Fake Email Impersonation Scam Using Someone’s Name

I. Introduction

A fake email impersonation scam happens when a person uses another person’s name, identity, position, company affiliation, or reputation to send deceptive emails. The scammer may create a fake email address, spoof an existing email address, copy someone’s signature block, pretend to be a company officer, lawyer, government employee, supplier, client, relative, or friend, and use that false identity to obtain money, information, access, documents, or trust.

In the Philippine context, this conduct may give rise to criminal, civil, administrative, employment, data privacy, and cybersecurity consequences. The applicable laws may include the Revised Penal Code, the Cybercrime Prevention Act of 2012, the Data Privacy Act of 2012, the Electronic Commerce Act, special laws on access devices and financial fraud, and rules on evidence and electronic evidence.

Fake email impersonation is not a single offense under one label. It may be prosecuted or pursued under different legal theories depending on what the scammer did, what was obtained, what information was used, who was impersonated, and what damage resulted.

II. What Is Fake Email Impersonation?

Fake email impersonation is the act of sending or causing the sending of an email while falsely pretending to be another person or entity.

It may involve:

  1. Using someone else’s full name;
  2. Creating an email address that looks like the victim’s name;
  3. Spoofing the sender field so the email appears to come from the real person;
  4. Using the victim’s photograph, signature, job title, company logo, or contact details;
  5. Pretending to be a company executive or authorized representative;
  6. Pretending to be a lawyer, accountant, bank officer, government employee, supplier, customer, or relative;
  7. Asking for money, confidential data, passwords, OTPs, account access, invoices, or documents;
  8. Damaging the reputation of the impersonated person;
  9. Causing a recipient to act on false instructions.

The key element is deception. The scammer makes the recipient believe that the email came from, or was authorized by, the person whose name was used.

III. Common Forms of Email Impersonation Scams

A. Business Email Compromise

Business email compromise occurs when a scammer impersonates a company officer, executive, vendor, client, accountant, or employee to induce payment or transfer of funds.

Examples include:

  • “Please transfer payment to this new bank account.”
  • “I am in a meeting. Buy gift cards and send the codes.”
  • “Process this urgent supplier payment.”
  • “Update our billing details.”
  • “Send employee payroll information.”
  • “Release the check to my representative.”

This is common in corporate, accounting, procurement, real estate, logistics, and professional services settings.

B. CEO or Boss Impersonation

The scammer pretends to be the owner, president, CEO, manager, partner, or department head. The email usually creates urgency and pressure.

The recipient may be told not to call, not to verify, or to act immediately because the matter is “confidential.”

C. Supplier or Vendor Impersonation

The scammer pretends to be a legitimate supplier and asks the company to send payment to a different bank account.

This may involve altered invoices, fake bank certificates, forged authorization letters, or compromised email threads.

D. Lawyer, Law Office, or Government Impersonation

The scammer may pretend to be a lawyer, prosecutor, court officer, police officer, NBI agent, BIR officer, immigration officer, or local government employee.

The email may threaten arrest, lawsuit, blacklisting, tax assessment, immigration hold, or public exposure unless payment is made.

E. Relative or Friend Impersonation

The scammer may pretend to be a family member, friend, classmate, or colleague, often claiming an emergency.

Examples include requests for medical funds, bail money, travel expenses, or temporary loans.

F. Recruitment or Job Offer Impersonation

The scammer may use the name of a real HR officer, company, agency, or recruiter to offer fake employment and demand processing fees, training fees, equipment deposits, or personal data.

G. Banking, Wallet, or Payment Platform Impersonation

The scammer may pretend to be a bank, e-wallet provider, payment processor, or customer support agent to obtain OTPs, passwords, card details, or account information.

H. Academic or Professional Impersonation

Someone may use another person’s name to send fake recommendations, requests, admissions documents, employment records, research communications, or professional notices.

I. Reputation-Damaging Impersonation

A scammer may send offensive, defamatory, fraudulent, or malicious emails using someone else’s name to make the impersonated person appear dishonest, abusive, incompetent, or involved in wrongdoing.

IV. Legal Characterization Under Philippine Law

Fake email impersonation may be legally treated as:

  1. Estafa or swindling, if deception causes damage or financial loss;
  2. Computer-related fraud, if committed through information and communications technology;
  3. Computer-related identity theft, if identifying information is used without authority;
  4. Computer-related forgery, if electronic data is altered or falsely made to appear authentic;
  5. Unauthorized access, if an email account or system was hacked;
  6. Illegal access or misuse of access devices, if bank cards, credentials, or account data were used;
  7. Data privacy violation, if personal information was collected, used, disclosed, or processed unlawfully;
  8. Cyber libel, if defamatory statements were made online or through electronic means;
  9. Falsification, if documents, signatures, invoices, or certifications were forged;
  10. Civil wrong or tort, if reputation, property, business, or privacy was damaged.

The correct legal theory depends on the facts.

