I. Introduction

Cybercrime complaints in the Philippines have become increasingly common because many disputes, scams, threats, harassment, defamatory statements, identity theft incidents, and financial fraud now happen through phones, messaging apps, email, social media, online marketplaces, dating apps, e-wallets, and banking platforms.

A cybercrime complaint is not limited to “hacking.” It may involve online libel, online threats, unauthorized access, identity theft, phishing, investment scams, sextortion, cyberbullying, fraudulent online selling, unauthorized use of accounts, fake profiles, data interference, computer-related fraud, and other offenses committed through information and communications technology.

The main law is the Cybercrime Prevention Act of 2012, officially Republic Act No. 10175. Cybercrime complaints may also involve the Revised Penal Code, Special Protection of Children Against Abuse, Exploitation and Discrimination Act, Anti-Photo and Video Voyeurism Act, Safe Spaces Act, Anti-Violence Against Women and Their Children Act, Data Privacy Act, Access Devices Regulation Act, Consumer Act, Securities Regulation Code, Anti-Money Laundering laws, and other special laws depending on the facts.

This article explains, step by step, how a cybercrime complaint is usually prepared, filed, investigated, and prosecuted in the Philippine setting.

---

II. What Is a Cybercrime Complaint?

A cybercrime complaint is a sworn complaint filed by a victim, complainant, or authorized representative asking law enforcement or prosecutors to investigate and prosecute an offense committed through a computer system, internet platform, mobile device, electronic communication, or digital service.

It may be filed when the offender used:

1. Facebook, Instagram, TikTok, X, YouTube, Reddit, Telegram, Viber, WhatsApp, Messenger, Discord, dating apps, or similar platforms;
2. Email;
3. Websites;
4. Online banking or e-wallets;
5. Online marketplaces;
6. SIM cards or mobile numbers;
7. Fake accounts;
8. Malware, hacking tools, or phishing links;
9. Cloud storage;
10. Computer systems or networks;
11. Digital images, videos, or documents;
12. Electronic signatures or electronic records.

A cybercrime complaint usually has two broad components:

1. The legal offense — what crime was committed; and
2. The digital evidence — how the crime can be proven.

---

III. Common Cybercrime Complaints in the Philippines

A. Cyberlibel

Cyberlibel is libel committed through a computer system or similar means. It usually involves defamatory posts, comments, videos, messages, articles, or captions published online.

Typical examples:

1. Accusing someone online of being a scammer, thief, adulterer, corrupt official, criminal, or immoral person without proof;
2. Posting defamatory accusations on Facebook;
3. Uploading a defamatory video;
4. Sharing a defamatory article;
5. Commenting false and damaging statements in a public thread;
6. Posting edited images meant to dishonor someone.

Cyberlibel generally requires:

1. Defamatory imputation;
2. Publication;
3. Identifiability of the person defamed;
4. Malice, either presumed or proven depending on the case.

---

B. Computer-Related Fraud

This involves using computer systems, online platforms, or electronic means to defraud another person.

Examples:

1. Online selling scam;
2. Fake investment scheme;
3. Phishing;
4. Fake bank or e-wallet transaction;
5. Unauthorized fund transfer;
6. Fake payment screenshot;
7. Romance scam;
8. Job scam;
9. Fake loan processing fee;
10. Marketplace fraud;
11. Cryptocurrency scam;
12. Fake delivery or parcel scam.

Computer-related fraud may overlap with estafa under the Revised Penal Code.

---

C. Computer-Related Identity Theft

This involves acquiring, using, misusing, transferring, possessing, or altering identifying information belonging to another person through computer systems or digital means.

Examples:

1. Creating a fake account using another person’s name and photos;
2. Using someone’s ID to open accounts;
3. Using another person’s personal information for scams;
4. Taking over someone’s account;
5. Pretending to be another person online;
6. Using another person’s details to obtain loans or transactions.

---

D. Illegal Access or Hacking

Illegal access involves accessing a computer system, account, network, or device without authority.

Examples:

1. Opening someone’s email without permission;
2. Accessing a social media account through stolen passwords;
3. Logging into a company system without authority;
4. Using spyware or keyloggers;
5. Unauthorized access to phones, laptops, cloud storage, or databases.

---

E. Data Interference and System Interference

Data interference involves unauthorized alteration, deletion, deterioration, or suppression of computer data.

System interference involves seriously hindering or interfering with the functioning of a computer system.

Examples:

1. Deleting files;
2. Altering account records;
3. Changing passwords to lock someone out;
4. Disrupting a website;
5. Deploying malware;
6. Tampering with company databases.

