Filing a Cybercrime Complaint with the NBI Philippines

I. Introduction

Cybercrime complaints in the Philippines are commonly filed with the National Bureau of Investigation, particularly through its cybercrime units. These complaints may involve online scams, hacking, identity theft, cyber libel, phishing, online threats, unauthorized access to accounts, malicious use of personal data, sextortion, online harassment, and other offenses committed through computers, mobile phones, social media platforms, messaging apps, websites, or digital payment systems.

The National Bureau of Investigation is one of the principal law enforcement agencies that receives, evaluates, investigates, and builds cybercrime cases for possible referral to the prosecutor’s office. Filing a complaint with the NBI is not the same as filing a criminal case in court. Rather, it is usually the first investigative step that may lead to the preparation of affidavits, preservation of electronic evidence, forensic examination, identification of suspects, and eventual filing of a complaint before the proper prosecutor.

This article explains the legal framework, common offenses, practical requirements, evidentiary considerations, procedure, and remedies involved in filing a cybercrime complaint with the NBI in the Philippines.

II. Legal Framework Governing Cybercrime Complaints

The principal law governing cybercrime in the Philippines is Republic Act No. 10175, otherwise known as the Cybercrime Prevention Act of 2012. It punishes specific offenses committed through or involving computer systems, information and communications technology, or the internet.

Cybercrime complaints may also involve other laws, including:

  1. The Revised Penal Code, when traditional crimes such as estafa, threats, unjust vexation, libel, coercion, or identity-related offenses are committed online.
  2. Republic Act No. 10173, or the Data Privacy Act of 2012, when personal information is unlawfully collected, processed, disclosed, or used.
  3. Republic Act No. 9995, or the Anti-Photo and Video Voyeurism Act of 2009, when intimate images or videos are taken, shared, or threatened to be shared without consent.
  4. Republic Act No. 11930, or the Anti-Online Sexual Abuse or Exploitation of Children and Anti-Child Sexual Abuse or Exploitation Materials Act, when minors are involved.
  5. Republic Act No. 11862, or the Expanded Anti-Trafficking in Persons Act, when online exploitation or trafficking elements are present.
  6. Republic Act No. 8484, or the Access Devices Regulation Act, for certain credit card, account, and access device fraud cases.
  7. Republic Act No. 8792, or the Electronic Commerce Act, on electronic documents and electronic signatures.
  8. The Rules on Electronic Evidence, which govern the admissibility, authentication, and presentation of electronic documents and digital evidence.

Cybercrime cases are often layered. For example, an online investment scam may involve estafa under the Revised Penal Code, computer-related fraud under the Cybercrime Prevention Act, use of false identity, and possible violations of financial regulations. A malicious Facebook post may involve cyber libel, unjust vexation, threats, or data privacy violations, depending on the facts.

III. The Role of the NBI in Cybercrime Complaints

The NBI investigates criminal offenses, including cybercrimes. In the cybercrime context, its role may include receiving complaints, interviewing complainants, preserving evidence, conducting cyber investigation, performing digital forensic examination, coordinating with platforms or service providers, tracing accounts or digital footprints, identifying suspects, and preparing evidence for prosecution.

The NBI does not itself convict offenders. It investigates and may recommend prosecution. The prosecutor determines whether probable cause exists to file an information in court. The court ultimately determines guilt or innocence.

A complainant should therefore understand that filing with the NBI begins a legal process. The complaint must be supported by facts, evidence, and sworn statements. Mere suspicion, anger, or screenshots without context may not be enough.

IV. Common Cybercrime Complaints Filed with the NBI

A. Online Scam or Cyber Estafa

Online scam complaints are among the most common cybercrime matters. These may involve fake sellers, bogus investment schemes, fake job offers, love scams, fake lending apps, cryptocurrency fraud, phishing links, unauthorized withdrawals, or marketplace scams.

The legal basis may include estafa under the Revised Penal Code, computer-related fraud under the Cybercrime Prevention Act, or other special laws. Evidence usually includes conversations, receipts, bank or e-wallet transfer records, account names, URLs, screenshots, tracking numbers, advertisements, proof of payment, and any identification details used by the suspect.

