Filing a Scam Complaint in the Philippines: PNP ACG, NBI, and Civil Remedies

This article is for general information and education. It is not legal advice.

Online and offline scams in the Philippines range from classic estafa (swindling) to sophisticated cyber-enabled fraud involving e-wallets, bank transfers, fake marketplaces, investment “doubling,” romance scams, phishing links, and identity takeovers. Victims often ask the same questions: Where do I report? What evidence matters? How do I recover money? What cases apply? This guide lays out the Philippine legal and procedural landscape—especially the roles of the PNP Anti-Cybercrime Group (PNP ACG), the NBI, the prosecutor’s office, and civil remedies for recovery.

1) First priorities: money containment, evidence preservation, and identity security

Before filing cases, two things matter most: (a) stopping further loss and (b) preserving evidence in a way that can stand up in investigation and court.

A. Contain the financial damage

  1. Notify your bank/e-wallet immediately and request:

    • a hold (if possible),
    • reversal or dispute process,
    • recipient account details (limited by privacy/bank secrecy; still request what they can provide),
    • transaction reference numbers and timestamps.

  2. Report to the platform used (marketplace, social media, messaging app) and preserve the report confirmation.

  3. Change passwords / enable MFA on email, banking, e-wallet, and social accounts. If your email is compromised, assume everything tied to it is at risk.

  4. If you sent IDs/selfies, treat it as potential identity fraud risk and monitor accounts and credit.

B. Preserve evidence (do this like you’re building a case file)

Create a folder (cloud + offline backup) and collect:

  • Chat logs (export if possible; otherwise screenshots with visible dates/times)
  • Profile/page URLs, usernames, and any profile details
  • Payment proof: bank transfer slips, e-wallet confirmations, receipts, blockchain tx hashes (if crypto), reference numbers
  • Ads/listings: screenshots + link + date captured
  • Voice calls: call logs; recordings only if lawfully obtained (be careful with recording rules and privacy)
  • Emails: include full headers (important for tracing)
  • Links used for phishing: the URL (don’t click again), and screenshot of the page if safe
  • IDs used by suspect: names, numbers, addresses (even if fake), delivery info, tracking numbers
  • Your narrative timeline: a chronological list of events with dates/times

Tip: Preserve originals. If you screenshot, also keep the original message threads and metadata exports where possible. Investigators value verifiable data (transaction records, platform logs, URLs, headers) over edited screenshots.

2) Which government office to approach: PNP ACG vs NBI vs Prosecutor

A. What PNP ACG generally does well

The PNP Anti-Cybercrime Group is a specialized police unit focused on cyber-related offenses and digital investigation. Victims commonly go to PNP ACG when:

  • the scam was committed online (social media, marketplace, messaging),
  • there is hacking/account takeover, phishing, identity theft,
  • there is a need for technical tracing and coordination.

PNP ACG can:

  • take your complaint and evidence,
  • conduct case build-up/investigation,
  • coordinate with service providers (often requiring legal process),
  • prepare referral/complaint for filing with the prosecutor,
  • in appropriate cases, support operations (subject to rules and coordination).

B. What the NBI commonly does well

The NBI (often through cybercrime-related units) also investigates scams, fraud networks, identity fraud, and cyber-enabled crimes, especially where:

  • the case is complex (multiple victims, syndicates),
  • there is cross-regional scope,
  • there’s a need for deeper investigative resources.

NBI can similarly:

  • receive complaints and evidence,
  • conduct investigative work and case build-up,
  • coordinate with prosecutors for filing.

C. Prosecutor’s Office (DOJ / City/Provincial Prosecutor): where criminal cases are actually filed

In the Philippines, criminal complaints are filed with the Office of the City/Provincial Prosecutor for preliminary investigation (unless it’s an inquest due to warrantless arrest). Even if you go to PNP ACG or NBI first, the case typically moves toward a complaint-affidavit filed before the prosecutor.

Practical takeaway:

  • PNP ACG/NBI are investigative and case build-up routes.
  • The prosecutor is the gatekeeper for filing criminal information in court after finding probable cause.

