Hacked Facebook Account Used to Solicit Money

The digital landscape in the Philippines has seen an exponential rise in social media cybercrimes. Among the most pervasive of these schemes is the hijacking of a Facebook account to solicit money from the account owner’s network. Typically, a bad actor gains unauthorized access to a profile, changes the login credentials, and sends urgent messages to the victim’s friends and relatives asking for emergency financial assistance (e.g., medical emergencies, sudden bank transfer glitches) to be sent via e-wallets like GCash or Maya.

This article explores the legal framework governing this specific cybercrime in the Philippines, the criminal liabilities involved, the legal position of the compromised account owner, and the remedies available to victims.

The Governing Legal Framework

In the Philippines, a single act of hacking a Facebook account and using it to solicit funds violates multiple special penal laws and the Revised Penal Code (RPC).

1. Republic Act No. 10175: The Cybercrime Prevention Act of 2012

R.A. 10175 is the primary legislation addressing this offense. The perpetrator can be charged with several distinct cybercrime offenses:

  • Illegal Access (Section 4(a)(1)): The mere act of hacking into someone else's Facebook account without authority constitutes illegal access. It penalizes accessing the whole or any part of a computer system without right.
  • Computer-related Identity Theft (Section 4(b)(3)): This is committed by intentionally acquiring, using, misusing, transferring, possessing, altering, or deleting identifying information belonging to another person without right. By posing as the legitimate account owner to message friends, the hacker commits identity theft.
  • Computer-related Fraud (Section 4(b)(2)): This involves the unauthorized input, alteration, deletion, or suppression of computer data, with the fraudulent intent of causing economic damage to another, with the intent of procuring an economic benefit for oneself. The acts of messaging contacts and tricking them into sending funds fit squarely under this provision.

2. The Revised Penal Code (RPC): Cyber-Estafa (Swindling)

Article 315 of the RPC penalizes Estafa or swindling, which is committed through deceit and damage. When a hacker pretends to be the account owner to defraud the owner's contacts into giving money, the elements of Estafa are met.

Pursuant to Section 6 of R.A. 10175, if a crime punishable under the Revised Penal Code (such as Estafa) is committed by, through, and with the use of Information and Communications Technology (ICT), the penalty shall be imposed one degree higher than that provided in the RPC. This is pursued legally as Cyber-Estafa.

3. Republic Act No. 10173: The Data Privacy Act of 2012

By hacking the account, the perpetrator accesses personal information and sensitive personal information without the data subject's consent. This violates Section 29 (Unauthorized Access or Intentional Breach) of R.A. 10173, which penalizes persons who knowingly and unlawfully gain access to an information system containing personal sensitive information.

Summary of Offenses and Penalties

The table below highlights the primary criminal charges applicable to this scheme and their corresponding legal penalties:

Law / Provision Specific Offense General Penalty Range
R.A. 10175, Sec. 4(a)(1) Illegal Access Prision mayor (6 years and 1 day to 12 years) or a fine of at least ₱200,000, or both.
R.A. 10175, Sec. 4(b)(3) Computer-related Identity Theft Prision mayor (6 years and 1 day to 12 years) or a fine of at least ₱200,000, or both.
R.A. 10175, Sec. 4(b)(2) Computer-related Fraud Prision mayor (6 years and 1 day to 12 years) or a fine of at least ₱200,000, or both.
RPC Art. 315 r.w. R.A. 10175, Sec. 6 Cyber-Estafa Penalty depends on the defrauded amount, scaled one degree higher than standard Estafa.
R.A. 10173, Sec. 29 Unauthorized Access / Intentional Breach Imprisonment ranging from 1 to 3 years and a fine from ₱500,000 to ₱2,000,000.

Is the Legitimate Account Owner Liable?

A common concern for individuals whose accounts are hacked is whether they can be held criminally or civilly liable for the financial losses suffered by their friends.

The Principle of Mens Rea (Criminal Intent): Under Philippine criminal law, specifically for felonies under the RPC, there must be criminal intent or criminal negligence. For special penal laws, the prohibited act must be committed voluntarily by the actor.

Because the legitimate account owner is a victim of identity theft and had no knowledge, participation, or control over the fraudulent solicitations, they cannot be held criminally liable for Estafa or cybercrime.

However, to avoid potential civil complications or allegations of gross negligence, the account owner must take prompt and reasonable steps to mitigate the damage once they become aware of the breach (e.g., publicly announcing the hack via alternative channels, reporting the account to Meta).

Jurisdictional and Evidentiary Challenges

Prosecuting these crimes in the Philippines presents unique hurdles for law enforcement and legal practitioners:

  • Anonymity and Layering: Scammers often use "mule accounts" (GCash or bank accounts registered under stolen or fake identities) to receive the money, making it difficult to trace the actual beneficiary.
  • The SIM Card Registration Act (R.A. 11934): While intended to curb text scams and track digital fraud, the persistence of black-market pre-registered SIMs still presents enforcement challenges when tracking mobile numbers linked to e-wallets.
  • Preservation of Evidence: Digital evidence is volatile. For a case to prosper, the strict rules on Electronic Evidence under Philippine law must be followed.

Legal Steps and Remedies for Victims

If an individual falls victim to this scheme—either as the hacked owner or the defrauded sender—the following legal and technical measures must be taken immediately:

For the Person Defrauded (The Sender)

  1. Preserve Digital Evidence: Take clear screenshots of the chat logs, the profile URL of the hacked account, the GCash/Maya/bank account details provided by the fraudster, and the transaction receipt.
  2. Report to the Financial Institution: Immediately file a ticket or dispute with GCash, Maya, or the involved bank to freeze the recipient account or trace the funds.
  3. File a Formal Law Enforcement Complaint: Bring the preserved evidence to the Philippine National Police Anti-Cybercrime Group (PNP-ACG) or the National Bureau of Investigation Cybercrime Division (NBI-CCD) to initiate a criminal investigation.

For the Account Owner (The Person Hacked)

  1. Account Recovery & Reporting: Use Facebook's compromised account portal (facebook.com/hacked) to report and attempt to regain control.
  2. Public Notice: Immediately blast a warning on other social media platforms, messaging apps, or through SMS to inform contacts that the account has been compromised and that any request for money should be ignored.
  3. Police Blotter / Incident Report: File an incident report with the local police or the PNP-ACG to create an official legal paper trail establishing the exact date and time control of the account was lost, serving as a shield against future liability.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login