How to File a Complaint for Online Scam in the Philippines

I. Introduction

Online scams have become one of the most common forms of fraud in the Philippines. They may appear as fake online selling transactions, investment schemes, phishing messages, romance scams, hacked account requests, job scams, loan app harassment, cryptocurrency fraud, unauthorized bank transfers, identity theft, or fake delivery and payment confirmations.

A victim of an online scam is not helpless. Philippine law provides both criminal and administrative remedies, depending on the nature of the scam, the amount involved, the platform used, and the persons or institutions involved. The most important practical rule is this: act quickly, preserve evidence, report the transaction to the proper authorities, and file a sworn complaint with supporting documents.

This article explains the legal basis, agencies involved, evidence needed, and step-by-step process for filing a complaint for an online scam in the Philippines.

II. What Is an Online Scam?

An online scam is a fraudulent act committed through the internet, electronic communication, digital platforms, or information and communications technology. It usually involves deceit, misrepresentation, false pretenses, or unauthorized access to obtain money, property, personal information, account credentials, or other benefits from the victim.

Common examples include:

  1. Fake online selling — the seller receives payment but never delivers the item.
  2. Fake buyer scam — the scammer sends fake proof of payment or tricks the seller into releasing goods.
  3. Phishing — the victim is tricked into giving passwords, OTPs, card details, or bank credentials.
  4. Investment scam — the victim is promised unrealistic returns through crypto, forex, stocks, online trading, “tasking,” or pyramiding schemes.
  5. Romance scam — the scammer builds a relationship and later asks for money.
  6. Impersonation scam — the scammer pretends to be a friend, relative, government employee, company representative, delivery rider, bank officer, or law enforcement officer.
  7. Account takeover — the scammer hacks or gains access to social media, e-wallet, email, or bank accounts.
  8. Unauthorized bank or e-wallet transfer — funds are transferred without the account holder’s consent.
  9. Fake job or overseas employment offer — the victim pays fees for a nonexistent job.
  10. Loan app abuse or extortion — the victim’s contacts, photos, or personal data are used for harassment.

III. Laws That May Apply

The legal classification of an online scam depends on the facts. A single incident may involve several laws.

A. Estafa under the Revised Penal Code

Many online scams may be prosecuted as estafa under Article 315 of the Revised Penal Code. Estafa generally involves fraud or deceit that causes damage to another person. In online scam cases, estafa may arise when the scammer uses false pretenses, fraudulent representations, or deceit to induce the victim to send money or property.

Examples:

  • A person pretends to sell a product online, receives payment, and disappears.
  • A scammer claims to represent a legitimate investment company and collects money from victims.
  • A person uses fake identity documents or fake receipts to obtain goods or funds.

B. Cybercrime Prevention Act of 2012

Republic Act No. 10175, or the Cybercrime Prevention Act of 2012, is highly relevant when fraud is committed through a computer system, internet platform, social media account, email, messaging app, website, or other digital means.

The law recognizes cyber-related offenses and also treats certain crimes under the Revised Penal Code as cybercrimes when committed through information and communications technology. In practice, online estafa may be treated more seriously when committed through digital means.

Possible cybercrime-related offenses include:

  • Computer-related fraud
  • Computer-related identity theft
  • Illegal access
  • Misuse of devices
  • Cyber-squatting, in certain cases
  • Other crimes committed through ICT

C. Access Devices Regulation Act

Republic Act No. 8484, the Access Devices Regulation Act, may apply when the scam involves credit cards, debit cards, ATM cards, account numbers, passwords, access codes, or other access devices.

It may be relevant in cases involving:

  • Unauthorized card transactions
  • Use of stolen card details
  • Fraudulent use of account credentials
  • Possession or trafficking of access devices

D. Data Privacy Act

Republic Act No. 10173, the Data Privacy Act of 2012, may apply when the scam involves misuse, unauthorized processing, disclosure, or theft of personal information.

Examples:

  • A scammer uses someone’s personal data to open accounts.
  • A loan app accesses contacts or photos and uses them for harassment.
  • A person posts or shares private information to coerce payment.
  • Personal data is collected through a fake website or phishing form.

