Cybercrime Complaint Filing in the Philippines

I. Introduction

Cybercrime complaint filing in the Philippines refers to the legal process by which a person, business, organization, or government entity reports an offense committed through, against, or by means of computers, computer systems, networks, electronic communications, digital platforms, or information and communications technology.

The Philippines has a dedicated legal framework for cybercrime, primarily under Republic Act No. 10175, known as the Cybercrime Prevention Act of 2012. Cybercrime complaints may involve hacking, online scams, identity theft, cyber libel, unauthorized access, data interference, online threats, phishing, account takeover, sextortion, online harassment, child sexual abuse or exploitation materials, fraudulent online transactions, and other offenses committed through digital means.

Filing a cybercrime complaint is not merely a matter of reporting misconduct online. It is a legal act that may trigger criminal investigation, evidence preservation, subpoena proceedings, forensic examination, prosecution, and, eventually, trial. Because digital evidence can be deleted, altered, anonymized, or moved quickly across platforms and jurisdictions, the timing, documentation, and legal framing of the complaint matter greatly.

This article discusses the Philippine legal context, where to file, what documents to prepare, how cybercrime complaints are evaluated, what laws may apply, what victims should avoid doing, and what remedies may be available.

II. Governing Legal Framework

A. Cybercrime Prevention Act of 2012

The main Philippine statute on cybercrime is Republic Act No. 10175, or the Cybercrime Prevention Act of 2012. It criminalizes specific acts involving computers, computer systems, and digital communications.

The law covers three broad categories:

  1. Offenses against the confidentiality, integrity, and availability of computer data and systems
  2. Computer-related offenses
  3. Content-related offenses

It also provides procedural mechanisms for investigation, evidence preservation, search and seizure, disclosure of computer data, and jurisdiction.

B. Revised Penal Code

Many cybercrime complaints are not based solely on the Cybercrime Prevention Act. Traditional crimes under the Revised Penal Code may also apply when committed through information and communications technology.

Examples include:

  • Estafa committed through online transactions
  • Threats made through messaging apps
  • Unjust vexation or alarms and scandals through digital conduct
  • Falsification involving digital documents
  • Libel committed online
  • Grave coercion or blackmail done through electronic means

When a crime under the Revised Penal Code is committed by, through, or with the use of information and communications technology, it may be prosecuted in relation to the Cybercrime Prevention Act, where applicable.

C. Data Privacy Act of 2012

The Data Privacy Act of 2012, or Republic Act No. 10173, may be relevant when the complaint involves unauthorized processing, access, disclosure, misuse, or breach of personal information or sensitive personal information.

A cybercrime complaint may overlap with a privacy complaint when, for example:

  • Personal information is leaked online
  • Private photos or identification documents are posted without consent
  • A database containing personal data is breached
  • A person’s account is accessed and personal information is misused
  • Sensitive personal information is collected through phishing

The National Privacy Commission may become relevant for the data privacy aspect, while law enforcement and prosecutors handle the criminal cybercrime aspect.

D. Special Protection Laws

Certain cyber-related offenses may also involve special laws, including laws on:

  • Online sexual abuse or exploitation of children
  • Anti-photo and video voyeurism
  • Violence against women and children
  • Anti-trafficking
  • Anti-money laundering
  • Consumer protection
  • E-commerce
  • Electronic evidence
  • Intellectual property

The proper legal classification depends on the facts, the identity and age of the victim, the nature of the act, the medium used, the location of the parties, and the kind of damage caused.

III. What Constitutes Cybercrime in the Philippine Context

Cybercrime is not limited to sophisticated hacking. In practice, Philippine cybercrime complaints often arise from ordinary digital interactions: online selling, social media posts, messaging apps, bank transfers, dating platforms, email, e-wallets, online lending apps, and workplace communications.

Common examples include the following.

A. Illegal Access or Hacking

Illegal access occurs when a person intentionally accesses a computer system, account, device, database, or network without authority.

Examples include:

  • Logging into another person’s Facebook, Gmail, Instagram, TikTok, bank, or e-wallet account without permission
  • Guessing or stealing passwords
  • Using another person’s device to access private files without consent
  • Accessing company systems after resignation or termination
  • Bypassing security controls to enter a restricted system

The complaint should show that access occurred without authority and that the system, account, or data belonged to or was controlled by another person or entity.

B. Illegal Interception

Illegal interception involves the unauthorized interception of computer data or communications. This may include unauthorized monitoring, capturing, recording, or obtaining of communications while being transmitted.

Examples include:

  • Capturing private messages through spyware
  • Intercepting emails
  • Using hidden monitoring software
  • Capturing login credentials through network sniffing
  • Recording private communications through unauthorized software

C. Data Interference

Data interference refers to intentional or reckless alteration, damaging, deletion, deterioration, or suppression of computer data without authority.

Examples include:

  • Deleting files from another person’s account
  • Altering database entries
  • Wiping a company server
  • Modifying grades, records, invoices, or transaction logs
  • Sabotaging digital files

D. System Interference

System interference involves seriously hindering or interfering with the functioning of a computer system.

