I. Introduction

Online scams are now among the most common forms of fraud in the Philippines. Victims lose money through fake sellers, fake travel agencies, investment schemes, romance scams, phishing links, fake job offers, hacked accounts, bogus payment confirmations, rental scams, loan scams, identity theft, and fraudulent online services.

When a person is deceived into sending money, property, personal data, or account access through the internet, the case may involve both estafa under the Revised Penal Code and cybercrime under the Cybercrime Prevention Act. The proper legal approach depends on the facts: what was promised, what was false, how payment was made, what platform was used, and whether the offender used deceit, fake identity, computer systems, or electronic communications.

An online scam complaint is not merely a request to recover money. It may be a criminal complaint, a civil claim for restitution and damages, an administrative complaint, or all of these at once.

II. What Is an Online Scam?

An online scam is a fraudulent scheme carried out through digital means, such as:

social media;
online marketplaces;
messaging apps;
email;
websites;
online banking;
e-wallets;
cryptocurrency platforms;
fake mobile applications;
online job platforms;
dating apps;
phishing pages;
hacked or impersonated accounts.

The core feature is deceit. The scammer makes false representations or uses fraudulent means to induce the victim to part with money, property, services, information, or legal rights.

Common Philippine online scam examples include:

Fake online selling The victim pays for a product, but the seller never delivers it.
Fake travel packages The victim pays for tickets, hotel bookings, or tours that do not exist.
Investment scams The victim is promised guaranteed returns, crypto profits, forex earnings, or “double your money” payouts.
Romance scams The scammer builds emotional trust and asks for money for emergencies, travel, customs fees, hospital bills, or business problems.
Phishing and account takeover The victim is tricked into giving passwords, OTPs, or banking credentials.
Fake job or work-from-home scams The victim pays processing fees, training fees, or “task deposits” for fake employment.
Fake rentals or real estate listings The victim pays reservation fees for a property the scammer does not own or cannot lease.
Loan scams The victim pays advance fees for a loan that is never released.
Impersonation scams The scammer pretends to be a relative, government officer, courier, bank employee, celebrity, lawyer, or company representative.
Fake payment scams The scammer sends a fake proof of payment and obtains goods or services.

III. Legal Characterization: Estafa, Cybercrime, or Both?

An online scam may be prosecuted as:

Estafa under the Revised Penal Code;
Estafa committed through information and communications technology under cybercrime law;
Computer-related fraud;
Computer-related identity theft;
Illegal access or hacking;
Data interference or system interference;
Phishing-related offenses;
Falsification, if fake documents were used;
Consumer or administrative violations;
Civil action for recovery of money and damages.

The same facts may support multiple legal theories. For example, a fake seller who uses Facebook Messenger, a fake name, and an e-wallet account to receive payment may face estafa, cybercrime-related liability, and civil liability for restitution.

IV. Estafa in Online Scam Cases

A. General Concept

Estafa is fraud. It punishes a person who defrauds another by deceit or abuse of confidence, causing damage.

In online scams, estafa usually arises where the scammer makes false representations to convince the victim to send money or property.

The essential ideas are:

the accused made a false representation or used deceit;
the victim relied on that representation;
the victim parted with money, property, or something of value;
the victim suffered damage;
the accused benefited or intended to benefit.

B. Estafa by False Pretenses

Many online scams fall under estafa by false pretenses. The scammer induces the victim to pay by pretending that a fact is true when it is false.

Examples:

“I have this item in stock,” when no item exists.
“Your ticket is confirmed,” when no ticket was issued.
“I am an authorized agent,” when the person is not.
“This investment is guaranteed,” when it is fraudulent.
“I will ship after payment,” when there was no intention to ship.
“I am processing your visa,” when no application was filed.
“I own this rental unit,” when the scammer has no authority over it.

The false pretense must generally exist before or at the time the victim parts with money. If the person originally intended to perform but later failed, the matter may be civil unless fraudulent intent can be shown.

C. Estafa by Abuse of Confidence

Some online scams involve trust or custody. For example:

the victim sends money to someone who promised to buy goods on their behalf;
a group organizer collects funds and misappropriates them;
an online agent receives payment for processing and diverts the money;
a person entrusted with digital access uses it to steal funds.

In these cases, the issue may be whether the offender received money or property under an obligation to deliver, return, or apply it to a specific purpose, then misappropriated it.