Complaints involving personal data misuse may be brought to the National Privacy Commission, in addition to criminal complaints when warranted.

E. E-Commerce Act

Republic Act No. 8792, the Electronic Commerce Act, recognizes the legal effect of electronic documents, electronic signatures, and electronic transactions. This is important because screenshots, emails, digital receipts, chat records, transaction confirmations, and electronic communications may be used as evidence, provided authenticity and integrity can be shown.

F. Securities Regulation Laws

If the online scam involves investments, securities, shares, pooled funds, crypto-style investment contracts, or promises of passive income, the matter may fall under the jurisdiction or regulatory concern of the Securities and Exchange Commission.

Investment scams may involve:

  • Unregistered securities
  • Ponzi schemes
  • Pyramid schemes
  • Fake trading platforms
  • Unauthorized solicitation of investments
  • False representation of SEC registration

SEC registration of a corporation does not automatically mean it is authorized to solicit investments from the public. A company may be registered as a corporation but still lack authority to sell securities or investment contracts.

G. Consumer Protection and Financial Regulations

If the scam involves banks, e-wallets, lending apps, payment systems, remittance centers, or financial service providers, the victim may also raise the matter with the relevant regulator, such as the Bangko Sentral ng Pilipinas, depending on the institution involved.

Complaints may also involve consumer protection principles where online merchants, platforms, or service providers are involved.

IV. Where to File a Complaint

There is no single office for all online scam complaints. The proper agency depends on the facts.

A. Philippine National Police Anti-Cybercrime Group

The PNP Anti-Cybercrime Group is one of the primary agencies for cybercrime complaints. Victims may report online scams involving social media, messaging apps, websites, hacking, phishing, identity theft, online fraud, and related digital evidence.

A complainant may go to the nearest PNP Anti-Cybercrime Group office or coordinate with local police, especially if urgent action is needed.

B. National Bureau of Investigation Cybercrime Division

The NBI Cybercrime Division also handles cybercrime complaints. Victims may file complaints involving online fraud, phishing, hacking, account compromise, identity theft, online threats, extortion, and other cyber-related offenses.

The NBI may assist in investigation, digital evidence handling, and case build-up.

C. Office of the City or Provincial Prosecutor

A criminal complaint may be filed with the Office of the City Prosecutor or Office of the Provincial Prosecutor for preliminary investigation.

In many cases, a victim first reports to the PNP or NBI for investigation. However, a complainant may also file a complaint-affidavit directly with the prosecutor’s office, supported by documentary and electronic evidence.

D. Barangay or Local Police Station

For immediate documentation, victims may report to the barangay or local police station. However, online scam cases often require cybercrime investigation, so the matter may be referred to the PNP Anti-Cybercrime Group, NBI, or prosecutor’s office.

E. Bank, E-Wallet, Payment Platform, or Remittance Center

If money was transferred through a bank, e-wallet, remittance center, or payment gateway, the victim should immediately report the transaction to the service provider.

This is important because the provider may be able to:

  • Temporarily restrict or flag the receiving account
  • Preserve transaction records
  • Investigate unauthorized transactions
  • Require the recipient to undergo verification
  • Assist law enforcement upon proper request
  • Provide official transaction documentation

F. Securities and Exchange Commission

If the scam involves investment solicitation, the victim may report the matter to the SEC. This is especially important when the scammer claims to be a corporation, investment platform, crypto trading group, lending company, financing company, or entity authorized to collect investments.

G. National Privacy Commission

If the scam involves misuse of personal data, identity theft, unauthorized disclosure, harassment using personal information, or unlawful processing of data, a complaint may be brought before the National Privacy Commission.

H. Department of Trade and Industry

If the complaint concerns an online seller, consumer transaction, defective product, nondelivery, false advertising, or deceptive sales practice, the victim may consider filing a consumer complaint with the DTI. However, if there is clear fraud or criminal intent, a criminal complaint may still be appropriate.

V. Immediate Steps After Discovering the Scam

A victim should act quickly. Delay may allow the scammer to delete accounts, withdraw funds, change phone numbers, transfer money, or destroy digital traces.

Step 1: Stop Communicating Carelessly with the Scammer

Do not threaten the scammer in a way that may compromise the case. Do not delete messages. Do not block the scammer immediately if doing so will erase access to chats or prevent evidence gathering. Preserve the conversation first.