Examples include:

  • Denial-of-service attacks
  • Malware infections
  • Locking users out of systems
  • Sabotaging business platforms
  • Disrupting websites or servers

E. Misuse of Devices

Misuse of devices may involve producing, selling, obtaining, importing, distributing, or making available devices, tools, passwords, access codes, or data primarily designed or adapted for committing cybercrime.

Examples include:

  • Selling stolen credentials
  • Distributing hacking tools for illegal use
  • Sharing access codes to compromised accounts
  • Making phishing kits available

F. Cyber-Squatting

Cyber-squatting under Philippine cybercrime law involves acquiring a domain name in bad faith to profit, mislead, destroy reputation, or deprive another person or entity of the use of the name, especially where the domain is identical or confusingly similar to an existing trademark, name, or registered business name.

G. Computer-Related Forgery

Computer-related forgery involves the input, alteration, or deletion of computer data resulting in inauthentic data with the intent that it be considered or acted upon as authentic.

Examples include:

  • Creating fake electronic receipts
  • Altering screenshots of payment confirmations
  • Manipulating electronic records
  • Producing fake digital certificates
  • Fabricating transaction confirmations

H. Computer-Related Fraud

Computer-related fraud involves unauthorized input, alteration, deletion, or suppression of computer data, or interference with a system, resulting in damage or loss.

Many online scams may fall under this category, depending on the facts.

Examples include:

  • Online selling scams
  • Fake investment schemes
  • Phishing-related fund transfers
  • Unauthorized bank or e-wallet transactions
  • Fake booking confirmations
  • Fraudulent online job offers
  • Romance scams
  • Marketplace scams

I. Computer-Related Identity Theft

Computer-related identity theft involves acquiring, using, misusing, transferring, possessing, altering, or deleting another person’s identifying information through computer systems or ICT without right.

Examples include:

  • Creating fake accounts using another person’s name and photos
  • Using someone else’s ID to transact online
  • Impersonating a person through email or messaging apps
  • Using stolen personal information to borrow money
  • Taking over accounts and pretending to be the owner

J. Cybersex and Online Sexual Exploitation

Cybersex under the Cybercrime Prevention Act involves the willful engagement, maintenance, control, or operation, directly or indirectly, of lascivious exhibition of sexual organs or sexual activity with the aid of a computer system for favor or consideration.

Where children are involved, more serious special laws may apply. Complaints involving minors, child sexual abuse or exploitation material, grooming, livestreaming exploitation, or trafficking require urgent law enforcement attention.

K. Cyber Libel

Cyber libel is libel committed through a computer system or similar means. It generally involves a public and malicious imputation of a crime, vice, defect, act, omission, condition, status, or circumstance that tends to dishonor, discredit, or contempt a person.

Cyber libel commonly arises from:

  • Facebook posts
  • Tweets or X posts
  • TikTok captions
  • YouTube videos
  • Blog posts
  • Online articles
  • Public comments
  • Group chat messages, depending on publication and access
  • Shared screenshots with defamatory captions

Not every offensive post is cyber libel. Opinion, fair comment, privileged communication, truth, lack of identification, lack of publication, absence of malice, and other defenses may be relevant.

L. Online Threats, Harassment, and Extortion

Threats, blackmail, sextortion, stalking, and harassment may be prosecuted under different laws depending on the conduct.

Examples include:

  • Threatening to post private photos unless money is paid
  • Threatening physical harm through chat
  • Repeated abusive messaging
  • Demanding money to avoid exposure of sensitive information
  • Threatening to contact family, employer, or school
  • Posting personal information to invite harassment

The correct complaint may involve grave threats, light threats, coercion, unjust vexation, cyber libel, identity theft, anti-photo and video voyeurism, violence against women and children, or other laws.

IV. Where to File a Cybercrime Complaint in the Philippines

A complainant may file with law enforcement agencies or, in some cases, directly with the prosecutor’s office through a criminal complaint-affidavit.

A. Philippine National Police Anti-Cybercrime Group

The PNP Anti-Cybercrime Group handles many cybercrime complaints, especially those involving online scams, hacking, identity theft, cyber libel, threats, account takeover, and digital fraud.

A complaint filed with the PNP may lead to:

  • Initial assessment
  • Documentation of evidence
  • Cyber investigation
  • Requests to platforms or service providers
  • Digital forensic examination
  • Preparation of referral documents
  • Filing before the prosecutor’s office

B. National Bureau of Investigation Cybercrime Division

The NBI Cybercrime Division also investigates cybercrime complaints. It may handle complaints involving online fraud, hacking, identity theft, sexual exploitation, cyber libel, scams, phishing, and other cyber-related offenses.

The NBI may require the complainant to submit evidence, execute affidavits, provide devices for examination, or identify accounts, links, numbers, emails, or transaction details involved.

C. Office of the City or Provincial Prosecutor

A complainant may file a criminal complaint before the appropriate Office of the City Prosecutor or Office of the Provincial Prosecutor, especially when the evidence is already organized and the offender is identifiable.