D. Estafa vs. Mere Breach of Contract

Not every failure to deliver is estafa. A key distinction is fraudulent intent.

A simple breach of contract may involve:

delay;
business failure;
inability to deliver;
supplier problems;
refund dispute;
misunderstanding of terms.

Estafa may exist where there is evidence of deceit, such as:

fake identity;
fake documents;
fake proof of booking;
non-existent goods;
fabricated tracking numbers;
repeated scam transactions;
immediate blocking after payment;
use of dummy accounts;
false authority to sell;
refusal to disclose real identity;
no intention to perform from the beginning.

The stronger the evidence that the accused never intended to deliver, the stronger the criminal case.

V. Cybercrime Dimension

A. Why Cybercrime Law Matters

The Cybercrime Prevention Act becomes relevant when the offense is committed through or with the use of information and communications technology.

In online scams, the internet is often the vehicle of deceit. The scam may involve Facebook, Instagram, TikTok, Lazada, Shopee, Telegram, Viber, WhatsApp, email, websites, e-wallets, online banking, cryptocurrency wallets, or fake mobile apps.

If estafa is committed through electronic means, it may be treated as a cybercrime-related offense, with possible consequences for investigation, venue, penalties, preservation of electronic evidence, and coordination with cybercrime authorities.

B. Estafa Through ICT

Where estafa is committed using a computer system or digital communications, the offense may be prosecuted with the cybercrime law as an aggravating or qualifying context, depending on the charging approach.

For example:

the scammer used Messenger to induce payment;
the scammer used a fake online store;
the scammer used phishing links;
the scammer used email impersonation;
the scammer used online banking or e-wallets;
the scammer sent fake electronic receipts.

C. Computer-Related Fraud

Computer-related fraud may apply where the scam involves unauthorized input, alteration, deletion, or manipulation of computer data or systems resulting in damage or economic loss.

Examples:

manipulating online payment records;
using fake payment portals;
altering account balances;
using fake system-generated confirmations;
modifying electronic documents to induce payment;
using malicious links to obtain funds.

D. Computer-Related Identity Theft

Computer-related identity theft may apply where a person acquires, uses, misuses, transfers, possesses, alters, or deletes identifying information belonging to another person through computer systems.

Examples:

using another person’s profile photo and name to scam victims;
impersonating a bank employee online;
using stolen IDs to create e-wallet accounts;
using a hacked social media account to solicit money;
using another person’s business name to sell fake goods.

E. Illegal Access and Hacking

If the scam involved unauthorized access to accounts, email, banking apps, cloud storage, social media accounts, or devices, there may be separate cybercrime issues.

Examples:

hacking a Facebook account and messaging friends for money;
taking over an email account to redirect payments;
accessing a digital wallet without authority;
obtaining OTPs through deceit and logging in;
using malware to steal credentials.

VI. Elements to Prove in an Online Scam Complaint

A complaint should establish the following:

A. Identity of the Offender

The complainant should provide any available identifying details:

real name;
aliases;
social media profile;
username;
phone number;
email address;
bank account name;
e-wallet number;
remittance recipient;
address;
business name;
government ID, if provided;
photos or videos;
delivery address;
IP-related or platform records, if obtainable through legal process.

Even if the real identity is unknown, a complaint may still be filed using available identifiers. Law enforcement may later trace the person through bank, telco, platform, or payment records.

B. False Representation or Deceit

The complaint must explain what false statement or fraudulent act induced the victim to pay.

Examples:

“The respondent represented that the item was available.”
“The respondent claimed to be an authorized travel agent.”
“The respondent sent a fake booking confirmation.”
“The respondent promised guaranteed investment returns.”
“The respondent pretended to be my friend using a hacked account.”
“The respondent represented that payment was needed to release a loan.”

C. Reliance

The complainant must show that they believed the representation and relied on it.

For example:

The victim paid because the seller said the item would be shipped.
The victim transferred money because the accused sent a fake invoice.
The victim invested because the accused promised fixed returns.
The victim sent funds because the accused pretended to be a relative in distress.

D. Payment or Delivery of Property

The complainant must prove that money or property was transferred.

Useful proof:

bank transfer receipt;
e-wallet transaction record;
remittance slip;
credit card statement;
cryptocurrency transaction hash;
deposit slip;
payment confirmation;
acknowledgment by the accused.

