Fake HR Email Asking for ID Philippines

I. Introduction

A fake HR email asking for an ID is a common form of phishing, identity theft, recruitment scam, employment fraud, and data privacy risk in the Philippines. It usually involves a message pretending to come from a company’s human resources department, recruiter, hiring manager, payroll officer, benefits administrator, government liaison, or outsourced HR provider. The email asks the recipient to submit a valid government ID, selfie, resume, bank details, tax information, SSS, PhilHealth, Pag-IBIG, TIN, birth certificate, proof of address, or other personal data.

The email may look legitimate. It may use the company logo, a real employee’s name, a job posting, a fake offer letter, a forged onboarding form, or a domain name that looks similar to the real company email. The recipient may believe they are applying for a job, completing pre-employment requirements, verifying payroll, updating employee records, or complying with a background check.

In the Philippine context, this conduct may involve identity theft, computer-related fraud, phishing, estafa, illegal access, data privacy violations, falsification, recruitment fraud, and other offenses depending on the facts. It may also expose the victim to future risks such as loan fraud, SIM registration misuse, e-wallet takeover, bank account opening, fake employment contracts, social media impersonation, money mule schemes, and unauthorized use of identity documents.

This article discusses what a fake HR email asking for ID means, the legal issues involved, possible crimes and liabilities, what evidence to preserve, what to do if an ID was already sent, how to report the incident, and how individuals and employers can reduce risk.

II. Nature of a Fake HR Email Asking for ID

A fake HR email is an email that falsely claims to be from a legitimate employer, recruiter, HR department, agency, or company representative. Its purpose may be to obtain personal information, identity documents, money, account access, or trust.

The request for ID may be framed as:

  1. pre-employment verification;
  2. applicant screening;
  3. job offer processing;
  4. background check;
  5. payroll enrollment;
  6. work-from-home equipment release;
  7. company ID issuance;
  8. contract preparation;
  9. government benefits registration;
  10. visa or overseas deployment processing;
  11. training access;
  12. remote onboarding;
  13. urgent HR compliance;
  14. employee record update;
  15. salary account opening;
  16. tax or benefits validation; or
  17. security verification.

The danger is that a government ID contains highly valuable personal information. Once submitted to a scammer, it may be used to impersonate the victim, open accounts, obtain loans, register SIMs, bypass verification checks, or commit fraud against others.

III. Why IDs Are Valuable to Scammers

A valid ID can be used as a building block for identity fraud. Depending on the quality of the copy and the information visible, scammers may use it to:

  1. create fake online accounts;
  2. pass e-wallet verification;
  3. apply for digital loans;
  4. open bank or finance accounts;
  5. register SIM cards;
  6. impersonate the victim to relatives, employers, or clients;
  7. create fake employment or recruitment records;
  8. commit marketplace scams;
  9. receive scam proceeds as a money mule;
  10. access personal accounts through social engineering;
  11. forge documents;
  12. bypass know-your-customer requirements;
  13. create fake company or payroll records;
  14. apply for credit;
  15. harass the victim through threats or extortion;
  16. sell the data to other scammers; or
  17. combine the ID with other leaked information for more serious fraud.

The risk increases if the victim also submitted a selfie holding the ID, specimen signature, bank account details, proof of billing, payslip, SSS number, TIN, PhilHealth number, Pag-IBIG number, birth date, address, phone number, or emergency contact.

IV. Common Forms of Fake HR Email Scams

A. Fake Job Offer

The victim receives an email saying they have been shortlisted, accepted, or selected for a job. The email asks for a government ID to prepare the employment contract.

B. Fake Remote Work Onboarding

The scammer claims the victim will work from home and must submit ID to receive equipment, training access, or payroll credentials.

C. Fake Payroll Verification

The email claims that payroll needs a valid ID, bank details, or e-wallet information to process salary.

D. Fake Benefits Update

The email pretends to update SSS, PhilHealth, Pag-IBIG, HMO, insurance, or tax records.

E. Fake Recruitment Agency

The email claims to be from a recruiter or manpower agency and asks for ID, placement fees, medical fees, uniform fees, training fees, or processing fees.

F. Fake Company Domain

The email address resembles a legitimate company domain but contains slight changes, such as missing letters, extra hyphens, unusual extensions, free email accounts, or lookalike characters.

G. Fake Background Check

The scammer asks the victim to upload ID to a supposed background-check portal or cloud form.

H. Fake Interview Confirmation

The victim is asked to submit ID before an interview, often through a suspicious link or attachment.

I. Fake Government Compliance

The email claims that IDs are needed for DOLE, BIR, SSS, PhilHealth, Pag-IBIG, immigration, or labor compliance.

J. Fake Internal HR Notice

Employees may receive an email pretending to be from their actual company HR, asking them to update ID records through a link. This may be business email compromise or internal phishing.