V. Estafa in Email Impersonation Cases

A. Nature of Estafa

Estafa is a form of fraud or swindling. In an email impersonation scam, estafa may arise when the scammer uses deceit to cause another person to part with money, property, services, or valuable rights.

A typical example is when the scammer pretends to be a known person and convinces the recipient to send money.

B. Elements in Practical Terms

In a fake email impersonation scam, estafa may be present when:

  1. The scammer made a false representation;
  2. The representation was made before or at the time the victim acted;
  3. The victim relied on the false representation;
  4. The victim suffered damage or loss.

The impersonation itself may serve as the deceit. The loss may be a bank transfer, e-wallet transfer, goods delivered, services rendered, documents released, or other measurable damage.

C. Estafa Through False Pretenses

If the scammer pretends to have authority, identity, position, qualification, agency, or relationship that does not exist, and the recipient relies on it, estafa may apply.

Examples:

  • Pretending to be the company president to order a payment;
  • Pretending to be a supplier to redirect funds;
  • Pretending to be a lawyer to collect settlement money;
  • Pretending to be a relative in need of emergency funds.

D. Estafa Through Abuse of Confidence

If the scam involves abuse of a pre-existing relationship or entrusted property, a different mode of estafa may be considered.

For example, an employee with access to company emails may use internal information to misdirect payments. Depending on the facts, this may involve estafa, qualified theft, falsification, or cybercrime offenses.

VI. Cybercrime Prevention Act: Why the Penalty May Be Higher

The Cybercrime Prevention Act of 2012 is central to email impersonation scams because the offense is committed through computers, networks, email systems, mobile devices, internet platforms, or electronic communications.

Under Philippine cybercrime law, certain traditional crimes become cybercrimes when committed through information and communications technology. Penalties may be one degree higher in certain cases when crimes under the Revised Penal Code are committed by, through, and with the use of ICT.

Thus, if estafa is committed through email, online messaging, spoofed accounts, or digital platforms, the prosecution may treat it as cyber-related estafa.

VII. Computer-Related Identity Theft

Computer-related identity theft is especially relevant when a scammer uses someone else’s identifying information without authority.

Identifying information may include:

  • Full name;
  • Email address;
  • Username;
  • Photograph;
  • Signature;
  • Job title;
  • Company affiliation;
  • Contact details;
  • Government-issued ID information;
  • Account details;
  • Login credentials;
  • Digital identifiers.

If the scammer uses another person’s name and identity in an email to deceive others, this may qualify as identity theft under cybercrime law, especially if done through ICT.

The impersonated person is a victim even if no money was taken from them directly. Their name, identity, reputation, and personal information were misused.

VIII. Computer-Related Forgery

Computer-related forgery may arise when electronic data is entered, altered, or manipulated so that it appears authentic when it is not.

In email impersonation, this may include:

  1. Fake email headers;
  2. Spoofed sender fields;
  3. Altered invoices;
  4. Fake authorization letters;
  5. Forged electronic signatures;
  6. Fake PDF attachments;
  7. Altered screenshots;
  8. Manipulated payment instructions;
  9. Fake company letterheads;
  10. Fraudulent digital documents.

The legal issue is not merely that the scammer lied. The issue is that electronic data or documents may have been created or altered to make a false communication appear genuine.

IX. Illegal Access and Hacked Email Accounts

Not all impersonation uses a fake email address. Sometimes the scammer actually gains access to the real email account.

This creates additional legal issues, including:

  1. Unauthorized access to a computer system;
  2. Interception of communications;
  3. Misuse of credentials;
  4. Data breach;
  5. Identity theft;
  6. Fraud;
  7. Possible liability of insiders who assisted.

If the scammer accessed the real person’s email account without permission, the case becomes more serious. The victim should immediately secure the account, preserve logs, notify contacts, and report the incident.

X. Spoofing Versus Account Hacking

It is important to distinguish spoofing from hacking.

A. Spoofing

Spoofing means the scammer makes the email appear to come from a trusted person or domain, even if the actual account was not accessed.

Example:

The real email is:

juan.delacruz@company.com

The fake email may appear as:

juan.delacruz.company@gmail.com juan.delacruzz@company.com juan.delacruz@cornpany.com juan.delacruz@company-payments.com

The scammer may also manipulate the display name so that the inbox shows only:

Juan Dela Cruz

B. Hacking

Hacking means the scammer actually gained access to the real account and sent emails from it.

This is more dangerous because recipients may see a legitimate email address and existing email thread.

C. Why the Difference Matters

The distinction affects:

  1. Evidence collection;
  2. Liability;
  3. Account recovery;
  4. Data breach assessment;
  5. Reporting obligations;
  6. Cybercrime charges;
  7. Security measures;
  8. Whether the impersonated person’s own account was compromised.

XI. Data Privacy Implications

Fake email impersonation often involves personal information.

The scammer may collect, use, or disclose personal information without consent or legal basis. The impersonated person’s name, email, signature, job title, photograph, and contact details may be misused. The email recipient may also be tricked into revealing personal data.