E. Damage

The damage is usually the amount lost, but may also include:

replacement cost;
bank charges;
shipping cost;
lost deposit;
unauthorized withdrawal;
damaged credit standing;
additional expenses caused by the scam.

F. Use of ICT

For cybercrime-related allegations, show how technology was used:

Facebook messages;
email thread;
online marketplace listing;
payment app;
website link;
phishing page;
hacked account;
digital documents;
online bank transfer;
QR code;
screenshots of chats.

VII. Evidence Checklist

A strong online scam complaint is evidence-driven. The complainant should gather, preserve, and organize the following.

A. Screenshots

Take screenshots of:

profile page;
username and profile URL;
posts or listings;
product photos;
advertisements;
chat conversations;
payment instructions;
QR codes;
phone numbers;
account names;
promises to deliver;
refund promises;
threats or excuses;
blocking or deletion;
group chats;
comments by other victims.

Screenshots should ideally show timestamps, profile names, URLs, and full context.

B. Chat and Message Exports

Where possible, export conversations rather than relying only on screenshots. Some apps allow message export. Preserve the original device and account because authenticity may later be questioned.

C. Payment Records

Collect:

bank transfer receipts;
account numbers;
account names;
e-wallet transaction IDs;
remittance control numbers;
credit card records;
merchant receipts;
cryptocurrency wallet addresses;
transaction hashes;
proof of cash-in or cash-out.

D. Identity Clues

Save:

phone numbers;
email addresses;
usernames;
profile links;
bank account names;
e-wallet numbers;
delivery details;
pickup addresses;
photos sent by the scammer;
IDs sent by the scammer;
voice messages;
call logs.

E. Proof of Non-Delivery or Falsity

Examples:

courier confirms no shipment;
airline confirms no ticket;
hotel confirms no booking;
platform confirms account fraud;
bank confirms unauthorized transaction;
company denies employment offer;
property owner denies rental listing;
investment company is not registered or does not exist;
product was never delivered.

F. Demand and Refusal

Save proof that you demanded refund or performance:

written demand;
chat demand;
email demand;
registered mail;
courier proof;
respondent’s refusal;
excuses and repeated promises;
blocking after demand.

A prior demand is especially useful in estafa by misappropriation or when showing refusal and bad faith.

VIII. Preserving Digital Evidence

Digital evidence can disappear quickly. Scammers delete posts, change usernames, block victims, deactivate accounts, or erase conversations.

Practical preservation steps:

Screenshot immediately.
Record screen navigation showing the profile, URL, and conversation.
Save links.
Export chat history where possible.
Download invoices, receipts, and attachments.
Preserve the device used.
Do not edit screenshots.
Keep original files with metadata.
Back up evidence to secure storage.
Make a timeline of events.

Avoid fabricating, enhancing, or editing evidence. Altered evidence can weaken the complaint.

IX. Should the Victim Contact the Scammer?

A victim may send a clear demand for refund, but should avoid threats, harassment, or unlawful conduct.

A demand message may say:

I paid ₱[amount] on [date] for [item/service]. You failed to deliver as promised. Please refund the full amount by [date]. If you do not refund, I will file the appropriate complaints.

Do not:

threaten violence;
publish private information unlawfully;
hack the scammer;
create fake accounts to entrap;
send abusive messages;
agree to pay additional “refund release fees.”

If the scammer asks for more money to release a refund, that is often another layer of the scam.

X. Where to File an Online Scam Complaint

A. Philippine National Police Anti-Cybercrime Group

The PNP Anti-Cybercrime Group handles cybercrime-related complaints, including online scams, phishing, account hacking, cyber fraud, online identity theft, and related offenses.

A victim may file a complaint with the appropriate cybercrime unit or police office. The complaint should include documentary evidence and a sworn statement.

B. National Bureau of Investigation Cybercrime Division

The NBI Cybercrime Division also handles online fraud, hacking, phishing, identity theft, and related complaints.

The NBI may be appropriate where tracing, forensic examination, or national-level cybercrime investigation is needed.

C. Office of the City or Provincial Prosecutor

A complainant may file a criminal complaint directly with the prosecutor’s office. The complaint is usually supported by:

complaint-affidavit;
evidence;
witness affidavits;
proof of payment;
screenshots;
certification or verification from relevant entities, where available.

