Being scammed online can feel overwhelming, especially when the scammer has already blocked you or moved the money through several bank or e-wallet accounts. The most important thing is to act quickly and report the incident through the right channels. In the Philippines, this usually means contacting your bank or e-wallet first, preserving your digital evidence, and filing a complaint with the Philippine National Police, National Bureau of Investigation, or another agency that handles the particular type of scam.
What Counts as an Online Scam in the Philippines?
An online scam generally involves deception carried out through the internet, mobile communications, or digital financial services to obtain money, property, account access, or personal information.
Common examples include:
- Fake Facebook Marketplace, Instagram, TikTok, or online-store sellers
- Phishing links pretending to come from a bank, e-wallet, courier, or government agency
- Unauthorized GCash, Maya, online banking, or credit-card transactions
- “Tasking,” part-time job, or product-review scams
- Cryptocurrency and foreign-exchange investment schemes
- Romance scams
- Fake loan applications that collect advance fees
- Account takeovers after the victim reveals an OTP, password, or verification code
- Impersonation of relatives, employers, public officials, or company representatives
- Fake rental, travel, ticket, or accommodation listings
- Investment schemes promising guaranteed or unusually high returns
A failed online purchase is not automatically a crime. There must generally be evidence of fraudulent intent, such as the seller using a false identity, offering nonexistent goods, repeatedly accepting payment without delivery, or making false claims to induce the victim to send money.
A genuine seller who is delayed, ships the wrong product, or disputes a refund may be involved in a consumer or contractual dispute rather than criminal fraud. The facts, communications, and conduct of the seller will determine which remedy is appropriate.
Philippine Laws That May Apply to Online Scams
Estafa under the Revised Penal Code
Many online selling and payment scams may constitute estafa, commonly called swindling, under Article 315 of the Revised Penal Code.
Estafa by deceit generally requires proof that:
- The accused made a false representation or used another form of deceit;
- The false representation was made before or at the time the victim parted with money or property;
- The victim relied on the representation; and
- The victim suffered financial damage.
For example, a person may commit estafa by advertising a laptop that does not exist, pretending to own it, and inducing a buyer to transfer payment.
The Supreme Court has repeatedly explained that the core of estafa is the use of fraud or deceit that causes damage to another person. The penalties are generally affected by the value of the property or money involved under Article 315, as amended by Republic Act No. 10951. (Lawphil)
Cybercrime Prevention Act of 2012
Republic Act No. 10175, or the Cybercrime Prevention Act of 2012, applies to crimes committed through computers and information and communications technology.
Depending on the facts, an online scam may involve:
- Estafa committed through information and communications technology, in relation to Section 6 of RA 10175;
- Computer-related fraud involving the unauthorized input, alteration, or deletion of computer data;
- Computer-related identity theft;
- Illegal access to an account or computer system; or
- Misuse of devices or digital credentials.
Not every scam conducted through social media is automatically charged as “computer-related fraud.” A straightforward fake-seller scheme may still be prosecuted primarily as estafa committed through the use of information and communications technology. Investigators and prosecutors determine the proper charge from the evidence. (Lawphil)
RA 10175 also allows law-enforcement authorities to require the preservation of relevant computer data. Because service providers do not retain every type of account or communication data indefinitely, early reporting can improve the chances of identifying the person behind a profile, email address, IP address, or digital transaction.
Anti-Financial Account Scamming Act
Republic Act No. 12010, or the Anti-Financial Account Scamming Act, specifically addresses financial-account scams.
It penalizes activities such as:
- Lending, renting, selling, or allowing the use of a financial account to receive criminal proceeds;
- Recruiting people to act as money mules;
- Opening accounts under fictitious or stolen identities;
- Buying or selling financial accounts; and
- Using deception or electronic communications to obtain passwords, OTPs, bank details, e-wallet information, and other sensitive credentials.
A money mule is a person whose bank or e-wallet account is used to receive, transfer, withdraw, or conceal proceeds associated with criminal activity. A person can face criminal exposure for knowingly allowing scammers to use an account, even when that person did not personally communicate with the victim.