B. Hacking and Unauthorized Access

Unauthorized access occurs when a person intentionally accesses a computer system, account, device, server, or network without authority. Examples include hacking a Facebook account, accessing someone’s email without permission, changing account passwords, taking over a business page, or intruding into private files.

Complaints should include proof of account ownership, login alerts, password reset notices, IP logs if available, recovery emails, screenshots of unauthorized activity, and details of the suspected intruder.

C. Identity Theft and Fake Accounts

Identity theft may involve the use of another person’s name, photos, personal details, or account information to deceive, harass, scam, or impersonate others. A fake account by itself may not automatically be criminal, but it can become actionable when used for fraud, threats, libel, harassment, exploitation, or unlawful processing of personal information.

The complainant should preserve the fake profile link, screenshots, messages sent by the fake account, posts, comments, and proof that the identity or images used belong to the complainant.

D. Cyber Libel

Cyber libel is libel committed through a computer system or similar means. It generally involves a public and malicious imputation of a crime, vice, defect, act, condition, status, or circumstance that tends to dishonor, discredit, or contempt a person.

For a cyber libel complaint, the complainant should preserve the exact post, comment, caption, video, article, or message; the URL; the date and time of publication; the identity of the poster if known; screenshots showing public visibility; and proof that the complainant is identifiable.

Private insults may not always amount to cyber libel. The element of publication is important. The statement must also be defamatory, not merely unpleasant, critical, or opinion-based. However, the distinction can be fact-sensitive.

E. Online Threats, Harassment, and Extortion

Online threats may include messages threatening harm, exposure of private information, release of intimate images, or damage to reputation unless money or another demand is satisfied. Sextortion cases are especially serious and should be reported promptly.

Evidence includes complete chat histories, usernames, phone numbers, account links, payment demands, threats, proof of money sent, and any intimate materials involved. Victims should avoid deleting messages or negotiating further without preserving evidence.

F. Phishing, Account Takeover, and Financial Fraud

Phishing involves fraudulent links, messages, or websites designed to obtain passwords, one-time passwords, banking credentials, e-wallet access, or personal information. The complaint may involve cybercrime, estafa, access device fraud, data privacy violations, or banking-related offenses.

Complainants should keep the phishing link, sender details, SMS messages, emails, call logs, bank statements, transaction histories, reference numbers, and communications with the bank or e-wallet provider.

G. Non-Consensual Sharing of Intimate Images

When intimate images or videos are recorded, shared, uploaded, threatened to be uploaded, or distributed without consent, several laws may apply, including the Anti-Photo and Video Voyeurism Act, cybercrime law, data privacy law, grave coercion, unjust vexation, or anti-violence laws depending on the relationship and facts.

The complainant should preserve evidence carefully, but should avoid unnecessarily forwarding or reproducing the intimate material. The complaint should describe the content and provide secure evidence directly to investigators.

H. Online Sexual Abuse or Exploitation of Children

When a minor is involved, the matter becomes extremely serious. Reports should be made immediately. Evidence should be preserved, but the complainant should not distribute, forward, or repeatedly save exploitative material. The safety of the child is the priority.

V. Who May File the Complaint

A cybercrime complaint may generally be filed by:

  1. The victim;
  2. A parent, guardian, or lawful representative, especially for minors;
  3. A duly authorized company representative, for corporate cyber incidents;
  4. A person with direct personal knowledge of the incident;
  5. A lawyer or authorized representative acting on behalf of the complainant.

For companies, the NBI may require a board resolution, secretary’s certificate, special power of attorney, or written authority proving that the representative is authorized to file the complaint.

For minors, parents or legal guardians should bring proof of relationship or authority, such as a birth certificate, school records, or guardianship documents.

VI. Where to File

A complainant may file with the appropriate NBI office handling cybercrime matters. In practice, many complainants proceed to the NBI Cybercrime Division or the nearest NBI regional or district office that accepts cybercrime complaints.

The proper venue may depend on where the complainant resides, where the act was committed, where the effects were felt, where the respondent may be located, or where the relevant NBI office has jurisdiction or operational capacity.

For urgent matters involving threats to life, ongoing exploitation, child abuse, or continuing extortion, a complainant should also consider immediate police assistance or emergency reporting while preserving digital evidence.