---

F. Cybersex and Online Sexual Exploitation

Cybersex offenses involve willful engagement, maintenance, control, or operation of lascivious exhibition of sexual organs or sexual activity through computer systems for favor or consideration.

Where minors are involved, the matter becomes much more serious and may involve child exploitation, trafficking, child abuse, child pornography, and other special laws.

---

G. Non-Consensual Sharing of Intimate Images or Videos

This may involve violations of the Anti-Photo and Video Voyeurism Act, the Safe Spaces Act, the Cybercrime Prevention Act, or other laws.

Examples:

1. Uploading intimate photos without consent;
2. Threatening to release private videos;
3. Sharing screenshots of private sexual conversations;
4. Creating fake nude images;
5. Sextortion;
6. Revenge porn.

---

H. Online Threats, Harassment, and Stalking

Online threats may be prosecuted under the Revised Penal Code, special laws, or in connection with cybercrime provisions.

Examples:

1. Threatening to kill or harm someone through chat;
2. Repeated harassment through fake accounts;
3. Sending abusive messages;
4. Doxxing;
5. Threatening to release private information;
6. Online stalking;
7. Coordinated harassment campaigns.

---

I. Cyberbullying

There is no single universal “cyberbullying” offense that covers all situations. The applicable law depends on the conduct.

Possible legal bases include:

1. Cyberlibel;
2. Unjust vexation;
3. Grave threats;
4. Light threats;
5. Slander by deed;
6. Safe Spaces Act;
7. Child protection laws;
8. School disciplinary rules;
9. Data Privacy Act;
10. Anti-VAWC law, if the relationship and acts qualify.

---

J. Unauthorized Use of Credit Cards, Debit Cards, E-Wallets, or Access Devices

Unauthorized use of cards, account numbers, OTPs, credentials, e-wallets, or other access devices may involve cybercrime, access device fraud, estafa, identity theft, or banking-related offenses.

Examples:

1. Unauthorized GCash, Maya, or bank transfer;
2. Use of stolen OTP;
3. SIM swap fraud;
4. Card-not-present fraud;
5. Unauthorized online purchase;
6. Phishing leading to account takeover.

---

IV. Step-by-Step Process for Filing a Cybercrime Complaint

Step 1: Identify the Exact Act Complained Of

Before filing, identify what happened in plain language.

Ask:

1. What did the offender do?
2. When did it happen?
3. Where online did it happen?
4. What account, page, number, email, or platform was used?
5. Who is the suspected offender?
6. What evidence connects the offender to the account or act?
7. What damage resulted?
8. Is the content still online?
9. Is there urgency, such as threats, extortion, ongoing posting, or risk to a child?

Examples:

• “Someone created a fake Facebook account using my photos and is soliciting money.”
• “An online seller received payment but blocked me and never delivered the item.”
• “My ex-partner is threatening to upload intimate videos.”
• “A person posted false accusations about me on TikTok.”
• “My e-wallet was accessed without authority and funds were transferred.”
• “A company employee deleted files from our system after resignation.”

This first step matters because the legal charge depends on the facts.

---

Step 2: Preserve the Evidence Immediately

Digital evidence can disappear quickly. Posts may be deleted, accounts may be deactivated, messages may be unsent, and usernames may be changed.

Preserve evidence before confronting the offender.

Important evidence includes:

1. Screenshots;
2. Screen recordings;
3. URLs or links;
4. Profile links;
5. Account names and usernames;
6. User IDs, if visible;
7. Email headers;
8. Chat logs;
9. Transaction receipts;
10. Bank or e-wallet records;
11. Reference numbers;
12. Phone numbers;
13. SIM card details;
14. IP-related information, if available;
15. Device logs;
16. Photos or videos posted;
17. Metadata, if available;
18. Witness statements;
19. Demand messages;
20. Proof of payment or damage.

Do not rely on screenshots alone when more reliable evidence can be preserved.

---

Step 3: Take Proper Screenshots and Screen Recordings

For online posts, the screenshot should show:

1. The offending post or message;
2. The name of the account;
3. The profile photo;
4. The date and time;
5. The URL or link;
6. The comments, captions, or replies;
7. The number, email, username, or handle;
8. The full context of the conversation;
9. The device date and time, if visible.

For chats, capture the entire thread, not just isolated lines. The context is important because the respondent may claim the screenshot was edited, incomplete, or misleading.

For websites, save the page as PDF where possible and record the URL.

For email, preserve the original email and headers. Do not merely print the email body.

For financial transactions, save receipts, account statements, reference numbers, and communications with the platform or bank.