Under the law and BSP Circular No. 1215, Bangko Sentral-supervised institutions may temporarily hold disputed funds for up to 30 calendar days, consisting of initial and extended holding periods. The initial holding period is generally no more than five calendar days. A longer hold requires the applicable verification process or, beyond the statutory period, an order from a competent court. (Lawphil)
A report does not automatically guarantee that the money will be frozen or returned. The funds may already have been withdrawn, converted into cryptocurrency, transferred outside the supervised financial system, or mixed with other transactions.
Other Laws That May Apply
Depending on the scheme, authorities may also consider:
- Republic Act No. 8484, the Access Devices Regulation Act, for fraudulent use of credit cards, account numbers, and access devices;
- Republic Act No. 10173, the Data Privacy Act, when personal data is unlawfully collected, disclosed, or misused;
- Republic Act No. 8799, the Securities Regulation Code, for unauthorized investment solicitation or securities fraud;
- Republic Act No. 11934, the SIM Registration Act, for offenses involving fraudulently registered or misused SIM cards; and
- Presidential Decree No. 1689 when estafa is committed by a syndicate under circumstances covered by the decree.
What to Do Immediately After Discovering the Scam
1. Contact the bank, e-wallet, or card issuer immediately
Do not wait until you have completed a police report.
Call the official fraud hotline or use the institution’s in-app support channel. Ask the institution to:
- Block or secure your account;
- Disable compromised cards or online-banking access;
- Record the transaction as disputed or fraudulent;
- Trace the receiving account;
- Send an initial holding request when legally and operationally available;
- Preserve transaction and account records; and
- Give you a complaint or case-reference number.
Provide:
- Your full name and registered mobile number;
- Transaction date and exact time;
- Amount;
- Transaction reference number;
- Recipient’s account name and number;
- Screenshots or receipts;
- A brief explanation of how you were deceived; and
- The time you discovered the fraud.
Use only the telephone number, app, email address, or website published by the financial institution. Do not call a “support number” supplied by the suspected scammer.
Under the BSP consumer-assistance system, you must ordinarily raise the complaint with the bank or financial institution’s own Financial Consumer Protection Assistance Mechanism before escalating the matter to the BSP. (Bureau of the Treasury)
2. Change passwords and secure affected accounts
Change the passwords of affected accounts and any other accounts using the same or a similar password.
Also consider:
- Signing out of all active sessions;
- Removing unknown devices;
- Changing your email password first if the email account controls password resets;
- Enabling multi-factor authentication;
- Replacing a compromised SIM;
- Asking your telecommunications provider to check for a SIM-swap request;
- Locking compromised credit or debit cards; and
- Monitoring accounts for small “test” transactions.
Never give an OTP, PIN, password, recovery code, card CVV, or remote access to anyone claiming that these are needed to process a refund.
3. Preserve evidence before blocking the scammer
Do not rely on a few cropped screenshots. Create an organized evidence folder containing:
- Full screenshots showing the account name, username, date, time, and message sequence;
- The profile or page URL, not merely the display name;
- Exported chat histories when the platform permits export;
- Email messages with complete headers;
- Advertisements, product listings, livestreams, and promotional posts;
- Payment receipts and complete transaction references;
- Bank or e-wallet statements;
- QR codes used for payment;
- Recipient account names and numbers;
- Mobile numbers, email addresses, websites, and social-media handles;
- Delivery receipts, tracking numbers, invoices, contracts, and order confirmations;
- Photos or videos sent by the scammer;
- Names of other victims or witnesses;
- Copies of demands for delivery or refund; and
- The platform’s response to your abuse or fraud report.
Keep the original files on the original device when possible. Make backup copies, but do not edit, annotate, crop, or overwrite the originals.
Electronic documents are recognized under the Supreme Court’s Rules on Electronic Evidence, but they must still be authenticated. Courts have rejected screenshots when the party presenting them could not adequately establish their source, integrity, or connection to the alleged sender. (Lawphil)
Be careful about secretly recording telephone or private conversations. Republic Act No. 4200 generally prohibits recording a private communication without authorization from all parties. Saved text messages, emails, platform messages, transaction records, and voluntarily sent voice messages can usually be preserved without making a new secret recording. (Lawphil)
4. Write a clear incident chronology
Prepare a one- or two-page chronology using exact dates, times, amounts, and actions.