The prosecutor conducts preliminary investigation when required by law. If probable cause is found, an information may be filed in court.

D. National Privacy Commission

If the issue involves misuse, unauthorized disclosure, breach, or unlawful processing of personal data, a complaint may also be filed with the National Privacy Commission.

However, a privacy complaint is not always a substitute for a criminal cybercrime complaint. Both may proceed separately depending on the facts.

E. Banks, E-Wallets, Online Platforms, and Service Providers

For online fraud, unauthorized transactions, phishing, and account compromise, the victim should also report to the relevant bank, e-wallet provider, social media platform, marketplace, or telecommunications provider.

This is not the same as filing a criminal complaint, but it is important because it may help:

  • Freeze suspicious accounts
  • Preserve records
  • Reverse or dispute transactions, where possible
  • Block fraudulent profiles
  • Secure compromised accounts
  • Establish a paper trail

V. Who May File a Cybercrime Complaint

The complainant is usually the person directly injured by the cybercrime. However, depending on the case, the following may file or assist in filing:

  • The victim
  • A parent or guardian, if the victim is a minor
  • A corporate officer, for a company victim
  • A duly authorized representative
  • A government agency
  • A school or institution
  • A bank or financial institution
  • A person whose identity was misused
  • A person whose account, data, property, or reputation was harmed

For corporations, the complaint should normally be supported by proof of authority, such as a secretary’s certificate, board resolution, special power of attorney, or authorization letter, depending on the circumstances.

For minors, the complaint should be handled carefully and with sensitivity. Cases involving sexual exploitation, abuse, grooming, or private images of minors should be treated as urgent.

VI. Venue and Jurisdiction

The Cybercrime Prevention Act recognizes that cybercrimes can cross territorial boundaries. A person may be in one city, the server in another country, the victim in the Philippines, and the offender using an anonymized account.

In general, Philippine authorities may act when:

  • The offender is in the Philippines
  • The victim is in the Philippines
  • The computer system is located in the Philippines
  • The harmful effect is felt in the Philippines
  • A Philippine law is violated
  • The act involves Filipino citizens or Philippine interests, depending on the specific facts and law

Venue may depend on where the offense was committed, where the victim accessed or received the communication, where damage occurred, where the complainant resides or does business, or where the system or account was accessed. Cyber libel has its own procedural considerations and has been the subject of jurisprudence.

Because venue can be contested, complainants should document where they were located when they received, viewed, accessed, or discovered the harmful content or transaction.

VII. What to Prepare Before Filing

A cybercrime complaint is strongest when it is organized, specific, and supported by verifiable evidence. The complainant should gather as much information as possible before filing.

A. Identification Documents

Prepare valid identification, such as:

  • Passport
  • Driver’s license
  • UMID
  • PhilID
  • PRC ID
  • Voter’s ID
  • Postal ID
  • Company ID, if accepted with supporting documents

For corporate complainants, prepare corporate documents and proof of authority.

B. Complaint-Affidavit

A complaint-affidavit is a sworn statement narrating the facts. It should usually include:

  • Full name and personal details of the complainant
  • Relationship to the victim, if filing for another person
  • Identity of the respondent, if known
  • Online handles, names, phone numbers, email addresses, account links, or usernames used by the respondent
  • Chronological narration of events
  • Description of the cybercrime
  • Date and time of each relevant act
  • Platform used
  • Specific damage suffered
  • Evidence attached
  • Statement that the facts are true based on personal knowledge or authentic records
  • Prayer for investigation and prosecution

The affidavit must be notarized or subscribed before an authorized officer.

C. Screenshots and Printouts

Screenshots are commonly submitted but should be properly preserved.

Good screenshots should show:

  • Full content of the message, post, profile, email, transaction, or page
  • URL or account link, where applicable
  • Username or account name
  • Date and time
  • Platform
  • Sender and recipient
  • Context of the conversation
  • Device date and time, where helpful
  • Transaction reference numbers, if any

Printouts should be clear, readable, and arranged chronologically.

D. URLs and Account Links

For social media and web-based complaints, provide exact links when possible:

  • Profile URL
  • Post URL
  • Comment URL
  • Video URL
  • Marketplace listing URL
  • Email header information
  • Website URL
  • Domain name
  • Chat profile link
  • Group link

A username alone may be insufficient because names can be changed or duplicated.

E. Transaction Records

For online scams and financial cybercrime, prepare:

  • Bank transfer receipts
  • E-wallet transaction history
  • Reference numbers
  • Account names and numbers
  • QR codes used
  • Payment screenshots
  • Deposit slips
  • Invoices
  • Order confirmations
  • Shipping records
  • Courier tracking
  • Chat negotiations
  • Proof of non-delivery or misrepresentation
  • Demand messages, if any

F. Communications

Preserve the full conversation, not merely selected portions. Investigators and prosecutors need context.