---

Step 4: Avoid Altering the Evidence

Do not edit, crop, annotate, filter, or rename evidence in a way that may raise authenticity issues.

It is better to keep:

1. Original screenshots;
2. Original files;
3. Original videos;
4. Original device;
5. Original messages;
6. Original emails;
7. Original receipts.

Copies may be submitted, but originals should be preserved.

If possible, back up evidence in multiple secure locations, such as external drive and cloud storage.

---

Step 5: Consider a Notarized Affidavit of Screenshots or Digital Evidence

A complainant may execute an affidavit explaining:

1. Who took the screenshots;
2. When they were taken;
3. What device was used;
4. What account or platform was accessed;
5. What the screenshots show;
6. That the screenshots are true and faithful captures;
7. That the original messages, posts, or files remain available, if true.

This does not automatically prove the case, but it helps establish the source and context of the evidence.

---

Step 6: Determine Whether There Is Urgency

Some cybercrime situations require immediate action.

Urgent cases include:

1. Threats to life or physical safety;
2. Sextortion;
3. Ongoing blackmail;
4. Child exploitation;
5. Active hacking;
6. Ongoing unauthorized bank transfers;
7. Ongoing identity theft;
8. Continued publication of defamatory or intimate material;
9. Impersonation used to scam others;
10. Threatened release of private photos or videos.

In urgent cases, the complainant may report immediately to law enforcement, the platform, the bank, and relevant agencies.

---

Step 7: Report to the Platform, Bank, or Service Provider

Apart from filing a criminal complaint, report the incident to the platform or service provider.

Examples:

1. Report fake accounts to Facebook, Instagram, TikTok, or X.
2. Report phishing emails to the email provider.
3. Report unauthorized transactions to the bank or e-wallet.
4. Report marketplace scams to the marketplace platform.
5. Report SIM-related fraud to the telecom provider.
6. Report leaked intimate images to the hosting platform for takedown.

This is not a substitute for a criminal complaint, but it may help prevent further harm and preserve platform records.

For financial fraud, immediately request freezing, reversal, chargeback, investigation, or hold, where available.

---

Step 8: Prepare the Complaint-Affidavit

A cybercrime complaint usually begins with a complaint-affidavit.

The complaint-affidavit should state:

1. The complainant’s full name, age, address, and contact details;
2. The respondent’s identity, if known;
3. The respondent’s account, phone number, email, or online identity;
4. A chronological narration of facts;
5. The specific online acts committed;
6. The dates and times of the acts;
7. The platform or device used;
8. The evidence attached;
9. The damage suffered;
10. The laws believed to have been violated;
11. A request for investigation and prosecution.

The affidavit must be sworn before a notary public or authorized officer.

---

Step 9: Attach Supporting Evidence

A complaint-affidavit should include annexes.

Common annexes include:

1. Screenshots of posts;
2. Screenshots of chats;
3. URLs;
4. Screen recordings;
5. Photos or videos;
6. Transaction receipts;
7. Bank or e-wallet statements;
8. Demand letters;
9. Platform reports;
10. Police blotter, if any;
11. Identity documents of the complainant;
12. Birth certificate or proof of minority, if a child is involved;
13. Medical or psychological reports, if relevant;
14. Witness affidavits;
15. Device logs or technical reports;
16. Company IT reports, for business-related cyber incidents.

Each annex should be marked clearly, such as Annex “A,” Annex “B,” and so on.

---

Step 10: Decide Where to File

A cybercrime complaint may be filed with law enforcement or directly with the prosecutor, depending on the situation.

Possible filing venues include:

1. Philippine National Police Anti-Cybercrime Group;
2. National Bureau of Investigation Cybercrime Division;
3. Local police stations, especially for blotter and referral;
4. City or Provincial Prosecutor’s Office;
5. Department of Justice cybercrime-related offices, depending on the matter;
6. Specialized agencies, depending on the offense.

For many complainants, the usual practical route is to file with the PNP Anti-Cybercrime Group or the NBI Cybercrime Division, especially where technical investigation is needed.

A complaint may also be filed directly with the prosecutor if the evidence is already sufficient and the respondent is identifiable.

---

Step 11: Filing with the PNP Anti-Cybercrime Group

When filing with the PNP Anti-Cybercrime Group, the complainant should bring:

1. Government-issued ID;
2. Printed complaint-affidavit, if already prepared;
3. Printed screenshots;
4. Digital copies of evidence in USB or storage device;
5. Device used, if relevant;
6. Transaction records;
7. Links, usernames, phone numbers, and account details;
8. Witnesses, if any.

