Facebook Impersonation Scam: How to Report and File Cybercrime Complaints (Philippines)

Facebook Impersonation Scam: How to Report and File Cybercrime Complaints (Philippines)

A comprehensive, practice-oriented guide for individuals, parents/guardians, and businesses operating in the Philippines.

What “Facebook impersonation” covers

Impersonation on Facebook (FB) happens when someone creates or uses a profile/page that copies your name, photos, branding, or other identifiers to deceive others. Common variants:

  • Direct profile cloning: Reuses your photos/name to message your contacts (“pa-utang,” fake emergency, raffle/crypto pitch).
  • “Recovery hijack” + takeover: Attacker gains access to your real account, changes email/phone, and contacts friends for money.
  • Page/brand spoofing: Look-alike pages or ads using your mark or photos to collect payments or personal data.
  • Deepfakes/AI edits: Synthetic images/videos/voice used to make you appear to endorse a product or solicit money.

Even if no money changed hands, impersonation can still violate Philippine law if it involves unauthorized use of identifying information, deception, or defamatory content.

Philippine legal framework (key bases you can cite)

You do not need to memorize section numbers to act. The list below helps you (or counsel) frame the complaint.

  • Cybercrime Prevention Act of 2012 (RA 10175)

    • Computer-related identity theft: acquiring/using another person’s identifying information without right via a computer system.
    • Computer-related fraud: deception to obtain an economic/other benefit online (e.g., asking money from your friends while pretending to be you).
    • Cyber libel: defamatory posts/messages made through a computer system.
    • Aiding/abetting, attempt, and corporate liability may apply.

  • Data Privacy Act of 2012 (RA 10173) Unauthorized processing or misuse of personal data (e.g., your images, ID, contact list) may trigger administrative complaints with the National Privacy Commission (NPC), in addition to criminal remedies.

  • Revised Penal Code (RPC) & special laws (when facts fit)

    • Estafa (swindling) if someone was duped into sending money.
    • Falsification/Usurpation of name, Unjust vexation, and related offenses depending on the conduct.
    • Anti-Photo and Video Voyeurism Act (RA 9995) for non-consensual intimate imagery.
    • Access Devices Regulation Act (RA 8484) if cards/e-wallet credentials are misused.
    • Intellectual property and unfair competition remedies for brands (possible IPOPHL and civil actions).

  • Jurisdiction & venue Cybercrimes can be prosecuted where any essential element occurred (e.g., where the victim or deceived contacts are located, where posts were accessed, or where accounts/systems are). Law enforcement can proceed even if the attacker is overseas when harmful effects are felt in the Philippines.

First 60 minutes: immediate containment checklist

  1. Secure your real accounts

    • Change FB password; log out of other devices; enable two-factor authentication (2FA); update recovery email/phone.
    • If you’ve lost access, use FB’s “Find your account / compromised account” flows and submit a government ID (clear photo; no edits).

  2. Warn your network

    • Post a short public advisory: “Someone is impersonating me on FB. Do not send money or share info. Report the fake profile.”
    • Notify family, close friends, HR/IT (if work-related), and key clients.

  3. Freeze financial exposure

    • If anyone sent funds, immediately contact the relevant bank/e-wallet (e.g., GCash, Maya) to flag the transfer and request internal fraud handling.

  4. Preserve evidence (don’t just block)

    • Take full-screen screenshots of: fake profile/page, Messenger threads, “About” sections, friend lists, posts, ads, and payment receipts.
    • Copy the exact URLs (profile/page/post/message links) and note date/time captured.
    • Save email/SMS notifications, and export chat histories where possible.
    • Record the names/contacts of people deceived and the amounts involved (if any).

How to report to Facebook effectively

  1. From the fake profile or page: click the three dots (…) → Report → Pretending to be someone → Me / A friend.

  2. Attach identity if prompted: clear photo of a valid government ID that matches the name shown on your real account.

  3. For businesses/brands: use FB’s brand impersonation/trademark reporting channel and attach:

    • DTI/SEC documents, trademark certificate (if available), brand use samples.

  4. Escalate quietly: Ask trusted contacts to report the impostor as well; avoid posting your ID publicly.

Takedown is an important but separate step from filing a criminal or administrative complaint. Do both.