The prosecutor conducts preliminary investigation if required and determines whether probable cause exists to file charges in court.

D. Local Police Station

For immediate reporting, a victim may go to the local police station. However, cyber-related cases may eventually be referred to cybercrime units.

E. Barangay

Barangay conciliation may be relevant for certain disputes between individuals residing in the same city or municipality, but criminal offenses punishable above certain thresholds and cybercrime matters may not be suitable for ordinary barangay settlement. If there is uncertainty, victims often proceed to law enforcement or the prosecutor, especially where fraud is serious or the offender is unknown.

F. Banks, E-Wallets, and Payment Providers

Victims should report the transaction immediately to the payment channel used:

bank;
credit card issuer;
e-wallet provider;
remittance center;
online marketplace;
crypto exchange.

These reports may help preserve records, flag accounts, freeze funds where legally possible, and support the criminal complaint.

G. Online Platforms

Report the scammer’s account or listing to:

Facebook;
Instagram;
TikTok;
online marketplace;
e-commerce platform;
messaging app;
web host;
domain registrar;
payment gateway.

Platform reports do not replace legal complaints, but they may prevent further victimization and preserve account records.

XI. Step-by-Step Procedure for Filing

Step 1: Make a Chronology

Prepare a clear timeline:

date you saw the post or offer;
date you contacted the scammer;
representations made;
date and amount of payment;
payment channel;
promised delivery or service date;
follow-ups;
excuses;
discovery of fraud;
demand for refund;
failure or refusal to refund.

A concise chronology helps investigators and prosecutors understand the case quickly.

Step 2: Gather Evidence

Organize evidence into folders:

Identity of scammer;
Offer or advertisement;
Conversations;
Payment records;
Proof of non-delivery or falsity;
Demand for refund;
Other victims or supporting information.

Step 3: Execute a Complaint-Affidavit

A complaint-affidavit is a sworn statement narrating the facts. It should be written in first person and should attach supporting evidence.

It should include:

complainant’s name, address, and contact details;
respondent’s name or identifiers;
facts of the transaction;
false representations;
amount paid;
proof of payment;
use of online means;
damage suffered;
demand and refusal;
request for investigation and prosecution.

Step 4: Attach Documentary Evidence

Mark attachments clearly:

Annex “A” – Screenshot of advertisement;
Annex “B” – Conversation with respondent;
Annex “C” – Proof of payment;
Annex “D” – Bank/e-wallet transaction details;
Annex “E” – Demand for refund;
Annex “F” – Proof of non-delivery;
Annex “G” – Respondent’s profile.

Step 5: File With the Proper Office

Depending on the case, file with:

PNP cybercrime unit;
NBI cybercrime division;
prosecutor’s office;
local police;
relevant payment provider or platform.

Bring valid ID, printed evidence, digital copies, and the device containing original messages.

Step 6: Cooperate With Investigation

Investigators may ask for:

original phone or laptop;
screenshots;
account access for verification;
SIM details;
bank records;
additional affidavit;
notarized complaint;
witness statements;
authority to request records;
coordination with banks or platforms.

Step 7: Preliminary Investigation

If the complaint proceeds to the prosecutor, the respondent may be required to submit a counter-affidavit. The complainant may be allowed to file a reply-affidavit. The prosecutor then determines whether probable cause exists.

Step 8: Court Proceedings

If probable cause is found, an information may be filed in court. The criminal case proceeds through arraignment, pre-trial, trial, and judgment.

The victim may also pursue civil liability within the criminal case or file separate civil action depending on strategy and legal rules.

XII. Complaint-Affidavit Structure

A practical complaint-affidavit may follow this structure:

Personal circumstances of complainant
Identity or known details of respondent
How complainant encountered respondent online
False representations made
Payment details
Failure to deliver
Discovery of fraud
Demand for refund
Use of online platforms or ICT
Amount of damage
List of evidence
Prayer for investigation and prosecution

XIII. Sample Complaint-Affidavit Language

I am the complainant in this case. I am executing this affidavit to charge [name/alias/username] for estafa and other offenses arising from an online scam.

On [date], I saw a post on [platform] by [name/username] offering [item/service]. The post represented that [state representation].