The cybercrime officers may:

1. Interview the complainant;
2. Review the evidence;
3. Require additional documents;
4. Prepare or assist with a complaint sheet;
5. Conduct technical assessment;
6. Issue requests or referrals;
7. Coordinate with platforms, banks, or telecoms where legally available;
8. Refer the matter for inquest or preliminary investigation if a suspect is arrested or identified.

---

Step 12: Filing with the NBI Cybercrime Division

The NBI Cybercrime Division may handle complaints involving:

1. Online scams;
2. Identity theft;
3. Hacking;
4. Cyberlibel;
5. Sextortion;
6. Online threats;
7. Unauthorized access;
8. Financial cybercrime;
9. Large-scale or organized online fraud;
10. Technically complex matters.

The complainant should bring the same evidence: IDs, screenshots, links, devices, receipts, account details, and sworn statements.

The NBI may evaluate whether the matter is actionable, request further evidence, conduct technical investigation, or refer the matter for prosecution.

---

Step 13: Filing Directly with the Prosecutor

A complainant may file directly with the Office of the City Prosecutor or Provincial Prosecutor.

This is common when:

1. The respondent is known;
2. The evidence is already gathered;
3. The offense is clear;
4. The complainant wants immediate preliminary investigation;
5. Technical tracing is not necessary;
6. The case is cyberlibel based on identifiable posts;
7. The complaint is supported by affidavits and annexes.

The prosecutor may require:

1. Complaint-affidavit;
2. Supporting affidavits;
3. Evidence;
4. Number of copies;
5. Payment of filing or legal fees, if applicable;
6. Proof of authority if filed by a representative.

The prosecutor then evaluates whether there is probable cause.

---

V. Jurisdiction and Venue

Cybercrime venue can be complex because online acts may involve different locations.

Relevant locations may include:

1. Where the complainant resides;
2. Where the respondent resides;
3. Where the post was accessed;
4. Where the computer system was used;
5. Where the harmful effect occurred;
6. Where the transaction took place;
7. Where the bank or e-wallet account is located;
8. Where the company system is located;
9. Where the defamatory material was first published or accessed.

In practice, complainants often file with the cybercrime units or prosecutor’s office in their area, especially if they suffered damage there. Venue issues may still be raised later by the respondent.

---

VI. What Happens After Filing?

A. Initial evaluation

The receiving office reviews whether the complaint states a possible offense and whether evidence is sufficient.

The complainant may be asked to submit additional documents or clarify facts.

B. Investigation

Law enforcement may conduct investigation, such as:

1. Identifying the account user;
2. Preserving evidence;
3. Coordinating with platforms;
4. Reviewing devices;
5. Tracing transactions;
6. Interviewing witnesses;
7. Conducting entrapment, where lawful and appropriate;
8. Preparing reports;
9. Referring the case to the prosecutor.

C. Preliminary investigation

If the complaint proceeds to the prosecutor, the respondent is usually required to file a counter-affidavit.

The process may involve:

1. Filing of complaint-affidavit;
2. Issuance of subpoena;
3. Submission of counter-affidavit;
4. Submission of reply-affidavit, if allowed;
5. Clarificatory hearing, if needed;
6. Resolution by the prosecutor.

The prosecutor determines probable cause, not guilt beyond reasonable doubt.

D. Filing of information in court

If probable cause exists, the prosecutor files an information in court.

The case then proceeds to:

1. Raffling of case;
2. Issuance of warrant or summons, depending on the offense and procedure;
3. Arraignment;
4. Pre-trial;
5. Trial;
6. Judgment.

E. Dismissal or resolution against the complaint

If the prosecutor finds no probable cause, the complaint may be dismissed.

The complainant may consider legal remedies such as motion for reconsideration or petition for review, depending on the rules and circumstances.

---

VII. Evidence in Cybercrime Cases

A. Screenshots

Screenshots are commonly used, but they are not always enough by themselves. Their value improves when supported by:

1. URLs;
2. Full conversation context;
3. Device used;
4. Witness affidavit;
5. Admission by respondent;
6. Platform records;
7. Corroborating messages;
8. Transaction records;
9. Identity links to the respondent;
10. Technical report.

B. Electronic documents

Electronic documents may be admissible if properly authenticated under rules on electronic evidence.

Examples:

1. Emails;
2. Chat logs;
3. Digital receipts;
4. Electronic contracts;
5. Metadata;
6. Server logs;
7. Online posts;
8. Audio or video files;
9. Transaction confirmations.

C. Chain of custody

The complainant should be able to explain how evidence was obtained, stored, copied, and submitted.

For example:

1. Who captured the screenshot?
2. From what account?
3. On what date?
4. On what device?
5. Was the file edited?
6. Where is the original?
7. Who had access to the device?