A useful format is:
| Date and time | What happened | Evidence |
|---|---|---|
| 10 July, 2:15 p.m. | Saw laptop advertisement on Facebook Marketplace | Screenshot and profile URL |
| 10 July, 3:05 p.m. | Seller promised same-day shipment | Messenger export |
| 10 July, 3:32 p.m. | Sent ₱25,000 to named e-wallet account | Transaction receipt |
| 10 July, 5:40 p.m. | Seller demanded an additional “insurance fee” | Screenshot |
| 11 July, 9:00 a.m. | Seller blocked the account | Screen recording and profile URL |
| 11 July, 9:15 a.m. | Reported transaction to e-wallet provider | Case-reference email |
Avoid exaggeration. Separate facts you personally witnessed from assumptions or information supplied by other people.
Where to Report an Online Scam in the Philippines
You may need to report to more than one institution because each office performs a different role.
| Office or organization | When to report | What it can do |
|---|---|---|
| Bank, e-wallet, card issuer, or payment provider | Immediately after discovering the transaction | Secure accounts, trace transactions, investigate disputed transfers, and potentially initiate a fund hold |
| CICC National Anti-Scam Hotline 1326 | For initial scam reporting, coordination, and referral | Receive reports and direct them to appropriate agencies |
| PNP Anti-Cybercrime Group or nearest police station | For online fraud, identity theft, account takeover, phishing, and related crimes | Record the complaint, investigate, gather evidence, and refer cases for prosecution |
| NBI Cybercrime Division or Anti-Fraud Division | For cyber-enabled scams, complex fraud, organized schemes, and cases requiring national investigation | Conduct interviews, obtain sworn statements, examine devices, and investigate suspects |
| DTI | For consumer complaints against identifiable online businesses or sellers | Mediation, consumer protection proceedings, and administrative remedies |
| SEC | For investment, lending, securities, and unauthorized solicitation schemes | Investigate regulated entities and investment-solicitation violations |
| National Privacy Commission | When personal information was unlawfully collected, exposed, or misused | Investigate possible Data Privacy Act violations |
| NTC or telecommunications provider | For scam texts, spoofed messages, or fraudulent SIM use | Receive spam or scam reports and take telecommunications-related action |
Cybercrime Investigation and Coordinating Center
The CICC operates the 1326 National Anti-Scam Hotline. Scam reports may also be sent through the DICT’s published complaint email, 1326@dict.gov.ph. The hotline can serve as an entry point for reporting and coordination, but a victim may still be asked to provide evidence or execute a sworn complaint before an investigating agency. (Dictionary)
Philippine National Police
You may approach the nearest police station and ask that the matter be referred to the PNP Anti-Cybercrime Group or the appropriate cybercrime unit.
Bring printed and digital copies of your evidence. Ask for:
- The police blotter or incident-record reference;
- The name and contact details of the investigator;
- Instructions for executing a complaint-affidavit;
- A list of additional records required; and
- Confirmation of whether the case will be handled locally or referred to a specialized unit.
A police blotter documents that you reported an incident. It does not, by itself, complete the filing of a criminal complaint before the prosecutor.
National Bureau of Investigation
The NBI accepts complaints involving computer crimes and fraud. Victims may begin with the NBI online complaint page or proceed to the NBI Cybercrime Division, Anti-Fraud Division, or an appropriate regional or district office.
The NBI Citizen’s Charter states that computer-crime complainants may be interviewed, assisted in completing a sworn complaint sheet, asked to execute sworn statements, and required to submit relevant devices and supporting records. The listed intake service has no government fee. The published processing benchmarks cover intake and documentation, not the full investigation or prosecution of the case. (National Bureau of Investigation)
Bangko Sentral ng Pilipinas
Escalate a complaint to the BSP when:
- The bank or e-wallet failed to act on your complaint;
- You are dissatisfied with its final response;
- The institution did not follow its complaint-handling procedures; or
- The dispute concerns a BSP-supervised financial product or service.
You may use the BSP Online Buddy on the BSP consumer-assistance page. When BOB is unavailable, the BSP permits submission of its Complaint, Inquiry, or Reply Form to consumeraffairs@bsp.gov.ph, together with proof that the complaint was first raised with the institution.
