love.

Phishing Scam Money Recovery Victim 5 :

My father received a phone call from someone claiming to represent an AC servicing agency. They asked him to confirm a booking by paying a small token amount of INR 5 — a warning sign we unfortunately did not recognize at the time.

The next day, my father tried contacting them to check the service schedule, but their phone was switched off. When we reviewed his bank account, we were shocked to discover that approximately INR 1 lakh had been deducted without his authorization.

There was no approval given for this second transaction, and we are deeply concerned about how this withdrawal was processed. We have already filed a complaint with the cybercrime cell and requested the bank to freeze the account.

We are now seeking clarity on whether the bank is liable to reverse or refund the unauthorized transaction.