Chain of custody is especially important for files, videos, devices, and forensic evidence.

D. Authentication

The party presenting electronic evidence must show that the evidence is what it claims to be.

Authentication may be done through:

1. Testimony of the person who captured or received the message;
2. Testimony of a system administrator;
3. Metadata;
4. Distinctive characteristics;
5. Admissions by the respondent;
6. Corroborating circumstances;
7. Certification or records from service providers, when available.

---

VIII. How to Prove the Identity of the Offender

One of the hardest parts of cybercrime prosecution is proving who was behind an account, number, or transaction.

Helpful proof includes:

1. The account uses the respondent’s name, photo, phone number, email, or nickname.
2. The respondent admitted ownership of the account.
3. The account communicated facts only the respondent would know.
4. The account was linked to the respondent’s bank, e-wallet, address, or delivery details.
5. The respondent received money.
6. The respondent used the same username across platforms.
7. The respondent’s friends, relatives, or contacts are connected to the account.
8. The respondent appeared in photos or videos posted by the account.
9. The account was accessed from devices controlled by the respondent.
10. The respondent continued the same conduct offline.
11. The phone number or SIM is connected to the respondent.
12. The platform records identify the respondent.
13. Witnesses can testify that the respondent owns or uses the account.

A mere suspicion is not enough. The complaint should show facts linking the online act to a real person.

---

IX. Special Issues in Cyberlibel Complaints

Cyberlibel is one of the most commonly filed cybercrime complaints.

A. Elements to establish

A cyberlibel complaint should show:

1. The exact defamatory statement;
2. Where it was published;
3. When it was published;
4. Who published it;
5. Who saw or could see it;
6. Why it refers to the complainant;
7. Why it is false or malicious;
8. How it damaged the complainant.

B. Public posts versus private messages

A public post is easier to treat as publication.

Private messages may still be relevant, but publication may be harder to establish unless sent to a third person.

A defamatory message sent only to the person defamed may not satisfy the publication element in the same way as a public post or message to a third party.

C. Opinion versus defamatory fact

Statements of pure opinion may be treated differently from factual accusations.

For example:

• “I do not like his service” may be opinion.
• “He stole my money” is a factual accusation.
• “She is a scammer” may be defamatory if false and malicious.

Context matters.

D. Identifiability

The complainant must be identifiable. The post need not always state the full name if the surrounding facts make clear who is being referred to.

Examples:

1. Nicknames;
2. Photos;
3. Job title;
4. Business name;
5. Address;
6. Tags;
7. Comments identifying the person;
8. Context known to the audience.

---

X. Special Issues in Online Scam Complaints

For online selling, marketplace, and investment scams, the complaint should focus on deception, payment, damage, and identity.

Important evidence includes:

1. Product listing;
2. Seller profile;
3. Chat negotiation;
4. Promise to deliver;
5. Proof of payment;
6. Bank or e-wallet account details;
7. Delivery details;
8. Failure to deliver;
9. Blocking or disappearance;
10. Similar complaints by other victims;
11. False payment confirmations;
12. Fake tracking numbers.

The complaint should explain the fraudulent representation clearly.

Example:

“The respondent represented that he had a laptop for sale, induced me to pay PHP 25,000 through e-wallet transfer, confirmed receipt, promised delivery, then blocked me and deleted the listing.”

---

XI. Special Issues in Sextortion and Intimate Image Cases

Sextortion and non-consensual intimate image cases require urgent action.

The victim should:

1. Preserve all threats and messages.
2. Do not send more money or intimate images.
3. Do not negotiate alone if safety is at risk.
4. Report the account to the platform.
5. File with cybercrime authorities.
6. Seek takedown of content.
7. Inform trusted persons if necessary.
8. Preserve payment details if money was demanded.
9. Seek protection orders if the offender is an intimate partner.
10. Seek psychosocial support if needed.

If the victim is a minor, child protection laws and child exploitation laws may apply. Reports should be made immediately to appropriate authorities.

---

XII. Special Issues in Hacking and Account Takeover

For unauthorized access cases, preserve:

1. Login alerts;
2. Password reset emails;
3. Unauthorized transaction notices;
4. IP login notices, if available;
5. Device information;
6. Account recovery correspondence;
7. Screenshots of changed profile details;
8. Messages sent by the hacker;
9. Financial losses;
10. Malware or suspicious links.

The victim should also:

1. Change passwords;
2. Enable two-factor authentication;
3. Secure email accounts first;
4. Log out other sessions;
5. Report to the platform;
6. Inform contacts not to transact with the hacked account;
7. Preserve proof before recovery steps erase logs.