The BSP states that complaints submitted through its chatbot receive a case-reference number. Email complaints receive an automated acknowledgment, while evaluation or referral may take several banking days. The complete consumer-assistance process may take roughly 55 to 65 days, although fraud reports requiring an urgent fund hold should still be raised with the bank immediately rather than waiting for BSP escalation. (Bureau of the Treasury)
Department of Trade and Industry
Use the DTI Consumer CARe System when the complaint involves an identifiable business-to-consumer transaction, such as:
- Non-delivery by an online business;
- Refusal to honor a lawful warranty;
- Misrepresentation of a product;
- Defective goods;
- Deceptive sales practices; or
- Failure to provide an agreed refund.
DTI mediation is often more useful when the seller is a traceable business that may still respond. An anonymous scammer using a fake identity should also be reported to law enforcement and the payment provider.
DTI’s online portal accepts consumer complaints electronically. A DTI complaint does not replace a criminal complaint when there is evidence of intentional fraud. (DTI Consumer CARe System)
Securities and Exchange Commission
Report investment scams through the SEC iMessage ticketing system, which includes an investment-scam complaint category.
Include:
- The name used by the investment scheme;
- Names of promoters and recruiters;
- Websites and social-media pages;
- Contracts, certificates, dashboards, and account statements;
- Proof of payment;
- Promised returns;
- Referral or commission arrangements; and
- Withdrawal requests and responses.
A corporation’s SEC registration only gives it juridical personality. It does not automatically authorize the company to solicit investments, sell securities, operate an investment platform, or accept public placements. Those activities may require separate registration or a secondary license. (Esparc)
National Privacy Commission
File a separate complaint with the National Privacy Commission when the scam involved misuse of your personal information, such as:
- Identity theft;
- Unauthorized creation of accounts in your name;
- Disclosure of your identification documents;
- Use of your photograph or personal details to scam others;
- SIM-swap fraud linked to mishandled personal data; or
- Improper collection or sharing of contacts, messages, or financial information.
The NPC’s formal complaint process generally requires a verified or notarized complaint-assisted form and supporting evidence. Complaints may be submitted personally, by courier, registered mail, or authorized electronic means. (National Privacy Commission)
How to File a Criminal Complaint
1. Prepare a complaint-affidavit
A complaint-affidavit is a sworn written statement explaining:
- Your identity and contact information;
- The identity and available details of the respondent;
- How you encountered the respondent;
- The false representations made;
- Why you believed those representations;
- When and how you sent money or property;
- The amount of your loss;
- What happened after payment;
- The laws you believe may have been violated, when known; and
- A numbered list of attached evidence.
Each attachment should be marked and referred to in the affidavit, such as “Annex A,” “Annex B,” and so on.
The affidavit must be truthful and based on facts within your knowledge. Maliciously filing completely false information that causes the holding of another person’s funds can itself create liability under RA 12010.
2. Submit identification and supporting evidence
Investigators or prosecutors commonly request:
- Government-issued ID;
- Complaint-affidavit;
- Witness affidavits;
- Transaction receipts;
- Bank or e-wallet certifications or statements;
- Screenshots and exported conversations;
- URLs and account identifiers;
- Demand or refund messages;
- Platform complaint records;
- Delivery or shipping records; and
- The device used in the transaction, when forensic examination is necessary.
Bring originals for comparison when available. Keep a complete duplicate set for yourself.
3. Cooperate with the investigation
The investigator may request additional documents or ask you to identify:
- The originating and receiving financial institutions;
- Other recipient accounts;
- Additional victims;
- Delivery addresses;
- IP or platform records;
- CCTV footage;
- Subscriber information; or
- Persons who personally know the scammer.
Law enforcement may seek preservation orders, disclosure orders, cybercrime warrants, subpoenas, or other legal processes. Victims generally cannot compel a social-media platform, telecommunications provider, or bank to disclose another user’s confidential records merely by sending a private request.
4. Preliminary investigation before the prosecutor
When the offense requires preliminary investigation, the complaint and supporting affidavits are submitted to the Office of the City or Provincial Prosecutor or are endorsed by the investigating agency.
Under Rule 112 of the Rules of Criminal Procedure:
- The prosecutor examines the complaint and evidence;
- The complaint may be dismissed if there is no sufficient ground to continue;
- If the case proceeds, the respondent is generally subpoenaed and given an opportunity to submit counter-affidavits;
- Clarificatory questions or a hearing may be conducted when necessary; and
- The prosecutor decides whether probable cause exists to file an information in court.