Where to file in the Philippines (criminal & administrative)

  • Law enforcement (criminal):

    • NBI Cybercrime Division (NBI-CCD) – accepts walk-in and online complaints; coordinates with prosecutors and can seek cybercrime warrants.
    • PNP Anti-Cybercrime Group (PNP-ACG) – accepts complaints nationwide (regional offices); can conduct digital forensics and case build-up.

  • Prosecutor’s Office (Preliminary Investigation): You (or law enforcement) may file a complaint-affidavit with annexes in the city/province where any element occurred.

  • National Privacy Commission (NPC) (Administrative): If your personal data was processed without authority (photos, ID, contact lists), file an NPC complaint after first raising the issue with the respondent/controller (Facebook/other parties) and giving them a chance to address it.

You may pursue both criminal (NBI/PNP → Prosecutor) and administrative (NPC) tracks, plus civil damages where warranted.

Building a prosecutable case: evidence & affidavits

Evidence that typically matters

  • Identity linkage: how the fake account copied your name/photos; any shared friends they targeted.
  • Deception: messages demanding money, links to payment accounts, GCash/Maya details, bank accounts, QR codes.
  • Loss/harm: amounts sent, screenshots of transfers, names of victims, reputational damage (e.g., clients misled).
  • Authentication: originals of screenshots/photos and, where possible, downloaded copies of the pages/posts with URLs.
  • Your credentials: clear scan of your government ID and proof that the genuine FB account is yours.

Chain-of-custody tips

  • Keep an evidence log: item number, description, where/when captured, device used, and person who captured it.
  • Save files with hashes (if you can): compute SHA-256 of key files and note it in the log.
  • Avoid altering originals; if you annotate, keep a clean copy.

Complaint-Affidavit (criminal) – structure

  1. Parties and capacity (your name, address, nationality; if a company, authorized representative).
  2. Statement of facts in chronological order (discovery, fake profile URL, messages sent, monies lost).
  3. Elements of offenses matched to facts (identity theft, fraud, libel if applicable).
  4. Reliefs prayed for (criminal prosecution, preservation of data, takedown coordination).
  5. Annexes (see checklist below). Execute before a prosecutor or a notary public (as advised).

Annex checklist (label as A, B, C…):

  • A – Your valid government ID (front/back).
  • B – Screenshots of fake profile/page with URL and time stamps.
  • C – Screenshots of messages/posts + downloadable copies.
  • D – List of deceived contacts/victims and amounts (with contact numbers).
  • E – Receipts/transfers (bank/e-wallet).
  • F – Your genuine FB profile URL and proof of control (email screen, login alerts).
  • G – Any correspondence with Facebook (acknowledgments/takedown notices).

What law enforcement and prosecutors may do next

  • Data preservation requests to Facebook and local providers (RA 10175 requires service providers to preserve computer data for a limited period upon lawful request).

  • Applications for cybercrime warrants under the Supreme Court’s Rules on Cybercrime Warrants, including:

    • Warrant to Disclose Computer Data (WDCD) – subscriber info, logs, metadata.
    • Warrant to Intercept Computer Data (WICD) – lawfully monitor current communications (when applicable).
    • Warrant to Search, Seize, and Examine Computer Data (WSSECD) – for imaging and forensic analysis.

  • Mutual legal assistance or international coordination if the attacker is abroad.

  • Referral to the Prosecutor for Preliminary Investigation; if probable cause is found, the case proceeds to court.

If money was already lost

  1. Notify the bank/e-wallet immediately and ask for internal fraud case creation, flag/trace/freeze procedures, and dispute/chargeback options.
  2. File a police/NBI blotter to memorialize the incident and support bank/e-wallet requests.
  3. Document the loss (amount, time, transaction IDs). Provide to NBI/PNP and to the Prosecutor.
  4. Consider civil claims for damages against identified local recipients (e.g., money mules) and small claims where appropriate.