I contacted respondent through [Messenger/Viber/Telegram/email/etc.]. Respondent represented that [state specific false claims]. Relying on these representations, I agreed to pay the amount of ₱[amount].

On [date], I transferred ₱[amount] to [bank/e-wallet/remittance details] under the account name [name]. A copy of the proof of payment is attached as Annex “[letter].”

After payment, respondent failed to deliver [item/service]. Respondent gave repeated excuses and later [blocked me/deleted the account/refused refund/stopped replying].

I later discovered that the representations were false because [state proof: courier had no shipment, hotel had no booking, product did not exist, account was fake, etc.].

Respondent used [platform/app/website/e-wallet] to commit the fraud. Copies of the conversations, screenshots, profile, payment records, and other evidence are attached.

Because of respondent’s acts, I suffered damage in the amount of ₱[amount], exclusive of other damages and expenses.

I respectfully request that respondent be investigated and prosecuted for estafa, cybercrime-related offenses, and other crimes supported by the evidence.

XIV. Cyber Libel Risk When Posting About the Scam

Victims often want to warn others online. This is understandable, but careless posting can create legal risk, especially if accusations are made without evidence or include unnecessary personal attacks.

Safer practices:

state only verifiable facts;
avoid insults or threats;
avoid exaggeration;
avoid posting private personal data beyond what is necessary;
avoid doxxing;
preserve evidence before posting;
consider filing formal complaints first.

Example of safer wording:

I paid this account on [date] for [item/service], but I have not received the item and have not been refunded despite demand. I have filed or will file the appropriate complaint.

Avoid statements that cannot be proven.

XV. Recovery of Money

Filing a criminal complaint does not guarantee immediate refund. The criminal process focuses on prosecution. Recovery may occur through:

voluntary settlement;
restitution during criminal proceedings;
civil liability in the criminal case;
separate civil action;
small claims case;
chargeback or bank reversal;
e-wallet recovery;
asset freezing or lawful enforcement, where available.

For small amounts, a small claims case may be more direct for money recovery, while a criminal complaint may address fraud and punishment.

XVI. Small Claims vs. Criminal Complaint

A. Small Claims

Use small claims when the primary goal is to recover a definite sum of money and the evidence is straightforward.

Examples:

paid ₱15,000 for an item never delivered;
paid ₱30,000 for fake travel booking;
paid ₱8,000 reservation fee for non-existent rental.

Advantages:

faster;
simpler;
no lawyer appearance during hearing;
focused on money judgment.

Limitations:

does not punish the offender criminally;
requires identifying and serving the respondent;
may be difficult if scammer’s address is unknown.

B. Criminal Complaint

Use criminal complaint when there is deceit, fraud, fake identity, pattern of scamming, cyber means, or public interest in prosecution.

Advantages:

investigation powers;
possible subpoenas;
potential prosecution;
may help identify offender;
can address criminal liability.

Limitations:

may take time;
probable cause must be established;
recovery of money is not always immediate.

C. Both May Be Possible

A victim may have both civil and criminal remedies, subject to procedural rules. Strategy depends on the amount, evidence, identity of offender, urgency, and recovery prospects.

XVII. Role of Banks and E-Wallet Providers

Payment providers are often crucial because scammers use accounts to receive funds.

Victims should promptly report:

unauthorized transaction;
fraudulent recipient;
scam account;
transaction reference number;
date and amount;
screenshots of conversation;
police or NBI report, if available.

Possible outcomes:

account flagging;
request for additional verification;
temporary holding of funds, if still available and legally allowed;
disclosure only upon legal process;
assistance to law enforcement;
denial if funds already withdrawn or if evidence is insufficient.

Time is critical. Funds are often moved quickly.

XVIII. If the Scammer Used a Fake Name

A complaint can still be filed even if the real name is unknown. Use all known identifiers:

“John Doe using the Facebook account [profile name]”;
mobile number;
e-wallet number;
bank account number;
account name;
username;
email address;
profile link;
delivery address;
remittance claim details.

Law enforcement may trace the account through subscriber information, KYC records, bank records, telco records, platform records, or other lawful processes.

XIX. If the Scammer Is Abroad

If the scammer appears to be outside the Philippines, the case becomes more complicated but not necessarily hopeless.