V. Warning Signs of a Fake HR Email

A fake HR email may show one or more red flags:

  1. sender uses Gmail, Yahoo, Outlook, or another free email for a supposed company HR function;
  2. email domain is misspelled or different from the official company domain;
  3. urgent request for ID before any proper interview;
  4. request for payment, processing fee, reservation fee, or equipment deposit;
  5. poor grammar, unusual formatting, or generic greeting;
  6. job offer without application or interview;
  7. salary offer that is unusually high for the role;
  8. request to click a suspicious link;
  9. request to upload ID to an unknown form or file-sharing site;
  10. request for OTP, password, PIN, or recovery code;
  11. refusal to conduct a video call using official company channels;
  12. no verifiable recruiter profile;
  13. mismatch between company name, website, domain, and signature block;
  14. attachments with unusual file types;
  15. pressure to respond immediately;
  16. request for front and back of ID plus selfie;
  17. request for bank or e-wallet account before a formal employment process;
  18. email copied to suspicious addresses;
  19. email claims confidentiality to prevent verification; or
  20. the supposed HR representative cannot be found through official company channels.

Not every red flag proves a crime, but multiple red flags should trigger verification before submitting any document.

VI. Applicable Philippine Laws

Several laws may apply depending on what the scammer did and what information was obtained.

A. Cybercrime Prevention Act

The Cybercrime Prevention Act may apply because the scheme uses email, online forms, websites, messaging platforms, or computer systems.

Possible cybercrime offenses include:

  1. computer-related identity theft;
  2. computer-related fraud;
  3. illegal access, if an email account or company system was hacked;
  4. data interference, if data was altered or deleted;
  5. system interference, if systems were disrupted;
  6. misuse of devices, if credentials or tools were used;
  7. cyber libel, if defamatory content was involved; and
  8. aiding or abetting cybercrime.

B. Computer-Related Identity Theft

This may apply when a person intentionally obtains, uses, possesses, transfers, or misuses identifying information belonging to another person without right.

A government ID, ID number, name, birth date, address, photo, signature, email address, phone number, and employment details may be identifying information. If the fake HR email was used to collect these details, identity theft may be implicated.

C. Computer-Related Fraud

Computer-related fraud may apply when deception through a computer system causes damage or results in an unlawful benefit. A fake HR email asking for ID may be part of fraud if the scammer uses it to obtain data, money, account access, or other benefit.

D. Estafa

Estafa may apply if the scammer deceives the victim into giving money, documents, property, or value. In a fake HR scheme, estafa may arise if the victim pays processing fees, training fees, placement fees, medical fees, equipment deposits, or other amounts based on false representations.

E. Data Privacy Act

The Data Privacy Act is relevant because the scam involves personal information and possibly sensitive personal information. Unauthorized collection, use, disclosure, storage, or processing of personal data may result in liability.

The victim’s ID contains personal data. If the scammer collected it without lawful basis or used it for fraudulent purposes, privacy violations may be involved. If a legitimate employer negligently exposed applicant or employee data, the employer may also face data protection issues.

F. Revised Penal Code

Other offenses under the Revised Penal Code may apply depending on the facts, such as:

  1. estafa;
  2. falsification of documents;
  3. use of falsified documents;
  4. usurpation of authority or official functions, if pretending to be a public officer;
  5. unjust vexation;
  6. threats or coercion;
  7. libel, if reputational harm is involved;
  8. theft or qualified theft, if account access or funds are taken; and
  9. other fraud-related offenses.

G. Illegal Recruitment and Labor-Related Offenses

If the fake HR email is connected with job placement, recruitment, overseas employment, collection of fees, or promises of deployment, illegal recruitment laws may be relevant. This is especially serious when the scam involves overseas work, placement fees, fake agencies, or unauthorized recruiters.

H. SIM Registration and Financial Account Misuse

If the stolen ID is used to register SIMs, open e-wallets, verify financial accounts, or obtain digital loans, additional laws and regulations may be implicated. The person whose ID was used may need to dispute fraudulent accounts and file reports to avoid being blamed.

I. Anti-Money Laundering Concerns

If the victim’s identity is used to open or verify accounts that receive scam proceeds, the victim may be dragged into money mule or suspicious transaction issues. Prompt reporting helps show that the victim did not authorize the use of the ID.

VII. Who May Be Liable?

Possible liable persons may include:

  1. the sender of the fake HR email;
  2. the person who created the fake email account;
  3. the person who controls the phishing website or form;
  4. the person who receives and uses the ID;
  5. the person who sells the personal data;
  6. the person who opens accounts using the ID;
  7. the person who receives money through the fraud;
  8. accomplices or recruiters who knowingly participate;
  9. money mules who knowingly receive proceeds;
  10. insiders who leaked applicant or employee data;
  11. company employees who negligently mishandle data, in appropriate cases; and
  12. entities that fail to protect personal data when legally responsible.