3) Core criminal laws used against scammers (Philippine context)

Most scam prosecutions use a combination of the Revised Penal Code and special laws, often enhanced by the Cybercrime Prevention Act when ICT is involved.

A. Estafa (Swindling) — Revised Penal Code (RPC)

This is the workhorse charge for scams involving deceit causing damage, such as:

  • selling nonexistent goods,
  • taking payment then disappearing,
  • fake investments,
  • misrepresenting identity or authority to obtain money.

Estafa has multiple modes. Common themes:

  • Deceit/fraudulent acts by the offender,
  • Reliance by the victim,
  • Damage/prejudice (loss of money/property).

Evidence focus: proof of misrepresentation + payment + failure/refusal + intent inferred from conduct and pattern.

B. Cybercrime Prevention Act — RA 10175

RA 10175 covers offenses like illegal access, data interference, computer-related fraud, computer-related identity theft, and more.

Two important concepts for scam victims:

  1. Computer-related fraud and computer-related identity theft can apply when the scheme uses ICT systems to manipulate data or misuse identity credentials.

  2. Section 6 (cyber-related penalty enhancement): When a crime under the Revised Penal Code (like estafa) is committed through and with the use of ICT, courts may treat it as a cyber-related offense, typically resulting in a higher penalty (commonly described as one degree higher, depending on the charge theory and how it’s pleaded/prosecuted).

Why it matters: stronger penalties, cyber-specific investigative tools, and framing the conduct as cyber-enabled can support requests for platform/bank data through lawful process.

C. Access device / credit card / e-payment related offenses

Depending on facts, other laws may apply, such as those dealing with misuse of access devices or fraud involving payment instruments. These are fact-specific and often used when the scam involves card data, unauthorized charges, or similar mechanisms.

D. Identity-related and privacy-related offenses

If the scam involves:

  • impersonation,
  • using your ID/selfie,
  • opening accounts in your name,
  • doxxing or misuse of personal information,

cases may involve identity theft concepts (including under RA 10175) and potentially issues touching on the Data Privacy Act (RA 10173) (usually directed at improper processing/handling of personal data, depending on who did what).

E. Anti-Money Laundering angle (when relevant)

If scam proceeds are layered through accounts, wallets, or multiple transfers, the Anti-Money Laundering Act (AMLA) framework may become relevant—especially for syndicates or large amounts. AMLC processes are specialized and typically pursued through appropriate channels and legal thresholds.

4) Where to file: venue and jurisdiction basics

For cyber-enabled offenses, “where to file” can be confusing because conduct happens online. In practice:

  • Complaints are usually filed where the complainant resides, where the transaction occurred, where funds were sent/received, or where key elements took place—subject to rules and prosecutor assessment.
  • If multiple victims in different places exist, filing may be centralized where the investigation is strongest.

Tip: Bring your evidence and your timeline; investigators/prosecutors often decide the most workable venue based on:

  • location of the victim,
  • location of the suspect (if known),
  • where bank/e-wallet accounts are maintained,
  • where the offense was accessed or consummated.

5) The step-by-step process for filing a criminal scam complaint

Step 1: Prepare a case packet

Include:

  1. Narrative timeline (one to two pages)
  2. Index of evidence
  3. Printed screenshots with annotations (date/time, what it proves)
  4. Transaction documents (bank/e-wallet proofs)
  5. Links/URLs typed out (and QR if helpful)
  6. Copies of your IDs (for affidavit execution)

Step 2: Execute a Complaint-Affidavit

A complaint-affidavit is your sworn statement. It typically contains:

  • your personal circumstances (name, address, etc.),
  • the identity of respondent (or “John/Jane Doe” if unknown) and known identifiers,
  • a chronological narration,
  • specific statements of misrepresentation, payment, and loss,
  • a list of attachments marked as Annexes.

This is usually notarized. Some offices may administer oaths internally, but assume you may need notarization depending on local practice.

Step 3: File via PNP ACG or NBI (optional but common) — then to prosecutor

You can:

  • Go directly to the Prosecutor’s Office and file your complaint-affidavit and annexes; or
  • Go first to PNP ACG/NBI for help in evidence handling and identification/tracing, then file with the prosecutor with investigative support.

