How to File a Cybercrime Complaint in the Philippines

I. Introduction

Cybercrime complaints in the Philippines commonly arise from online scams, account takeovers, hacking, identity theft, phishing, cyber libel, online threats, sextortion, unauthorized publication of intimate images, illegal access to computer systems, data interference, and other offenses committed through computers, mobile phones, social media platforms, messaging applications, websites, e-wallets, or other information and communications technology systems.

The principal law is Republic Act No. 10175, otherwise known as the Cybercrime Prevention Act of 2012. It defines punishable cybercrime offenses, identifies the law enforcement agencies authorized to investigate them, and provides mechanisms for preserving, collecting, and using computer data in criminal proceedings. Cybercrime complaints may also involve other Philippine laws, such as the Revised Penal Code, the Anti-Photo and Video Voyeurism Act, the Safe Spaces Act, the Anti-Child Pornography Act, the Data Privacy Act, access device laws, anti-fraud laws, banking and e-money regulations, and special laws protecting women, children, and consumers.

Filing a cybercrime complaint is not merely a matter of narrating what happened. Because cybercrime evidence is often digital, complainants must act quickly to preserve screenshots, URLs, account identifiers, transaction records, device information, communications, metadata, and other electronic traces before they are deleted, altered, hidden, or made inaccessible.

II. Where to File a Cybercrime Complaint

A cybercrime complaint may generally be brought to the following authorities:

1. Philippine National Police Anti-Cybercrime Group

The PNP Anti-Cybercrime Group, commonly referred to as PNP-ACG, is the specialized cybercrime unit of the Philippine National Police. It handles complaints involving online fraud, hacking, phishing, identity theft, cyber libel, online threats, online sexual abuse or exploitation, unauthorized access, and other cyber-related offenses.

A complainant may file at the PNP-ACG headquarters, at a regional cybercrime unit, or through official complaint channels made available by the PNP-ACG.

2. National Bureau of Investigation Cybercrime Division

The NBI Cybercrime Division is another principal investigative body for cybercrime complaints. The NBI may receive complaints, evaluate evidence, conduct cybercrime investigation, coordinate with platforms or service providers when legally proper, and refer cases for prosecution.

Complainants often choose the NBI when the matter involves complex fraud, hacking, coordinated online schemes, cross-border elements, identity theft, or other cases requiring specialized technical investigation.

3. Department of Justice Office of Cybercrime

The Department of Justice Office of Cybercrime is the central authority created under the Cybercrime Prevention Act. Its role is broader than ordinary complaint intake. It assists in cybercrime policy, coordination, international cooperation, and matters involving cybercrime enforcement. It may also be relevant where the offense has foreign elements or requires coordination with foreign service providers or authorities.

4. Prosecutor’s Office

A complainant may also file a criminal complaint before the proper Office of the City Prosecutor or Provincial Prosecutor, especially where the identity of the offender is known and the complainant already has sufficient evidence. In many cybercrime cases, however, complainants first approach the PNP-ACG or NBI because technical investigation may be needed to identify the perpetrator, preserve data, or obtain evidence.

5. Barangay, Local Police Station, or Women and Children Protection Desk

For urgent safety concerns, threats, harassment, blackmail, stalking, domestic abuse, violence against women and children, or cases involving minors, a complainant may also seek immediate assistance from local police, the Women and Children Protection Desk, barangay authorities, social workers, or protection agencies. These offices may help address immediate danger, issue referrals, document incidents, and connect the complainant to the proper cybercrime unit.

III. Common Cybercrime Offenses

The Cybercrime Prevention Act punishes several categories of offenses. The most common include:

1. Illegal Access

Illegal access refers to unauthorized access to the whole or any part of a computer system. Examples include hacking into an email account, social media account, phone, computer, cloud storage, website, or database without permission.

2. Illegal Interception

This involves unauthorized interception of computer data, communications, or transmissions. Examples may include intercepting private messages, capturing data packets, or secretly monitoring digital communications without legal authority.

3. Data Interference

Data interference involves intentional or reckless alteration, damaging, deletion, or deterioration of computer data, electronic documents, or electronic data messages without authority. Examples include deleting files, wiping a system, corrupting data, or tampering with records.