Relevant communications may include:

  • SMS
  • Messenger chats
  • Viber messages
  • WhatsApp messages
  • Telegram messages
  • Emails
  • Instagram DMs
  • TikTok messages
  • Marketplace chats
  • Discord messages
  • Call logs
  • Voice messages
  • Video calls, if recorded lawfully

Do not edit, crop, enhance, or alter evidence in a way that may affect authenticity. Keep original files.

G. Device and Account Information

If the case involves hacking, account takeover, malware, or unauthorized access, prepare:

  • Device used
  • Operating system
  • Approximate time of compromise
  • Security alerts received
  • Login history
  • IP address logs, if available
  • Email alerts from platforms
  • Password reset notices
  • Two-factor authentication notices
  • Account recovery attempts
  • Suspicious sessions
  • Linked phone numbers or emails added by the attacker

H. Witness Affidavits

Witnesses may be needed when:

  • Other people saw the defamatory post
  • Other victims experienced the same scam
  • A company employee discovered unauthorized access
  • A person can identify the offender
  • A third party received the harmful content
  • A bank or platform representative can authenticate records

Witness statements should be clear, factual, and based on personal knowledge.

VIII. The Importance of Preserving Digital Evidence

Digital evidence is fragile. Posts can be deleted, accounts renamed, messages unsent, phones wiped, and metadata lost. The complainant should preserve evidence immediately.

A. Save Original Files

Do not rely only on screenshots. Save original files when possible:

  • Download emails in original format
  • Export chat history, if available
  • Save videos and images
  • Preserve voice notes
  • Keep original receipts
  • Retain devices used
  • Back up relevant data

B. Avoid Alteration

Avoid:

  • Cropping screenshots excessively
  • Editing photos
  • Changing filenames in a misleading way
  • Deleting conversation threads
  • Replying in a way that contaminates the evidence
  • Installing suspicious recovery apps
  • Resetting compromised devices before evidence is collected

C. Record Dates and Times

Cybercrime cases often turn on timing. Record:

  • When the act happened
  • When it was discovered
  • When the complainant viewed the content
  • When money was sent
  • When the account was accessed
  • When the platform was notified
  • When the evidence was captured

D. Use Screen Recording Carefully

Screen recordings may help show the navigation path from profile to post or from chat list to conversation. They can be useful when screenshots alone may be challenged.

However, recordings should not be manipulated. They should show continuous navigation and relevant timestamps where possible.

E. Notarization and Affidavits

Screenshots are not automatically rejected simply because they are digital, but their authenticity must be established. The complainant or witness may execute an affidavit identifying the screenshots, explaining how they were obtained, and confirming that they are faithful representations of what appeared on the platform.

IX. Electronic Evidence in Philippine Proceedings

The Philippines recognizes electronic evidence under the Rules on Electronic Evidence. Electronic documents, electronic data messages, emails, digital photographs, text messages, logs, and other forms of digital evidence may be admissible if properly authenticated and relevant.

Key evidentiary issues include:

  • Authenticity
  • Integrity
  • Relevance
  • Competence of the witness
  • Chain of custody
  • Reliability of the system
  • Whether the evidence was altered
  • Whether the account or device can be linked to the respondent
  • Whether the respondent had control over the account or device

A screenshot may prove that a post existed, but a separate issue is proving who made it. Identity attribution is often one of the hardest parts of cybercrime litigation.

X. Identifying the Respondent

A cybercrime complaint may be filed even if the offender’s real identity is unknown, but investigation becomes more complex.

The complaint should provide all available identifiers, such as:

  • Display name
  • Username
  • Account URL
  • Email address
  • Mobile number
  • Bank or e-wallet account
  • Domain registration details
  • IP logs, if available
  • Device identifiers, if known
  • Photos used
  • Aliases
  • Common contacts
  • Delivery address
  • Courier information
  • Marketplace seller profile
  • Social media links
  • Group memberships

Law enforcement may seek information from platforms, service providers, banks, telecommunications companies, and other entities through appropriate legal processes.

However, fake names, VPNs, foreign platforms, stolen identities, and mule accounts can make identification difficult.

XI. Step-by-Step Process of Filing a Cybercrime Complaint

Step 1: Secure Personal Safety and Accounts

Before filing, the victim should secure affected accounts and devices.

Actions may include:

  • Changing passwords
  • Enabling two-factor authentication
  • Logging out suspicious sessions
  • Reporting account takeover to the platform
  • Informing the bank or e-wallet provider
  • Freezing cards or accounts, if necessary
  • Preserving security alerts
  • Avoiding further communication with the offender, especially in extortion cases

In urgent threats or exploitation cases, prioritize safety and immediate law enforcement assistance.

Step 2: Preserve Evidence

Collect, save, and organize all relevant evidence. Use folders and chronological labels. Keep original files and devices.

Example folder structure:

  • 01_Complaint-Affidavit
  • 02_Screenshots
  • 03_Chat History
  • 04_Transaction Records
  • 05_Profile Links
  • 06_Platform Reports
  • 07_Witness Statements
  • 08_Device Logs
  • 09_Damages

Step 3: Prepare a Chronology

A concise chronology helps investigators and prosecutors understand the case.

