Losing money to an online scammer is upsetting, embarrassing, and urgent. In the Philippines, the first goal is not to “prove the whole case” immediately. The first goal is to preserve evidence, alert the bank or e-wallet, try to freeze or trace the funds, and create an official report while the digital trail is still fresh. This article explains what to do right away, what laws may apply, where to report an online scam in the Philippines, what documents to prepare, and what recovery options are realistic.
What Counts as an Online Scam in the Philippines?
An online scam usually involves deception committed through the internet, mobile phones, social media, messaging apps, online marketplaces, e-wallets, bank transfers, cryptocurrency platforms, fake investment sites, or phishing links.
Common examples include:
- A fake seller who receives payment but never ships the item.
- A fake buyer who sends a fake proof of payment.
- A person pretending to be from a bank, GCash, Maya, Shopee, Lazada, LBC, BIR, DFA, immigration, or a government agency.
- A romance scammer who asks for “emergency” money.
- A fake investment, “tasking,” crypto, forex, casino, or Ponzi scheme.
- A phishing link that captures your OTP, password, or online banking credentials.
- A scammer who uses another person’s bank account or e-wallet as a “mule account.”
Under Philippine law, the same set of facts may fall under more than one law. A fake online seller, for example, may involve estafa under the Revised Penal Code, cyber-related fraud under the Cybercrime Prevention Act, and possible financial account scamming rules if bank or e-wallet accounts were used.
First 24 Hours: What to Do Immediately After Sending Money
Time matters. The money may move from one account to another within minutes.
Stop communicating in a way that gives the scammer more information. Do not send another payment for “processing,” “tax,” “release,” “refund verification,” “account unlocking,” or “lawyer fees.” Many scams continue by asking the victim to pay again to recover the first amount.
Take screenshots before anything is deleted. Capture the profile, username, phone number, email address, chat thread, payment instructions, QR code, bank or e-wallet name, account number, transaction reference number, date, time, and amount.
Download or save full transaction records. Keep receipts from your bank, e-wallet, remittance center, credit card, cryptocurrency exchange, online marketplace, or foreign transfer service.
Report the transaction to your bank or e-wallet immediately. Use the official app, hotline, email, or branch. Ask them to mark the transaction as disputed or fraudulent and to coordinate with the receiving institution. Republic Act No. 12010, or the Anti-Financial Account Scamming Act (AFASA), recognizes coordinated verification of disputed transactions by covered financial institutions after a complaint, information from another institution, or fraud detection trigger. (Lawphil)
Change passwords and revoke access. If you clicked a link or shared an OTP, change passwords for email, banking, e-wallet, social media, and shopping apps. Log out other devices. Enable multi-factor authentication.
Report the scam to law enforcement. For cyber-related scams, report to the PNP Anti-Cybercrime Group, NBI Cybercrime Division, or the Cybercrime Investigation and Coordinating Center hotline 1326. The CICC/I-ARC hotline has been publicly identified as a 24/7 channel for reporting online scams, including online selling scams, phishing, romance scams, impersonation, investment fraud, and cybercrimes. (Philippine News Agency)
Do not delete chats, block immediately without preserving evidence, or reset the phone before backing up evidence. Investigators may need original message threads, metadata, URLs, phone numbers, and device information.
Philippine Laws That May Apply
Estafa Under Article 315 of the Revised Penal Code
The most familiar criminal charge for scam cases is estafa, also called swindling. Article 315 of the Revised Penal Code punishes a person who defrauds another through the means listed in the law, including false pretenses and fraudulent acts. (Lawphil)
In practical terms, a prosecutor usually looks for:
- Deceit or false representation — for example, pretending to sell an item, pretending to be authorized by a company, or pretending an investment is legitimate.
- Reliance by the victim — the victim believed the lie and sent money.
- Damage — the victim lost money or property.
- Connection between the deceit and the loss — the false statement caused the victim to pay.