Step 2: Preserve All Evidence

Take screenshots and save original files. Evidence should show the complete context, not isolated fragments.

Preserve the following:

  • Full name or username used by the scammer
  • Profile links and profile screenshots
  • Chat conversations
  • Emails
  • Phone numbers
  • Bank account names and numbers
  • E-wallet account names and numbers
  • QR codes
  • Transaction receipts
  • Proof of payment
  • Order confirmations
  • Tracking numbers
  • Links to websites or social media pages
  • Advertisements or posts
  • Voice messages
  • Call logs
  • Photos or videos sent by the scammer
  • IP addresses, if available
  • Device notifications
  • OTP or phishing messages
  • Any identification documents sent by the scammer

For social media evidence, capture:

  • Profile URL
  • Username or handle
  • Display name
  • Profile photo
  • Date and time of messages
  • Group name, page name, or marketplace listing
  • Comments or public posts
  • The scammer’s account ID if visible

Step 3: Do Not Edit Screenshots

Avoid cropping, altering, annotating, or enhancing screenshots in a way that may affect authenticity. Keep original screenshots and, if needed, prepare separate marked copies for explanation.

Step 4: Save Evidence in Multiple Formats

Keep copies on your device, cloud storage, and external storage if possible. Export chat histories when available. Save webpages as PDF. Record screen captures showing the account, URL, and conversation flow.

Step 5: Report the Transaction to the Bank or E-Wallet Immediately

Contact the bank, e-wallet, payment app, or remittance center used in the transaction. Provide transaction reference numbers and ask for the matter to be investigated or flagged.

Request confirmation that you reported the incident. Keep the ticket number, email confirmation, reference number, or case number.

Step 6: Report the Account to the Platform

Report the fraudulent account, page, shop, group, ad, or listing to the platform. However, before reporting, preserve evidence because the platform may remove the page or account.

Step 7: Prepare a Chronology

Write a clear timeline of events. Include dates, times, names, account numbers, links, and amounts.

Example chronology:

  • May 1, 2026 — I saw an online advertisement for a mobile phone.
  • May 2, 2026 — I messaged the seller through Facebook Messenger.
  • May 3, 2026 — The seller instructed me to pay ₱15,000 to a named e-wallet account.
  • May 3, 2026 — I transferred the amount and sent proof of payment.
  • May 4, 2026 — The seller stopped responding.
  • May 5, 2026 — The seller deleted the listing and changed the account name.

Step 8: File a Complaint with Law Enforcement or the Prosecutor

Once evidence is organized, the victim may file a complaint with the PNP Anti-Cybercrime Group, NBI Cybercrime Division, or the prosecutor’s office.

VI. Documents Usually Needed

The exact requirements may vary, but a complainant should prepare the following:

  1. Complaint-affidavit
  2. Valid government-issued ID
  3. Screenshots of conversations
  4. Screenshots of the scammer’s profile, page, listing, or website
  5. Proof of payment or transaction receipt
  6. Bank or e-wallet transaction history
  7. Reference numbers
  8. Demand letter, if any
  9. Platform report confirmation, if any
  10. Bank or e-wallet complaint ticket, if any
  11. Printed copies and digital copies of evidence
  12. Certification or official documents from the bank or payment provider, if available
  13. Witness affidavits, if applicable

The complaint-affidavit is very important because it is the sworn narrative of the complainant. It should clearly state what happened, how the scammer deceived the complainant, what amount was lost, what evidence supports the complaint, and what laws may have been violated.

VII. What to Include in the Complaint-Affidavit

A complaint-affidavit should be truthful, chronological, and supported by attachments. It should avoid exaggeration and speculation.