4. System Interference

System interference involves seriously hindering or interfering with the functioning of a computer or computer network. Distributed denial-of-service attacks, malware deployment, ransomware, and sabotage of digital infrastructure may fall under this category depending on the facts.

5. Misuse of Devices

This includes producing, selling, obtaining, importing, distributing, or making available devices, programs, access codes, passwords, or similar data intended for committing cybercrime.

6. Cyber-Squatting

Cyber-squatting involves acquiring a domain name in bad faith, especially when it is identical or confusingly similar to an existing trademark, name, or business identifier, and where the purpose is to profit, mislead, damage reputation, or deprive the lawful owner of use.

7. Computer-Related Forgery

This involves unauthorized input, alteration, or deletion of computer data resulting in inauthentic data, with intent that it be considered or acted upon as authentic.

8. Computer-Related Fraud

This involves unauthorized input, alteration, deletion, or suppression of computer data or interference with a computer system with fraudulent intent, resulting in damage. Online scams, fake payment confirmations, phishing schemes, and account manipulation may involve computer-related fraud.

9. Computer-Related Identity Theft

This involves the intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another person, whether natural or juridical, without right. Examples include using another person’s name, photo, ID, account, number, email, or personal data to deceive others.

10. Cybersex

Cybersex under the law involves the willful engagement, maintenance, control, or operation of lascivious exhibition of sexual organs or sexual activity with the aid of a computer system, for favor or consideration.

11. Child Pornography and Online Sexual Exploitation

Cases involving minors are especially serious. They may involve the Cybercrime Prevention Act, the Anti-Child Pornography Act, anti-trafficking laws, child protection statutes, and other special penal laws. These cases should be reported urgently to law enforcement.

12. Unsolicited Commercial Communications

Certain forms of unsolicited commercial communication may be punishable, subject to statutory exceptions and regulatory considerations.

13. Cyber Libel

Cyber libel is libel committed through a computer system or similar means. It generally involves the public and malicious imputation of a crime, vice, defect, act, omission, condition, status, or circumstance tending to dishonor, discredit, or contempt a person, when committed online.

Cyber libel requires careful legal evaluation. Not all offensive, insulting, or false online statements automatically constitute cyber libel. Issues such as publication, identifiability, malice, truth, fair comment, privileged communication, public interest, and prescription may matter.

14. Online Threats, Harassment, and Blackmail

Threats, coercion, unjust vexation, grave scandal, harassment, stalking, extortion, and blackmail may be committed online. These may fall under the Revised Penal Code, the Cybercrime Prevention Act, the Safe Spaces Act, the Anti-Violence Against Women and Their Children Act, or other special laws depending on the circumstances.

IV. What to Do Immediately After a Cybercrime Incident

A victim should act quickly and methodically. The most important early steps are preservation, documentation, safety, and reporting.

1. Do Not Delete Evidence

Do not delete messages, posts, emails, call logs, transaction records, or account activity. Even embarrassing or distressing material may be important evidence. Deleting it may make the case harder to prove.

2. Take Clear Screenshots

Take screenshots showing:

  • the full message, post, comment, or profile;
  • username, handle, account name, email address, phone number, or profile link;
  • date and time;
  • URLs;
  • transaction details;
  • threats, demands, or instructions;
  • payment requests;
  • proof of identity misuse;
  • photos, videos, or documents used in the offense.

Where possible, capture the entire conversation thread, not just isolated messages.

3. Save URLs and Account Identifiers

Screenshots are useful, but URLs and account identifiers are often more important for investigation. Save the link to the profile, post, marketplace listing, website, group, page, channel, email header, or transaction page.

4. Preserve Original Files

Keep original images, videos, documents, emails, voice notes, attachments, and downloaded files. Avoid editing, cropping, compressing, or renaming them unnecessarily. The original file may contain metadata useful to investigators.

5. Record Dates and Times

Prepare a timeline. Include when the incident started, when each communication occurred, when payment was made, when threats were received, when access was lost, and when the account or content was discovered.

Use Philippine Standard Time if possible, and indicate if the platform displayed a different time zone.

6. Secure Your Accounts

Change passwords, enable two-factor authentication, revoke suspicious sessions, update recovery email and phone numbers, check account forwarding rules, scan devices for malware, and notify your bank or e-wallet provider if money or financial information is involved.

