Getting Your Money Back After a Scam: The 72-Hour Playbook

The short answer

Whether you can get your money back after a scam depends almost entirely on how you paid and how fast you move. Credit cards offer the strongest protection (Fair Credit Billing Act, $50 maximum liability, 60 days to dispute). Debit and bank transfers are weaker (Regulation E). Wire transfers can sometimes be recalled inside 24–72 hours, almost never after. Zelle, Venmo and Cash App refunds for authorised payments are rare — one US Senate report found only 12% of scam disputes are reimbursed. Crypto and gift cards are the hardest of all. The single biggest predictor of recovery is the number of hours between the transfer and your first call to the bank.

“These banks broke the law by running a payment system that made fraud easy, and then refusing to help the victims.”
— Rohit Chopra, then-CFPB Director, announcing the lawsuit against JPMorgan Chase, Bank of America, Wells Fargo and Early Warning Services over Zelle fraud (December 2024)

If you are reading this in the first hour after realising you were scammed, skip straight to “The first 72 hours.” Then come back for the by-payment-method detail. Time is the only currency that matters right now.

For everyone else — reading this before it happens, or hours and days afterwards trying to figure out what to try next — the rest of this piece is the honest map of what works, what does not, and why. We have spoken to enough victims to know that the cruelest moment is not the scam itself. It is the second day, when you start to realise nobody is going to swoop in and undo it, and you are not sure who to even call. That moment is the one this piece is written for.

The first 72 hours — do these, in this order

These steps are ranked by how much recovery probability you preserve by doing them. The first three are non-negotiable and time-critical. The rest you can do in parallel.

1Call the institution that holds your money. Your bank, your credit card issuer, the payment app's fraud line, the crypto exchange. Use the exact phrases 'unauthorized transaction,' 'fraudulent transfer,' or 'I have been the victim of a scam.' Do this before you do anything else. Every hour shrinks the window: SWIFT recalls on wires, Zelle reversal requests, crypto address freezes, and card chargeback success rates all degrade rapidly after the first 24 hours.

2If it was a wire transfer, ask explicitly for a 'SWIFT recall' or — for amounts over $50,000 on international transfers — for your bank to initiate the FBI's Financial Fraud Kill Chain. The Kill Chain is the formal process the FBI's Recovery Asset Team uses to freeze fraudulent funds. In 2024, the FBI froze $561 million of $848.4 million attempted — a 66% success rate — but only on the 3,020 cases that reached it in time.

3Freeze the door the scammer came through. Replace any card number that was compromised. Change every password the scammer might have learned, starting with email, your bank, and any account you reused that password on. Turn on two-factor authentication everywhere it is offered. Lock your credit at all three US bureaus (Equifax, Experian, TransUnion) — it is free and takes ten minutes.

4Document everything. Screenshots of every page, every message, every email and phone number, every transaction confirmation, every promise the scammer made. This is the evidence base for your bank dispute, your IC3 report, and any law-enforcement action. Save it in one folder. Memory will degrade in days; receipts will not.

5File with the FBI's IC3 at ic3.gov (United States), Action Fraud at actionfraud.police.uk (UK), or Scamwatch at scamwatch.gov.au (Australia). Be specific. Include amounts, dates, account numbers, wallet addresses, phone numbers, websites. The IC3 report is also what triggers the Recovery Asset Team for qualifying cases.

6Report to the FTC at reportfraud.ftc.gov (US) or your state attorney general. This does not directly recover money but feeds into the cases regulators eventually bring, and may make you eligible for class-action settlements years later. The FTC returned $337.3 million to defrauded consumers in 2024 alone — but only to people who reported.

7Tell people. Your other financial institutions, so they can watch your accounts. Anyone the scammer might pivot to (family, employer, contacts who were copied). The local police, mostly for a case number you can hand to your bank. Adult Protective Services if an older relative is involved.

8Do not negotiate with the scammer. Do not call them back. Do not reply 'just to ask for the money back.' Every additional contact gives them another chance to extract more, and any communication after you've reported can complicate the legal picture. The conversation is over. The recovery happens through banks and law enforcement now.

The honest recovery rates

Nobody likes to publish these numbers prominently because they are bleak, but knowing them is the difference between a sensible recovery plan and a months-long wild goose chase.

The FBI’s 2024 Internet Crime Report logged 859,532 complaints with a total of $16.6 billion in reported losses — a 33% jump from the year before. Of that, the FBI’s Recovery Asset Team attempted to recover $848.4 million across 3,020 cases and froze $561 million. That is a 66% success rate on the cases the Kill Chain reached. But $561 million is roughly 3.4% of total reported losses for the year. The other 96-plus percent is either gone, or in cases that were reported too late or too small for the Kill Chain to act on.