Step 4: Preliminary investigation process (typical flow)

  1. The prosecutor evaluates sufficiency and issues subpoena to respondent (if identifiable/serviceable).
  2. Respondent submits counter-affidavit.
  3. You may submit a reply-affidavit.
  4. Prosecutor resolves whether probable cause exists.
  5. If probable cause is found, an Information is filed in court; the court may issue a warrant of arrest depending on the case and circumstances.

If the suspect is unknown or cannot be served, investigators may focus on identification first through lawful requests and legal process.

6) Digital evidence: what makes it credible and useful

Courts and prosecutors look for evidence that is reliable, relevant, and traceable.

A. Strength hierarchy (often)

  • Bank/e-wallet transaction records (strong)
  • Platform logs / account identifiers / email headers (strong)
  • URLs and preserved pages (stronger if captured with metadata)
  • Screenshots (useful but easier to dispute if unsupported)
  • Pure narration without documentary support (weak)

B. Chain of custody (practical version)

You’re not expected to run forensic labs, but do:

  • keep originals,
  • avoid altering files,
  • store backups,
  • document when/how you captured evidence,
  • avoid “editing” screenshots except adding labels on copies.

C. Identifying data worth preserving

  • phone numbers used (including country codes),
  • email addresses,
  • bank/e-wallet account numbers and names displayed,
  • device/account IDs shown in app screens,
  • shipping addresses/tracking numbers (for marketplace scams),
  • any repeated patterns (same script, same account names, same beneficiary).

7) What if you only have a username and no real name?

This is common. A case can begin against an unknown respondent with as much identifying info as available (usernames, URLs, phone numbers, account numbers, transaction trails). Identification may proceed through:

  • bank/e-wallet beneficiary data (subject to lawful disclosure),
  • platform/provider records (subject to lawful process),
  • linkage of multiple victims and patterns,
  • IP/addressing information (often requiring legal steps under cybercrime procedures and rules).

Important: Don’t assume the displayed beneficiary name is genuine. Scammers frequently use mule accounts.

8) Civil remedies: how to recover money (and when civil may be the main strategy)

Criminal cases punish; civil actions recover. In many scam cases, victims pursue both—because even with a conviction, collection can be difficult without assets to satisfy judgment.

A. Civil liability attached to criminal action

In many instances, the civil action for recovery of damages is impliedly instituted with the criminal case, unless you:

  • waive the civil action,
  • reserve the right to file separately,
  • or already filed a separate civil action first (rules and sequencing matter).

Why victims sometimes reserve: If you want faster recovery tools (like certain civil procedures), or if you anticipate delays in criminal proceedings, you may prefer a separate civil case—but this is highly strategy-dependent.

B. Independent civil actions (selected examples)

Depending on facts, you might consider:

  • Breach of contract (e.g., paid for goods/services not delivered)
  • Quasi-delict (tort) if the wrongful act caused damage outside contractual context
  • Unjust enrichment concepts (equitable theory when someone benefits at another’s expense)
  • Collection suits where you can identify the defendant and the obligation/payment

C. Small Claims: a practical civil route (when applicable)

If the issue is primarily a money claim and you have:

  • clear proof of payment/obligation,
  • identifiable defendant and address,

Small Claims in first-level courts can be faster and typically does not require lawyers in hearing. The maximum amount and detailed rules can change through Supreme Court issuances; it has historically been increased over time, so confirm the current threshold and requirements with the court.

Limitation: Small claims are only as good as your ability to identify and serve the defendant and later enforce judgment against assets.

D. Provisional remedies: freezing and securing assets (civil procedure tools)

If you can identify the defendant and show legal grounds, civil procedure may allow remedies like:

  • preliminary attachment (to secure assets during the case),
  • garnishment (to reach bank deposits, subject to rules and exemptions),
  • other provisional relief depending on circumstances.

These remedies are technical and require meeting strict requirements (including bonds and proof standards). They are not automatic.

E. Barangay conciliation (Katarungang Pambarangay): when it matters

For certain disputes between parties within the same city/municipality and within the barangay system’s coverage, barangay conciliation may be a prerequisite before filing some civil actions.