Security measures should not destroy evidence. Preserve proof first, then secure accounts.

7. Report to the Platform

Report the offending account, post, listing, or transaction to the relevant platform, such as Facebook, Messenger, Instagram, TikTok, X, YouTube, Gmail, Telegram, Viber, Shopee, Lazada, GCash, Maya, banks, or marketplace providers. Platform reports may help remove harmful content or freeze suspicious activity, but they do not replace a formal criminal complaint.

8. Act Urgently in Cases Involving Money

For online scams, phishing, unauthorized bank transfers, e-wallet theft, crypto fraud, or marketplace fraud, contact the bank, e-wallet provider, payment processor, or exchange immediately. Ask for account freezing, reversal review, chargeback options, fraud investigation, and preservation of transaction records.

9. Seek Immediate Help for Threats or Sexual Exploitation

For sextortion, threats to publish intimate images, child exploitation, stalking, domestic abuse, or imminent danger, report immediately to law enforcement. Do not negotiate endlessly with extortionists. Continued payment often does not stop the abuse.

V. Evidence to Prepare Before Filing

A strong cybercrime complaint should include both narrative evidence and technical evidence. The following are commonly useful:

1. Personal Identification

Prepare a valid government ID. If filing for a company, bring proof of authority, such as a secretary’s certificate, board authorization, special power of attorney, or written authority from the business owner.

2. Complaint-Affidavit

A complaint-affidavit should state:

  • the complainant’s identity and contact details;
  • the respondent’s identity, if known;
  • a chronological narration of events;
  • the specific acts complained of;
  • how the acts were committed using a computer system or digital platform;
  • the damage suffered;
  • the evidence attached;
  • the relief requested;
  • a verification that the facts are true based on personal knowledge or authentic records.

The affidavit should be notarized or sworn before an authorized officer.

3. Screenshots and Printouts

Attach screenshots and printouts in an organized manner. Label each exhibit. For example:

  • Exhibit “A” — Screenshot of fake Facebook profile;
  • Exhibit “B” — Messenger conversation dated 12 March 2026;
  • Exhibit “C” — GCash transaction receipt;
  • Exhibit “D” — Screenshot of threat to publish intimate photos;
  • Exhibit “E” — URL of defamatory post.

4. Electronic Copies

Bring electronic copies in a USB drive, external drive, or other storage medium. Include original files if available. Organize them in clearly named folders.

5. URLs and Links

List all relevant links in a separate document. Many complaints fail because screenshots are submitted without usable links.

6. Transaction Records

For financial crimes, prepare:

  • bank transfer receipts;
  • e-wallet transaction confirmations;
  • reference numbers;
  • account names and numbers;
  • QR codes;
  • merchant details;
  • order confirmations;
  • invoices;
  • delivery records;
  • chat logs with the seller or scammer.

7. Email Headers

For phishing, spoofing, or email-based attacks, full email headers may help trace technical routing information. Do not merely print the visible email body.

8. Device and Account Information

Prepare information on affected devices and accounts:

  • device model;
  • phone number;
  • email address;
  • username;
  • account recovery email;
  • IP logs, if available;
  • login alerts;
  • location alerts;
  • platform security notifications.

9. Witness Statements

If other persons saw the post, received the message, paid money, or can identify the suspect, their affidavits may strengthen the complaint.

10. Demand Letters or Prior Communications

If a demand letter, cease-and-desist letter, platform report, bank complaint, or barangay blotter was already made, include copies.

VI. Step-by-Step Procedure for Filing

Step 1: Identify the Nature of the Offense

Determine whether the case involves hacking, online scam, identity theft, cyber libel, online threats, sextortion, data breach, account takeover, unauthorized transaction, or another offense. This helps determine what evidence to gather and where to file.

Step 2: Preserve Evidence

Before reporting accounts or blocking the suspect, preserve all relevant evidence. Blocking may prevent further contact, but it may also make messages harder to access. Take screenshots, save files, export chats, record links, and keep original data.

Step 3: Prepare a Timeline

Write a clear chronological timeline. Investigators and prosecutors need to understand what happened without guessing.