A simple unpaid debt is not automatically estafa. The difference is usually whether there was fraud from the start. For example, a real seller who later fails to deliver because of a legitimate supply problem may be a civil dispute. A seller using fake identities, stolen photos, fake tracking numbers, and multiple receiving accounts is much closer to criminal fraud.
Cybercrime Prevention Act: RA 10175
Republic Act No. 10175, the Cybercrime Prevention Act of 2012, applies when the crime is committed through information and communications technology. It specifically includes computer-related fraud, which covers unauthorized input, alteration, or deletion of computer data or interference with a computer system, causing damage with fraudulent intent. (Supreme Court E-Library)
RA 10175 is also important because Section 6 provides that crimes under the Revised Penal Code and special laws, if committed by, through, and with the use of information and communications technologies, are covered by the Act and may carry a penalty one degree higher than the ordinary offense. (Supreme Court E-Library)
This is why many online scam complaints are described in practice as:
- Estafa under Article 315 of the Revised Penal Code in relation to RA 10175;
- Computer-related fraud under Section 4(b)(2) of RA 10175;
- Computer-related identity theft if personal information was misused; or
- Other cybercrime-related offenses depending on the facts.
Anti-Financial Account Scamming Act: RA 12010
Republic Act No. 12010, signed in 2024, is highly relevant to online scams involving bank accounts, e-wallets, payment accounts, and mule accounts. The law covers financial accounts such as deposit accounts, credit card accounts, transaction accounts, e-wallets, and other accounts used for financial products or services. (Lawphil)
AFASA penalizes, among others:
- Money muling — using, lending, selling, renting, opening, or recruiting the use of a financial account to receive or transfer proceeds from crimes or social engineering schemes.
- Social engineering schemes — obtaining sensitive identifying information through deception or fraud, resulting in unauthorized access or control over a financial account.
- Opening accounts under fictitious names or using another person’s identity documents.
- Buying or selling financial accounts. (Lawphil)
This matters because many victims only know the receiving bank or e-wallet account, not the true scammer. AFASA targets the account layer of the scam and gives the Bangko Sentral ng Pilipinas authority to investigate financial accounts involved in prohibited acts. (Lawphil)
Access Devices Regulation Act: RA 8484, as Amended by RA 11449
Republic Act No. 8484, the Access Devices Regulation Act of 1998, applies to fraud involving access devices such as cards, account numbers, PINs, codes, or other means of account access that can obtain money, goods, services, or initiate fund transfers. (Lawphil)
This may be relevant when the scam involves:
- Stolen credit card details;
- Unauthorized use of an account number;
- Card-not-present fraud;
- OTP or PIN harvesting;
- Fraudulent use of access credentials.
Financial Products and Services Consumer Protection Act: RA 11765
Republic Act No. 11765 protects consumers of financial products and services, including digital financial products, payments, remittances, securities, investments, insurance, and similar products. It recognizes the rights of financial consumers to fair treatment, disclosure, protection of assets against fraud and misuse, data privacy, and timely handling of complaints. (Supreme Court E-Library)
This law is especially useful when the issue involves a bank, e-wallet, remittance company, lending company, investment provider, or other financial service provider. It also defines investment fraud as deceptive solicitation of investments from the public, including Ponzi schemes and investment schemes offered without the required SEC license or permit. (Supreme Court E-Library)
Electronic Evidence: RA 8792 and the Rules on Electronic Evidence
Do not assume screenshots are useless. Republic Act No. 8792, the Electronic Commerce Act, gives legal recognition to electronic documents. It provides that, for evidentiary purposes, an electronic document can be the functional equivalent of a written document if integrity, reliability, and authentication requirements are met. (Lawphil)
This is why proper preservation matters. Screenshots help, but better evidence includes original emails, downloadable receipts, transaction histories, URLs, message IDs, device details, and records that can be authenticated.