In many cases, the first visible sender is not the final user of the stolen ID. Investigation may follow the email account, domain registration, payment trail, IP records, phone numbers, uploaded forms, and financial accounts.

VIII. Victim Scenarios

A. Applicant Sent ID but No Money

The victim may still face identity theft risk. The main concern is misuse of personal information.

B. Applicant Sent ID and Selfie

This is more serious because ID selfies may be used for account verification, loan applications, and e-wallet registration.

C. Applicant Sent ID, Bank Details, and Signature

The risk of financial impersonation increases.

D. Applicant Paid a Fee

This may support fraud, estafa, or illegal recruitment claims.

E. Employee Received Fake Internal HR Email

This may indicate phishing, business email compromise, or attempted access to company systems.

F. Company’s Real HR Email Was Hacked

If the email came from a real HR account that was compromised, illegal access and data breach issues may arise. The company may need to investigate and notify affected persons or authorities when required.

G. Applicant Uploaded ID to a Fake Portal

The portal may have collected data from many victims. Evidence should include the URL, screenshots, confirmation emails, and uploaded fields.

H. Victim Later Receives Loan Collection Notices

This may mean the ID was used for fraudulent loans or accounts. The victim should immediately dispute the account and file police, cybercrime, and data privacy reports.

IX. Immediate Steps Before Sending Any ID

Before submitting ID to a supposed HR contact, the recipient should verify the request.

Practical verification steps include:

  1. check the sender’s email domain carefully;
  2. compare with the company’s official website domain;
  3. call the company using an official phone number from its website;
  4. contact the recruiter through LinkedIn or official channels;
  5. ask for a video interview through official company tools;
  6. avoid clicking suspicious links;
  7. check whether the job posting exists on the official careers page;
  8. confirm whether ID is required at that stage;
  9. ask why the ID is needed and how it will be protected;
  10. refuse to provide OTPs, passwords, PINs, or recovery codes;
  11. do not pay fees to get hired;
  12. verify whether the recruiter is licensed, if a recruitment agency is involved;
  13. check if the form is hosted on a legitimate company domain;
  14. avoid sending complete IDs through unsecured email if unnecessary; and
  15. consider watermarking documents when appropriate.

Verification should be done independently, not by replying to the suspicious email.

X. What to Do If You Already Sent Your ID

If the ID was already sent, act quickly.

A. Stop Further Communication

Do not send more documents, money, selfies, OTPs, passwords, bank details, or signatures.

B. Preserve Evidence

Do not delete the email. Preserve headers, sender details, attachments, links, and all communications.

C. Warn the Real Company

If the email used a company’s name, notify the real company’s HR, security, or data protection office. They may issue a warning and confirm whether the email was fake.

D. Report the Email as Phishing

Report it in your email provider and, if applicable, to your employer’s IT or security team.

E. Monitor Financial and Online Accounts

Watch for loan applications, e-wallet verification attempts, SIM registration issues, bank alerts, suspicious calls, password reset messages, or OTP requests.

F. Change Passwords

If you clicked a link or entered credentials, immediately change passwords for email, job portal, banking, e-wallet, and social media accounts. Enable two-factor authentication.

G. Contact Banks and E-Wallets

If bank details or e-wallet information were submitted, notify providers and ask what protective measures are available.

H. File Reports

Consider reporting to PNP Anti-Cybercrime Group, NBI Cybercrime Division, the prosecutor’s office, or the National Privacy Commission depending on the facts.

I. Prepare an Affidavit of Non-Authorization

If the ID may be misused, an affidavit may help document that the victim did not authorize the use of the ID for loans, SIMs, accounts, or transactions.

J. Monitor Credit and Collection Notices

If digital loans or accounts later appear under the victim’s name, dispute them immediately and provide the report and affidavit.

XI. Evidence to Preserve

Evidence should be preserved before links disappear, emails are deleted, or scammers change accounts.

A. Email Evidence

Save:

  1. full email message;
  2. sender address;
  3. reply-to address;
  4. subject line;
  5. date and time received;
  6. full email headers;
  7. attachments;
  8. embedded links;
  9. signature block;
  10. company logo used;
  11. IP or routing information in headers, if available;
  12. screenshots of the email;
  13. exported email file, if possible; and
  14. any follow-up emails.

Full headers are important because the visible sender name may be fake.

B. Link and Website Evidence

If the email contains a link, preserve:

  1. URL;
  2. screenshots of the page;
  3. form fields requested;
  4. company logos used;
  5. domain name;
  6. upload confirmation page;
  7. privacy notice or lack of one;
  8. payment instructions, if any;
  9. downloadable forms;
  10. contact details listed; and
  11. date and time accessed.

Do not continue using a suspicious site if it asks for credentials or downloads files.