The Rules contain several 10-day periods for particular steps, but actual resolution often takes longer because of service problems, incomplete records, requests for extension, heavy caseloads, multiple respondents, digital-forensic work, and requests for information from private companies. (Lawphil)
Documents, Costs, and Typical Timelines
| Item | Practical expectation |
|---|---|
| Bank or e-wallet report | File immediately, preferably within minutes or hours |
| Temporary fund hold | May be available for disputed electronic transfers; statutory framework permits up to 30 calendar days under applicable conditions |
| CICC, PNP, or NBI report | File as soon as evidence is organized; urgent account-security action should not wait |
| NBI intake fee | None for the investigative-assistance intake services described in its Citizen’s Charter |
| Notarization | Cost varies by notary and location |
| Police blotter | Usually prepared during the initial station report |
| Preliminary investigation | Rules provide short procedural periods, but actual cases may take weeks or months |
| Full criminal case | May take months or years, depending on identification of the accused, warrants, court congestion, and complexity |
| BSP consumer-assistance process | BSP materials indicate an estimated overall period of approximately 55 to 65 days |
| Recovery of money | Not guaranteed; chances generally decrease once funds are withdrawn or transferred repeatedly |
Common Mistakes That Make Scam Cases Harder
Waiting several days before reporting the transfer
Digital funds can move through multiple accounts within minutes. Contact the financial institution immediately, even when you do not yet have a police report.
Deleting the conversation out of embarrassment
Victims often delete messages before realizing that the scammer’s language, account details, and promises are essential evidence.
Sending more money to “unlock” a refund
Scammers commonly demand taxes, verification fees, courier insurance, anti-money-laundering clearance fees, or withdrawal charges. Legitimate authorities do not require payment to a private account to release stolen funds.
Paying a supposed hacker or recovery agent
“Fund recovery” offers are frequently follow-up scams targeting people who have already lost money. Do not give remote access, passwords, identification documents, or additional payments to an unverified recovery service.
Reporting only the social-media display name
Display names can be changed easily. Save the complete profile URL, username, page ID when visible, telephone number, email address, QR code, and financial-account details.
Assuming the receiving account owner is the mastermind
The account holder may be the scammer, a knowing accomplice, a recruited money mule, an identity-theft victim, or another person whose account was compromised. Report the account details accurately, but avoid publicly accusing a person before the evidence is established.
Publicly posting unredacted personal and banking information
Public warnings may help other victims, but exposing account numbers, identification documents, addresses, or private conversations can create privacy, security, or defamation problems. Give complete evidence directly to investigators and redact unnecessary personal information from public posts.
Treating a police blotter as the entire case
A blotter entry records the incident. Follow through with the investigator, execute the required sworn complaint, submit the evidence, and obtain the official case-reference details.
Can Scam Victims Recover Their Money?
Recovery depends heavily on speed and traceability.
The strongest recovery prospects usually exist when:
- The transaction was reported immediately;
- The funds remain in a supervised financial institution;
- The receiving account can be identified;
- The bank can initiate coordinated verification;
- The recipient account has not been emptied;
- The suspect owns identifiable assets; or
- Authorities obtain a court order before the assets disappear.
Criminal liability can carry civil liability. Article 100 of the Revised Penal Code provides that a person criminally liable for a felony is also civilly liable. Under Rule 111, the civil action to recover liability arising from the offense is generally deemed instituted with the criminal action unless it is waived, reserved, or previously filed separately. (Lawphil)
Civil Code Articles 19, 20, 21, and 22 may also support claims involving bad faith, unlawful injury, conduct contrary to morals or public policy, and unjust enrichment. A civil judgment, however, is useful only when the responsible defendant and attachable assets can be located. (Lawphil)
Reporting an Online Scam from Outside the Philippines
Filipinos abroad and foreign nationals may report scams connected to the Philippines. Nationality is not a bar to being a complainant or crime victim.
A victim abroad should:
- Contact the bank, card issuer, or remittance provider immediately;
- Preserve evidence in its original electronic form;
- Use available CICC, NBI, PNP, BSP, DTI, or SEC online channels;
- Identify a Philippine representative when personal follow-up is necessary;
- Ask the receiving agency whether it requires a notarized complaint-affidavit or special power of attorney; and
- Confirm the authentication requirements before sending foreign-executed documents.