VII. Documents and Evidence to Prepare

A complainant should prepare both identification documents and evidence.

A. Personal Identification

Bring valid government-issued identification, such as a passport, driver’s license, UMID, national ID, PRC ID, voter’s ID, or other recognized identification.

B. Complaint-Affidavit or Written Statement

The NBI may require the complainant to execute a sworn statement or complaint-affidavit. The affidavit should state the facts clearly and chronologically:

  1. Who the complainant is;
  2. Who the suspect is, if known;
  3. What happened;
  4. When it happened;
  5. Where it happened online or physically;
  6. How the complainant discovered the incident;
  7. What accounts, devices, links, or platforms were involved;
  8. What damage, loss, fear, or injury resulted;
  9. What evidence supports the allegations;
  10. What relief or action is being sought.

The affidavit should avoid exaggeration. It should contain facts personally known to the complainant and identify which facts are based on documents, screenshots, witnesses, or digital records.

C. Screenshots and Printouts

Screenshots are useful but must be handled carefully. A good screenshot should show:

  1. The full content of the post, message, transaction, or page;
  2. The account name and username;
  3. The URL or link, if applicable;
  4. The date and time;
  5. Context before and after the relevant message;
  6. Profile details of the account involved;
  7. Any visible metadata or reference number.

Printouts should be clear and legible. It is helpful to arrange screenshots chronologically and label them as annexes.

D. URLs and Account Links

Investigators need precise links. A screenshot of a username may not be enough because usernames can change. Preserve profile URLs, post URLs, page links, marketplace listing links, email headers, phone numbers, and transaction reference numbers.

E. Chat Logs and Messages

Export or preserve full conversations where possible. Avoid deleting messages. Do not crop screenshots in a way that removes context. If the platform allows downloading of account data, that may help, but the original device should still be preserved.

F. Proof of Payment or Financial Loss

For scams and fraud, prepare:

  1. Bank deposit slips;
  2. E-wallet receipts;
  3. Transaction reference numbers;
  4. Screenshots of transfer confirmations;
  5. Account names and account numbers;
  6. Communications with the bank, e-wallet provider, or merchant;
  7. Demand letters, if any;
  8. Proof of non-delivery, false representation, or failed refund.

G. Device or Account Evidence

In hacking, malware, or unauthorized access cases, bring the affected device if requested or preserve it for examination. Do not reset the phone, reformat the computer, delete logs, or uninstall suspicious applications before consulting investigators, unless necessary to prevent further harm.

H. Witness Statements

If other people saw the post, received messages, were scammed by the same person, or can authenticate events, their sworn statements may help.

VIII. Importance of Preserving Electronic Evidence

Electronic evidence is fragile. Posts can be deleted, accounts can be renamed, chats can disappear, and links can become inaccessible. Preservation should be done immediately.

A complainant should:

  1. Take screenshots and screen recordings where appropriate;
  2. Save URLs;
  3. Export conversations if possible;
  4. Preserve emails with full headers;
  5. Keep the device used to receive the messages;
  6. Back up files in secure storage;
  7. Avoid editing or manipulating screenshots;
  8. Record the date and time of capture;
  9. Avoid confronting the suspect in a way that causes deletion of evidence;
  10. Avoid posting the evidence publicly if it may affect the investigation or create legal exposure.

Screenshots alone may be challenged. The Rules on Electronic Evidence require authentication. A complainant should be ready to testify that the screenshots are faithful representations of what appeared on the device or account.

IX. Step-by-Step Procedure for Filing with the NBI

Step 1: Identify the Nature of the Complaint

Before going to the NBI, determine the general category of the incident: scam, hacking, cyber libel, threat, identity theft, phishing, extortion, data breach, or exploitation. This helps organize the facts and evidence.

Step 2: Preserve Evidence Immediately

Save links, screenshots, conversations, transaction records, account details, emails, and other digital traces. Do not delete or alter evidence.

Step 3: Prepare a Chronology

Write a timeline of events. Include dates, times, names, usernames, platforms, amounts, and actions taken. A clear timeline helps investigators quickly understand the complaint.

Step 4: Prepare Identification and Supporting Documents

Bring valid ID, proof of ownership of accounts, proof of payment, device information, and printed or digital copies of evidence.