---

XIII. Special Issues in Business Cybercrime

Businesses may file cybercrime complaints for:

1. Unauthorized access by former employees;
2. Data theft;
3. Deletion of company files;
4. Website defacement;
5. Ransomware;
6. Business email compromise;
7. Invoice fraud;
8. Fake supplier emails;
9. Trade secret theft;
10. Unauthorized use of customer data.

The company should preserve:

1. Server logs;
2. Access records;
3. HR records;
4. IT reports;
5. Device assignment records;
6. Employment contracts;
7. Confidentiality agreements;
8. Resignation or termination records;
9. Emails and chat logs;
10. Audit trails.

A corporate complainant should also attach proof that the representative is authorized to file the complaint.

---

XIV. Civil Remedies Alongside Criminal Complaint

A cybercrime victim may have civil remedies in addition to criminal remedies.

Possible civil claims include:

1. Damages;
2. Injunction;
3. Takedown-related relief;
4. Protection orders;
5. Recovery of money;
6. Return of property;
7. Account recovery assistance;
8. Restraining orders in harassment cases;
9. Data privacy complaints;
10. Consumer complaints.

Civil liability may be pursued in the criminal case or through a separate civil action, depending on the situation and applicable rules.

---

XV. Provisional and Protective Remedies

Depending on the facts, a complainant may seek urgent relief.

A. Protection orders

In cases involving violence against women and children, harassment by intimate partners, threats, stalking, or abuse, protection orders may be available.

B. Injunction

For ongoing publication, disclosure, misuse of data, or unauthorized use of property, injunction may be considered in a civil case.

C. Takedown requests

Takedown may be requested from platforms. Formal legal processes may also be explored when content violates law or platform rules.

D. Account freezing or transaction hold

For financial fraud, immediately contact banks, e-wallets, payment processors, and platforms. Law enforcement or court orders may be needed for certain freezes or disclosures.

---

XVI. Role of Barangay Proceedings

Cybercrime complaints are often criminal in nature and may not be resolved through barangay conciliation, especially where the offense is serious, punishable beyond barangay jurisdiction, involves parties in different cities, requires urgent police action, or involves public offenses.

However, some related disputes, such as minor harassment, neighborhood conflicts, or personal disputes between residents of the same city or municipality, may raise barangay conciliation issues before certain civil or criminal actions.

Before filing in court, check whether barangay conciliation is required. For urgent criminal cybercrime matters, complainants typically proceed directly to law enforcement or the prosecutor.

---

XVII. Data Privacy Complaints

Some cyber incidents may also involve violations of data privacy rights.

Examples:

1. Unauthorized posting of personal information;
2. Doxxing;
3. Unauthorized processing of personal data;
4. Data breach;
5. Unlawful disclosure of customer records;
6. Use of personal data for harassment or scams.

The victim may consider a complaint with the National Privacy Commission if the facts involve personal data processing, unauthorized disclosure, or data protection violations.

Data privacy remedies may proceed separately from criminal cybercrime remedies.

---

XVIII. Complaints Involving Minors

If the victim is a child, the matter becomes more sensitive.

Possible issues include:

1. Online sexual exploitation;
2. Child abuse;
3. Grooming;
4. Sextortion;
5. Cyberbullying;
6. Non-consensual intimate images;
7. Trafficking;
8. Harassment;
9. Threats;
10. Identity theft.

Parents, guardians, schools, social workers, and law enforcement may be involved. Child-sensitive procedures should be followed, and the child’s privacy must be protected.

Avoid reposting or forwarding harmful images. Preserve evidence in a way that does not further distribute exploitative material.

---

XIX. Complaints Involving Anonymous Accounts

A common problem is that the offender is anonymous.

The complaint can still be filed against:

1. John Doe;
2. Jane Doe;
3. Unknown person using a specific account;
4. Unknown owner of a number, email, wallet, or profile.

The complaint should provide all identifiers available:

1. Profile link;
2. Username;
3. Display name;
4. Photos;
5. Phone number;
6. Email;
7. Bank or e-wallet account;
8. Transaction reference number;
9. IP-related data, if available;
10. Device logs;
11. Screenshots;
12. Witnesses;
13. Related accounts.

Law enforcement may investigate identity through lawful channels.

---

XX. Complaints Involving Overseas Offenders

Cybercrime often crosses borders. The offender may be outside the Philippines, or the platform may be foreign.

Practical issues include:

1. Identifying the offender;
2. Obtaining platform records;
3. Preserving foreign-hosted evidence;
4. Enforcing subpoenas or orders;
5. Coordinating through international channels;
6. Determining jurisdiction;
7. Extradition or mutual legal assistance, in serious cases.