Step 4: Prepare the Complaint-Affidavit

The complaint-affidavit is the backbone of the case. It should be factual, specific, and supported by attachments. Avoid exaggeration. State dates, names, links, amounts, and exact words used where relevant.

Step 5: Go to the Appropriate Cybercrime Office

File with the PNP-ACG, NBI Cybercrime Division, or prosecutor’s office. Bring originals and copies of your evidence, valid ID, and electronic storage containing the digital evidence.

Step 6: Cooperate During Evaluation

The receiving office may ask clarifying questions, request additional evidence, or require a sworn statement. They may also evaluate whether the complaint is cybercrime, ordinary criminal fraud, civil dispute, labor issue, consumer complaint, or another legal matter.

Step 7: Investigation

If the complaint proceeds, investigators may conduct technical investigation, request preservation of computer data, coordinate with platforms or service providers, trace accounts or transactions, interview witnesses, and prepare referral documents.

Step 8: Referral for Inquest or Preliminary Investigation

If a suspect is arrested without warrant under lawful circumstances, the case may proceed to inquest. Otherwise, most cases proceed through preliminary investigation before the prosecutor’s office.

Step 9: Prosecutor’s Resolution

The prosecutor determines whether probable cause exists. If probable cause is found, an Information may be filed in court. If dismissed, the complainant may explore remedies such as motion for reconsideration or petition for review, subject to applicable rules and deadlines.

Step 10: Court Proceedings

If filed in court, the case proceeds through arraignment, pre-trial, trial, presentation of electronic evidence, and judgment. Electronic evidence must comply with applicable evidentiary rules.

VII. Cybercrime Warrants and Preservation of Data

Cybercrime cases often require evidence held by service providers, platforms, telecom companies, banks, e-wallet providers, or internet intermediaries. The Supreme Court’s Rule on Cybercrime Warrants governs court processes for preservation, disclosure, interception, search, seizure, and examination of computer data in cybercrime investigations.

Important cybercrime processes may include:

1. Preservation of Computer Data

Computer data may disappear quickly because platforms delete logs, accounts are deactivated, messages are unsent, or retention periods expire. Preservation helps prevent loss of evidence while authorities seek the proper legal process.

2. Disclosure of Computer Data

Authorities may need subscriber information, traffic data, logs, or other computer data. Disclosure generally requires compliance with the relevant law and court rules.

3. Search, Seizure, and Examination

If a device, account, server, or storage medium must be searched or examined, authorities may need the appropriate cybercrime warrant.

4. Interception

Interception of communications is highly sensitive and subject to strict legal requirements. It cannot be casually demanded by a complainant.

VIII. Jurisdiction and Venue

Cybercrime cases may involve multiple locations: where the complainant resides, where the respondent acted, where the computer system is located, where the content was accessed, where the damage occurred, or where the platform or transaction took effect.

Venue can be complicated in online cases. A post uploaded in one city may be viewed nationwide. A scammer may be in another province or country. A bank account may be in another region. The proper office will usually assess venue and jurisdiction based on the facts, evidence, and applicable rules.

IX. Filing Against Unknown Persons

A cybercrime complaint may be filed even if the real identity of the offender is unknown. The complaint may refer to the respondent as an unknown person using a username, handle, profile link, phone number, email address, account number, or other identifier.

However, the complainant should provide as much identifying information as possible, such as:

  • profile links;
  • usernames;
  • mobile numbers;
  • bank or e-wallet accounts;
  • email addresses;
  • IP logs, if available;
  • delivery addresses;
  • photos used;
  • marketplace store names;
  • courier records;
  • mutual contacts;
  • voice notes;
  • video calls;
  • transaction references.

Law enforcement may then investigate to identify the person behind the account or transaction.

X. Cyber Libel Complaints

Cyber libel deserves special attention because it is one of the most common complaints in the Philippines involving social media posts.

A complainant should prepare:

  • the exact defamatory post, comment, article, video, caption, or message;
  • screenshots and URLs;
  • proof that the post was published online;
  • proof that the complainant is identifiable;
  • explanation of why the imputation is defamatory;
  • evidence of falsity, if available;
  • evidence of malice or circumstances showing malicious publication;
  • proof of damage, reputational harm, business injury, emotional distress, or public ridicule.