Where to Report an Online Scam in the Philippines
Different agencies handle different parts of the problem. Reporting to one office does not always replace reporting to another.
| Situation | Where to Report | Why It Matters |
|---|---|---|
| Money sent through bank or e-wallet | Your bank, e-wallet, or payment provider first; then BSP if unresolved | Immediate dispute handling, account tracing, possible hold, consumer complaint record |
| Cyber scam using social media, SMS, email, website, or app | PNP Anti-Cybercrime Group, NBI Cybercrime Division, CICC 1326 | Criminal investigation, digital tracing, preservation requests |
| Fake investment, Ponzi, crypto/forex solicitation, unlicensed securities | Securities and Exchange Commission | Investment fraud and unauthorized solicitation |
| Online seller or marketplace consumer issue | DTI Consumer Care or platform dispute system | Consumer mediation, seller/platform accountability where DTI jurisdiction applies |
| Text scam or mobile number abuse | Telco, NTC, CICC | Blocking/reporting suspicious numbers and SIM-related abuse |
| Data privacy breach, leaked ID, unauthorized use of personal information | National Privacy Commission | Data privacy complaint or investigation |
The BSP advises financial consumers with unresolved concerns involving BSP-supervised financial institutions to use the BSP Online Buddy (BOB) or submit the required complaint form through BSP consumer assistance channels. BSP’s page also lists the information to include, such as the complaint summary, requested resolution, contact details, copy of the complaint filed with the financial institution, the institution’s reply, and supporting documents. (Bangko Sentral ng Pilipinas)
For NBI cybercrime complaints, the NBI Citizen’s Charter identifies the Cybercrime Division process as involving filing a complaint or request for investigation, preliminary interview, sworn statements or affidavits, and collection of supporting documents. It also indicates no filing fee for that listed service. (National Bureau of Investigation)
Step-by-Step Guide to Filing a Strong Online Scam Complaint
1. Prepare a Clear Timeline
Write a simple timeline before going to the bank, police, NBI, or prosecutor.
Include:
- Date and time you first encountered the scammer;
- Platform used, such as Facebook Marketplace, Telegram, Viber, WhatsApp, TikTok, Instagram, Shopee, Lazada, email, SMS, dating app, or website;
- What the scammer promised;
- Why you believed the scammer;
- Amount sent;
- Payment channel used;
- Name, number, username, account number, or wallet ID given by the scammer;
- What happened after payment;
- Attempts to ask for refund or delivery.
A good timeline saves time and helps investigators see the elements of fraud.
2. Organize Evidence in Folders
Create folders like this:
- Chats and screenshots
- Payment receipts
- Profile and account details
- Links and websites
- IDs and documents sent
- Bank or e-wallet reports
- Platform reports
- Witnesses
Do not edit screenshots except to make duplicate copies for highlighting. Keep originals.
3. Report to the Financial Institution
When contacting your bank or e-wallet, give exact details:
- Your name and account number or wallet number;
- Transaction reference number;
- Date and time;
- Amount;
- Receiving bank/e-wallet/account number;
- Reason for dispute: online scam, unauthorized transaction, phishing, account takeover, or fraudulent transfer;
- Police/NBI/CICC report number if already available.
Ask for:
- A case or ticket number;
- Written acknowledgment;
- Whether the funds can be held, recalled, or traced;
- Whether they will coordinate with the receiving institution;
- Requirements for an affidavit or police report.
For credit card transactions, ask specifically about chargeback or dispute procedures. For InstaPay, PESONet, QR, or e-wallet transfers, reversal is usually harder once credited, but quick reporting can still help create a trail and may help if funds remain or if the receiving account is flagged.
4. File with PNP ACG, NBI Cybercrime Division, or CICC
Bring or prepare:
- Valid government ID;
- Printed and digital copies of screenshots;
- Transaction receipts;
- Bank or e-wallet ticket numbers;
- Scammer’s profile links, phone numbers, email addresses, usernames, and account numbers;
- Device used, if relevant;
- Sworn affidavit or complaint-affidavit, if required;
- Authorization or SPA if filing through a representative.