Relevant factors:

victim’s location;
place where payment was sent;
platform used;
bank or e-wallet location;
respondent’s nationality or residence;
whether local accomplices received funds;
whether Philippine law enforcement can coordinate with foreign counterparts.

Many scams involve local mule accounts even if the main operator is abroad. The recipient account may be investigated.

XX. If the Account Holder Says They Were Only a “Mule”

Scammers often use bank or e-wallet accounts of other people. The account holder may claim:

“I only lent my account.”
“Someone asked me to receive money.”
“I withdrew and sent the money to another person.”
“I did not know it was a scam.”
“My account was hacked.”

The account holder may still face investigation. Knowingly allowing one’s account to be used for fraud can create liability. Even negligent participation may have legal consequences depending on the facts.

For the victim, the recipient account is important evidence because it links the payment to a traceable person.

XXI. Investment Scams

Investment scams require special attention because they may involve securities laws, syndicated estafa, or large-scale fraud.

Red flags:

guaranteed high returns;
no risk;
referral commissions;
pressure to recruit;
vague business model;
crypto or forex claims without proof;
unregistered investment solicitation;
fake certificates;
celebrity endorsements;
Ponzi-style payouts.

Victims should preserve:

investment contracts;
chat messages;
promotional materials;
proof of deposits;
payout history;
names of recruiters;
group chat records;
bank/e-wallet accounts;
presentations and webinars.

Complaints may involve law enforcement, prosecutors, and financial regulators depending on the scheme.

XXII. Phishing and Unauthorized Bank Transfers

Phishing cases differ from ordinary fake seller scams because the victim may have been tricked into revealing credentials or OTPs.

Evidence includes:

phishing text or email;
fake website URL;
time credentials were entered;
unauthorized transaction records;
device used;
bank notifications;
call logs;
screenshots of fake login page;
report to bank.

Victims should immediately:

call the bank or e-wallet provider;
freeze accounts;
change passwords;
revoke device access;
preserve phishing messages;
file a police or cybercrime report;
execute an affidavit of unauthorized transaction.

XXIII. Hacked Social Media Account Scams

A common scam involves a hacked account messaging friends or relatives to borrow money.

Victims should preserve:

message thread;
profile link;
proof that the real account owner was hacked;
payment record;
recipient account details;
statements from the real account owner;
date and time of hacking;
platform recovery notices.

The complaint may involve both the scammer and the recipient account. The hacked account owner may also be a victim.

XXIV. Fake Seller Cases

For fake seller cases, the strongest evidence includes:

listing or advertisement;
seller profile;
product representation;
agreed price;
payment instructions;
proof of payment;
promised delivery date;
courier tracking, if fake;
failure to deliver;
demand for refund;
seller blocking or disappearing.

If the seller actually shipped a wrong, defective, or inferior item, the case may be consumer fraud, civil breach, or platform dispute, depending on the circumstances. Estafa is stronger where there was no intent to deliver from the beginning.

XXV. Online Lending and Advance Fee Scams

Loan scams usually involve promises of loan approval in exchange for upfront fees.

Common false charges:

processing fee;
insurance fee;
tax clearance;
notarial fee;
release fee;
account verification fee;
anti-money laundering clearance fee.

A legitimate lender generally should not require repeated personal transfers to random accounts before releasing a loan. Victims should preserve all payment requests and representations.

XXVI. Romance and Emergency Scams

Romance scams are emotionally manipulative. The scammer may request money for:

medical emergency;
visa;
travel ticket;
customs release;
business problem;
military leave;
inheritance release;
detained package;
hospital bill;
family crisis.

The complaint should show:

false identity;
emotional inducement;
money requests;
payment records;
proof that the claimed emergency was false;
profile details;
repeated pattern.

Victims should not be embarrassed to report. These scams are designed to manipulate trust.

XXVII. Cryptocurrency Scams

Crypto scams may involve:

fake exchanges;
fake wallet apps;
investment pools;
romance-investment hybrids;
fake mining;
fake trading bots;
recovery scams;
pump-and-dump groups;
fraudulent initial offerings.

Evidence includes:

wallet addresses;
transaction hashes;
screenshots of platform dashboard;
chat messages;
deposit instructions;
withdrawal refusal;
fake taxes or release fees;
website URL;
app download link;
identity of recruiters.

Crypto transactions are often irreversible, but blockchain records can help trace movement of funds.

