Blog
You got scammed. Here is the 72-hour recovery checklist.
A hour-by-hour, day-by-day plan for what to do after a phone scam — from the first bank freeze in minute one through the cybercrime FIR and credit-freeze in week one.
By PhoneLookup EditorialJuly 1, 20268 min read
The single biggest predictor of getting money back from a phone scam is how quickly the first bank freeze goes in. This is a checklist you can follow at 2am with shaking hands. Don’t stop to feel bad — that comes later. Right now the clock is running.
Minute 0–30: freeze everything
- Call 1930 from any working phone. Have the fraudster’s number, the amount, and any transaction reference ready. Stay on the line until the officer confirms a freeze request has been raised.
- Open your banking app. Block your debit and credit card from inside the app (not by calling — the app is faster).
- Change your net-banking password from a device you trust.
- If UPI was used: freeze your UPI PIN via the app; some apps have “block UPI” under the security settings.
Minute 30–120: file the complaint
- Register at cybercrime.gov.in. You’ll get a complaint reference number — save it.
- Take screenshots of every SMS, email, WhatsApp message, and transaction. Save them all in one folder.
- Email your bank’s fraud address (usually printed on the back of the card or in the app) with the complaint number and screenshots attached. This starts the RBI 10-day dispute clock.
Hour 2–24: paper trail
- Visit your nearest bank branch with your ID, complaint number, and screenshots. Ask for a written acknowledgement of the fraud claim.
- File an FIR at your local police station. They may push back — be politely firm; it’s your legal right under Sec 154 CrPC. The FIR is required for the bank to complete the RBI dispute in your favour.
- Report the caller’s number on sancharsaathi.gov.in (Chakshu) and on PhoneLookup so the next person sees it immediately.
Day 2–7: contain the damage
- Change passwords on every account that shared any credential exposed in the scam (email, brokerage, wallet, e-commerce).
- Enable two-factor authentication (authenticator app, not SMS) everywhere it’s available.
- Pull your credit report from CIBIL, Experian, Equifax, and CRIF. Look for any loan enquiries you didn’t make.
- If your Aadhaar was shared: lock your biometrics on uidai.gov.in. It takes two minutes and blocks eKYC misuse.
Week 2 onwards: recovery follow-through
- Under RBI zero-liability rules for unauthorised electronic transactions, the bank has 10 working days to credit the disputed amount to a shadow account and 90 days to close the case — provided you reported within 3 working days. Chase in writing every 5 working days.
- Keep the FIR number visible in every follow-up email. Banks respond faster when the FIR is attached.
- If the bank refuses, escalate to the RBI Banking Ombudsman on cms.rbi.org.in. It’s free and often resolves cases in under 60 days.
The part you skip and shouldn't
Tell one person. Not for advice — for the sheer act of speaking it aloud. Scams survive on silence, both before (isolation-based scripts) and after (shame-based non-reporting). Talking about it is the last thing the fraudster wants and the first thing that makes you feel like yourself again.