The FTC’s Consumer Sentinel Network logged separate figures: $12.5 billion in reported fraud losses in 2024 (a 25% increase over 2023), from 2.6 million fraud reports. Investment scams led with $5.7 billion, followed by imposter scams at $2.95 billion. The FTC returned $337.3 million to consumers across all its 2024 actions — meaningful, but again a small fraction of total losses. And the most-lost-to payment methods? Bank transfers and cryptocurrency combined accounted for more reported losses than every other payment method put together.

The reason is simple. Those are precisely the methods with the weakest legal recovery rights.

By payment method — what actually works

This is the part most people get wrong, because the rules are wildly different from one payment method to the next. The table below is the at-a-glance map; the sections after walk through each in order.

Method	Practical Window	Legal Right	Realistic Odds
Credit card	60 days; some networks 120	Fair Credit Billing Act ($50 max)	Strong
Debit card / ACH	60 days from statement	Regulation E (unauthorized only)	Moderate
Domestic wire	24–72 hours	No statutory chargeback	Slim, falls off fast
International wire	24–72 hours; FBI Kill Chain if ≥$50K	No statutory chargeback	Better with Kill Chain
Zelle / Venmo / Cash App	Minutes to hours	Reg E only if unauthorized	Low for authorized scams
Cryptocurrency	Minutes; before conversion / mixing	None; exchange cooperation only	Very low (Op. Level Up helps)
Gift cards	Hours; only if unredeemed	None; retailer goodwill only	Near zero once redeemed

—Credit cards — the strongest protection you have. Under the Fair Credit Billing Act, your liability for unauthorized credit-card charges is capped at $50, you have at least 60 days from the statement to dispute, and the issuer has two billing cycles to investigate. Call the number on the back of the card, say 'unauthorized recurring billing' or 'I was the victim of a scam,' and ask for a chargeback. Visa and Mastercard chargeback rules permit disputes for up to 120 days from the transaction date in many cases. This is, by a wide margin, the payment method with the best recovery odds in 2026.

—Debit cards and ACH transfers — weaker, but real. Regulation E (12 CFR Part 1005) governs these and gives you 60 days from the date the statement is sent to report an 'unauthorized' transfer. Liability caps are $50 if reported within 2 business days, up to $500 if reported within 60 days, and effectively unlimited after 60 days. The catch: if you 'authorized' the transfer (you sent the money yourself, even after being deceived), the bank can treat it as authorized and refuse the claim. Push back hard; cite Reg E by name; escalate to the CFPB if denied.

—Wire transfers — the 72-hour window is real. Wire transfers have no statutory chargeback right. Recovery depends entirely on whether your bank can recall the wire before the funds are dispersed. The practical window is 24–72 hours. SWIFT recalls initiated within hours of the transfer have the highest chance of success. For international wires of $50,000 or more, ask your bank explicitly about the FBI's Financial Fraud Kill Chain — the Recovery Asset Team's formal process for freezing fraudulent transfers.

—Zelle, Venmo, Cash App — legally the weakest of all. These are the payment methods scammers prefer specifically because the reimbursement framework is the weakest. A July 2024 US Senate investigation found that only about 12% of disputed Zelle scam claims at the three largest banks were reimbursed; the same banks' overall reimbursement rate had fallen from 62% in 2019 to 38% in 2023. The CFPB sued Zelle's parent company in December 2024 and dropped the suit in March 2025; the New York Attorney General then filed a separate case. Until federal law changes (the Protecting Consumers from Payment Scams Act was introduced in August 2024 but has not passed), 'I sent the money myself' usually means no refund. Still report — pressure on the platforms grows with documentation.

—Cryptocurrency — difficult, not impossible. There is no chargeback for crypto. Recovery happens through exchanges, not blockchains. If the funds went to a regulated exchange like Coinbase, Binance, or Kraken, contact them immediately with wallet addresses, transaction IDs and your IC3 report number — they will sometimes freeze flagged addresses. The FBI's Operation Level Up, launched January 2024, has notified over 4,300 crypto-fraud victims and prevented an estimated $285 million in further losses. The FBI and DOJ have restrained more than $701 million in crypto allegedly tied to investment-fraud laundering. Real recovery happens through law enforcement, never through 'crypto recovery hackers' who message you on Telegram.