XXVIII. Demand Letter Before Complaint

A demand letter is not always required, but it is often useful. It can show that the complainant sought refund and that the respondent refused or ignored the demand.

A demand letter should include:

amount paid;
date of payment;
service or item promised;
reason the transaction is fraudulent or undelivered;
demand for refund;
deadline;
warning of legal action.

For obvious scams, especially where the offender is unknown or has disappeared, the victim may proceed directly to law enforcement.

XXIX. Sample Demand Message

I paid ₱[amount] on [date] for [item/service] based on your representation that you would [deliver/provide service]. You failed to deliver and have not refunded me despite follow-up. I demand full refund of ₱[amount] by [date]. If you fail to refund, I will file the appropriate complaint for estafa, cybercrime-related offenses, and other legal remedies.

XXX. Common Mistakes by Victims

Avoid these mistakes:

Deleting conversations after being blocked.
Failing to screenshot the profile URL.
Waiting too long to report to the bank or e-wallet.
Paying additional “refund release” or “unlocking” fees.
Posting accusations without preserving evidence.
Sending threats to the scammer.
Failing to identify the receiving account.
Not making a timeline.
Relying only on verbal statements.
Assuming police cannot act if the real name is unknown.
Not bringing digital copies of evidence.
Ignoring small claims as a recovery option.
Filing vague complaints without explaining the deceit.
Failing to show the connection between the online account and payment account.

XXXI. What Makes a Complaint Strong?

A strong online scam complaint usually has:

clear identity or traceable identifiers;
complete screenshots;
proof of payment;
specific false representations;
proof of non-delivery;
evidence of demand or refusal;
use of online platform;
organized annexes;
concise timeline;
sworn complaint-affidavit;
corroborating evidence from banks, platforms, suppliers, or other victims.

A weak complaint usually says only: “I was scammed,” without showing what was promised, why it was false, how payment was made, and who received the money.

XXXII. Possible Outcomes

After filing, the case may result in:

investigation;
request for additional evidence;
subpoena to respondent;
bank or platform coordination;
referral to prosecutor;
dismissal for insufficient evidence;
finding of probable cause;
filing of criminal information in court;
settlement or restitution;
trial;
conviction or acquittal;
civil judgment for damages or restitution.

Dismissal does not always mean the victim was not scammed. It may mean the evidence was insufficient, the offender was not identified, or the facts were better suited to civil action.

XXXIII. Prescription and Delay

Victims should act promptly. Legal claims have prescriptive periods, and digital evidence may disappear quickly. Payment providers also have internal deadlines for disputes.

Immediate action is important because:

funds may still be frozen if reported early;
accounts may still be active;
posts may still be visible;
other victims may be identified;
transaction records are easier to obtain;
memory is fresh;
platforms may preserve data upon proper request.

XXXIV. Settlement in Online Scam Cases

Settlement may occur after a demand, police report, prosecutor complaint, or court filing.

A settlement should be written and should state:

total amount to be paid;
deadline;
payment method;
installment schedule, if any;
effect of non-payment;
whether complaints will be withdrawn only after full payment;
admission or non-admission terms;
signatures and IDs.

Do not withdraw a complaint based only on a promise. Wait for actual payment or secure terms.

In criminal cases, settlement does not automatically erase criminal liability, especially where the offense affects public interest. However, restitution may affect complainant participation, civil liability, and practical resolution.

XXXV. Civil Liability in Criminal Cases

A person criminally liable for estafa may also be civilly liable to return the amount defrauded and pay damages. In many criminal cases, civil liability is deemed included unless reserved, waived, or separately filed according to procedural rules.

The victim should consider whether to pursue civil recovery within the criminal case or separately. This is a strategic matter depending on speed, amount, evidence, and respondent’s assets.

XXXVI. Administrative and Regulatory Complaints

Depending on the scam, administrative complaints may also be available.

Examples:

fake online seller using a registered business name;
travel agency refusing refunds;
lending company engaging in abusive conduct;
investment solicitation by an unregistered entity;
online marketplace merchant fraud;
misuse of corporate registration;
telecommunications fraud;
data privacy violations.

Administrative remedies may lead to mediation, sanctions, account suspension, license action, or referral to enforcement agencies.

XXXVII. Data Privacy Issues

Online scams often involve personal data. A scammer may collect IDs, selfies, bank details, addresses, signatures, and other sensitive information.