It should include:

  1. Personal details of the complainant

    • Full name
    • Age
    • Civil status
    • Address
    • Contact details

  2. Identity of the respondent, if known

    • Full name
    • Alias
    • Social media name
    • Phone number
    • Email address
    • Bank or e-wallet account
    • Address, if known

  3. Statement of facts

    • How the complainant encountered the scammer
    • What the scammer represented
    • Why the complainant believed the scammer
    • What payment or action was made
    • What happened after payment
    • How the complainant discovered the scam

  4. Damage suffered

    • Amount lost
    • Additional costs
    • Emotional distress, if relevant
    • Business loss, if applicable

  5. Evidence

    • Screenshots
    • Receipts
    • Chat logs
    • Account details
    • URLs
    • Transaction records

  6. Prayer or request

    • Investigation
    • Filing of appropriate criminal charges
    • Preservation of electronic evidence
    • Coordination with banks, platforms, or service providers

  7. Verification and oath

    • The affidavit must be signed before a notary public or authorized officer.

VIII. Sample Structure of a Complaint-Affidavit

A complaint-affidavit may be organized as follows:

Republic of the Philippines City/Municipality of ________

Complaint-Affidavit

I, [Name], of legal age, Filipino, [civil status], and residing at [address], after being duly sworn, state:

  1. I am the complainant in this case.
  2. On or about [date], I encountered an online account using the name [name/username] on [platform].
  3. The said account offered [product/service/investment] and represented that [state representation].
  4. Relying on these representations, I communicated with the respondent through [platform].
  5. The respondent instructed me to pay the amount of ₱[amount] through [bank/e-wallet/remittance].
  6. On [date], I transferred ₱[amount] to [account name/account number/reference number].
  7. After payment, the respondent [failed to deliver/stopped replying/deleted account/gave false excuses].
  8. I later discovered that the representations were false because [explain].
  9. Attached are screenshots, transaction receipts, and other documents supporting this complaint.
  10. I am executing this affidavit to request investigation and the filing of appropriate charges against the person or persons responsible.

IN WITNESS WHEREOF, I have signed this affidavit on [date] at [place].

[Signature] [Name]

Subscribed and sworn to before me this ___ day of ______ at ______.

IX. How to Authenticate Digital Evidence

Digital evidence is often the heart of an online scam complaint. To strengthen the complaint, the victim should preserve authenticity.

Practical tips:

  1. Keep the original device used in the transaction.
  2. Do not delete the chat thread.
  3. Save the full conversation, not only selected screenshots.
  4. Show the platform name, account name, URL, date, and time.
  5. Keep proof that the account belongs to or was used by the scammer.
  6. Save the payment receipt showing the account name, account number, date, amount, and reference number.
  7. Keep emails in the original email account.
  8. Avoid editing metadata.
  9. Prepare printed copies, but also keep digital copies.
  10. Bring the device when reporting to investigators, if requested.

Screenshots alone may not always be enough if authenticity is challenged. The stronger case includes screenshots, transaction records, platform links, bank/e-wallet confirmations, witness statements, and the original device or account from which the communications can be viewed.

X. Filing with the PNP Anti-Cybercrime Group or NBI Cybercrime Division

The usual process is:

  1. Prepare evidence and chronology.
  2. Bring valid identification.
  3. Go to the relevant cybercrime office or contact the appropriate unit.
  4. Submit the complaint and supporting documents.
  5. Execute or submit a complaint-affidavit.
  6. Cooperate with investigators.
  7. Provide additional evidence if requested.
  8. Follow up on the case number or reference number.
  9. If the evidence is sufficient, the matter may be endorsed for inquest or preliminary investigation, depending on the circumstances.

Law enforcement may request additional documents or coordinate with banks, telecommunications companies, platforms, or service providers through proper legal processes.

XI. Filing Directly with the Prosecutor’s Office

A victim may also file a criminal complaint with the Office of the City or Provincial Prosecutor. The prosecutor will evaluate whether there is probable cause to charge the respondent in court.

The complainant should submit:

  • Complaint-affidavit
  • Supporting affidavits
  • Documentary evidence
  • Digital evidence
  • Proof of payment
  • Identifying details of the respondent
  • Other relevant attachments

The respondent may be required to submit a counter-affidavit. The prosecutor may conduct clarificatory hearings or require additional submissions. If probable cause is found, an information may be filed in court.

XII. Venue: Where Should the Complaint Be Filed?

Venue can be complicated in cybercrime cases because the scammer, victim, platform, bank, and servers may be in different places.