A. Personal Information

Personal information includes information from which a person’s identity is apparent or can be reasonably and directly ascertained.

Names, email addresses, job titles, mobile numbers, photos, signatures, and identification details may be personal information.

B. Sensitive Personal Information

Sensitive personal information may include information about age, marital status, health, education, government-issued numbers, financial information, and other protected data.

If the scammer obtains IDs, bank details, medical records, payroll data, or government numbers, data privacy issues become more serious.

C. Liability for Unauthorized Processing

Unauthorized collection, use, disclosure, or malicious disclosure of personal information may result in liability under data privacy law.

D. Obligations of Organizations

If a company email, system, employee record, customer list, or database was compromised, the organization may have to assess whether a personal data breach occurred.

A reportable breach may require notification to the National Privacy Commission and affected data subjects, depending on the nature of the breach, likelihood of harm, and sensitivity of the data.

XII. Cyber Libel and Reputation Damage

If the fake email contains defamatory statements and is sent using someone’s name, two types of harm may occur.

First, the person named in the email may suffer reputational damage because recipients believe they sent the offensive or fraudulent message.

Second, the person attacked in the message may be defamed.

Cyber libel may arise if a defamatory imputation is made through a computer system or similar means. The email may be considered electronic publication if sent to a third person.

Examples:

  • A scammer uses Maria’s name to send an email accusing a co-worker of theft.
  • A fake lawyer email accuses someone of criminal conduct.
  • A spoofed executive email falsely announces that an employee was terminated for fraud.
  • A fake email spreads malicious allegations to clients.

In such cases, possible claims include cyber libel, ordinary defamation, damages, and injunctive or protective relief where appropriate.

XIII. Falsification and Use of Falsified Documents

Fake email impersonation frequently involves fabricated documents.

Examples include:

  1. Fake invoices;
  2. Fake receipts;
  3. Fake bank account change forms;
  4. Fake board resolutions;
  5. Fake authority to represent;
  6. Fake contracts;
  7. Fake demand letters;
  8. Fake settlement agreements;
  9. Fake notarized documents;
  10. Fake government notices;
  11. Fake certificates.

If signatures, official documents, private documents, or commercial documents are falsified, separate offenses may arise.

The use of a falsified document may itself create liability, especially if the document was used to cause payment, induce action, or support a false claim.

XIV. Access Device and Financial Account Issues

If the scam involves bank accounts, credit cards, debit cards, online banking credentials, e-wallets, OTPs, or payment cards, special laws on access devices and banking fraud may be relevant.

The scammer may be liable for obtaining, possessing, using, trafficking, or attempting to use access devices or account information without authority.

Victims should immediately notify banks, e-wallet providers, payment processors, and law enforcement. Time matters because financial institutions may be able to freeze funds, trace transactions, or identify receiving accounts.

XV. Civil Liability

Apart from criminal prosecution, a fake email impersonation scam may give rise to civil liability.

Civil claims may include:

  1. Actual damages;
  2. Moral damages;
  3. Exemplary damages;
  4. Attorney’s fees;
  5. Business losses;
  6. Reputational harm;
  7. Costs of investigation and mitigation;
  8. Loss due to unauthorized transfer;
  9. Injunction or other equitable relief.

A. Actual Damages

Actual damages refer to proven monetary loss.

Examples:

  • Money transferred to the scammer;
  • Cost of recovering accounts;
  • Cost of cybersecurity investigation;
  • Loss from unauthorized purchases;
  • Cost of notifying customers;
  • Business interruption losses.

B. Moral Damages

Moral damages may be claimed where the victim suffered anxiety, embarrassment, humiliation, sleepless nights, social humiliation, or reputational injury, subject to proof and legal basis.

C. Exemplary Damages

Exemplary damages may be awarded in proper cases to deter serious, fraudulent, malicious, or oppressive conduct.

D. Attorney’s Fees

Attorney’s fees may be recoverable in appropriate cases, especially when the victim was compelled to litigate or incur legal expense due to the wrongful act.

XVI. Who Are the Victims?

There may be multiple victims in one fake email impersonation scam.

A. The Person Whose Name Was Used

This person may suffer identity misuse, reputational harm, professional damage, emotional distress, and possible exposure to suspicion.

Even if the impersonated person did not lose money, they may still have legal rights.

B. The Recipient Who Was Deceived

This person or entity may suffer financial loss, data loss, or unauthorized disclosure of information.

C. The Company or Organization

A company may lose money, confidential information, trade secrets, customer data, or business reputation.

D. Customers, Employees, or Third Parties

If personal data or payment instructions were compromised, other affected persons may also have claims or reporting rights.

XVII. Who May Be Liable?

Potentially liable persons include:

  1. The scammer who created or sent the fake email;
  2. A person who supplied personal information used in the scam;
  3. A person who received or laundered the proceeds;
  4. A mule account holder who knowingly allowed use of a bank or e-wallet account;
  5. An insider who assisted the scammer;
  6. A person who forged documents;
  7. A person who hacked or accessed the account;
  8. A person who knowingly used the falsified email or document;
  9. An organization that negligently failed to protect personal data, in appropriate cases;
  10. An employee who violated security protocols, depending on the facts.

