SteelVerify
All articles
Recovery6 min read

Scammed Buying Steel From China? An Emergency Recovery Checklist

If you have just realized a steel deal was fraudulent, the first 24 to 72 hours matter more than anything else. Work through these steps in order, starting now.

Discovering that a steel deal was fraudulent is stressful, but the actions you take in the first hours have an outsized effect on whether you recover anything. Work through this checklist in order. Do not wait until you have the full picture — act on what you know now.

It helps to understand why speed matters so much. Funds sent by international wire do not vanish the instant they arrive; they sit in the beneficiary account until the fraudster moves them onward, often through a chain of further accounts designed to break the trail. Banks can sometimes freeze or recall a payment while it is still in the first account, but that window is measured in hours to a few days, not weeks. Everything in this checklist is therefore ordered by impact: the actions that preserve the chance of recovery come first, and the slower administrative steps follow.

1. Act within hours, not days

Contact your bank immediately and ask them to attempt a wire recall on the payment. The first 24 to 72 hours offer the only realistic window to freeze or claw back funds before they are moved on.

Be specific and forceful with your bank. Use the phrase 'fraudulent wire transfer' or 'authorized push payment fraud' rather than 'a problem with a supplier', because the former triggers a different, faster internal process at most banks. Ask explicitly for a SWIFT recall (commonly an MT103 trace and recall request) to be sent to the beneficiary bank, and ask for the case to be escalated to the fraud or financial-crime team rather than left with general customer service. Get a reference number for the case before you hang up, and ask what additional information they need from you to proceed without delay.

2. Preserve every piece of evidence

  • Keep all emails with full headers intact — do not forward and delete originals.
  • Save contracts, invoices, chat logs, payment receipts, and banking details.
  • Do not edit, annotate, or 'tidy up' any document.

Evidence preservation feels secondary when you are focused on the money, but it determines what is possible afterwards. The original emails, with full headers intact, are what allow investigators to identify a spoofed or look-alike domain and trace the infrastructure behind it. Export and back up the entire email thread, the signed contract, all invoices, the banking instructions you acted on, payment confirmations, and any chat logs — and store a copy somewhere separate from your normal mailbox in case access is later disrupted. If banking details were changed mid-deal, preserve both the original and the altered versions, because the discrepancy is often the clearest proof of fraud.

3. Notify both banks in writing

File a formal fraud report with your own bank and ask them to contact the beneficiary bank to flag the account and request a hold. A written record matters for any later claim.

Follow up every phone call with a written summary by email the same day, so there is a timestamped record of what you reported and when. If you can identify the beneficiary bank from the payment instructions, you can also contact them directly to report that the account is receiving fraudulent funds; some banks will act on a victim's report even before the sending bank's request arrives. Keep copies of all correspondence with both banks — these records are exactly what an insurer or regulator will expect to see, and gaps in the timeline can weaken an otherwise strong claim.

4. Report to the authorities

File with your local police or economic-crime unit and any relevant cybercrime portal. A formal report number supports bank and insurance claims, and it feeds the broader effort to shut these operations down.

Report in more than one place where it applies. In addition to your local police, file with the national cybercrime or fraud reporting body in your country, and — for cross-border wire fraud — consider international channels that coordinate on these cases. If the fraud involved a compromised email account, also report it to the relevant email provider. Each report may feel like it disappears into a queue, but the report number is a concrete asset: banks, insurers, and lawyers will ask for it, and aggregated reports are how repeat-offender accounts and domains eventually get shut down.

5. Check whether you are insured

Many businesses are covered for some portion of this loss without realizing it. Trade-credit insurance, marine cargo policies, and specialist cyber or crime policies may respond to supplier fraud or business email compromise depending on the wording. Notify your broker or insurer promptly — policies often impose tight notification deadlines — and provide the evidence and report numbers you have gathered. Even where a claim only covers part of the loss, it can be the difference between a serious setback and a catastrophic one.

6. Warn the next buyer

Share the pattern — anonymized if you prefer — so others can recognize it. Fraud rings reuse the same domains, accounts, and scripts repeatedly, so a single report can stop the next loss. You can submit a confidential report on this site to add it to the case library.

This step costs you nothing and is genuinely effective. The same bank account, the same look-alike domain, and the same factory photos are recycled across many victims, so a description of how your fraud worked — the bank details used, the excuses given, the timeline — helps the next buyer recognize it in time. It also turns a bad experience into something useful: the case library on this site exists because buyers were willing to share what happened to them.

A realistic word on recovery

It is important to be honest: full recovery of funds sent abroad is the exception, not the rule, especially once money has left the first account. That is precisely why the early hours matter so much, and why prevention is worth so much more than cure. Do not let the difficulty discourage you from acting — partial recoveries do happen, insurance sometimes responds, and reports do shut operations down — but go into the process with realistic expectations and your energy focused where it counts.

What improves your odds next time

Once the immediate situation is handled, the structural fixes are the same ones that prevent fraud in the first place: keep deposits modest, tie payments to inspection milestones, verify every counterparty at the source, and prefer a letter of credit or escrow for first orders with a new supplier. Confirm every change of banking details by voice on a pre-agreed number. None of this is complicated, and after an experience like this it tends to become permanent habit. Work through the prevention guide and the verification checklist on this site to rebuild your process so the next deal is structured to fail safely.

Verify a specific supplier

Run the free interactive checklist to score how thoroughly you have vetted a Chinese steel supplier before you pay.

Open the verification checklist