As a practical matter, a victim may consider filing where:

  • The victim resides;
  • The victim sent the payment;
  • The victim received the fraudulent communication;
  • The bank or e-wallet transaction occurred;
  • The respondent resides or operates, if known;
  • The damage was suffered.

Law enforcement or the prosecutor may advise on proper venue based on the facts.

XIII. What If the Scammer Is Unknown?

Many online scammers use fake names, prepaid numbers, mule accounts, stolen photos, or hacked accounts. A complaint can still be filed even if the true identity of the scammer is unknown.

The complaint may name the respondent as:

  • John Doe;
  • Jane Doe;
  • Person using the account name “[username]”;
  • Person using mobile number “[number]”;
  • Person using bank/e-wallet account “[account details]”;
  • Other unidentified persons.

The investigation may then focus on tracing:

  • Account registration details;
  • Bank or e-wallet account holder information;
  • SIM registration details;
  • IP logs;
  • Device identifiers;
  • Platform records;
  • Remittance records;
  • CCTV footage from cash-out points, where legally available.

The victim should not assume that the displayed account name is the true scammer. Some scammers use mule accounts, stolen accounts, or accounts opened using false information.

XIV. Can the Victim Recover the Money?

Recovery is possible but not guaranteed. It depends on how fast the victim acts and whether the funds remain traceable or frozen.

The victim should immediately:

  1. Report to the bank or e-wallet.
  2. Ask whether the recipient account can be flagged.
  3. File a police or cybercrime complaint.
  4. Obtain a complaint reference number.
  5. Provide documents required by the financial institution.
  6. Monitor the account or case status.
  7. Consider civil action if the respondent is identified.

Criminal prosecution punishes the offender, but it does not always result in immediate reimbursement. Courts may order restitution or civil liability in appropriate cases, but actual recovery depends on the respondent’s assets and the outcome of the case.

XV. Should the Victim Send a Demand Letter?

A demand letter may be useful in some cases, especially if the respondent is known and the facts suggest possible estafa or breach of obligation. A demand letter can show that the victim sought return of the money or delivery of the item.

However, a demand letter is not always required before filing a cybercrime or estafa complaint. In urgent cases, especially where the scammer may disappear or destroy evidence, the victim should not delay reporting just to send a demand letter.

A demand letter should:

  • Identify the transaction;
  • State the amount paid;
  • Demand refund or performance;
  • Set a reasonable deadline;
  • Warn that legal action may be taken;
  • Be sent through traceable means.

The tone should be firm but not threatening or abusive.

XVI. Difference Between Civil, Criminal, and Administrative Remedies

A. Criminal Complaint

A criminal complaint seeks to punish the offender for violating penal laws such as estafa, cybercrime, identity theft, or access device fraud. It is filed with law enforcement or the prosecutor.

B. Civil Action

A civil action seeks recovery of money, damages, or enforcement of obligations. In some cases, civil liability is included in the criminal case. In other cases, a separate civil action may be considered.

C. Administrative or Regulatory Complaint

Administrative complaints may be filed with agencies such as the SEC, DTI, BSP, or NPC depending on the nature of the scam. These complaints may result in regulatory action, warnings, penalties, suspension, cancellation of registration, or other administrative remedies.

A victim may pursue more than one remedy when appropriate.

XVII. Special Situations

A. Online Selling Scam

For fake online sellers, preserve the listing, seller profile, chat, proof of payment, and nondelivery evidence. Report the seller to the platform, bank/e-wallet, and law enforcement. If the transaction involves a legitimate marketplace, use the platform’s dispute mechanism immediately.

B. Investment Scam

For investment scams, preserve promotional materials, group chats, receipts, promises of returns, referral structures, and names of recruiters. File reports with law enforcement and consider reporting to the SEC, especially if public solicitation of investments is involved.

C. Phishing and Unauthorized Bank Transfers

Immediately call the bank or e-wallet provider. Change passwords, revoke access, disable compromised cards, and report unauthorized transactions. Preserve phishing links, OTP messages, emails, and login alerts. File a cybercrime complaint.

D. Social Media Account Hacking

Secure the account if possible, change passwords, enable two-factor authentication, and report the hacked account to the platform. If the account was used to scam others, document that you lost control of it and report immediately.