If the victim is in the Philippines and harm occurred in the Philippines, a complaint may still be filed locally, but enforcement may be more difficult.

---

XXI. Takedown of Online Content

Filing a criminal complaint does not automatically remove online content.

The victim may separately:

1. Use platform reporting tools;
2. Send a takedown request;
3. Send a demand letter;
4. Request assistance from counsel;
5. Seek court relief where appropriate;
6. Coordinate with cybercrime authorities in serious cases.

For intimate images, impersonation, scams, and child exploitation, platforms often have specific reporting categories.

---

XXII. Demand Letters: Are They Required?

A demand letter is not always required before filing a cybercrime complaint.

However, demand letters may be useful in some cases, such as:

1. Online scams;
2. Debt-related defamatory posts;
3. Business disputes;
4. Account misuse;
5. Unauthorized content;
6. Removal requests;
7. Demand to preserve evidence.

In criminal cases, a demand letter may sometimes help show refusal, bad faith, or intent, but it may also give the offender time to delete evidence. Therefore, preserve evidence first before sending any demand.

---

XXIII. Police Blotter: Is It Enough?

A police blotter is not the same as a criminal complaint.

A blotter is merely a record of an incident reported to police. It may be useful as supporting evidence, but it does not automatically start prosecution.

For actual prosecution, the complainant generally needs a complaint-affidavit and supporting evidence filed with the proper law enforcement unit or prosecutor.

---

XXIV. How Long Does a Cybercrime Case Take?

The timeline varies.

Factors include:

1. Whether the offender is known;
2. Complexity of technical evidence;
3. Need for platform records;
4. Number of respondents;
5. Availability of witnesses;
6. Prosecutor workload;
7. Court docket;
8. Whether the respondent contests the case;
9. Whether settlement is possible;
10. Whether urgent relief is needed.

Simple cyberlibel or online scam complaints with known respondents may proceed faster than hacking, phishing, or anonymous account cases requiring technical tracing.

---

XXV. Settlement and Affidavit of Desistance

Some cybercrime disputes are settled. Settlement may include:

1. Apology;
2. Takedown;
3. Payment;
4. Return of money;
5. Agreement not to repost;
6. Undertaking not to contact;
7. Confidentiality terms;
8. Civil compromise.

However, a criminal offense is an offense against the State. An affidavit of desistance does not automatically dismiss a criminal case, especially once it has progressed. The prosecutor or court may still proceed if evidence supports prosecution.

Settlement should be handled carefully, particularly in serious cases, child cases, sextortion, repeated harassment, or large-scale fraud.

---

XXVI. Defenses Commonly Raised by Respondents

Respondents in cybercrime complaints may argue:

1. They did not own or control the account.
2. Their account was hacked.
3. The screenshots are fake or edited.
4. The complainant omitted context.
5. The statement was true.
6. The statement was opinion or fair comment.
7. There was no publication.
8. The complainant is not identifiable.
9. There was no malice.
10. There was no intent to defraud.
11. The transaction was a civil dispute, not a scam.
12. The complainant voluntarily sent money.
13. The messages are inadmissible.
14. The complaint was filed in the wrong venue.
15. The offense has prescribed.
16. The evidence does not connect the respondent to the account.

A strong complaint anticipates these defenses by showing identity, authenticity, context, intent, damage, and legal elements.

---

XXVII. Common Mistakes by Complainants

Avoid these mistakes:

1. Filing with only one cropped screenshot.
2. Deleting the original conversation.
3. Blocking the offender before preserving evidence.
4. Confronting the offender too early.
5. Posting about the dispute online.
6. Threatening the offender with unlawful harm.
7. Editing screenshots.
8. Failing to save URLs.
9. Losing transaction reference numbers.
10. Failing to identify witnesses.
11. Filing the wrong offense.
12. Treating every insult as cyberlibel.
13. Treating every failed transaction as estafa.
14. Ignoring prescription periods.
15. Failing to prove that the respondent owns the account.
16. Sending more money to a scammer.
17. Sharing intimate images further while trying to prove the case.
18. Waiting too long before reporting financial fraud.

---

XXVIII. Checklist Before Filing a Cybercrime Complaint

Before filing, prepare:

1. Government-issued ID;
2. Complaint-affidavit;
3. Screenshots;
4. Screen recordings;
5. URLs or links;
6. Full chat logs;
7. Profile links;
8. Usernames and account IDs;
9. Phone numbers and emails;
10. Proof of payment;
11. Bank or e-wallet records;
12. Delivery records, if any;
13. Witness affidavits;
14. Device used, if relevant;
15. Original files;
16. Demand letter, if any;
17. Platform reports, if any;
18. Proof of damage;
19. Authority to file, if filing for a company or another person;
20. Copies of all documents for filing and service.