For cybercrime, investigators may need to request preservation or disclosure of computer data. Under the Rule on Cybercrime Warrants, service providers may be required to preserve traffic data and subscriber information for specified periods, and law enforcement may seek warrants to disclose, search, seize, or examine computer data. (Philippine News Agency)
5. Execute a Complaint-Affidavit if the Case Proceeds
A complaint-affidavit is a sworn written statement explaining what happened and attaching evidence. It is usually needed for preliminary investigation before the prosecutor.
It should state:
- Your personal details;
- The identity of the respondent if known;
- The facts in chronological order;
- The exact amount lost;
- The law you believe was violated, if known;
- The list of attached evidence;
- The witnesses, if any.
If the scammer’s real identity is unknown, law enforcement may still investigate using account numbers, phone numbers, IP logs, device data, platform records, and financial trails.
6. Follow the Case Trail
A scam report may move through several stages:
- Initial report or blotter;
- Evidence assessment;
- Referral to investigator or cybercrime unit;
- Request for records, preservation, or warrants;
- Identification of account holders, SIM users, or suspects;
- Filing of complaint-affidavit;
- Preliminary investigation before the prosecutor;
- Filing of Information in court if probable cause is found;
- Trial, settlement discussions, restitution, or judgment.
Timelines vary widely. A simple fake seller case with a known person may move faster. A syndicate using mule accounts, fake IDs, foreign platforms, cryptocurrency, or overseas suspects may take months or longer.
Can You Get the Money Back?
Sometimes, but not always.
Recovery depends on:
- How fast you reported;
- Whether funds are still in the receiving account;
- Whether the receiving account holder can be identified;
- Whether the bank or e-wallet finds unauthorized access or system-related issues;
- Whether a chargeback remedy exists;
- Whether the scammer or mule account holder has assets;
- Whether a criminal case, civil case, or regulatory process results in restitution.
Possible recovery routes include:
| Route | Best For | Practical Limit |
|---|---|---|
| Bank/e-wallet dispute | Immediate reporting, unauthorized transactions, phishing, account takeover | Voluntary transfers are harder to reverse |
| Credit card chargeback | Card payments to merchants or platforms | Deadlines and card-network rules apply |
| Marketplace refund process | Platform-based online shopping | May fail if payment was made outside the platform |
| Criminal case restitution | Estafa/cybercrime with identified accused | Depends on prosecution and accused’s ability to pay |
| Civil action | Known defendant with assets | Cost, time, collectability |
| SEC/BSP/DTI regulatory process | Financial provider, investment scheme, marketplace issue | Regulators may sanction, mediate, or adjudicate within their authority, but recovery still depends on facts |
Under RA 11765, the BSP and SEC have authority in certain purely civil financial consumer claims for payment or reimbursement not exceeding ₱10 million, subject to the law’s requirements and jurisdictional limits. (Supreme Court E-Library)
Common Mistakes That Make Scam Cases Harder
Waiting Too Long Before Reporting
Many victims wait because they feel ashamed or hope the scammer will refund. Delay gives scammers time to withdraw, transfer, convert, or cash out the funds.
Sending More Money to Recover the First Payment
“Refund fees,” “unlocking fees,” “tax clearance,” “anti-money laundering clearance,” and “processing fees” are common second-stage scams. Real banks, courts, police, NBI, BSP, SEC, and AMLC do not ask victims to send money to a random personal account to recover scam funds.
Only Saving Cropped Screenshots
Cropped screenshots are useful but weaker than full records. Save the entire conversation, profile URL, message headers, receipts, and transaction history.
Reporting Only to the Platform
Reporting a fake Facebook, Telegram, TikTok, or marketplace account may help remove the account, but it does not automatically create a criminal complaint or financial dispute.
Posting Accusations Online Without a Case
It is understandable to warn others, but naming a person as a scammer without careful proof can create separate legal risk, especially if the account holder claims identity theft or that the account was merely used as a mule. Preserve evidence and report through proper channels.