C. Documents Sent

Keep copies of what was sent:

  1. front and back of ID;
  2. selfie with ID;
  3. resume;
  4. application form;
  5. transcript;
  6. birth certificate;
  7. proof of address;
  8. bank details;
  9. signature specimen;
  10. SSS, PhilHealth, Pag-IBIG, and TIN details;
  11. certificates;
  12. payslips; and
  13. other attachments.

D. Money Transfer Evidence

If money was paid, preserve:

  1. payment instructions;
  2. bank or e-wallet recipient name;
  3. account number or mobile number;
  4. QR code;
  5. receipt;
  6. transaction reference number;
  7. amount;
  8. date and time;
  9. customer service complaint ticket;
  10. failed reversal request; and
  11. any communication after payment.

E. Communications Outside Email

Scammers may continue through Messenger, Viber, WhatsApp, Telegram, SMS, or phone calls. Preserve all messages, numbers, usernames, call logs, and voice notes where lawfully available.

XII. Importance of Email Headers

Email headers can show technical details that are not visible in the ordinary email view. These may include routing information, originating servers, authentication results, and possible spoofing indicators.

For a legal complaint or IT investigation, full headers may help determine whether:

  1. the sender spoofed a domain;
  2. the email passed or failed authentication checks;
  3. a legitimate account was compromised;
  4. the email came from a suspicious service;
  5. the reply-to address differs from the visible sender;
  6. multiple victims received similar emails; and
  7. the company’s domain was abused.

A layperson does not need to analyze headers alone, but should preserve them.

XIII. Reporting to the Real Company

If a fake HR email uses a company name, report it to the company through official channels.

The report should include:

  1. the fake email address;
  2. screenshots;
  3. full email headers, if available;
  4. links used;
  5. documents requested;
  6. whether ID was submitted;
  7. whether money was requested;
  8. whether payment was made;
  9. job posting or offer details;
  10. names used by the scammer;
  11. phone numbers or messaging accounts; and
  12. request for confirmation that the email is fake.

The company may issue an advisory, report the domain, warn applicants, and investigate whether its brand, employees, or systems were misused.

XIV. Reporting to PNP Anti-Cybercrime Group or NBI Cybercrime Division

A victim may report to cybercrime authorities when the email involves phishing, identity theft, fraud, or unauthorized use of data.

Bring or prepare:

  1. valid government ID;
  2. printed and digital copies of the email;
  3. full email headers;
  4. screenshots of the fake HR email;
  5. URL of the form or website;
  6. copy of documents submitted;
  7. proof of payment, if any;
  8. bank or e-wallet recipient details;
  9. communication logs;
  10. report to the real company;
  11. report to email provider or platform;
  12. chronology of events;
  13. affidavit, if available; and
  14. contact details of witnesses or other victims.

Cybercrime authorities may assist in technical documentation, investigation, and referral for prosecution.

XV. Reporting to the National Privacy Commission

A report to the National Privacy Commission may be considered when the matter involves misuse of personal data, data breach, unauthorized processing, or negligence by a personal information controller.

Possible situations include:

  1. a legitimate company mishandled applicant data;
  2. a company’s HR account was compromised and applicant data was exposed;
  3. an entity collected IDs without proper privacy notice or lawful basis;
  4. personal information was sold, shared, or misused;
  5. many applicants were affected;
  6. sensitive personal information was involved; or
  7. the victim’s data was used for identity fraud.

If the fake HR email was purely from an unknown scammer pretending to be a company, cybercrime reporting may be the first practical step. If a real company or recruiter was involved in mishandling data, privacy remedies become more important.

XVI. Reporting to Banks, E-Wallets, and Loan Apps

If the victim submitted ID and financial details, they should be alert to unauthorized accounts or loans.

If a fraudulent account or loan appears, the victim should:

  1. immediately dispute it in writing;
  2. state that the ID was submitted to a fake HR email;
  3. attach police or cybercrime report if available;
  4. attach affidavit of non-authorization;
  5. ask for account freeze or investigation;
  6. request copies of application documents, subject to rules;
  7. request correction of records;
  8. demand cessation of wrongful collection if the loan is fraudulent;
  9. preserve all collection messages; and
  10. escalate to the proper regulator or authority if ignored.

Victims should not pay a fraudulent loan merely to stop harassment without first disputing it, because payment may be treated as acknowledgment.

XVII. If the ID Is Used for a Loan

A common consequence is receiving calls or messages from lending apps or collectors about a loan the victim never applied for.

The victim should:

  1. ask for the loan account details;
  2. deny authorization in writing;
  3. request investigation;
  4. provide proof of identity theft report;
  5. ask for copies of the alleged application;
  6. preserve collection messages;
  7. do not admit liability;
  8. do not provide more IDs unless verified and necessary;
  9. file a complaint if collection becomes abusive;
  10. report to cybercrime authorities; and
  11. consider data privacy and consumer protection remedies.