Step 5: Go to the Appropriate NBI Office

Proceed to the NBI office that handles cybercrime complaints. The complainant may be asked to fill out forms, submit documents, and wait for evaluation.

Step 6: Execute a Complaint-Affidavit or Sworn Statement

The complainant will usually be asked to narrate the facts under oath. The affidavit should be truthful, specific, and supported by annexes.

Step 7: Submit Evidence for Evaluation

Investigators may examine screenshots, links, messages, transaction records, devices, or other materials. They may ask for additional documents or clarification.

Step 8: Investigation and Case Build-Up

The NBI may conduct further investigation, trace digital accounts, coordinate with service providers, request preservation of data, interview witnesses, conduct forensic analysis, or identify suspects.

Step 9: Referral for Prosecutorial Action

If the evidence supports criminal liability, the complaint may be referred to the prosecutor’s office. The complainant may be required to participate in preliminary investigation.

Step 10: Preliminary Investigation

During preliminary investigation, the prosecutor determines whether there is probable cause. The respondent may be required to file a counter-affidavit. The complainant may submit a reply-affidavit. If probable cause is found, the prosecutor may file a case in court.

X. What Happens After Filing

After filing, the complainant should expect that the process may take time. Cybercrime investigations often require technical verification, account tracing, platform coordination, financial record requests, and subpoena processes.

The complainant may be asked to:

  1. Submit additional screenshots or links;
  2. Provide the original device;
  3. Identify suspects;
  4. Execute supplemental affidavits;
  5. Attend meetings or clarificatory interviews;
  6. Coordinate with banks, e-wallet providers, platforms, or telecom companies;
  7. Appear before the prosecutor;
  8. Testify in court if the case proceeds.

The complainant should keep copies of everything submitted. It is advisable to maintain a folder containing the complaint-affidavit, annexes, receipts, screenshots, correspondence, and case reference numbers.

XI. Cybercrime Evidence and Admissibility

Electronic evidence must be relevant and authenticated. In Philippine proceedings, electronic documents may be admissible if properly identified and shown to be reliable.

Authentication may involve testimony from the person who captured the screenshot, account ownership evidence, metadata, email headers, device examination, platform records, transaction logs, or forensic findings.

For example, in a cyber libel complaint, the complainant may need to prove that the defamatory post existed, that it was published online, that the complainant was identifiable, that the respondent was responsible, and that the statement was defamatory. Screenshots may help, but the identity of the poster and integrity of the evidence may still be contested.

For online scam cases, proof of payment alone may not be enough. The complainant must connect the payment to the fraudulent representation and the suspect. Conversations, account details, advertisements, delivery promises, and refusal to refund may be relevant.

XII. Jurisdiction and Venue Issues

Cybercrime creates special jurisdictional problems because acts may be committed in one place, received in another, hosted abroad, and viewed nationwide. A suspect may be anonymous, using a fake name, VPN, prepaid SIM, foreign platform, or mule account.

The NBI may assist in tracing digital evidence, but technical limitations and privacy laws may affect the investigation. International platforms may require formal legal processes before releasing account information. Banks and telecom providers may also require proper legal requests before disclosing subscriber or transaction records.

Venue may depend on the facts and applicable rules. In cyber libel, for example, questions may arise as to where the complainant resides, where the post was accessed, where the respondent acted, or where the effect of publication occurred. In financial fraud, venue may relate to where the complainant was deceived, where payment was made, or where loss was suffered.

XIII. Prescription Periods and Delay

A complainant should not delay. Criminal offenses have prescriptive periods. The applicable period depends on the offense charged. Delay can also cause loss of digital evidence, deletion of accounts, disappearance of posts, closure of bank accounts, or dissipation of funds.

Even if a complainant is still unsure whether the facts amount to a cybercrime, early consultation with the NBI, a lawyer, or another law enforcement agency may help preserve options.