Special scenarios & how to handle them

  • Minors targeted or depicted: Involve the parent/guardian; law enforcement will treat child safety and exploitation as priority (other special laws may apply).
  • Intimate or sexualized deepfakes: Preserve without sharing further; RA 9995 and related laws may apply in addition to cybercrime offenses.
  • Business/brand impersonation with paid ads: Collect ad IDs, invoices, and click-through URLs; consider IPOPHL and civil remedies alongside criminal action.

Practical FAQs

Do I have to identify the scammer before filing? No. Provide all evidence; law enforcement can request subscriber information, IP logs, and coordinate with platforms.

Should I publicly expose the fake account? Issue a cautious advisory to warn contacts, but avoid doxxing, threats, or posting your IDs. Let platforms and authorities handle the takedown and investigation.

Can I sue Facebook? Platforms generally have limited liability for user content but must process valid reports. Focus on (1) swift takedown, (2) criminal complaint vs. the impostor, and (3) administrative/privacy remedies.

How fast must I act? Some offenses have short prescriptive periods, and data/logs are retained for limited time. Act promptly.

Do I need a lawyer? Not strictly required to report, but legal counsel helps in drafting affidavits, preserving digital evidence, and selecting remedies (criminal, administrative, civil).

Templates you can adapt

A. Evidence Log (sample)

EVIDENCE LOG – (Your Name) – Facebook Impersonation Case
Item  Description                               Source/URL                            Date/Time (PH)    Captured by   Hash (if any)
1     Screenshot – Fake Profile (cover+bio)     https://www.facebook.com/profile...   2025-10-01 09:12  J.D.          7f6a...
2     Chat thread asking for money               https://m.me/xxxxxxxx                 2025-10-01 09:30  J.D.          2b1a...
3     GCash receipt                              [Transaction ID: …]                   2025-10-01 10:05  A.C.          —
...

B. Complaint-Affidavit (skeleton)

REPUBLIC OF THE PHILIPPINES )
CITY/PROVINCE OF _________  ) S.S.

                       COMPLAINT-AFFIDAVIT

I, [Full Name], of legal age, [civil status], [citizenship], with address at [address], after being duly sworn, state:

1. I am the owner of the Facebook account at [URL]. Annex “F” shows proof of control.
2. On [date/time], I discovered a fake Facebook [profile/page] impersonating me at [URL], using my photos and name. Screenshots are in Annexes “B” and “C”.
3. The impostor sent messages to my contacts asking for money; sample threads are in Annex “C”. [Name] and [Name] sent ₱[amounts]; receipts are Annex “E”.
4. The acts constitute [Computer-related Identity Theft; Computer-related Fraud; Cyber Libel], among others, under Philippine law.
5. I respectfully request investigation, issuance of lawful preservation/production measures, and filing of appropriate criminal charges.

Attached as Annexes “A” to “G” are true copies of documents supporting this complaint.

[Signature over Printed Name]
Affiant

SUBSCRIBED AND SWORN to before me this ___ day of _______, 20__, in ________.

C. Advisory you can post to contacts

“Friends, someone is impersonating me on Facebook. Please do not send money or share personal information. Report the fake profile at its page (… → Report → Pretending to be someone → Me). If you received a suspicious message, please forward a screenshot to me. Thank you.”

For businesses and public figures

  • Brand kit: keep an internal pack (logo files, color codes, ID/docs, trademark certificates) to support fast FB brand-impersonation takedowns.
  • Official channels: maintain verified pages, update contact details, and pin an “official accounts” post to reduce spoofing risk.
  • Crisis playbook: who approves advisories, who gathers evidence, legal sign-offs, and who liaises with agencies (NBI/PNP/NPC).

Prevention: reducing future risk

  • Enable 2FA on Facebook and on your recovery email/number.
  • Lock down privacy settings; limit who can see your friends list; review tagged photos.
  • Use unique passwords (password manager) and login alerts.
  • Educate family/staff on verification protocols (call-back before sending money; code words for emergencies).
  • Periodically search for clones of your profile/page and report quickly.

Final notes

  • Keep your case file organized; authorities appreciate clear timelines and legible annexes.
  • If a minor is involved or intimate content is used, flag this immediately when reporting—these cases are prioritized.
  • This article provides general Philippine legal information. For tailored advice or representation, consult a Philippine lawyer or your in-house counsel.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login