Going to the Barangay When the Case Is Clearly Cybercrime or the Respondent Is Unknown
Barangay conciliation is useful for some disputes between known individuals in the same city or municipality. But many online scam cases involve unknown respondents, different locations, cybercrime elements, banks, e-wallets, or amounts that require law enforcement and prosecutor action. A barangay blotter may be a supporting record, but it is usually not enough.
Special Situations
If You Are an OFW or Foreigner Outside the Philippines
You can still prepare evidence and report to the bank, e-wallet, platform, CICC, PNP ACG, NBI, or Philippine counsel/representative. If a sworn affidavit, Special Power of Attorney, or authorization is executed abroad, it may need notarization before a Philippine Embassy or Consulate, or an apostille if executed in a country that is part of the Apostille Convention and the document will be used in the Philippines.
Keep foreign transfer records, passport bio page, remittance receipts, exchange-rate details, and communications showing why the transaction involved the Philippines.
If the Scammer Used a Mule Account
Do not assume the name on the receiving bank or e-wallet account is the mastermind. Many syndicates use rented, borrowed, stolen, or purchased accounts. AFASA specifically addresses money muling and the misuse of financial accounts, including selling, lending, buying, renting, or recruiting accounts for proceeds of crimes or social engineering schemes. (Lawphil)
If You Sent Your ID, Selfie, or Personal Data
Treat it as both a scam and an identity-risk incident.
Do the following:
- Tell your bank and e-wallets that your ID may be misused.
- Monitor credit, loans, and new account notifications.
- Report fake accounts using your name or photo.
- Consider reporting to the National Privacy Commission if personal data was misused or exposed.
- Save proof that the ID was submitted because of deception.
If the Scam Involved a Fake Investment
Check whether the person or entity is registered and authorized to solicit investments. Corporate registration alone is not the same as authority to sell securities or investment contracts. RA 11765 treats deceptive public investment solicitation, Ponzi schemes, and unlicensed investment offerings as investment fraud. (Supreme Court E-Library)
Report investment scams to the SEC, especially if the scheme involved guaranteed returns, referral commissions, crypto trading pools, forex trading, casino junket promises, “tasking,” “AI trading,” or “double your money” offers.
If the Scam Came Through SMS or a Mobile Number
Save the text, sender number, date, time, and link. Report to your telco, the NTC, and CICC. The SIM Registration Act, RA 11934, requires SIM registration and provides for deactivation of unregistered SIMs, but registered SIMs can still be misused through fake IDs, stolen phones, mule users, or syndicates. (Lawphil)
Documents and Evidence Checklist
| Document or Evidence | Why It Helps |
|---|---|
| Valid ID | Confirms complainant’s identity |
| Complaint-affidavit or written narrative | Gives investigators a sworn factual basis |
| Screenshots of chats | Shows representations, promises, payment instructions |
| Full profile links and usernames | Helps trace accounts |
| Phone numbers and email addresses | Helps identify SIMs, accounts, or platform users |
| Bank/e-wallet receipts | Proves amount, date, time, recipient, reference number |
| QR code or account details used | Links payment destination to scam |
| Proof of platform listing or advertisement | Shows how victim was induced |
| Demand/refund messages | Shows non-delivery or refusal to return money |
| Bank/e-wallet ticket numbers | Shows immediate reporting |
| Police/NBI/CICC report | Supports financial dispute and investigation |
| Witness statements | Useful if others dealt with the same scammer |
| Device logs, emails, headers, URLs | Useful for cyber investigation |
| SPA or authorization | Needed if a representative files for you |
Practical Timelines to Expect
| Step | Typical Timing |
|---|---|
| Bank/e-wallet fraud report acknowledgment | Same day to several banking days |
| Initial PNP/NBI/CICC report | Same day if documents are ready |
| Preparation of complaint-affidavit | 1 day to several days, depending on evidence |
| Bank-to-bank or e-wallet coordination | Days to weeks |
| Platform response | Hours to weeks, depending on platform |
| Prosecutor preliminary investigation | Several weeks to months |
| Court case after filing of Information | Months to years |
| Actual recovery of money | Immediate in rare cases; often uncertain and fact-dependent |
The hardest part is usually not writing the complaint. It is identifying the real person behind the account, preserving platform data before deletion, tracing funds after rapid transfers, and collecting enough evidence to establish probable cause.