XIV. Practical Tips Before Filing

A complainant should do the following:

  1. Preserve all evidence before confronting the suspect.
  2. Save URLs, not just screenshots.
  3. Make a timeline.
  4. Print important evidence and keep digital copies.
  5. Bring valid ID.
  6. Bring the affected device, if relevant.
  7. Avoid altering, cropping, or editing screenshots.
  8. Avoid posting accusations online before legal review.
  9. Coordinate with banks or e-wallet providers immediately in fraud cases.
  10. Change passwords and secure accounts, but only after preserving evidence.
  11. Enable two-factor authentication.
  12. Report fraudulent accounts to the platform, but preserve evidence first.
  13. Consult a lawyer for serious, high-value, sensitive, or reputational matters.

XV. Drafting the Complaint-Affidavit

A good complaint-affidavit should be factual and organized. It may follow this structure:

  1. Personal circumstances of the complainant State name, age, civil status, nationality, address, and capacity to file.

  2. Identity of the respondent State the respondent’s name if known. If unknown, describe the account, username, phone number, email, bank account, or other identifiers.

  3. Narration of facts Present the events in chronological order.

  4. Description of digital evidence Identify posts, messages, screenshots, links, emails, payment records, devices, and other evidence.

  5. Damage or injury suffered State financial loss, reputational harm, emotional distress, account compromise, threats, or privacy violations.

  6. Acts constituting the offense Explain how the respondent’s acts amount to cybercrime or another offense.

  7. Request for investigation and prosecution Ask the NBI to investigate and assist in filing the appropriate charges.

  8. Annexes Attach screenshots, receipts, IDs, account links, and supporting documents.

The affidavit must be truthful. False statements under oath may expose the complainant to criminal liability.

XVI. Sample Complaint-Affidavit Format

Republic of the Philippines City/Municipality of __________ S.S.

Complaint-Affidavit

I, [Name of Complainant], of legal age, Filipino, and residing at [address], after being duly sworn, state:

  1. I am the complainant in this case.

  2. I am filing this complaint against [name of respondent, if known], also known online as [username/account name], using the account/profile/link [URL or identifier].

  3. On or about [date], I encountered/responded to/received [describe post, message, transaction, link, or act] through [platform/app/website].

  4. The respondent represented to me that [state false representation, threat, defamatory statement, unauthorized act, or other conduct].

  5. Relying on said representation, I [sent money/disclosed information/responded/was harmed]. Attached as Annex “A” is a copy of [receipt/screenshot/message].

  6. Thereafter, [state what happened next: failure to deliver, account takeover, threat, publication, continued harassment, etc.].

  7. I preserved screenshots and links of the relevant communications and posts. Attached as Annexes “B,” “C,” and “D” are copies of the same.

  8. As a result of the respondent’s acts, I suffered [financial loss/reputational harm/emotional distress/privacy violation/account compromise].

  9. I respectfully request the National Bureau of Investigation to investigate this matter and to assist in the filing of the appropriate criminal complaint for violation of applicable laws, including the Cybercrime Prevention Act of 2012 and other relevant laws.

  10. I execute this affidavit to attest to the truth of the foregoing and for the purpose of filing a cybercrime complaint.

IN WITNESS WHEREOF, I have signed this affidavit this ___ day of __________ 20__, in __________, Philippines.

[Signature] [Name of Complainant]

SUBSCRIBED AND SWORN to before me this ___ day of __________ 20__, affiant exhibiting competent proof of identity: [ID details].

XVII. Special Considerations for Specific Cases

A. Online Scam Cases

In online scam cases, the most important issues are deception, payment, identity, and loss. The complainant should show what the suspect promised, why it was false, how money was sent, and how the suspect benefited.

It is useful to provide:

  1. The advertisement or listing;
  2. The seller’s account;
  3. The chat conversation;
  4. Proof of payment;
  5. Delivery promises;
  6. Failed refund requests;
  7. Other victims, if known;
  8. Bank or e-wallet account details.

B. Cyber Libel Cases

In cyber libel cases, the complainant should focus on publication, identifiability, defamatory meaning, malice, and authorship. Evidence should show that the statement was posted online and that third persons could view it.

The complainant should avoid responding with defamatory counter-posts. Public online retaliation may create additional legal problems.

C. Hacking Cases

In hacking cases, the complainant should secure accounts immediately but preserve evidence first. Passwords should be changed, recovery emails updated, two-factor authentication enabled, and platform support contacted.

Relevant evidence includes login alerts, account recovery notices, unauthorized posts, changed credentials, messages sent by the hacker, and device logs.