—Gift cards — act in hours, expect almost nothing. Gift-card fraud cost US consumers at least $212 million in 2024 (FTC). Once the code is redeemed, the money is gone. The only recovery path is to call the retailer (Apple, Target, Amazon, Walmart, eBay are the top scam targets) immediately and ask whether the card has been used. If it has not, they may freeze it. If it has, recovery is essentially impossible. Always also report to the FTC at reportfraud.ftc.gov — the FTC actively partners with retailers on this category.

—The hybrid case — you bought a 'service' that turned out to be a scam. If you paid by credit card for what turned out to be a fraudulent service (a fake recovery firm, a non-existent crypto platform, a fake legal team), use Section 75 in the UK or the FCBA 'goods or services not delivered' chargeback code in the US. Same as a normal chargeback, with one quirk: be prepared for the merchant to claim services were 'rendered.' Bring screenshots, contracts, and the IC3 report.

The single move that improves outcomes across almost every payment method: call the bank within the same hour you realise. Not the next morning. Not after one more email to the scammer. The hour gap between realisation and the first call is the gap recovery odds disappear into. Card networks, SWIFT, payment apps and crypto exchanges all have fraud teams staffed 24/7 specifically because the first hours are when intervention works.

What does not work — and why people keep trying

The flip side of an honest playbook is being equally clear about the moves that waste days, money, or both. None of these recover funds; all of them get marketed as if they do.

—Paying a 'recovery firm' that contacts you. These are second-stage scams. The FTC, FBI and BBB are unanimous and explicit. Anyone who messages you offering to recover stolen money for an upfront fee — especially after your case is public — got your name from a victim list scammers literally sell to each other.

—Hiring a 'private investigator' for a small scam. Real investigators exist, but for a $5,000 wire-transfer loss the bill will exceed the loss and the recovery odds will not move. Reserve PIs for very large losses, on the advice of a lawyer, after IC3 has already declined the case.

—Replying to the scammer to demand the money back. This does not work and often makes things worse. The scammer may pivot you into another scam (the 'we will refund you, just send a small processing fee'), pressure you into more transfers, or simply use your replies to refine their next victim’s script.

—Posting publicly about your loss on social media. Some recovery does happen via viral pressure on large platforms (a public Twitter thread tagging a bank can occasionally help). But more often, public posts attract recovery scammers within hours. If you must post, do it after the formal reports are filed and be ready to block aggressively.

—Waiting for the police to call back. Local police usually take the report, generate a case number, and forward to a state or federal unit that prioritises by case value. For most consumer losses they will not actively investigate. That is not negligence; it is workload. The IC3 and your bank are the active channels.

From the field. The most painful pattern we see is the victim who spends three weeks emailing the scammer asking for a refund, then finally calls their bank on day 22. By then the bank says “the dispute window has narrowed dramatically and the receiving account is empty.” The bank is not wrong. Reg E timing rules and SWIFT recall windows are unforgiving. The right order is: bank first, scammer never. Every email to the scammer is a day you did not spend on recovery channels that might have actually worked.

The recovery-scam industry now targets every fraud victim within days of the original loss. If you are contacted by anyone — investigator, “legal team,” crypto recovery specialist, kind-stranger-on-LinkedIn — who offers to recover your funds for any kind of upfront payment, that is a second scam. Real recovery channels (your bank, the FBI’s IC3, the FTC, IDCARE, Action Fraud, your country’s consumer-protection agency) never charge a fee. We covered this pattern in detail in our recovery-scams piece — read it before you take any “recovery” offer seriously.

The bigger picture — why the rules are like this

The reason the legal recovery landscape is so uneven is historical. The Fair Credit Billing Act was written in 1974 and the Electronic Fund Transfer Act in 1978. They were designed for the world of paper statements and physical cards. Wire transfers, Zelle, crypto and the modern instant-payment ecosystem have all arrived without any equivalent statutory consumer protection. Regulators and Congress have been catching up slowly. The Protecting Consumers from Payment Scams Act introduced in August 2024 would extend EFTA-style protections to scam victims who “authorised” the transfer. The CFPB has tried, sued, dropped, and tried again. State attorneys general (notably New York) are filing their own cases. The direction of travel is towards more protection — but as of right now, the laws on the books still date from a slower, paper-based era, and they reward credit-card users at the expense of everyone else.

None of which helps you in the first hour after a scam. What helps in that hour is acting fast on the channels that already exist. The recovery rate on cases that reach the FBI’s Kill Chain in time is 66%. The rate on cases reported too late is essentially zero. Same scam, same victim, same scammer — different timing. That is the variable you can still control.