If the lender approved a loan based on stolen ID without adequate verification, the lender’s procedures may be questioned.

XVIII. If the ID Is Used for SIM Registration

If the victim suspects that their ID was used to register a SIM, they should report to the relevant telecommunications provider and authorities.

The victim should document:

  1. the fake HR email;
  2. the ID submitted;
  3. date of submission;
  4. suspicious calls or messages;
  5. any number believed to be registered using the ID;
  6. law enforcement report;
  7. affidavit of non-authorization; and
  8. request for investigation and deactivation if appropriate.

Private persons may not easily obtain SIM registration records, but authorities may request them through lawful process.

XIX. If the ID Is Used for an E-Wallet or Bank Account

If the stolen ID was used to open or verify a wallet or account, the victim should notify the financial institution immediately.

The victim should request:

  1. account investigation;
  2. freeze or restriction of fraudulent account, if applicable;
  3. confirmation that the victim did not authorize the account;
  4. protection from being treated as account owner or money mule;
  5. preservation of records;
  6. correction of customer data;
  7. escalation to fraud department; and
  8. written reference number for the report.

Financial institutions may not disclose all details due to privacy and banking laws, but the report creates a record that the victim is disputing unauthorized use.

XX. If the Fake Email Came From a Real Company Address

Sometimes a fake HR email appears to come from an actual company domain because:

  1. the HR account was hacked;
  2. the company email was spoofed;
  3. an employee account was compromised;
  4. an insider misused access;
  5. a third-party recruiter was compromised;
  6. the company’s domain security was weak;
  7. forwarding rules were inserted by attackers;
  8. the email display name was deceptive; or
  9. the victim misread a lookalike domain.

If the email came from a real company address, the company should investigate immediately. It may need to secure accounts, notify affected persons, preserve logs, assess breach obligations, and coordinate with law enforcement.

The victim should still preserve the email headers because they may show whether the email truly came from the company system.

XXI. Employer Responsibilities

Employers and legitimate recruiters should protect applicants and employees from fake HR emails by:

  1. using official domains only;
  2. publishing official recruitment channels;
  3. warning applicants against fake recruiters;
  4. avoiding unnecessary collection of IDs too early;
  5. using secure upload portals;
  6. providing privacy notices;
  7. limiting access to applicant documents;
  8. verifying recruiter identities;
  9. securing HR email accounts;
  10. using multi-factor authentication;
  11. training HR staff on phishing;
  12. monitoring fake job posts;
  13. issuing advisories when scams appear;
  14. reporting impersonation to platforms;
  15. responding to victim reports; and
  16. complying with data protection obligations.

Employers should not casually ask applicants to email sensitive documents without proper safeguards.

XXII. Applicant Rights

Applicants have the right to ask:

  1. why the ID is needed;
  2. whether submission is mandatory;
  3. what specific ID is acceptable;
  4. how the ID will be stored;
  5. who will access it;
  6. how long it will be retained;
  7. whether it will be shared with third parties;
  8. what privacy notice applies;
  9. whether there is a secure upload method;
  10. how to verify the recruiter;
  11. whether the job offer is legitimate; and
  12. how to request deletion if not hired.

A legitimate employer should be able to explain why personal data is being collected and how it will be protected.

XXIII. Should Applicants Send IDs Before Being Hired?

Employers may need ID for legitimate recruitment, background checks, contract preparation, or onboarding. However, applicants should be cautious when asked for sensitive documents too early.

A safer approach is:

  1. verify the company and recruiter first;
  2. submit only the minimum necessary information;
  3. use secure upload channels;
  4. avoid sending unnecessary IDs;
  5. avoid sending selfie-with-ID unless truly required and verified;
  6. watermark copies when appropriate;
  7. obscure unnecessary ID details when acceptable;
  8. ask for a privacy notice;
  9. keep a record of what was submitted; and
  10. never submit OTPs, passwords, or banking credentials.

A request for ID is not automatically suspicious, but it must be verified and proportionate.

XXIV. Watermarking ID Copies

When submitting an ID to a verified recipient, a person may consider placing a watermark on the copy, such as:

“FOR [COMPANY NAME] JOB APPLICATION ONLY – [DATE]”

A watermark can reduce misuse, although some institutions may reject altered copies. The watermark should not cover essential details if the document is legitimately required.

The safest practice is to ask the legitimate recipient what format is acceptable.

XXV. Reducing Data Shared

If a verified employer only needs identity confirmation, the applicant may ask whether certain details may be masked, such as:

  1. ID number;
  2. address;
  3. signature;
  4. QR code or barcode;
  5. birth date;
  6. secondary details;
  7. back side of ID; or
  8. other unnecessary information.

However, some legitimate verification processes require complete copies. The key is to confirm legitimacy first.