Liability is fact-specific. Not every recipient or account holder is automatically guilty. Knowledge, participation, negligence, and benefit received must be assessed.

XVIII. Evidence in Fake Email Impersonation Cases

Evidence is critical. Victims should preserve the email and related communications.

Important evidence includes:

  1. Original email file;
  2. Full email headers;
  3. Sender address;
  4. Reply-to address;
  5. Display name;
  6. IP logs, if available;
  7. Attachments;
  8. Screenshots;
  9. Domain registration details;
  10. Payment instructions;
  11. Bank transfer receipts;
  12. E-wallet transaction records;
  13. Chat messages linked to the scam;
  14. Call logs;
  15. Device logs;
  16. Login alerts;
  17. Security notifications;
  18. Internal approval records;
  19. CCTV footage, if money was withdrawn;
  20. Witness statements;
  21. Company policies and verification protocols;
  22. Prior email thread used by the scammer;
  23. Proof that the impersonated person did not authorize the message.

Screenshots are useful, but they may not be enough. Full email headers are often more important because they may show routing information, server data, authentication results, and technical clues.

XIX. Importance of Full Email Headers

A normal screenshot may show only the visible sender name and message. Full headers can reveal more.

Headers may show:

  1. Actual sending domain;
  2. Reply-to mismatch;
  3. Mail servers used;
  4. SPF, DKIM, or DMARC results;
  5. IP addresses;
  6. Message ID;
  7. Date and time stamps;
  8. Forwarding path;
  9. Authentication failures;
  10. Possible spoofing indicators.

For legal and forensic purposes, victims should avoid deleting the original email. They should export or preserve it in a manner that maintains metadata.

XX. Electronic Evidence in Philippine Proceedings

Emails, screenshots, chat messages, logs, digital documents, and electronic records may be admissible in Philippine proceedings if properly authenticated and presented.

Relevant issues include:

  1. Authenticity;
  2. Integrity;
  3. Reliability;
  4. Chain of custody;
  5. Identification of the sender;
  6. Proof that the message was received;
  7. Proof that the content was not altered;
  8. Competence of the witness presenting the evidence.

Electronic evidence should be preserved carefully. Printing an email may help for convenience, but the original electronic version and metadata are often more valuable.

XXI. Immediate Steps for the Person Being Impersonated

A person whose name is being used in a fake email scam should act quickly.

A. Preserve Evidence

Save copies of the fake email, screenshots, headers, attachments, and reports from recipients. Ask recipients to forward the message as an attachment rather than merely forwarding text, if possible.

B. Notify Affected Contacts

Send a warning to people who may receive the fake email.

The warning should say:

  • The email is fake;
  • The person did not send or authorize it;
  • Recipients should not click links or send money;
  • Recipients should verify through known official channels;
  • Recipients should preserve the email and report any loss.

C. Secure Real Accounts

Even if the scam appears to be spoofing, the real person should still change passwords, enable multi-factor authentication, check login activity, review forwarding rules, and revoke suspicious sessions.

D. Report to the Email Provider

Report the fake email address or spoofing activity to the platform provider.

E. Report to Company IT or Security

If the impersonation involves a workplace identity, the company should investigate whether corporate systems, domains, signatures, or employee data were compromised.

F. Consider Police, NBI, or Cybercrime Reporting

If money was lost, personal data was misused, or the scam is ongoing, formal reporting may be appropriate.

G. Consider Legal Demand or Takedown

If the scammer is identifiable, legal demand, takedown requests, preservation requests, and civil or criminal remedies may be considered.

XXII. Immediate Steps for the Recipient Who Was Scammed

A recipient who acted on a fake email should:

  1. Stop further communication with the scammer;
  2. Preserve all emails and attachments;
  3. Save full headers;
  4. Contact the real person through a trusted channel;
  5. Notify the bank or e-wallet provider immediately;
  6. Request transaction hold, reversal, or freeze where possible;
  7. File an incident report with the company;
  8. Report to law enforcement;
  9. Change passwords if credentials were shared;
  10. Revoke unauthorized access;
  11. Monitor accounts;
  12. Notify affected individuals if personal data was disclosed;
  13. Document all losses.

Delay may make recovery more difficult, especially where funds are quickly withdrawn or transferred.

XXIII. Duties of Companies When Their Employee or Officer Is Impersonated

If a scammer impersonates a company officer, employee, or representative, the company should treat the matter as a security incident.

Possible company actions include:

  1. Conducting an internal investigation;
  2. Checking whether accounts were compromised;
  3. Reviewing logs;
  4. Preserving evidence;
  5. Notifying affected customers, suppliers, employees, or partners;
  6. Issuing a scam advisory;
  7. Coordinating with banks;
  8. Reporting to law enforcement;
  9. Assessing data breach obligations;
  10. Reviewing payment verification controls;
  11. Disabling compromised accounts;
  12. Updating email authentication protocols;
  13. Training employees.

