LabanPH

Someone did a SIM-swap and took over my bank or GCash โ€” what do I do?

Last updated: 2026-07-12 ยท Educational content; not legal advice.

Short answer

Move within minutes, because a SIM-swap gives the attacker your OTPs. In this scheme a fraudster gets your number re-issued or ported to a SIM they control, intercepts the one-time passwords sent to it, and drains your bank or e-wallet. First, call your telco to lock and re-issue your SIM โ€” under the SIM Registration Act (RA 11934), on your report the provider must deactivate the affected SIM within 24 hours. At the same time call your bank and e-wallet fraud lines to freeze accounts, block cards, and reverse transfers. Using your number, OTP, or account without authority to take money is punishable under the Access Devices Regulation Act (RA 8484, as amended by RA 11449), which expressly covers SIM cards and account identifiers and carries heavy prison terms and fines โ€” and it is also estafa, with the penalty raised one degree for being done through ICT (RA 10175). Then change every password, re-secure your email, and file a report with the PNP Anti-Cybercrime Group or NBI, preserving all screenshots and transaction records.

Primary sources

Frequently asked

What is the very first call I should make?

Call your telco to lock and re-issue your SIM so the attacker loses control of the number and stops receiving your OTPs. Under RA 11934 (Sec. 6) the provider must deactivate a reported lost or compromised SIM within 24 hours. Immediately after, call your bank and e-wallet fraud lines to freeze accounts and reverse transfers.

Is SIM-swap fraud actually a crime I can charge?

Yes. Using your SIM, OTP, or account without authority to obtain money falls under the Access Devices Regulation Act (RA 8484, as amended by RA 11449), which expressly includes SIM cards and account identifiers and carries 12โ€“20 years' imprisonment and heavy fines; it is also estafa, with the penalty one degree higher for being committed through ICT (RA 10175).

How do I protect myself afterward?

Change all passwords, secure your email first (it resets everything else), turn on app-based authenticators instead of SMS OTP where offered, and watch for further transactions. Keep every screenshot, transaction reference, and the telco/bank ticket numbers as evidence for your PNP-ACG or NBI report.

Take action

Got a similar problem?

File a complaint and we'll pre-fill BSP, SEC, DTI, and small-claims letters for you.

More on Scams & Online Fraud โ†’

What to do after an online scam โ€” the first-hour playbook, where to report (PNP Anti-Cybercrime Group, NBI, DOJ Office of Cybercrime), how to spot and report investment/Ponzi scams to the SEC, phishing and OTP theft, online-shopping fraud (undelivered, fake, or misrepresented goods), romance and job scams, and the legal basis under estafa (Revised Penal Code Art. 315), RA 8484, RA 10175, RA 8792, RA 7394, and RA 8799.

Other questions

๐Ÿ’ฌ