Defenses may include truth, privileged communication, fair comment on matters of public interest, lack of identifiability, absence of malice, opinion rather than factual imputation, or prescription. Because cyber libel implicates speech, reputation, and criminal liability, legal advice is strongly recommended before filing or responding to such a complaint.

XI. Online Scam and Fraud Complaints

For online scams, the most important evidence usually includes:

  • conversation with the seller, recruiter, investment promoter, or scammer;
  • payment instructions;
  • proof of payment;
  • account number or e-wallet number used;
  • name appearing on the receiving account;
  • advertisements, listings, or promotional materials;
  • screenshots of fake websites or fake pages;
  • delivery tracking information;
  • promises made by the suspect;
  • proof of non-delivery or deception;
  • records of other victims, if available.

Complainants should immediately report the receiving account to the bank, e-wallet, exchange, or platform. In some cases, quick reporting may help freeze funds or preserve transaction data.

XII. Hacking and Account Takeover Complaints

For hacking or account takeover, prepare:

  • proof of ownership of the account;
  • login alerts;
  • password reset emails;
  • suspicious IP or location alerts;
  • screenshots of unauthorized posts or messages;
  • proof of recovery attempts;
  • emails from the platform;
  • device information;
  • malware or phishing links received before compromise;
  • list of people contacted by the hacked account;
  • proof of financial or reputational damage.

Do not rely solely on the statement “my account was hacked.” Show what changed, when access was lost, and what unauthorized acts occurred.

XIII. Identity Theft and Impersonation

For identity theft or impersonation, prepare:

  • screenshots of the fake account;
  • profile URL;
  • side-by-side comparison with the real account;
  • proof that your name, photo, business name, logo, or personal data was used;
  • messages sent by the impersonator;
  • victims deceived by the fake account;
  • financial loss or reputational harm;
  • platform reports and responses.

If a fake account is using a business name or trademark, additional remedies under intellectual property, consumer protection, or unfair competition laws may also be considered.

XIV. Sextortion, Voyeurism, and Intimate Image Abuse

If someone threatens to release intimate images or videos, demands money, or uses sexual material for coercion, report immediately. Preserve:

  • threats;
  • payment demands;
  • account details;
  • images or videos involved, if already sent or posted;
  • profile links;
  • transaction records;
  • prior relationship or communication history;
  • proof of age, especially if a minor is involved.

Do not send more images. Do not continue paying. Do not meet the offender alone. If there is imminent risk, seek police protection and support from trusted family, counsel, or victim assistance services.

XV. Complaints Involving Minors

Cases involving minors require urgent and sensitive handling. The complainant may be a parent, guardian, school representative, social worker, or other authorized person. Evidence should be preserved carefully and not further circulated. Avoid forwarding explicit material involving minors except as instructed by lawful authorities, because unnecessary sharing may itself create legal problems.

XVI. Data Privacy and Data Breach Issues

Not every data privacy issue is automatically a cybercrime. Unauthorized use, disclosure, or processing of personal information may fall under the Data Privacy Act and may be reported to the National Privacy Commission. If the incident involves hacking, identity theft, fraud, extortion, or unauthorized access, it may also be a cybercrime.

A complainant should consider whether the issue is best framed as:

  • cybercrime;
  • data privacy violation;
  • consumer complaint;
  • employment matter;
  • civil damages claim;
  • administrative complaint;
  • contractual dispute;
  • or a combination of remedies.

XVII. Civil, Criminal, and Administrative Remedies

A cyber incident may give rise to several remedies:

1. Criminal Complaint

This seeks prosecution and punishment of the offender. It is filed with law enforcement or the prosecutor.

2. Civil Action for Damages

The victim may claim damages for loss of money, injury to reputation, emotional distress, business loss, or other harm, subject to proof.

3. Platform Remedies

The victim may seek takedown, account suspension, content removal, page recovery, transaction dispute, or fraud review through the platform.

4. Bank or E-Wallet Remedies

The victim may seek account freezing, reversal review, chargeback, fraud investigation, or preservation of transaction records.

5. Administrative Complaints

Depending on the facts, complaints may be filed with agencies such as the National Privacy Commission, Department of Trade and Industry, Bangko Sentral-supervised financial institution channels, school authorities, professional regulators, or employers.