Frequently Asked Questions
Can I report an online scam even if I only lost a small amount?
Yes. Small amounts are still reportable. Many scammers operate by collecting small payments from many victims. Your report may connect to other complaints and help identify a pattern.
Should I report first to the bank or to the police?
Do both, but report to the bank or e-wallet immediately if money just moved. The financial institution is in the best position to flag the transaction quickly. Then file a report with PNP ACG, NBI Cybercrime Division, CICC, or the proper law enforcement office to create an official investigative record.
Can the bank automatically reverse the transfer?
Not always. If the transfer was authorized from your account, the bank may need investigation and coordination with the receiving institution. Reversal is easier if funds are still available, the transaction is clearly unauthorized, or the payment method has a chargeback process. It is harder if the money was instantly withdrawn or transferred onward.
Is a screenshot enough to file a cybercrime complaint?
A screenshot can support a complaint, but stronger evidence includes full chat exports, transaction receipts, profile URLs, phone numbers, email headers, platform links, and bank/e-wallet reference numbers. Under Philippine electronic evidence rules, authenticity and integrity matter.
What if I only know the scammer’s bank account or GCash number?
That may still be useful. The receiving account can help investigators and financial institutions trace the account holder, identify mule activity, or connect the complaint to other reports. AFASA is specifically concerned with misuse of financial accounts and money mule activity.
Can I file a case if the scammer is abroad?
Yes, but it is more complicated. If the victim, payment channel, bank, e-wallet, device, damage, or part of the scheme is connected to the Philippines, Philippine authorities may still receive and assess the complaint. Cross-border records, foreign platforms, and extradition or mutual legal assistance issues can slow the case.
What if the scammer used a fake name?
Use all identifiers you have: phone number, account number, e-wallet name, QR code, email address, social media profile URL, username changes, group links, shipping details, and IP-related clues if available. Fake names are common and do not automatically defeat a complaint.
Should I file with the SEC for a crypto, forex, or investment scam?
Yes, if the scheme involved public solicitation of investments, promised profits, referral commissions, pooled funds, managed trading, or investment contracts. The SEC handles investment fraud and unauthorized securities solicitation. You may still also report cybercrime and the payment trail to law enforcement and financial institutions.
Can I sue the scammer civilly instead of filing a criminal case?
Yes, if the scammer is identified and collectible. Civil actions may seek recovery of money and damages. Civil Code Article 33 also allows an independent civil action for damages in cases of fraud, separate from the criminal case. (Lawphil) The practical question is whether the defendant can be located and has assets to satisfy a judgment.
Do I need a notarized affidavit?
For initial reporting, some offices may accept a complaint sheet or narrative first. For prosecutor filing and formal investigation, a sworn complaint-affidavit is commonly required. If signed abroad, expect authentication, consular acknowledgment, or apostille requirements depending on where the document is executed.
Key Takeaways
- Report the scam quickly to your bank or e-wallet, then to cybercrime authorities.
- Preserve evidence before blocking, deleting, resetting, or changing devices.
- Online scams may involve estafa, cybercrime, financial account scamming, access device fraud, investment fraud, or consumer protection laws.
- RA 12010 is important when mule accounts, e-wallets, and financial accounts are used.
- Recovery is possible in some cases, but it depends heavily on speed, traceability, available funds, and evidence.
- A strong complaint is built on a clear timeline, complete transaction records, full screenshots, account details, and sworn statements.
- Foreigners and OFWs can report Philippine-linked scams, but documents signed abroad may need consular notarization or apostille.
- Do not send more money to “recover” scam funds; that is often the second stage of the scam.