Example format:

Date Event Evidence
January 3 Respondent messaged complainant offering item for sale Annex A
January 4 Complainant transferred payment Annex B
January 5 Respondent stopped replying Annex C
January 6 Account was renamed Annex D

Step 4: Draft and Execute the Complaint-Affidavit

The affidavit should be factual and specific. Avoid exaggeration. State what happened, how it happened, who was involved, what evidence supports it, and what damage resulted.

Step 5: File with the Appropriate Office

The complaint may be filed with the PNP Anti-Cybercrime Group, NBI Cybercrime Division, or prosecutor’s office.

The receiving office may ask for:

  • Original and photocopy of ID
  • Complaint-affidavit
  • Evidence printouts
  • Digital copies
  • Device for forensic examination
  • Additional affidavits
  • Certification or authentication documents
  • Proof of authority, for corporate complainants

Step 6: Investigation

Law enforcement may:

  • Interview the complainant
  • Preserve online content
  • Identify accounts and users
  • Coordinate with platforms
  • Request subscriber information
  • Examine devices
  • Trace transactions
  • Locate respondents
  • Prepare referral to prosecutors

Step 7: Preliminary Investigation

If the case proceeds to the prosecutor, the respondent may be required to submit a counter-affidavit. The prosecutor then determines whether probable cause exists.

The prosecutor may:

  • Dismiss the complaint
  • Require additional evidence
  • File an information in court
  • Refer the matter for further investigation

Step 8: Court Proceedings

If an information is filed, the criminal case proceeds in court. The process may include:

  • Issuance of warrant or summons, depending on the offense and procedure
  • Arraignment
  • Pre-trial
  • Presentation of prosecution evidence
  • Presentation of defense evidence
  • Decision
  • Appeal, where available

XII. Cybercrime Complaints Involving Online Scams

Online scams are among the most common cybercrime complaints in the Philippines.

A. Common Online Scam Patterns

Common forms include:

  • Fake online sellers
  • Bogus investment schemes
  • Cryptocurrency scams
  • Task scams
  • Job recruitment scams
  • Fake parcel or customs fee scams
  • Romance scams
  • Loan scams
  • Fake rentals
  • Fake concert tickets
  • Fake hotel or travel bookings
  • Impersonation of relatives or friends
  • Phishing links leading to unauthorized transfers

B. Evidence Needed

Victims should gather:

  • Complete chat history
  • Seller profile and URL
  • Product listing
  • Payment proof
  • Bank or e-wallet account details
  • Delivery or courier details
  • Promises or representations made
  • Proof that goods or services were not delivered
  • Other victims’ statements, if available

C. Possible Offenses

Depending on the facts, the complaint may involve:

  • Computer-related fraud
  • Estafa
  • Identity theft
  • Falsification
  • Illegal access
  • Misuse of devices
  • Money laundering concerns
  • Other special law violations

D. Immediate Practical Steps

Victims should immediately report to:

  • Bank or e-wallet provider
  • Marketplace platform
  • Telecommunications provider, if a mobile number was used
  • Law enforcement cybercrime unit

Prompt reporting may help preserve records or freeze suspicious accounts, though recovery is not guaranteed.

XIII. Cyber Libel Complaint Filing

Cyber libel is one of the most legally sensitive types of cybercrime complaint because it involves the intersection of reputation, speech, public interest, and criminal law.

A. Elements Generally Considered

A cyber libel complaint usually needs to show:

  • A defamatory imputation
  • Publication through a computer system or similar means
  • Identification of the complainant
  • Malice
  • Damage or tendency to cause dishonor, discredit, or contempt

B. Evidence Needed

A complainant should preserve:

  • The exact post, comment, article, video, or message
  • The URL
  • Date and time of publication
  • Identity of the account
  • Screenshots showing public access
  • Comments, shares, reactions, or republication
  • Evidence that third persons saw it
  • Proof that the complainant was identifiable
  • Evidence of damage, if available

C. Defenses Commonly Raised

A respondent may argue:

  • Truth
  • Fair comment
  • Privileged communication
  • Lack of malice
  • Opinion rather than factual imputation
  • No identification of complainant
  • No publication
  • Good faith
  • Public interest
  • Absence of participation in posting
  • Account compromise

D. Caution Before Filing

Cyber libel complaints should be evaluated carefully because not all insults, criticisms, jokes, opinions, or negative reviews are criminal libel. Filing a weak complaint may lead to dismissal and may expose the complainant to counterclaims or reputational consequences.

XIV. Complaints Involving Hacked Accounts

When a person’s account is hacked, the legal complaint may involve illegal access, identity theft, fraud, data interference, or other offenses.

A. Evidence Needed

Prepare:

  • Platform security emails
  • Login alerts
  • Password reset notices
  • Screenshots of unauthorized posts or messages
  • Recovery attempts
  • List of suspicious sessions
  • Devices used
  • Approximate time of compromise
  • Messages sent by the hacker
  • Damage caused
  • Proof of ownership of the account

B. Account Recovery and Legal Complaint

Account recovery through the platform is separate from the criminal complaint. Both should be pursued.