XXVI. Links, Attachments, and Malware

A fake HR email may be designed not only to collect IDs but also to infect the device or steal credentials.

Be cautious with:

  1. .exe files;
  2. password-protected archives;
  3. macro-enabled documents;
  4. suspicious PDF links;
  5. fake DocuSign links;
  6. fake Google Forms;
  7. fake Microsoft login pages;
  8. shortened URLs;
  9. QR codes;
  10. attachments requiring password entry;
  11. links asking for email login;
  12. forms asking for OTPs; and
  13. mobile apps to install.

If a suspicious attachment was opened or credentials were entered, the victim should change passwords, enable two-factor authentication, scan devices, and notify IT if using a work device.

XXVII. What If the Victim Clicked a Link but Did Not Submit ID?

There may still be risk if the link led to malware, credential theft, or tracking.

The victim should:

  1. close the website;
  2. avoid downloading files;
  3. change passwords if credentials were entered;
  4. run security scans;
  5. check email forwarding rules;
  6. check logged-in devices;
  7. enable two-factor authentication;
  8. monitor accounts;
  9. report the phishing email; and
  10. preserve evidence.

If no information was submitted and no file was downloaded, risk may be lower, but caution is still appropriate.

XXVIII. What If the Victim Entered Email Password or OTP?

This is urgent. The victim should immediately:

  1. change the email password from a safe device;
  2. log out all sessions;
  3. enable two-factor authentication;
  4. change recovery email and phone if altered;
  5. check forwarding and filter rules;
  6. check sent items and deleted items;
  7. notify contacts if scam emails were sent;
  8. change passwords for accounts linked to the email;
  9. contact bank and e-wallet providers if linked;
  10. preserve evidence; and
  11. report the incident.

An email account can be used to reset passwords for many other services, so securing it is a priority.

XXIX. What If Money Was Paid for a Job?

Payment for a job, training, equipment, medical exam, uniform, placement, or processing should be treated with caution.

If money was paid:

  1. preserve payment receipt;
  2. contact bank or e-wallet immediately;
  3. request freeze or reversal if possible;
  4. report to cybercrime authorities;
  5. report to the real company whose name was used;
  6. report to labor or recruitment authorities if employment or overseas work is involved;
  7. execute an affidavit;
  8. preserve all job offer documents;
  9. warn other applicants; and
  10. do not pay additional amounts.

A legitimate job process should not rely on suspicious payments to personal accounts.

XXX. Recruitment and Overseas Employment Scams

Fake HR emails may be connected with overseas job scams. These are especially dangerous because scammers may collect IDs, passports, medical fees, visa fees, placement fees, training fees, and travel documents.

Warning signs include:

  1. promise of overseas deployment without proper process;
  2. no valid recruitment license;
  3. personal bank account for payment;
  4. urgent demand for visa or processing fee;
  5. fake embassy documents;
  6. fake work permits;
  7. fake job orders;
  8. communication only through email or chat;
  9. refusal to provide official office address;
  10. request for passport and ID copies;
  11. unrealistic salary and benefits;
  12. no interview with employer;
  13. no verifiable contract; and
  14. pressure to keep the offer confidential.

Victims should report suspected illegal recruitment or overseas employment scams to appropriate authorities.

XXXI. Company Impersonation and Brand Abuse

When scammers impersonate a company’s HR department, the company may also be a victim. The scam damages its name and may expose applicants to harm.

The company should:

  1. issue an official warning;
  2. publish legitimate recruitment channels;
  3. report fake domains and emails;
  4. report fake job posts;
  5. coordinate with law enforcement;
  6. help victims verify legitimacy;
  7. preserve reports from victims;
  8. secure its own systems;
  9. investigate possible insider leaks; and
  10. review recruitment data protection controls.

Companies should avoid ignoring reports from applicants because delayed response may allow scams to spread.

XXXII. Possible Complaints and Remedies

Depending on the facts, a victim may pursue:

  1. cybercrime complaint for identity theft or fraud;
  2. estafa complaint if money was paid;
  3. illegal recruitment complaint if job placement or overseas work is involved;
  4. data privacy complaint if personal data was misused or mishandled;
  5. complaint to bank or e-wallet provider;
  6. complaint to email provider or hosting provider;
  7. report to the real company;
  8. civil action for damages if offender is identified;
  9. request for takedown of fake site or email domain;
  10. dispute of fraudulent loans or accounts;
  11. affidavit of non-authorization; and
  12. protective monitoring of accounts.

The correct combination depends on whether only data was taken, money was lost, accounts were opened, or the victim’s identity was later misused.