If personal data was compromised, the company may have obligations under data privacy law.

XXIV. When Is a Data Breach Notification Required?

Not every fake email scam is automatically a reportable data breach. The organization must assess the facts.

Relevant questions include:

  1. Was personal information accessed, acquired, used, or disclosed without authority?
  2. Was sensitive personal information involved?
  3. Is there a real risk of serious harm?
  4. How many individuals were affected?
  5. Was the data encrypted or otherwise protected?
  6. Was the email account actually compromised?
  7. Were customer, employee, or supplier records exposed?
  8. Can the risk be contained?

If the incident involves unauthorized access to personal data and likely harm, notification to the National Privacy Commission and affected individuals may be required.

XXV. Bank and E-Wallet Transfers: Recovery Issues

Once funds are transferred to a scammer-controlled account, immediate action is necessary.

Victims should contact the sending and receiving financial institutions as soon as possible. They should provide:

  1. Transaction reference number;
  2. Date and time;
  3. Amount;
  4. Sender account;
  5. Receiving account;
  6. Copy of the fake email;
  7. Police or incident report, if available;
  8. Request to freeze or hold funds;
  9. Request for investigation.

Recovery is not guaranteed. Funds may be withdrawn, transferred to mule accounts, converted to cryptocurrency, or split across multiple accounts.

However, quick reporting improves the chance of tracing, freezing, or documenting the transaction.

XXVI. Mule Accounts and Liability

A mule account is a bank or e-wallet account used to receive scam proceeds.

The account holder may be:

  1. The scammer;
  2. A paid participant;
  3. A person who knowingly allowed use of the account;
  4. A person deceived into receiving funds;
  5. A person whose account was compromised.

If the mule account holder knowingly participated, they may face criminal and civil liability. If they were also deceived, their liability depends on their knowledge, negligence, and conduct after receiving the funds.

Victims should include receiving account details in reports.

XXVII. Workplace Impersonation and Employee Liability

Email impersonation scams often succeed because employees process requests without verification.

An employee who unknowingly follows a fake instruction is not automatically criminally liable. However, employment consequences may arise if the employee violated company policies, ignored red flags, or failed to follow payment controls.

Possible employment issues include:

  1. Negligence;
  2. Gross negligence;
  3. Failure to follow internal controls;
  4. Unauthorized release of confidential information;
  5. Breach of cybersecurity policy;
  6. Breach of data privacy policy;
  7. Failure to escalate suspicious requests.

Disciplinary action must still comply with due process. The employer must prove the employee’s fault and the applicable policy violation.

XXVIII. Red Flags of Fake Email Impersonation

Common warning signs include:

  1. Slightly misspelled email domains;
  2. Display name does not match email address;
  3. Reply-to address differs from sender address;
  4. Urgent payment request;
  5. Request to bypass normal procedure;
  6. Request for secrecy;
  7. Sudden change in bank account details;
  8. New supplier account;
  9. Poor grammar or unusual tone;
  10. Unusual time of sending;
  11. Refusal to call or verify;
  12. Links to fake login pages;
  13. Attachments requiring password or macros;
  14. Request for OTP or password;
  15. Unexpected invoice or demand letter;
  16. Use of fear, embarrassment, or authority;
  17. Email thread appears incomplete or altered;
  18. Payment destination does not match known records.

XXIX. Preventive Measures for Individuals

Individuals can reduce risk by:

  1. Using strong passwords;
  2. Enabling multi-factor authentication;
  3. Checking login activity;
  4. Avoiding password reuse;
  5. Keeping recovery email and phone secure;
  6. Being careful with public posting of email, job title, and signature;
  7. Not sharing OTPs;
  8. Verifying urgent requests through known channels;
  9. Avoiding suspicious links;
  10. Reporting fake accounts;
  11. Monitoring financial accounts;
  12. Using secure devices and updated software.

A person whose name is publicly visible online may be more vulnerable to impersonation because scammers can copy photos, signatures, work titles, and writing style.

XXX. Preventive Measures for Companies

Companies should adopt layered controls.

A. Payment Verification

Any request to change bank details or make urgent payment should require independent verification through a trusted contact method.

Examples:

  • Call the known supplier number on file, not the number in the suspicious email;
  • Require dual approval;
  • Use vendor master file controls;
  • Require confirmation for bank account changes;
  • Use callback procedures for large transfers.

B. Email Authentication

Companies should implement and monitor email authentication measures such as SPF, DKIM, and DMARC. These help reduce spoofing and improve detection.

C. Employee Training

Employees should be trained to identify phishing, spoofing, fake invoices, and impersonation scams.

D. Incident Response Plan

Companies should have a written plan for suspected scams, including who to contact, how to preserve evidence, and how to coordinate with banks and law enforcement.