Victims should avoid deleting evidence after regaining access. They should preserve hacker messages, login notices, changed email addresses, linked devices, and any fraudulent activity conducted through the account.

XV. Complaints Involving Sextortion and Non-Consensual Intimate Images

Sextortion and threats to release intimate images are serious and urgent.

A. Common Scenarios

  • A person threatens to post intimate photos unless paid
  • A former partner threatens exposure
  • A scammer records a video call and demands money
  • Private photos are shared without consent
  • Fake intimate images are created or distributed
  • A victim is coerced into sending more images

B. Relevant Laws

Depending on the facts, the case may involve:

  • Cybercrime law
  • Anti-photo and video voyeurism law
  • Grave threats
  • Coercion
  • Robbery or extortion-related offenses
  • Violence against women and children laws
  • Child protection laws, if a minor is involved
  • Trafficking or exploitation laws, in severe cases

C. Evidence Needed

Preserve:

  • Threat messages
  • Account links
  • Payment demands
  • Wallet or bank details
  • Screenshots of posted content, if already posted
  • Proof of identity or relationship, if known
  • Communications showing lack of consent
  • Any demand for money, sexual acts, or further images

D. Safety Considerations

Victims should avoid paying if possible because payment may encourage further demands. They should report quickly to law enforcement and the platform. If minors are involved, urgent intervention is necessary.

XVI. Complaints Involving Online Harassment and Threats

Online harassment may be criminal when it crosses into threats, stalking, coercion, unjust vexation, identity misuse, defamatory attacks, or gender-based online abuse.

A. Evidence Needed

Collect:

  • Repeated messages
  • Threats
  • Account links
  • Call logs
  • Posts tagging or naming the victim
  • Doxxing posts
  • Messages to relatives, employer, or school
  • Fake accounts used
  • Dates and times
  • Witnesses who saw the harassment

B. Legal Classification

The complaint may be framed under:

  • Grave threats
  • Light threats
  • Unjust vexation
  • Coercion
  • Cyber libel
  • Identity theft
  • Violence against women laws
  • Data privacy violations
  • Anti-photo and video voyeurism law
  • Other applicable laws

The exact classification should be based on the conduct, not merely the victim’s description of the experience.

XVII. Complaints Involving Businesses and Corporations

Businesses may file cybercrime complaints when they suffer attacks, fraud, reputational harm, data breaches, or unauthorized access.

A. Common Corporate Cybercrime Incidents

  • Business email compromise
  • Employee data theft
  • Unauthorized access by former employees
  • Website defacement
  • Fake pages impersonating the business
  • Payment diversion scams
  • Database breaches
  • Ransomware
  • Cyber libel against the company
  • Fake product listings
  • Intellectual property misuse
  • Fraudulent supplier instructions

B. Corporate Documents Needed

A company complainant should prepare:

  • SEC registration or DTI registration, as applicable
  • Board resolution or secretary’s certificate
  • Authorization of representative
  • Affidavit of IT personnel or officer
  • Incident report
  • Logs and technical records
  • Proof of ownership or control of affected systems
  • Evidence of damage or loss

C. Internal Investigation

Before filing, the company should preserve logs and avoid overwriting evidence. IT teams should document:

  • Date and time of detection
  • Affected systems
  • User accounts involved
  • IP addresses
  • Logs
  • Malware indicators
  • Actions taken
  • Data affected
  • Business impact

XVIII. Complaints Involving Banks, E-Wallets, and Unauthorized Transactions

Unauthorized transfers and phishing attacks require both legal and financial reporting.

A. Immediate Steps

The victim should:

  • Contact the bank or e-wallet provider
  • Request account blocking or transaction review
  • Change passwords
  • Disable compromised devices
  • Preserve SMS OTPs, emails, and app notifications
  • File a police or cybercrime report
  • Ask for incident reference numbers

B. Evidence Needed

Prepare:

  • Transaction history
  • Unauthorized transfer details
  • Recipient account or wallet
  • SMS and email alerts
  • Phishing link or message
  • Call logs, if scammer called
  • Device screenshots
  • Bank complaint acknowledgment
  • Any reply from customer support

C. Legal Issues

The case may involve:

  • Computer-related fraud
  • Identity theft
  • Illegal access
  • Phishing
  • Estafa
  • Money mule accounts
  • Possible banking or consumer protection issues

XIX. Role of Law Enforcement

Law enforcement agencies in cybercrime cases may perform technical and investigative functions that private complainants cannot do alone.

These may include:

  • Tracing digital identifiers
  • Coordinating with platforms
  • Requesting preservation of data
  • Conducting forensic examination
  • Seeking warrants when necessary
  • Identifying suspects
  • Preparing referral complaints
  • Coordinating with prosecutors
  • Working with foreign counterparts when available

However, complainants should understand that law enforcement may face practical limits, especially when offenders use foreign platforms, fake identities, VPNs, prepaid SIMs, mule accounts, or compromised third-party accounts.