XXXIII. Complaint-Affidavit Structure

A complaint-affidavit may be organized as follows:

  1. personal circumstances of complainant;
  2. how the email was received;
  3. sender address, subject, and date;
  4. why the email appeared to be from HR;
  5. what the email requested;
  6. what documents or data were submitted;
  7. whether money was paid;
  8. links, forms, and attachments involved;
  9. later discovery that the email was fake;
  10. confirmation from the real company, if any;
  11. harm suffered;
  12. risk of identity theft;
  13. steps taken to secure accounts;
  14. attached screenshots, headers, receipts, and documents;
  15. known respondent details, if any;
  16. request for investigation and prosecution; and
  17. oath.

The affidavit should be specific, chronological, and supported by evidence.

XXXIV. Documents to Attach to a Complaint

Useful attachments include:

  1. printed copy of fake HR email;
  2. full email headers;
  3. screenshots of sender address and message;
  4. suspicious links and forms;
  5. screenshots of upload page;
  6. copies of documents submitted;
  7. proof of money transfer;
  8. customer service reports;
  9. confirmation from real company denying the email;
  10. report to email provider;
  11. report to bank or e-wallet;
  12. report to company HR;
  13. job post or advertisement;
  14. fake offer letter or contract;
  15. chat logs;
  16. call logs;
  17. affidavit of non-authorization;
  18. valid ID of complainant; and
  19. witness statements.

XXXV. Sample Message to Verify with a Company

An applicant may send the real company:

Good day. I received an email claiming to be from your HR/recruitment team regarding a job application and requesting a copy of my government ID. The sender used the email address [insert email]. Before I submit any document, may I confirm whether this email and request are legitimate?

I have attached a screenshot of the email for verification. Thank you.

XXXVI. Sample Warning to Contacts

If the victim believes the ID may be misused, they may post or send:

Please be advised that I may have been targeted by a fake HR/recruitment email that requested my ID. If you receive any message, account, job offer, loan request, or transaction using my name, photo, or ID, please verify with me directly through my known number before responding or sending money. I did not authorize anyone to use my identity for any transaction.

XXXVII. Sample Report to HR of the Real Company

A report may state:

Good day. I am reporting a possible fake HR email using your company name. The email was sent from [email address] on [date] with the subject [subject]. It requested that I submit my government ID for [reason stated].

I am concerned that this may be an impersonation or phishing attempt. Attached are screenshots and the full email details. Please confirm whether this email came from your company and whether there are other official recruitment channels I should use.

If this is fake, kindly consider issuing an advisory to protect other applicants.

XXXVIII. Sample Affidavit of Non-Authorization Points

An affidavit of non-authorization may state that:

  1. the affiant received a fake HR email;
  2. the affiant submitted a copy of ID because of the false representation;
  3. the affiant did not authorize the sender to use the ID for any loan, SIM registration, bank account, e-wallet, contract, employment transaction, or financial transaction;
  4. any account or transaction using the ID after the incident was not authorized unless separately confirmed by the affiant;
  5. the affiant reported the matter to authorities or relevant institutions; and
  6. the affidavit is executed to support reports, disputes, and investigations.

This should be customized and notarized if needed.

XXXIX. Common Mistakes to Avoid

A. Sending ID Before Verification

Always verify the recruiter and company through official channels.

B. Sending Selfie With ID Too Early

A selfie with ID can be used for account verification and loan fraud.

C. Paying “Processing Fees”

Job scams often begin with small fees that increase over time.

D. Deleting the Email

The email is evidence. Preserve it, including full headers.

E. Only Taking Cropped Screenshots

Keep the full email, sender details, links, attachments, and timestamps.

F. Replying Aggressively to the Scammer

This may alert them to delete evidence. Preserve first and report.

G. Ignoring the Risk After No Money Was Lost

Even if no money was paid, the ID may still be misused later.

H. Not Warning the Real Company

The company may need to warn other applicants.

I. Not Monitoring Loan or E-Wallet Activity

Identity misuse may happen days or months later.

J. Publicly Accusing a Suspect Without Proof

Unsupported accusations can create defamation risk.

XL. Practical Checklist Before Submitting ID to HR

Before sending any ID, check:

  1. Did I apply to this company?
  2. Is the sender’s email domain official?
  3. Does the job exist on the official careers page?
  4. Is the recruiter verifiable?
  5. Is the request appropriate at this stage?
  6. Is the upload link on an official domain?
  7. Is there a privacy notice?
  8. Are they asking for unnecessary details?
  9. Are they asking for money?
  10. Are they asking for OTP, password, or PIN?
  11. Can I verify through official phone or website?
  12. Can I watermark the ID?
  13. Can I submit a less sensitive document first?
  14. Do I have a record of what I submitted?
  15. Am I being pressured to act immediately?

If several answers are suspicious, do not send the ID.