E. Access Controls

Companies should limit access to payment systems, payroll records, customer databases, and sensitive files.

F. Data Minimization

The less unnecessary personal data the company exposes or stores, the lower the risk of misuse.

G. Vendor Management

Vendor onboarding and bank detail changes should be controlled, documented, and independently verified.

XXXI. Legal Remedies for the Impersonated Person

A person whose name was used may pursue several remedies.

A. Criminal Complaint

The person may file a complaint for identity theft, cybercrime-related offenses, falsification, libel, or other applicable crimes.

B. Civil Action

The person may claim damages if reputation, business, employment, privacy, or emotional well-being was harmed.

C. Takedown or Platform Report

The person may report fake accounts, fake email addresses, malicious domains, and phishing pages to service providers.

D. Data Privacy Complaint

If personal information was misused, a complaint or report to the appropriate privacy authority may be considered.

E. Employer or Institutional Report

If the name was used in a work-related scam, the person should report the incident internally.

F. Public Advisory

A carefully worded advisory may help stop further harm. It should avoid defamatory accusations unless facts are verified.

XXXII. Legal Remedies for the Person Who Lost Money

A person or company that lost money may pursue:

  1. Criminal complaint for estafa and cybercrime-related offenses;
  2. Bank fraud investigation;
  3. Freezing or tracing requests through proper channels;
  4. Civil claim for damages;
  5. Complaint against identifiable participants;
  6. Insurance claim, if covered;
  7. Internal recovery action against negligent employees, where legally justified;
  8. Data privacy and cybersecurity reporting.

The person who lost money should act quickly because financial recovery becomes harder with time.

XXXIII. Where to Report in the Philippines

Depending on the facts, reports may be made to:

  1. The Philippine National Police Anti-Cybercrime Group;
  2. The National Bureau of Investigation Cybercrime Division;
  3. The affected bank or e-wallet provider;
  4. The email or platform provider;
  5. The National Privacy Commission, if personal data is involved;
  6. The company’s internal security, legal, HR, or compliance team;
  7. The prosecutor’s office, with assistance of counsel where appropriate.

Victims should prepare a clear incident summary and attach evidence.

XXXIV. What to Include in an Incident Report

A good incident report should include:

  1. Name of complainant;
  2. Contact details;
  3. Date and time of incident;
  4. Description of fake email;
  5. Email address used by scammer;
  6. Name impersonated;
  7. Recipient of email;
  8. Amount lost, if any;
  9. Bank or e-wallet details involved;
  10. Attachments or links used;
  11. Full email headers, if available;
  12. Screenshots;
  13. Timeline of events;
  14. Steps already taken;
  15. Names of witnesses;
  16. Suspected person, if any;
  17. Requested action.

The report should be factual and chronological.

XXXV. Sample Incident Summary

Subject: Incident Report on Fake Email Impersonation Scam

On [date], I discovered that an unknown person used my name and identity to send emails to [recipient/s]. The email address used was [fake email address], which is not owned, controlled, or authorized by me. The message falsely represented that it came from me and requested [money/payment/information/action].

I did not send, authorize, approve, or benefit from the email. I learned of the incident when [state how discovered]. Attached are copies of the fake email, screenshots, full email headers if available, and related communications.

The incident has caused or may cause financial loss, confusion, reputational damage, and misuse of my personal information. I respectfully request investigation, preservation of relevant records, and appropriate action.

XXXVI. Demand Letter Considerations

A demand letter may be useful if the sender is identifiable. It may demand that the person:

  1. Stop using the victim’s name;
  2. Preserve records;
  3. Take down fake accounts or domains;
  4. Return money;
  5. Correct false statements;
  6. Issue clarification;
  7. Pay damages;
  8. Refrain from contacting others using the victim’s identity.

However, where the scammer is unknown or likely criminal, law enforcement reporting may be more practical than sending a demand letter.

XXXVII. Defenses and Complications

Fake email impersonation cases can be complex.

Common complications include:

  1. The scammer is anonymous;
  2. The email was sent from abroad;
  3. The receiving account is under another person’s name;
  4. The scammer used VPNs or anonymizing tools;
  5. Funds were quickly transferred;
  6. The impersonated person is wrongly blamed;
  7. Evidence was deleted;
  8. The recipient clicked phishing links;
  9. The real email account may have been compromised;
  10. Multiple jurisdictions are involved.

A person accused of sending the email may defend themselves by proving lack of authorship, lack of account control, spoofing, account compromise, absence of benefit, or absence of participation.

XXXVIII. Liability of the Impersonated Person

The mere fact that a scam used someone’s name does not make that person liable.

The impersonated person is usually a victim, not a wrongdoer.

However, questions may arise if:

  1. The person’s account was compromised due to negligence;
  2. The person ignored known compromise signs;
  3. The person allowed another person to use the account;
  4. The person benefited from the scam;
  5. The person participated in the scheme;
  6. The person failed to warn others after learning of ongoing misuse.