Victims should be alert to identity theft. After a scam, consider:

reporting compromised IDs;
monitoring bank accounts;
changing passwords;
enabling two-factor authentication;
alerting banks and e-wallets;
avoiding reuse of passwords;
watching for loan applications or SIM registration misuse;
reporting unauthorized use of personal data.

If personal data was misused, data privacy remedies may also be relevant.

XXXVIII. Practical Filing Packet

A complainant should prepare a filing packet containing:

Valid government ID;
Complaint-affidavit;
Chronology of events;
Screenshots of offer and profile;
Full conversation records;
Proof of payment;
Bank or e-wallet account details of recipient;
Proof of non-delivery or falsity;
Demand letter or refund demand;
Platform report, if any;
Bank/e-wallet report, if any;
Witness affidavits, if any;
Digital copies in USB or cloud folder;
Original device containing messages.

Printed copies should be clear and readable. Label every annex.

XXXIX. Sample Evidence Index

Annex	Description
A	Screenshot of respondent’s profile
B	Screenshot of online advertisement
C	Chat conversation showing offer and payment instructions
D	Proof of payment dated [date]
E	Screenshot of respondent’s acknowledgment of payment
F	Follow-up messages and failure to deliver
G	Demand for refund
H	Respondent’s refusal/blocking/deleted account
I	Bank/e-wallet report
J	Proof from third party that booking/item/service was fake

XL. Practical Tips During Investigation

When dealing with investigators or prosecutors:

be factual and concise;
explain the scam in chronological order;
identify the exact false statement;
identify the amount lost;
show where technology was used;
bring both printed and digital evidence;
preserve original messages;
avoid speculation;
identify other victims if known;
follow up respectfully;
keep copies of everything filed.

XLI. Frequently Asked Questions

1. Can I file even if I only know the scammer’s username?

Yes. Provide the username, profile URL, phone number, account name, payment details, and all other identifiers. Law enforcement may use legal processes to trace the person.

2. Is blocking me after payment proof of estafa?

Blocking is not by itself conclusive, but it is strong circumstantial evidence when combined with false representations, proof of payment, and non-delivery.

3. What if the scammer promises to refund?

Save the promise. Set a deadline. If no refund is made, include the promise and failure in your evidence.

4. What if the bank account name is different from the online seller?

Include both. The online account and receiving account may belong to different participants. Both may be relevant.

5. Can I get my money back immediately after filing?

Not always. Filing a complaint starts legal processes. For faster recovery, also report to the bank, e-wallet, card issuer, or platform immediately.

6. Should I file small claims or criminal complaint?

For straightforward recovery of money, small claims may be practical. For fraud, fake identity, repeated scamming, or cyber elements, a criminal complaint may be appropriate. Both may be considered depending on the case.

7. Can I post the scammer online?

You may warn others, but avoid defamatory, exaggerated, or unsupported statements. State facts you can prove.

8. What if the scammer is a minor?

Report the matter. Special rules may apply to children in conflict with the law, but the victim should still preserve evidence and seek legal remedies.

9. What if I sent money voluntarily?

Voluntary payment does not prevent a complaint if the payment was induced by fraud.

10. What if I also gave my ID or personal information?

Treat it as a possible identity theft risk. Report it, monitor accounts, and secure your digital identity.

XLII. Conclusion

Filing an online scam complaint in the Philippines requires more than saying that money was lost. The complaint must show a complete story: the scammer’s representation, why it was false, how the victim relied on it, how payment was made, how the service or item was not delivered, and how digital technology was used.

The most common legal theory is estafa, especially when the scammer used false pretenses to obtain money. When the scam is carried out through social media, messaging apps, websites, e-wallets, online banking, fake accounts, phishing pages, or other digital systems, cybercrime laws may also apply.

The victim should act quickly. Preserve screenshots, export messages, save payment records, report to banks and e-wallets, prepare a sworn complaint-affidavit, and file with the appropriate cybercrime unit, law enforcement agency, or prosecutor. Where the primary goal is recovery of a specific amount, small claims may also be considered.

The strongest online scam cases are organized, documented, and specific. A well-prepared complaint identifies the deceit, proves the payment, shows the damage, and preserves the digital trail. In online fraud, evidence is the case.