Filing a Cybercrime Complaint in the Philippines

Filing a Cybercrime Complaint in the Philippines – 2025 Complete Legal Guide

This material is for general information only and is not a substitute for personalised legal advice.

1. Governing Legal Framework

Pillar Key Issuance Why it matters when you file
Primary statute Republic Act No. 10175 – Cybercrime Prevention Act of 2012 Defines punishable cyber-offences, creates PNP/NBI cyber-units, gives courts power to issue cyber-warrants, and sets six-month data-retention and venue rules.
Latest finance-fraud law RA 12010 (2024) – Anti-Financial Account Scamming Act (AFASA) Lets banks freeze suspicious e-wallet transfers and authorises BSP, NBI & PNP to apply for cyber-warrants. Complaints usually start at PNP-ACG/NBI then move to prosecutors.
Connectivity law RA 11934 (2022) – SIM Registration Act Lets investigators subpoena telcos for SIM data and require preservation of call-detail records; vital for SMS scams & SIM-swap cases.
Procedural rules A.M. No. 17-11-03-SC – Rule on Cybercrime Warrants Enumerates four specialised warrants: WDCD, WSSECD, WICD & WTD; also fixes venue for cyber-cases in special RTC branches.
E-evidence A.M. No. 01-7-01-SC – Rules on Electronic Evidence Governs authentication of screenshots, chat logs, e-mail headers, hash values, etc. (screenshots must be complete, not cropped).

Related statutes regularly invoked in complaints: Data Privacy Act (RA 10173), Access-Devices Regulation Act (RA 8484), Anti-Photo & Video Voyeurism (RA 9995), OSAEC/CSAEM law (RA 11930), and the Revised Penal Code on libel, estafa and unjust vexation.

2. Enforcement Architecture

Agency Typical cases How to reach them
PNP Anti-Cybercrime Group (ACG) Hacks, online scams, sextortion, cyber-bullying, SIM-based threats Walk-in at Camp Crame or any Regional Cybercrime Unit, or use hotlines 0968-867-4302 (Smart) / 0967-136-0322 (Globe) / 0992-989-3889 (Dito).
NBI Cybercrime Division (CCD) Large-value fraud, cross-border schemes, forensic imaging, MLAT requests E-Complaint portal or Manila HQ (Taft Ave.).
Cybercrime Investigation & Coordination Center (CICC) Central incident coordination; public on-line complaint form; runs 24/7 Situation Room Online report form (report.cicc.gov.ph) or phone 1326.
DOJ Office of Cybercrime (OOC) Supervises prosecutors, issues subpoenas to ISPs, handles mutual legal assistance File via your local City/Provincial Prosecutor; OOC coordinates behind the scenes.

Tip – choose the agency that can act fastest on the evidence you already possess; you can always elevate later to another office or directly to the prosecutor.

3. What Counts as “Cybercrime”?

RA 10175 groups offences into (a) attacks on data/systems (illegal access, data interference), (b) computer-related crimes (online fraud, identity theft), and (c) content-related crimes (cyber-sex, child pornography, unsolicited spam, cyber-libel). AFASA (RA 12010) now expressly criminalises money-muling and phishing-style social-engineering.

4. Evidence Preservation & Admissibility

  1. Grab originals first – full-screen captures with URL, date/time, scrolling context.
  2. Export native files.eml, .pst, chat JSON/HTML, blockchain hashes; save to write-protected media.
  3. Keep devices unaltered – investigators may image storage; demand a forensic receipt with hash values.
  4. Authenticate – under A.M. 01-7-01-SC, attach a sworn Certification of Authenticity or witness with personal knowledge of how the data was taken.
  5. Act within 6 + 6 months – traffic-data retention under §13 RA 10175 is only six months (renewable once on request).

5. Complaint-Affidavit Checklist

Item Minimum contents
Narrative Chronology (who/what/where/when/how); cite violated penal provisions.
Annexes Label A, B, C…; include storage-media (USB/SSD) with digital copies.
Certification Statement that annexes are faithful reproductions; declare no alteration.
Oath & ID Notarised or sworn before prosecutor/investigator; attach photocopy of gov’t ID.
Authority SPA if filing for a corporation or on behalf of minor.

Five printed copies are still the norm before prosecutors/courts; electronic filing is accepted only where an RTC branch has activated e-Court.