XLI. Practical Checklist After Sending ID to Fake HR

After sending ID, do the following:

  1. stop sending more information;
  2. save the email and full headers;
  3. screenshot all messages;
  4. save links and forms;
  5. record what documents were sent;
  6. notify the real company;
  7. report the email as phishing;
  8. change passwords if any link was clicked;
  9. enable two-factor authentication;
  10. monitor bank, e-wallet, and loan activity;
  11. contact financial institutions if bank data was shared;
  12. file a cybercrime report if there is fraud or identity theft risk;
  13. prepare an affidavit of non-authorization;
  14. dispute any unauthorized account or loan immediately;
  15. warn contacts if identity misuse is likely; and
  16. keep all reports and reference numbers.

XLII. Practical Checklist for Employers

Employers should:

  1. use official recruitment email addresses;
  2. warn applicants against unofficial emails;
  3. publish verified recruitment channels;
  4. avoid collecting IDs too early;
  5. use secure portals for sensitive documents;
  6. provide a clear privacy notice;
  7. limit access to applicant documents;
  8. implement retention and deletion policies;
  9. secure HR accounts with multi-factor authentication;
  10. monitor fake job posts and fake domains;
  11. train HR staff on phishing and impersonation;
  12. respond to applicant verification requests;
  13. report impersonation scams;
  14. coordinate with law enforcement when needed;
  15. notify affected persons if company systems are compromised; and
  16. document all incident response actions.

XLIII. Frequently Asked Questions

1. I sent my ID to a fake HR email. What should I do first?

Stop communicating, preserve the email and headers, notify the real company, secure your accounts, monitor for unauthorized loans or accounts, and consider filing a cybercrime report.

2. Is it illegal for fake HR to ask for my ID?

If the request is made through deception to obtain identifying information, money, or access, it may involve identity theft, computer-related fraud, estafa, data privacy violations, or other offenses.

3. Can a scammer use my ID for loans?

Yes. Stolen IDs may be used for loan applications, e-wallet verification, SIM registration, or other fraudulent accounts, especially if accompanied by a selfie, signature, and personal details.

4. Should I change my ID?

Most government IDs cannot be casually changed just because a copy was exposed. But you should report the incident, monitor misuse, and dispute unauthorized accounts or transactions immediately.

5. Should I report even if no money was lost?

Yes, especially if you submitted a government ID or selfie. A report helps create a record in case your identity is later misused.

6. Can I ask the company if the recruiter is real?

Yes. Use official contact details from the company website or verified pages, not the contact details in the suspicious email.

7. What if the email used a real company logo?

A logo does not prove legitimacy. Scammers can copy logos from the internet.

8. What if the email came from a Gmail address?

Some small businesses use free email accounts, but a major company or formal HR department usually uses an official domain. Treat free-email HR requests for IDs with caution and verify independently.

9. What if I clicked the link but did not submit anything?

Risk may be lower, but you should still avoid further interaction, run security checks, and change passwords if you entered any credentials.

10. What if I entered my email password?

Change it immediately from a safe device, log out all sessions, enable two-factor authentication, check forwarding rules, and change passwords for accounts linked to that email.

11. Can I recover money paid to fake HR?

Possibly, if reported quickly to the bank or e-wallet before cash-out. Recovery becomes harder once funds are withdrawn or transferred.

12. Can the fake HR be traced?

Possibly. Investigators may trace email headers, domains, IP logs, payment accounts, phone numbers, hosting records, and platform data through lawful process.

13. Should I post the scammer’s email publicly?

A factual warning may help others, but avoid unsupported accusations against a specific person. Share enough information to warn others without exposing your own ID or private data.

14. Can I file a case if the sender is unknown?

Yes, you may file a report or complaint for investigation. Authorities may need to identify the person behind the email before prosecution.

15. Is this a data privacy case or a cybercrime case?

It can be both. If a scammer used email to steal ID, cybercrime and fraud issues are central. If personal data was mishandled by a real company or unauthorized processing occurred, data privacy remedies may also apply.

XLIV. Conclusion

A fake HR email asking for ID is not a harmless recruitment message. In the Philippines, it may be part of phishing, identity theft, computer-related fraud, estafa, illegal recruitment, data privacy violations, or financial account misuse. The risk continues even after the email exchange ends because a stolen ID can be used later for loans, e-wallets, SIM registration, impersonation, and other fraudulent transactions.

The safest approach is verification before submission. Applicants and employees should confirm the recruiter, email domain, job posting, upload link, and purpose of collection through official channels. They should never send OTPs, passwords, PINs, or payments to supposed HR contacts.

If an ID has already been sent, the victim should preserve evidence, report the fake email, notify the real company, secure accounts, monitor for misuse, and consider filing reports with cybercrime authorities, financial institutions, and data privacy regulators where appropriate. If money was paid or accounts were opened using the ID, the victim should act immediately to dispute the transaction and create a formal record of non-authorization.

In fake HR identity scams, speed and documentation matter. The faster the victim preserves evidence, reports the incident, and prevents further misuse, the better the chance of limiting damage and supporting future legal action.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login