A sworn document executed in a country that is a party to the Apostille Convention may generally need an apostille from the competent authority of that country before use in the Philippines. Documents from a non-member country may require authentication or legalization through the applicable Philippine embassy or consulate. Requirements can differ according to the document, the country of execution, and the receiving office. (Philippine Embassy in New Delhi)
Foreign victims should also report the scam to law enforcement in the country where they were located when they received the fraudulent communication or sent the money, particularly when a foreign bank, card issuer, or payment platform was involved.
Frequently Asked Questions
Where should I report a GCash or Maya scam?
Report it first through the official GCash or Maya support channel so the transaction can be recorded and the account secured. Obtain a ticket number, then report the incident to the CICC through 1326, the PNP Anti-Cybercrime Group, or the NBI. Escalate unresolved financial-consumer issues to the BSP after first using the provider’s complaint mechanism.
Can I recover money sent voluntarily to a scammer?
Possibly. “Voluntary” transfer does not mean the transaction was legally valid when your consent was obtained through fraud. Recovery is more likely when the payment provider is notified before the funds are withdrawn or moved.
Can I report a scam even if I lost only a small amount?
Yes. A small individual loss may be part of a larger scheme involving many victims. Your report may help investigators connect accounts, telephone numbers, pages, and transaction patterns.
Do I need to know the scammer’s real name?
No. File using all identifiers available to you, including usernames, profile URLs, telephone numbers, account names, bank or e-wallet numbers, email addresses, delivery details, and transaction references. Investigators may use lawful processes to seek additional subscriber or account information.
Is a screenshot enough to file a complaint?
A screenshot can support a complaint, but it is stronger when accompanied by the original device, complete chat history, profile URL, transaction records, and testimony from the person who participated in the conversation. Cropped or unauthenticated screenshots may receive little evidentiary weight.
Should I go to the barangay first?
Usually not when the scammer is unknown, lives in another city or municipality, or the offense carries a maximum penalty beyond the authority of the Katarungang Pambarangay system. Barangay conciliation generally does not cover offenses punishable by more than one year of imprisonment or a fine exceeding ₱5,000, among other exceptions. Most serious online scam complaints should be taken directly to law enforcement or the prosecutor. (Lawphil)
Can the bank refuse to refund me because I supplied the OTP?
Giving an OTP can affect the institution’s assessment of authorization, negligence, and liability, but it does not prevent you from reporting social engineering, account takeover, or fraud. Submit the complete circumstances and ask for a written final response. You may escalate an unsatisfactory response through the BSP consumer-assistance process.
What happens after I file with the police or NBI?
An investigator may interview you, obtain a sworn statement, examine your evidence, contact financial institutions or platforms through lawful channels, identify possible suspects, and prepare the case for referral to the prosecutor. Filing a report does not mean an arrest will occur immediately.
Can I report a scammer whose account has already disappeared?
Yes. Deleted profiles may still leave transaction records, account identifiers, device data, platform logs, telephone records, witnesses, and links to other victims. Report promptly so investigators can consider data-preservation measures.
Is there a deadline for reporting an online scam?
Criminal offenses have prescription periods, but the applicable period depends on the offense and penalty. Do not wait for the legal deadline. Digital records can disappear, accounts can be closed, and funds can be withdrawn long before a criminal case technically prescribes.
Key Takeaways
- Report the transaction to the bank, e-wallet, or card issuer immediately; do not wait for a police report.
- Ask for a case-reference number, transaction trace, account-security action, and any available fund-hold procedure.
- Preserve full conversations, original files, profile URLs, payment records, account details, and device data.
- Report cyber-enabled fraud to the CICC through 1326, the PNP Anti-Cybercrime Group, or the NBI.
- Use DTI for identifiable consumer businesses, SEC for investment schemes, BSP for unresolved financial-institution complaints, and the NPC for personal-data misuse.
- A police blotter is only an incident record; cooperate in preparing the sworn complaint and supporting evidence.
- Reporting quickly improves the chance of identifying the scammer and locating funds, but no agency or financial institution can guarantee recovery.
- Do not send additional money to anyone promising to release, unlock, trace, or recover the stolen funds.