Liability depends on participation, negligence, causation, and proof.

XXXIX. Liability of Email Providers and Platforms

Email providers and platforms are generally not automatically liable merely because a scammer used their services. However, they may be required to act on reports, preserve records where legally required, enforce terms of service, or respond to lawful requests from authorities.

Victims should report fake accounts and phishing emails through provider abuse channels. For formal records, law enforcement may need to issue appropriate requests or legal process.

XL. Cross-Border Issues

Many fake email scams involve foreign actors, foreign servers, foreign domains, or foreign bank accounts.

Cross-border issues may affect:

  1. Investigation speed;
  2. Access to logs;
  3. Preservation of evidence;
  4. Identification of suspects;
  5. Enforcement of judgments;
  6. Recovery of funds;
  7. Coordination with foreign platforms and authorities.

Even if the scammer is abroad, Philippine authorities may still investigate if the victim, damage, recipient, account, or relevant act has a Philippine connection.

XLI. Prescription Periods

Prescription periods depend on the offense or civil claim involved.

Cybercrime, estafa, falsification, libel, data privacy violations, and civil claims may have different prescriptive periods. The period may be counted from discovery or commission depending on the applicable rule.

Victims should not delay. Prompt reporting also helps preserve digital evidence, which may be deleted by platforms or overwritten by systems.

XLII. Practical Checklist for Victims

For the impersonated person:

  • Save the fake email;
  • Request full headers from recipients;
  • Issue a warning to affected contacts;
  • Change passwords;
  • Enable multi-factor authentication;
  • Check account forwarding rules;
  • Check login history;
  • Report fake accounts;
  • Notify employer or organization;
  • File a report if harm occurred;
  • Keep a record of reputational or financial damage.

For the person who paid money:

  • Contact bank or e-wallet immediately;
  • Request hold, freeze, trace, or reversal;
  • Preserve email and headers;
  • Report to law enforcement;
  • Contact the real person through trusted channels;
  • File internal incident report;
  • Change credentials if shared;
  • Gather transaction records;
  • Monitor accounts;
  • Document all losses.

For companies:

  • Freeze pending payments;
  • Verify bank account changes;
  • Alert finance, legal, IT, and management;
  • Preserve logs and emails;
  • Check for compromised accounts;
  • Notify affected parties;
  • Review data breach obligations;
  • Report to banks and law enforcement;
  • Strengthen controls;
  • Conduct employee awareness training.

XLIII. Common Mistakes After an Email Impersonation Scam

Victims often make mistakes that weaken recovery or prosecution.

Common mistakes include:

  1. Deleting the email;
  2. Keeping only screenshots;
  3. Failing to save full headers;
  4. Replying further to the scammer;
  5. Delaying bank notification;
  6. Posting accusations publicly without proof;
  7. Assuming the named person sent the email;
  8. Failing to secure the real account;
  9. Not warning other potential targets;
  10. Not documenting the timeline;
  11. Sending evidence only through informal chat;
  12. Ignoring data privacy implications;
  13. Failing to check whether the scam is still ongoing.

XLIV. Public Advisory Template

When someone’s name is being used in a fake email scam, a public or private advisory may be helpful.

Sample Advisory:

Please be advised that emails appearing to come from me using the address [fake email address] are not authorized and were not sent by me. Do not reply, click links, open attachments, send money, or provide personal information in response to those emails. Kindly verify any request through my official contact channels. If you received such an email, please preserve the message, including full headers if possible, and report it.

XLV. Difference Between Impersonation, Identity Theft, and Libel

These terms are related but distinct.

A. Impersonation

Impersonation is pretending to be another person. It may be wrongful even if no money was obtained.

B. Identity Theft

Identity theft involves unauthorized acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another person, usually through or involving ICT in cybercrime cases.

C. Libel or Cyber Libel

Libel concerns defamatory statements. If the fake email falsely attributes defamatory statements to someone or defames a third person, libel issues may arise.

D. Estafa

Estafa concerns fraud that causes damage or loss. If the fake identity induced payment or transfer, estafa may apply.

A single fake email can involve all these concepts at once.

XLVI. Special Case: Fake Email Using a Lawyer’s Name

If a scammer uses a lawyer’s name to send a fake demand letter, settlement proposal, or legal threat, the matter may involve:

  1. Identity theft;
  2. Cybercrime-related fraud;
  3. Falsification;
  4. Unauthorized practice implications;
  5. Damage to professional reputation;
  6. Possible extortion if threats are used to obtain money;
  7. Civil damages.

The impersonated lawyer should warn affected recipients, preserve evidence, notify relevant institutions, and consider reporting to law enforcement.

Recipients should verify legal demands directly through official law office contact details, not through contact information in the suspicious email.

XLVII. Special Case: Fake Email Using a Company Executive’s Name

If a scammer uses a company executive’s name, the company should assess whether:

  1. The executive’s real account was compromised;
  2. The scammer used a lookalike domain;
  3. Internal information was leaked;
  4. Employees followed payment verification procedures;
  5. Customers or suppliers were affected;
  6. Personal data was exposed;
  7. Public advisory is needed;
  8. Financial institutions should be notified;
  9. Insurance coverage applies.