D. Sextortion and Intimate Image Abuse

Victims should not pay if payment will only encourage further demands, but safety and evidence preservation are paramount. The victim should preserve threats, usernames, payment demands, and account links. If the victim is a minor, the matter should be treated as urgent.

E. Corporate Cybercrime

Companies filing complaints should identify the authorized representative, affected systems, incident timeline, financial loss, compromised accounts, logs, and internal investigation findings. Chain of custody is important, especially for server logs, devices, and forensic images.

XVIII. Relationship Between NBI Complaint and Prosecutor’s Office

The NBI may investigate and assist in preparing a complaint, but criminal prosecution is generally handled through the prosecutor’s office. A complainant may file directly with the prosecutor, but NBI assistance is often useful where technical investigation is needed.

After investigation, the case may proceed to preliminary investigation. The prosecutor may dismiss the complaint, require further evidence, or find probable cause. If probable cause is found, an information may be filed in court.

XIX. Possible Remedies

A cybercrime complainant may seek several forms of relief depending on the case:

  1. Criminal investigation and prosecution;
  2. Preservation of electronic evidence;
  3. Removal or takedown requests through platforms;
  4. Freezing or tracing of financial accounts, where legally available;
  5. Recovery of money through civil action;
  6. Protection orders in cases involving violence, harassment, or threats;
  7. Data privacy remedies before the proper authority;
  8. Damages in appropriate civil or criminal proceedings.

The NBI complaint is primarily criminal and investigative. It does not automatically guarantee refund, takedown, arrest, or conviction.

XX. Mistakes to Avoid

Complainants should avoid these common mistakes:

  1. Deleting messages after taking screenshots;
  2. Failing to save URLs;
  3. Sending money again to an extortionist;
  4. Publicly accusing a suspect without legal advice;
  5. Altering screenshots;
  6. Submitting incomplete conversations;
  7. Losing the device used in the incident;
  8. Waiting too long before filing;
  9. Filing based only on suspicion without evidence;
  10. Confusing platform reporting with legal reporting;
  11. Assuming that an account name is the real identity of the suspect;
  12. Ignoring bank, e-wallet, or telecom reporting procedures.

XXI. Rights and Responsibilities of the Complainant

A complainant has the right to seek investigation, submit evidence, be treated with dignity, and pursue legal remedies. However, the complainant also has responsibilities: to tell the truth, preserve evidence, cooperate with investigators, appear when required, and avoid misuse of the criminal process.

Filing a knowingly false complaint may expose the complainant to liability. Cybercrime laws should not be used to silence legitimate criticism, suppress lawful speech, or harass innocent persons.

XXII. The Importance of Legal Counsel

Although a person may file a complaint without a lawyer, legal counsel is advisable in serious cases, especially where:

  1. The amount lost is substantial;
  2. The suspect is known and may retaliate;
  3. The case involves cyber libel;
  4. The complainant is a public figure or business;
  5. Intimate images are involved;
  6. A minor is involved;
  7. Multiple jurisdictions are involved;
  8. The evidence is technical;
  9. Civil recovery is desired;
  10. The complainant may also face counterclaims.

A lawyer can help draft the affidavit, organize evidence, identify the proper offenses, preserve rights, and coordinate with investigators and prosecutors.

XXIII. Conclusion

Filing a cybercrime complaint with the NBI Philippines requires more than simply reporting an online wrong. The complainant must preserve evidence, organize the facts, identify the platforms and accounts involved, prepare a sworn statement, and cooperate with investigators. The NBI may then evaluate the complaint, conduct technical investigation, and assist in building a case for possible prosecution.

Cybercrime cases are evidence-driven. The strongest complaints are those supported by complete screenshots, URLs, transaction records, device information, account details, witness statements, and a clear chronology. Whether the case involves online fraud, hacking, cyber libel, identity theft, threats, phishing, or intimate image abuse, early action and careful preservation of digital evidence are essential.

Because cybercrime law intersects with criminal law, evidence law, data privacy, technology, and constitutional rights, complainants should approach the process carefully. The NBI complaint is an important first step, but successful prosecution depends on proof, procedure, and the proper application of Philippine law.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login