However, there are exceptions, and many scam-related matters that are clearly criminal or involve parties in different localities may not be subject to mandatory barangay conciliation. The applicability is fact-specific.

9) Strategic choice: criminal case, civil case, or both?

A. When criminal-first makes sense

  • The suspect is unknown and must be identified through investigation.
  • There are multiple victims or a network.
  • Deterrence and accountability matter.
  • You need law-enforcement-driven collection of technical evidence.

B. When civil-first (or civil-parallel) makes sense

  • You have the defendant’s identity and address.
  • You have strong documentary proof of payment/obligation.
  • Recovery is the primary goal and you want direct enforcement mechanisms.

C. Reality check: recovery depends on assets

Even a strong case may not result in actual recovery if:

  • funds are already withdrawn,
  • accounts are mule accounts,
  • the offender has no traceable assets,
  • transfers moved too fast.

This is why immediate reporting and financial containment are crucial.

10) Common scam patterns and the legal theories that often fit

A. Marketplace “payment first, then block”

  • Estafa (deceit + payment + damage)
  • Potential cyber-related enhancement if committed via ICT

B. Fake investment / “double your money”

  • Estafa, possibly aggravated by scale and pattern
  • If funds are moved through multiple accounts, AMLA considerations may arise factually

C. Phishing / account takeover

  • RA 10175 offenses (illegal access, identity-related offenses, computer-related fraud)
  • Estafa if money was obtained through the compromise

D. Impersonation using stolen IDs

  • Identity-related charges (cyber and/or related penal provisions depending on acts)
  • Civil damages for losses stemming from misuse

11) Drafting the complaint-affidavit: a practical structure

A clear structure helps prosecutors and investigators act quickly:

  1. Caption / Title (Complaint-Affidavit)

  2. Personal circumstances of complainant

  3. Respondent details (or “John/Jane Doe,” with identifiers: usernames, URLs, phone numbers, account numbers)

  4. Facts in chronological order

    • first contact and representations
    • how trust was gained
    • payment instructions and payment made
    • failure to deliver/return money
    • blocking/disappearance or further demands

  5. Damage (amount lost, additional expenses)

  6. Demand (if any demand was made; attach proof)

  7. Offenses believed committed (don’t over-list; match facts)

  8. Annex list (A, B, C… with short descriptions)

  9. Verification and oath

Keep the language factual. Avoid insults or conclusions not supported by evidence; let the documents show intent and deceit.

12) Practical pitfalls that weaken scam complaints

  1. No transaction proof (only chat screenshots)
  2. Unclear timeline (events out of order, missing dates)
  3. Edited screenshots without originals
  4. Failure to preserve URLs/usernames before accounts disappear
  5. Waiting too long (money trails go cold quickly)
  6. Overstating charges not supported by facts (distracts from the strongest theory)
  7. Not identifying the beneficiary account used for payment

13) Time limits: prescription (general orientation)

Philippine criminal cases prescribe based on the offense and penalty:

  • Crimes under the Revised Penal Code generally prescribe according to the penalty prescribed by law.
  • Offenses under special laws often follow different prescription rules (commonly under Act No. 3326, depending on the statute).

Because estafa penalties vary by amount and mode, and cyber-related framing can affect penalties, prescription analysis is case-specific. As a practical matter: file as early as possible.

14) What outcomes to expect

Possible case outcomes include:

  • identification of the suspect and filing of charges,
  • dismissal for lack of probable cause (often due to insufficient proof or inability to identify/respondent),
  • negotiated settlement (often informal; be cautious and document payments),
  • conviction with civil liability (collection still depends on assets),
  • civil judgment (enforcement still depends on assets and traceability).

15) Bottom line

A scam complaint in the Philippines is strongest when it is evidence-driven, chronological, and tied to traceable financial and account identifiers. PNP ACG and the NBI are key entry points for cyber-enabled scams and technical investigation, while the prosecutor’s office is where criminal cases are formally evaluated and filed. For recovery, civil remedies—including small claims (when appropriate), separate civil actions, and provisional remedies—can be critical, but they rise or fall on identifying the defendant and reaching assets.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login