This is often a governance, cybersecurity, employment, and legal issue at the same time.

XLVIII. Special Case: Fake Email Using a Private Person’s Name

Even private individuals can be victims of impersonation.

The scam may target relatives, classmates, friends, creditors, employers, landlords, or online contacts.

Legal remedies remain available if the fake email caused fraud, reputational harm, privacy invasion, identity theft, or financial loss.

XLIX. How to Prove You Did Not Send the Fake Email

The impersonated person may need to show that they did not send or authorize the email.

Helpful evidence includes:

  1. The email address is not theirs;
  2. The domain is fake or misspelled;
  3. The message style is inconsistent;
  4. The email was sent at a time they had no access;
  5. Their real account logs show no such sent message;
  6. Their device was not used;
  7. Recipients confirm the suspicious address;
  8. Full headers show an unrelated server;
  9. The payment account does not belong to them;
  10. They did not benefit from the transaction;
  11. They immediately warned others upon discovery.

An affidavit may be prepared if formal proceedings are needed.

L. Affidavits and Sworn Statements

In criminal complaints, victims and witnesses are often required to submit affidavits.

An affidavit may contain:

  1. Personal details of the affiant;
  2. Relationship to the incident;
  3. How the fake email was discovered;
  4. Why the email is unauthorized;
  5. Copies of evidence;
  6. Amount lost, if any;
  7. Identity of suspected person, if known;
  8. Steps taken after discovery;
  9. Statement of willingness to testify.

The affidavit should be factual, specific, and supported by attachments.

LI. Coordination With IT Forensics

For companies and serious cases, IT forensic assistance may be necessary.

Forensic review may examine:

  1. Email headers;
  2. Mail server logs;
  3. Login records;
  4. IP addresses;
  5. Device compromise;
  6. Malware;
  7. Forwarding rules;
  8. Unauthorized OAuth apps;
  9. Domain spoofing;
  10. Phishing links;
  11. Compromised credentials;
  12. Data exfiltration.

A forensic report may support legal action and internal remediation.

LII. Interaction With Insurance

Some companies have cyber insurance, crime insurance, fidelity bonds, or fraud coverage.

Policies may require:

  1. Prompt notice;
  2. Proof of loss;
  3. Police report;
  4. Internal investigation;
  5. Cooperation with insurer;
  6. Preservation of evidence;
  7. Mitigation efforts.

Coverage depends on policy language. Some policies exclude losses caused by voluntary transfer, employee negligence, or failure to follow verification procedures.

LIII. Risk of Wrongful Accusation

Victims should be careful not to accuse the impersonated person without proof.

A fake email may display a real person’s name, but that does not prove that person sent it. Publicly accusing the wrong person may expose the accuser to defamation or damages claims.

A safer statement is:

“An email falsely using the name of [person] was received.”

Instead of:

“[Person] scammed me.”

The difference matters.

LIV. Legal Strategy Considerations

The best legal strategy depends on the main harm.

If money was lost:

Prioritize bank notification, police/NBI report, cybercrime complaint, and tracing.

If reputation was damaged:

Prioritize advisory, evidence preservation, takedown, affidavit, and possible civil or criminal complaint.

If personal data was compromised:

Prioritize containment, breach assessment, privacy documentation, and notification if required.

If company systems were compromised:

Prioritize forensic investigation, access control, incident response, and legal reporting.

If the scammer is known:

Consider demand letter, criminal complaint, civil action, and preservation requests.

LV. Preventive Legal Policies for Businesses

Businesses should adopt written policies addressing:

  1. Email security;
  2. Payment approval;
  3. Vendor bank account changes;
  4. Data privacy;
  5. Incident reporting;
  6. Acceptable use of company email;
  7. Password and MFA requirements;
  8. Confidential information handling;
  9. Disciplinary consequences;
  10. Cybersecurity training;
  11. Document retention;
  12. Evidence preservation.

Policies help prevent scams and establish accountability when incidents happen.

LVI. Key Takeaways

Fake email impersonation using someone’s name is a serious legal and cybersecurity issue in the Philippines.

The same act may involve identity theft, estafa, cybercrime, forgery, falsification, data privacy violations, cyber libel, civil damages, and employment consequences.

The person whose name was used may be a victim even if they did not lose money. The recipient who relied on the fake email may also be a victim. A company may suffer financial, reputational, operational, and regulatory harm.

The most important practical steps are to preserve evidence, secure accounts, warn affected persons, notify banks immediately if money was transferred, assess data privacy implications, and report to the proper authorities where necessary.

The central legal principle is simple: no one may use another person’s name, identity, authority, or reputation to deceive others. When that deception is carried out through email or electronic systems, Philippine law may treat it not only as ordinary fraud but as a cybercrime with broader consequences.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login