---

XXIX. Sample Structure of a Cybercrime Complaint-Affidavit

A complaint-affidavit may follow this structure:

1. Personal circumstances of complainant;
2. Identity of respondent;
3. Relationship between complainant and respondent, if any;
4. Chronology of events;
5. Description of online act;
6. Identification of platform, account, link, or number used;
7. Explanation of why the act is criminal;
8. Explanation of how respondent is connected to the act;
9. Description of damage suffered;
10. List of attached evidence;
11. Request for investigation and prosecution;
12. Verification and oath.

Example paragraph style:

“I am filing this complaint against Respondent for using the Facebook account under the name ______ to post false and malicious accusations against me on ______. The post is attached as Annex ‘A.’ It was publicly accessible through the link ______. The post identifies me by name and photograph. The accusations are false and have caused damage to my reputation, business, and family.”

---

XXX. What to Do After Filing

After filing, the complainant should:

1. Keep copies of all documents submitted.
2. Get receiving copies with date stamps.
3. Save the docket number or reference number.
4. Monitor communications from investigators or prosecutors.
5. Attend scheduled hearings or clarificatory conferences.
6. Submit additional evidence promptly.
7. Preserve original devices and files.
8. Avoid posting about the case online.
9. Avoid direct confrontation with the respondent.
10. Inform authorities if threats continue.
11. Update law enforcement if new posts, accounts, or transactions appear.

---

XXXI. Cybercrime Complaint Versus Civil Case

A cybercrime complaint seeks criminal prosecution.

A civil case seeks private remedies such as damages, injunction, recovery of money, or protection of rights.

Some cases require both.

Examples:

1. Online scam: criminal complaint plus civil recovery of money.
2. Cyberlibel: criminal complaint plus damages.
3. Intimate image leak: criminal complaint plus injunction and damages.
4. Business hacking: criminal complaint plus civil action for damages and injunction.
5. Identity theft: criminal complaint plus takedown and data privacy remedies.

---

XXXII. Practical Tips for Specific Cybercrime Scenarios

A. If you are a victim of an online selling scam

1. Preserve the product listing.
2. Preserve chats.
3. Save proof of payment.
4. Save the seller’s bank, e-wallet, or delivery details.
5. Report to the platform.
6. Report to bank or e-wallet.
7. File complaint with cybercrime authorities or prosecutor.

B. If someone posted defamatory content about you

1. Screenshot the entire post.
2. Save the URL.
3. Capture comments showing people understood it referred to you.
4. Identify who posted it.
5. Preserve evidence before asking for takedown.
6. Consider whether the statement is factual, false, defamatory, and identifiable.
7. File complaint if elements are present.

C. If your account was hacked

1. Secure your email first.
2. Change passwords.
3. Enable two-factor authentication.
4. Save login alerts.
5. Screenshot unauthorized activities.
6. Report to the platform.
7. Warn contacts.
8. File complaint if unauthorized access or fraud occurred.

D. If someone is threatening to leak intimate images

1. Preserve threats.
2. Do not send more images.
3. Do not pay without legal advice.
4. Report the account.
5. File urgently with cybercrime authorities.
6. Seek protection orders if the offender is an intimate partner.
7. Ask trusted support persons for help.

E. If your identity is being used in a fake account

1. Screenshot the fake profile.
2. Save the profile link.
3. Screenshot posts, messages, and scams using the profile.
4. Report the profile.
5. Notify affected contacts.
6. File complaint for identity theft or related offenses.

---

XXXIII. Conclusion

Filing a cybercrime complaint in the Philippines requires more than simply telling authorities that something bad happened online. The complainant must preserve digital evidence, identify the platform or account used, connect the online act to a real person, prepare a sworn complaint-affidavit, attach supporting documents, and file with the appropriate cybercrime unit or prosecutor.

The most important step is evidence preservation. Screenshots, URLs, chat logs, transaction records, device logs, and witness affidavits should be secured before the offender is alerted. Once the evidence is preserved, the complainant may proceed to the PNP Anti-Cybercrime Group, NBI Cybercrime Division, or the proper prosecutor’s office.

Cybercrime cases can involve both criminal and civil remedies. A victim may seek prosecution, damages, takedown, account recovery, injunction, protection orders, data privacy remedies, and recovery of money depending on the facts. Because cybercrime cases often depend on technical evidence and proper authentication, careful preparation is essential.