XVIII. Practical Drafting Tips for a Complaint-Affidavit

A good complaint-affidavit should be clear, chronological, and evidence-based. It should avoid emotional conclusions unsupported by facts. It should answer:

  • Who is the complainant?
  • Who is the respondent, if known?
  • What exactly happened?
  • When did each event happen?
  • Where did the online act occur or become known?
  • What platform, account, device, or system was used?
  • What law or offense appears to have been violated?
  • What evidence proves each fact?
  • What damage resulted?
  • What action is being requested?

A complaint should not merely say, “I was scammed,” “I was hacked,” or “I was defamed.” It should show the specific acts and attach proof.

XIX. Sample Structure of a Cybercrime Complaint-Affidavit

A simple structure may be:

  1. Title: Complaint-Affidavit
  2. Personal circumstances of complainant
  3. Personal circumstances of respondent, if known
  4. Jurisdictional facts
  5. Chronological narration
  6. Description of digital platform or computer system used
  7. Evidence and exhibits
  8. Damage suffered
  9. Laws apparently violated
  10. Prayer for investigation and prosecution
  11. Verification and signature
  12. Jurat or notarization

XX. Sample Opening Paragraph

“I, [Name], of legal age, Filipino, [civil status], and residing at [address], after being duly sworn, state that I am filing this Complaint-Affidavit for cybercrime and related offenses against [Name/Username/Unknown Person], arising from the unauthorized use of my identity, online misrepresentations, and fraudulent solicitation of money through [platform], as shown by the screenshots, URLs, transaction records, and other evidence attached to this affidavit.”

XXI. Sample Prayer

“WHEREFORE, premises considered, I respectfully request that the appropriate cybercrime investigation be conducted; that the relevant computer data, account information, transaction records, and other electronic evidence be preserved and obtained through lawful processes; and that, after investigation and preliminary proceedings, the proper criminal charges be filed against the respondent and all other persons who may be found responsible.”

XXII. Mistakes to Avoid

Complainants should avoid the following:

  • deleting messages or posts before saving them;
  • submitting screenshots without URLs;
  • cropping screenshots so that dates, names, and links are missing;
  • failing to preserve original files;
  • relying only on hearsay;
  • paying sextortionists repeatedly;
  • warning the suspect before preserving evidence;
  • posting accusations online in a way that may create counterclaims;
  • using hacked access to “investigate” the suspect;
  • fabricating or editing evidence;
  • filing a complaint without a coherent timeline;
  • ignoring bank, e-wallet, or platform reporting deadlines;
  • waiting too long before reporting.

XXIII. Prescription and Delay

Cybercrime complaints should be filed promptly. Delay may cause loss of platform logs, deletion of accounts, dissipation of funds, disappearance of witnesses, and weakening of the case. Prescription periods depend on the offense charged and applicable law. Because prescription can be technical, a complainant should seek legal advice as soon as possible, especially in cyber libel, fraud, and harassment cases.

XXIV. Costs and Representation

Filing a complaint with law enforcement generally does not require hiring a lawyer, but legal assistance is often helpful, especially for cyber libel, large-scale fraud, business impersonation, sextortion, data breach, hacking, or cases involving multiple laws. A lawyer can help prepare the complaint-affidavit, organize evidence, identify proper charges, protect the complainant from counterclaims, and coordinate with investigators.

Indigent complainants may seek assistance from the Public Attorney’s Office, legal aid offices, law school legal aid clinics, local government legal assistance programs, or non-government organizations, depending on eligibility and case type.

XXV. Conclusion

Filing a cybercrime complaint in the Philippines requires more than going to the police and narrating an online incident. The complainant must preserve digital evidence, identify the proper agency, prepare a clear complaint-affidavit, attach organized exhibits, cooperate with investigators, and understand that cybercrime cases often require lawful technical processes to obtain data from platforms, service providers, banks, or devices.

The best approach is immediate evidence preservation, prompt reporting, careful documentation, and legally sound presentation of facts. In serious cases involving threats, exploitation, financial loss, reputational harm, minors, intimate images, or business damage, early legal assistance is strongly recommended.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login