E. Loan App Harassment

Preserve screenshots of threats, messages to contacts, defamatory posts, call logs, and app permissions. Complaints may involve cybercrime, unjust vexation, grave threats, coercion, data privacy violations, or other offenses depending on the facts.

F. Romance Scam

Preserve the full conversation, money transfer records, identity documents sent by the scammer, photos, video calls, and promises or representations. These cases often involve fake identities and foreign elements, so early reporting is important.

XVIII. Practical Evidence Checklist

Before filing, prepare:

  • Valid ID
  • Complaint-affidavit
  • Chronology of events
  • Screenshots of all chats
  • Screenshots of profile/page/listing/website
  • URLs and usernames
  • Phone numbers and email addresses
  • Bank/e-wallet account details
  • Proof of payment
  • Transaction reference numbers
  • Bank/e-wallet complaint ticket
  • Platform report confirmation
  • Device used in the transaction
  • Witness statements, if any
  • Printed copies and digital copies

Label attachments clearly:

  • Annex “A” — Screenshot of seller profile
  • Annex “B” — Chat conversation
  • Annex “C” — Payment receipt
  • Annex “D” — Bank transaction history
  • Annex “E” — Screenshot of deleted listing
  • Annex “F” — Report to platform

XIX. Mistakes to Avoid

Victims should avoid the following:

  1. Deleting conversations out of anger or embarrassment.
  2. Sending more money to “recover” previous payments.
  3. Posting accusations without evidence.
  4. Harassing suspected persons online.
  5. Editing screenshots.
  6. Waiting too long before reporting to the bank or e-wallet.
  7. Relying only on platform reports.
  8. Filing a vague complaint without a timeline.
  9. Assuming that a bank account name is the mastermind.
  10. Ignoring regulatory complaints for investment or data privacy issues.

XX. Frequently Asked Questions

1. Can I file a complaint if the amount is small?

Yes. Even if the amount is small, fraud may still be reported. However, practical handling may depend on the evidence, amount involved, number of victims, and resources of the investigating office.

2. Can I file even if I only know the scammer’s username?

Yes. Provide the username, profile link, phone number, account number, screenshots, and transaction records. The true identity may be determined through investigation.

3. Are screenshots accepted as evidence?

Screenshots may be used, but they are stronger when supported by original devices, full chat logs, URLs, transaction records, and other corroborating evidence.

4. Should I report first to the bank or police?

If money was transferred, report to the bank, e-wallet, or payment provider immediately. Then file a complaint with law enforcement or the prosecutor. These steps can be done close together.

5. Can the police recover my money?

Law enforcement may investigate and coordinate with institutions through proper processes, but recovery is not guaranteed. Early reporting improves the chance of tracing or freezing funds.

6. What if the scammer returned part of the money?

Partial payment does not automatically erase criminal liability if fraud was committed. However, it may affect settlement discussions, civil liability, or the complainant’s decision on how to proceed.

7. Can I post the scammer’s name online?

Be careful. Public accusations may expose the victim to counterclaims for defamation, especially if the identity is uncertain. It is safer to preserve evidence and file the proper complaint.

8. What if many people were victimized?

Victims may coordinate and file separate affidavits. Multiple complaints may strengthen the case by showing a pattern of fraud.

XXI. Conclusion

Filing a complaint for an online scam in the Philippines requires speed, organization, and proper evidence preservation. The victim should immediately secure digital evidence, report the transaction to the bank or e-wallet, document the incident, and file a complaint with the PNP Anti-Cybercrime Group, NBI Cybercrime Division, or the prosecutor’s office.

Depending on the facts, the case may involve estafa, cybercrime, identity theft, access device fraud, data privacy violations, securities violations, or consumer protection issues. Regulatory complaints may also be filed with agencies such as the SEC, NPC, DTI, or BSP-related channels.

The strongest complaints are those supported by a clear chronology, complete screenshots, proof of payment, account details, platform links, and sworn statements. While recovery of money is not always guaranteed, early reporting increases the chances of investigation, account tracing, preservation of evidence, and legal accountability.

This article provides general legal information and should not be treated as a substitute for advice from a lawyer who can evaluate the specific facts of a case.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login