6. Where & When to File

  • Venue – any of (i) the place where the offence or any element occurred, (ii) where any part of the computer system is situated, or (iii) where damage was suffered (Rule on Cybercrime Warrants § 2.1).
  • No barangay conciliation – penalties generally exceed one year.
  • Prescriptive periods – most cyber-crimes follow RA 3326 (12 years); cyber-libel is still one year pending final Supreme Court resolution.

7. Step-by-Step Procedure for Victims

  1. Initial assessment & evidence freeze

  2. Pick your entry point

    • PNP-ACG front desk → Incident Record Form → Reference Control Number.
    • NBI E-Complaint → online schedule → walk-in oath-taking.
    • Direct to City/Provincial Prosecutor (when offender is known) → docket fee & subpoena issuance.

  3. Data-preservation order – investigator may apply ex-parte to court within 24 h to compel ISP/telco to retain logs for 30 days (extendible).

  4. Forensics & case build-up – extraction, chain-of-custody, subpoena to platforms (Facebook, Google, Binance, etc.) via DOJ-OOC/MLAT.

  5. Preliminary investigation – respondent files counter-affidavit; prosecutor resolves probable cause.

  6. Filing of Information – case raffled to designated Cybercrime RTC; bail, arraignment, pre-trial.

  7. Trial – continuous-trial rules apply; electronic evidence presented with hash-value certification.

A graphical timeline (average) 90 days ► investigation → 60–90 days ► prelim. investigation → 1-3 years ► trialjudgment / restitution.

8. The Four Cyber-Warrants at a Glance

Warrant Purpose Validity
WDCD (Disclose Data) Compel provider to hand over subscriber, traffic or content data. 10 days, renewable once.
WSSECD (Search, Seize & Examine Data) For on-site imaging or remote extraction of computer data/devices. 10 days, renewable once.
WICD (Intercept Data) Real-time capture of traffic/content data (e.g., undercover chat, VoIP). Max 30 days + 30 days extension.
WTD (Take-down) Order to restrict or block content, usually child sexual abuse material. Until lifted by court.

All are issued by the designated Cybercrime Court on probable cause and must be served with body-cams (A.M. 21-06-08-SC) when physically seizing devices.

9. Cross-Border & Financial Dimensions

  • MLAT & Budapest Convention – DOJ-OOC is the Philippine Central Authority for time-sensitive requests to foreign jurisdictions and platforms.
  • Bank freezes under RA 12010 – BSP-supervised institutions may hold disputed e-wallet/online-bank funds for up to 30 days without court order; complainants should file quickly with both the bank and law-enforcement.
  • Asset recovery – courts may issue asset-preservation orders and later award restitution or civil damages in the same criminal action (§15 Rule 111, Rules of Court).

10. Common Pitfalls (and How to Avoid Them)

  1. Cropping / editing screenshots – keep originals; redact only in a separate PDF annex.
  2. Waiting beyond 6-month log window – request data-preservation immediately.
  3. Publicly naming suspect first – exposes you to libel/data-privacy counter-suits.
  4. Refusing to surrender device – ask the investigator to hash-image in your presence; keep the hash print-out.

11. Quick Reference Cheat-Sheet

Need Next step
SMS threat or scam Preserve message ► file with PNP-ACG ► request telco SIM data under RA 11934
Phishing / e-wallet theft Screenshot transaction ► notify bank (freeze) ► NBI-CCD ► possible BSP restitution (RA 12010)
Online defamation Gather URLs & full comments ► notarise affidavit ► either PNP-ACG or direct to prosecutor
OSAEC / child porn Dial 1343 or 911 ► PNP-WCPD + ACG ► immediate WTD & rescue protocols

12. Final Takeaways

File early, file complete, and follow up. Digital traces disappear quickly, and docket congestion is real. A well-prepared complaint-affidavit—supported by forensically sound evidence and filed at the correct office—greatly increases the odds of timely prosecution, take-down of harmful content, and eventual restitution.

Should you need tailored advice or assistance drafting the complaint-affidavit, consult a lawyer who regularly handles cybercrime cases and is familiar with the latest AFASA, SIM-Registration and cyber-warrant rules.

Last updated: 30 May 2025 (UTC+8).

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login