Step 1: Preserve Evidence Immediately

In the digital world, evidence is important. Suspects can delete messages, deactivate accounts, or “unsend” documents in seconds. Speed and silence are your best tools. It is best not to alert the perpetrator that you are onto them, as this often leads to the immediate destruction of proof.

What to collect:

• Screenshots
• Financial Records
• Metadata
• Communication Logs

Step 2: Contact Financial Institutions (If Money Transfer Is Involved)

If you have transferred funds or noticed unauthorized activity, minutes matter. Digital assets and cash transfers are often moved through multiple accounts quickly to make them untraceable.

What you should do:

• Notify Your Bank Immediately
• Report to E-Wallets/Platforms
• Request an Investigation by the Bank or Wallets/Platforms

Step 3: File a Criminal Complaint

In Cambodia, a “complaint” is the legal trigger for a formal investigation.

Where to Report:

• Anti-Cybercrime Department: Located within the Ministry of Interior in Phnom Penh. This is the specialized unit for digital fraud.
• Local Police: If you cannot reach the capital, file a report at your local Sangkat or District police station.
• Court of First Instance: Or file a complaint in your city or province.

Step 4: Consider if Civil Action is Applicable

A civil lawsuit is typically pursued in parallel with, or after, a criminal case. It is most effective when:

• Identifiable Offender: You have the real name and physical address or registered business location of the person/company that defrauded you.
• Contractual Relationship: There was a formal or informal agreement (e.g., an “investment contract” or a service agreement) that was breached.
• Vicarious Liability: If the scam happened within a specific hotel, casino, or commercial building, new 2026 regulations allow victims to potentially seek damages from property owners who knowingly facilitated or provided space for scam operations.

Step 5: Assess Data Protection & Contractual Exposure

If a business suffers a cybercrime (hacking, ransomware, data breach), it must assess both criminal exposure and civil/contractual liability.

1. Review Contractual Obligations

If customer or employee data was compromised due to a cyberattack, the business must review confidentiality clauses, data protection obligations, security warranties, limitation of liability clauses. If the company promised to protect data but failed to implement reasonable cybersecurity measures, it may be considered a breach of contract.

If company directors or employees were involved (for example, insider data theft), they may also face criminal responsibility. In addition, if the company failed to prevent obvious security risks, authorities may investigate negligence depending on circumstances.

2. Implement Stronger Cybersecurity Practices

To reduce cybercrime risks, businesses should install firewalls and intrusion detection systems, use encryption, apply regular security updates, use multi-factor authentication, and perform cybersecurity audits.

Training employees in identifying suspicious emails, protecting passwords, reporting security incidents immediately, can also be an important preventative action. Employee negligence can create corporate liability.

3. Seek Legal Advice Early

Taking swift legal action can also limit liability for companies and prevent further loss for individuals.