And if any of this came too late for you: report anyway. The FTC’s 2024 actions returned $337.3 million to defrauded consumers — almost all of it from cases reported months or years earlier. Your report joins a database that future enforcement uses. The money may not come back. The case can still matter. Then, when you are ready, harden against the next attempt — lock your identity, watch for the recovery scams that are already on their way, and read up on the silent recurring charges that often follow card compromises. The full reporting directory by country is on our report-a-scam page.

One rule beats all the others: the first hour is the recovery hour. Everything you do in it counts twice; everything you postpone past it gets cheaper for the scammer to keep.

Just been scammed and unsure what to do first? Let’s walk through it together.

Tell us how you paid, what happened, and when. A real expert reviews every case and replies within 24 hours. Free, confidential, no pressure — and we never charge to help you recover anything.

Submit a free case review →See the full reporting directory

Common questions about scam recovery

Can you actually get your money back after a scam?

Sometimes, but the honest answer is: it depends almost entirely on how you paid and how fast you act. Credit cards have the strongest protections — the Fair Credit Billing Act caps your liability at $50 and gives you 60 days to dispute. Debit cards and bank transfers are governed by Regulation E and are weaker. Wire transfers can sometimes be recalled within 24–72 hours; after that, almost never. Crypto and gift cards are the hardest — recovery is rare. The FBI's Recovery Asset Team froze $561 million in 2024 with a 66% success rate, but only because victims reported fast enough to act. Speed is the single biggest factor.

What is the first thing to do after being scammed?

Contact whoever holds the money right now — your bank, card issuer, the payment app, or the crypto exchange — and use the exact phrase 'unauthorized transaction' or 'fraudulent transfer.' Do this before calling anyone else and before emailing the scammer. Every hour matters: SWIFT recalls on wire transfers, Zelle reversals, and crypto address freezes all become rapidly harder after the first 24 hours. Then file with the FBI's IC3 at ic3.gov (US) or your country's equivalent, and report to the FTC at reportfraud.ftc.gov.

How long do I have to dispute a scam charge?

Under federal law in the US, you have 60 days from the date your bank or credit card statement is sent to dispute an unauthorized charge or electronic fund transfer (Regulation E for debit/ACH, the Fair Credit Billing Act for credit cards). After 60 days, your liability can become unlimited for additional fraudulent transfers. Some card networks allow chargebacks for up to 120 days. International rules vary — UK consumers have similar protections under the Payment Services Regulations. Do not wait. The legal deadline is the outer limit, not the recommended timeline.

Why won't my bank refund a Zelle or wire transfer I authorized myself?

Because under current US law (Regulation E), banks are only required to reimburse 'unauthorized' transfers — meaning ones the consumer did not initiate. If you sent the money yourself, even after being deceived, banks legally classify it as 'authorized.' A July 2024 US Senate investigation found that only about 12% of disputed Zelle scam claims at the three largest banks were reimbursed. Pressure is growing on Congress and regulators to change this — the Protecting Consumers from Payment Scams Act was introduced in August 2024 — but as of now, scam victims who 'sent' the money themselves have very limited rights. The CFPB sued Zelle's parent company in late 2024 and dropped the suit in March 2025; the New York Attorney General then filed its own case.

Is it possible to recover money lost to a crypto scam?

Difficult but not impossible. The FBI's Operation Level Up, launched in January 2024, has notified more than 4,300 cryptocurrency-fraud victims and prevented an estimated $285 million in further losses. The FBI and DOJ have restrained over $701 million in crypto allegedly tied to investment-fraud laundering. The path is: report immediately to ic3.gov, notify the exchange the funds went to (Coinbase, Binance, Kraken and others will freeze flagged addresses if you act fast), and never pay a 'crypto recovery service' that contacts you — those are second-stage scams. Real recovery happens through law-enforcement channels, not private 'recovery hackers.'

Should I pay a recovery service to get my money back?

No. Never. The FTC, FBI, and BBB are consistent and explicit: any service that contacts you offering to recover scammed funds for an upfront fee is itself a scam. They target people who have just lost money and are at their most desperate. Real recovery channels — your bank, the FBI's IC3 Recovery Asset Team, the FTC, IDCARE in Australia, Action Fraud in the UK — never charge a fee. If someone calls, emails, or messages you offering recovery, especially after your case was reported publicly, they got your name from a victim list scammers sell to each other. See our piece on recovery scams for the full anatomy of how this second robbery works.

Sources & further reading

Every figure in this piece is drawn from these authorities and reports. Click any of them to verify.

You just got scammed. Here’s what actually works — and the honest odds, by payment method.