XX. Preservation, Disclosure, Search, Seizure, and Examination of Computer Data

Cybercrime investigation may involve legal mechanisms for preserving and obtaining computer data.

A. Preservation of Data

Authorities may require preservation of traffic data, subscriber information, or content data depending on the law and procedure. Preservation is important because platforms and providers may retain logs only for limited periods.

B. Disclosure of Data

Disclosure may require lawful authority. Service providers may be asked to disclose subscriber information, traffic data, or other records in accordance with applicable law.

C. Search and Seizure

Search and seizure of computer systems, devices, and data require compliance with constitutional and procedural safeguards. Warrants must be properly issued and implemented.

D. Forensic Examination

Digital forensic examination may be conducted on phones, computers, drives, servers, or accounts. The integrity of the evidence and chain of custody are important.

XXI. Remedies Available to the Complainant

A cybercrime complaint may lead to different remedies, depending on the case.

A. Criminal Prosecution

The primary remedy is criminal prosecution of the offender. If convicted, the offender may face imprisonment, fines, or both, depending on the offense.

B. Civil Liability

A criminal case may include civil liability unless reserved, waived, or separately instituted. Civil liability may include restitution, damages, or compensation for loss.

C. Takedown or Platform Removal

Law enforcement, victims, or their counsel may request removal of harmful content from platforms. Platforms have their own reporting systems for:

  • Impersonation
  • Harassment
  • Non-consensual intimate images
  • Scams
  • Phishing
  • Intellectual property violations
  • Child safety violations
  • Hate or abuse policies
  • Privacy violations

D. Account Recovery

For hacked accounts, the victim may seek recovery through platform procedures.

E. Data Privacy Remedies

Where personal data is involved, the complainant may seek action through the National Privacy Commission.

F. Bank or E-Wallet Dispute

For unauthorized transactions, the victim may pursue dispute resolution with the financial institution, subject to its procedures and applicable regulations.

XXII. Common Mistakes When Filing Cybercrime Complaints

A. Filing with Incomplete Evidence

A complaint based only on a verbal accusation is weak. The complainant should provide screenshots, links, transaction records, and affidavits.

B. Failing to Preserve URLs

Screenshots without URLs may make it harder to verify content.

C. Deleting Messages

Victims sometimes delete painful or embarrassing messages. This can weaken the case.

D. Cropping Screenshots Too Much

Overly cropped screenshots may omit important context, dates, names, or URLs.

E. Naming the Wrong Respondent

A fake account may use another person’s name or photo. The complaint should distinguish between the account identity and the real person allegedly behind it.

F. Publicly Posting Accusations

Posting accusations online may expose the complainant to counterclaims for defamation, harassment, or privacy violations. It may also alert the offender to delete evidence.

G. Paying Sextortionists Repeatedly

Payment does not guarantee deletion. It may lead to further extortion.

H. Resetting Devices Too Early

Factory resetting a phone or computer may destroy evidence needed for forensic analysis.

I. Delayed Reporting

Delay may result in loss of logs, deletion of accounts, withdrawal of funds, or difficulty tracing suspects.

XXIII. Sample Structure of a Cybercrime Complaint-Affidavit

A complaint-affidavit may follow this general structure:

Republic of the Philippines City/Province of _______

AFFIDAVIT-COMPLAINT

I, [Name], of legal age, Filipino, [civil status], residing at [address], after being sworn, state:

  1. I am the complainant in this case.
  2. I am filing this complaint for [offense], committed through [platform/system].
  3. The respondent is [name, if known], using the account [username/link], email [email], mobile number [number], or other identifiers.
  4. On [date], [describe first event].
  5. On [date], [describe next event].
  6. Attached as Annex “A” is a screenshot of [describe evidence].
  7. Attached as Annex “B” is [describe evidence].
  8. Because of respondent’s acts, I suffered [loss, damage, fear, reputational injury, unauthorized access, financial loss, etc.].
  9. I respectfully request that this complaint be investigated and that the respondent be prosecuted for violation of applicable laws.

Further affiant sayeth naught.

[Signature] [Name]

Subscribed and sworn to before me this ___ day of _______ at _______.

This is only a general format. The actual affidavit should be tailored to the facts and applicable offense.

XXIV. Sample Evidence Index

A clear evidence index helps the investigator or prosecutor.

Annex Description
A Screenshot of respondent’s profile
B Screenshot of conversation dated ______
C Proof of payment or transfer
D Screenshot of post or defamatory statement
E URL printout
F Bank or e-wallet transaction record
G Platform report acknowledgment
H Witness affidavit
I Device security alert
J Demand letter or response

XXV. Cybercrime and Barangay Conciliation

Not all disputes must pass through barangay conciliation, especially when the offense is punishable beyond the scope of the Katarungang Pambarangay system or when parties do not reside in the same city or municipality, or when urgent law enforcement action is required.

Cybercrime complaints involving serious offenses, unknown offenders, online scams across locations, minors, sexual exploitation, hacking, or urgent evidence preservation are generally not treated as ordinary barangay disputes.

However, some minor online conflicts between neighbors or acquaintances may be referred to barangay mechanisms depending on the offense, location, and applicable rules.

XXVI. Time Limits and Prescription

Cybercrime complaints may be affected by prescriptive periods. The applicable period depends on the offense charged and the penalty provided by law.

Complainants should file as soon as possible. Delay can affect not only prescription but also evidence preservation, witness memory, platform logs, and transaction tracing.

Cyber libel and other offenses may have specific legal issues regarding prescription. Timely consultation and filing are important.

XXVII. International and Cross-Border Issues

Cybercrime often crosses borders. The offender may be abroad, the platform may be foreign, servers may be outside the Philippines, and payment channels may involve international transfers.

Cross-border cases may require:

  • Mutual legal assistance
  • Coordination with foreign law enforcement
  • Platform legal compliance processes
  • International preservation requests
  • Cooperation with financial institutions
  • Additional time and documentation

The fact that a platform is foreign does not automatically prevent filing in the Philippines, especially when the victim or harmful effect is in the Philippines. However, obtaining records and identifying offenders may be more difficult.

XXVIII. The Role of Lawyers

A lawyer is not always required to initially report a cybercrime to law enforcement, but legal assistance is useful when:

  • The case involves large financial loss
  • The respondent is known and likely to contest the complaint
  • The issue is cyber libel or speech-related
  • The victim is a company
  • The case involves minors or sexual content
  • Evidence is complex
  • There are privacy or employment issues
  • A civil claim is contemplated
  • The complainant needs a properly drafted affidavit
  • The complainant wants to file directly with the prosecutor

A lawyer can help classify the offense, prepare affidavits, organize annexes, avoid harmful admissions, and ensure the complaint is filed in the proper venue.

XXIX. Respondent’s Rights

Cybercrime enforcement must still respect constitutional and procedural rights.

A respondent has rights including:

  • Due process
  • Presumption of innocence
  • Right against unreasonable searches and seizures
  • Right against self-incrimination
  • Right to counsel
  • Right to answer the complaint in preliminary investigation
  • Right to challenge evidence
  • Right to confront witnesses at trial
  • Right to privacy, subject to lawful processes

A complainant should avoid illegal evidence-gathering, unauthorized account access, entrapment without law enforcement guidance, or public shaming.

XXX. Practical Checklist for Filing a Cybercrime Complaint

Before filing, prepare the following:

  • Valid ID of complainant
  • Complaint-affidavit
  • Chronology of events
  • Screenshots with dates, usernames, and URLs
  • Full chat history
  • Profile links and account identifiers
  • Transaction records
  • Bank or e-wallet details
  • Platform reports
  • Device logs or security alerts
  • Witness affidavits
  • Corporate authority documents, if applicable
  • Digital copies of all evidence
  • Printed copies of all key documents
  • Contact details of complainant and witnesses

For urgent cases involving threats, sexual exploitation, minors, ongoing fraud, or continuing unauthorized access, report immediately even if evidence is not yet perfect.

XXXI. Practical Tips for Stronger Complaints

A strong cybercrime complaint is usually:

  • Chronological
  • Specific
  • Evidence-based
  • Supported by screenshots and links
  • Supported by original files where possible
  • Clear about the identity or identifiers of the respondent
  • Clear about the damage suffered
  • Focused on facts rather than insults or conclusions
  • Properly sworn and annexed
  • Filed promptly

Instead of saying, “The respondent scammed me,” state the facts: what was promised, when payment was made, what account received payment, what happened after payment, and what evidence proves each fact.

Instead of saying, “The respondent hacked me,” state the facts: when access was lost, what alerts were received, what unauthorized changes occurred, what devices or locations appeared, and what actions were taken.

Instead of saying, “The respondent defamed me,” identify the exact words, where they were posted, when they were posted, who saw them, why they refer to the complainant, and why they are false or malicious.

XXXII. Conclusion

Cybercrime complaint filing in the Philippines requires a careful combination of legal classification, factual narration, evidence preservation, and prompt reporting. The Cybercrime Prevention Act provides the central framework, but many complaints also involve the Revised Penal Code, Data Privacy Act, child protection laws, banking rules, consumer protection principles, and other special laws.

The most important practical rule is preservation. Digital evidence disappears quickly. Victims should save screenshots, URLs, chat histories, transaction records, account identifiers, security alerts, and original files as soon as possible. They should avoid deleting messages, editing evidence, publicly accusing suspects, or attempting unauthorized retaliation.

A properly prepared cybercrime complaint should tell a clear story: what happened, when it happened, who did it or what identifiers were used, how technology was involved, what law may have been violated, what evidence supports the complaint, and what harm resulted. In the Philippine legal setting, that clarity can make the difference between a complaint that is merely reported and a complaint that can be investigated, prosecuted, and proven.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login