How to File a Complaint for Online Scams and Fraud in the Philippines

(Philippine legal context, procedures, venues, evidence, and practical steps)

1) What “online scam” usually means in Philippine law

Philippine law does not always use the word “scam.” Most online scam cases are prosecuted using existing criminal offenses, with the “online” element affecting where to file, what evidence matters, and which agencies can investigate.

Common legal characterizations include:

  • Estafa (Swindling) under the Revised Penal Code (RPC): deception causing another to part with money or property (e.g., fake online seller, investment scam, advance-fee fraud).
  • Other Deceits under the RPC: fraud not fitting classic estafa patterns.
  • Cybercrime offenses under RA 10175 (Cybercrime Prevention Act of 2012): certain crimes (including estafa and other offenses) may be treated as committed through ICT, affecting investigation tools and sometimes penalties/charging strategy.
  • Access device and payment fraud under RA 8484 (Access Devices Regulation Act): credit/debit card misuse, skimming, unauthorized card use.
  • Identity-related offenses: fake identities, account takeovers, SIM-based fraud may intersect with cybercrime provisions and other laws.
  • Data privacy violations under RA 10173 (Data Privacy Act): unauthorized processing/disclosure of personal data (often relevant in phishing, doxxing, leaks).
  • Securities/investment fraud (e.g., Ponzi schemes, unregistered “investment” solicitations): typically falls within SEC regulatory and enforcement scope, alongside criminal complaints.
  • Consumer-related violations: deceptive sales practices in online commerce can also have administrative angles (platform enforcement, DTI consumer assistance) aside from criminal remedies.

Key idea: One incident can support multiple complaints—criminal (prosecution), civil (money recovery), and administrative/regulatory (platform, bank/e-wallet, regulators).

2) Before you file: what to do in the first 24–48 hours

Online scam cases are won or lost on evidence preservation and speed, especially when funds are still traceable.

A. Preserve evidence properly

Collect and keep originals where possible:

  1. Conversation history (Messenger/WhatsApp/Viber/Telegram/SMS/email)

    • Export chat where available; otherwise, take screenshots that include dates/timestamps and the account handle/number.

  2. Transaction records

    • Bank transfer receipts, Instapay/Pesonet screenshots, e-wallet reference numbers, QR logs, payment confirmations.

  3. Listings and profiles

    • Product page URL, seller profile, IDs used, images, price, description, reviews.

  4. Web traces

    • Website URLs, domain, email headers (for email scams), IP logs if you have them.

  5. Identity artifacts

    • Names used, phone numbers, bank/e-wallet account names, delivery details, courier waybills.

  6. Device evidence

    • If your account was hacked: note device, time of compromise, unusual logins, SIM change, OTP messages.

Do not edit screenshots. Avoid cropping out identifying details. Keep files with metadata intact.

B. Report immediately to the bank/e-wallet and request action

If you transferred money:

  • Call the bank/e-wallet hotline ASAP and report fraud.

  • Ask for:

    • Account freeze/hold or fraud tagging (subject to their rules),
    • Trace request, and
    • Instructions for filing a formal dispute/complaint.

If your account was compromised:

  • Reset passwords, enable 2FA, revoke suspicious sessions, and secure your email first (because email is the “master key” for resets).

C. Report to the platform where the scam occurred

Marketplace/social media apps have fraud reporting tools. This helps with:

  • Account takedown,
  • Preservation of logs (platform-side records),
  • Preventing more victims.

D. Don’t negotiate or pay “recovery fees”

Many victims get hit twice through “recovery scams” (someone claiming they can recover your funds for a fee).

3) Where to file in the Philippines: the main complaint venues

You can file with law enforcement, prosecutors, and regulators—sometimes in parallel.

A. Law enforcement (investigation and case build-up)

  1. PNP Anti-Cybercrime Group (PNP-ACG)

    • Handles cyber-related crimes and can assist with evidence evaluation and investigation steps.

  2. NBI Cybercrime Division

    • Also investigates cyber-related offenses and can develop cases for prosecution.

When to prefer PNP-ACG/NBI:

  • Suspect is unknown, identity is digital-only, cross-platform, or involves hacking/phishing/OTP theft.
  • You need technical investigative steps (subscriber info requests, preservation, coordination).

B. Prosecutor’s Office (criminal case initiation)

For most fraud/estafa cases, the criminal case typically starts with a complaint filed at the Office of the City/Provincial Prosecutor (OCP/OPP) with:

  • A Complaint-Affidavit,
  • Supporting affidavits,
  • Documentary/electronic evidence.

This begins the preliminary investigation process (when required), where the prosecutor determines whether there is probable cause to file the case in court.

C. DOJ Office of Cybercrime (policy/coordination role)

Cybercrime-related matters often intersect with DOJ cybercrime mechanisms (particularly for preservation and coordination). In practice, victims usually start with PNP-ACG/NBI and/or the local prosecutor for charging.

D. Regulators and administrative bodies (non-criminal routes or parallel remedies)

Depending on the scam type:

  • SEC (Securities and Exchange Commission): investment solicitation fraud, unregistered securities, Ponzi-style operations.
  • BSP / Financial Consumer Protection channels: complaints involving banks and BSP-supervised financial institutions; useful for consumer redress processes and pressure for action.
  • National Privacy Commission (NPC): misuse/leak of personal data, doxxing, unlawful processing tied to scams.
  • DTI: consumer complaints involving deceptive online selling practices (often more practical for legitimate merchants; scammers may be hard to pursue administratively).
  • Insurance Commission: insurance-related fraud involving regulated entities/products.

Practical note: Regulators typically won’t prosecute your criminal case for you, but their involvement can:

  • trigger investigations and public advisories,
  • compel regulated entities to respond,
  • support documentary trails for your criminal complaint.

4) Choosing your legal path: criminal, civil, and “small claims”

A. Criminal case (punishment + possible restitution)

Most victims pursue criminal complaints for:

  • Estafa or related offenses,
  • cybercrime-related charges where applicable.

Criminal cases can include civil liability (payment of damages) as part of the case, but collection can still be difficult if the accused has no recoverable assets.

B. Civil case (money recovery)

If the suspect is identifiable and has assets, you can pursue a separate civil case for recovery (or rely on the civil aspect implied in the criminal case).

C. Small claims (simplified civil recovery)

If your claim is within the current small claims limit set by the Supreme Court (the cap can change by issuance), small claims can be a faster route for money recovery. However, it requires:

  • a known defendant with an address,
  • a claim that’s essentially a debt/obligation.

Small claims is often not ideal when:

  • the defendant is unknown,
  • identity and service of summons are hard,
  • the matter hinges on technical cyber-investigation.

5) Jurisdiction and venue: where should you file?

Venue issues are common in online scams because parties may be in different provinces/cities.

General practical rules:

  • File where you are located and where you felt the damage, or where the suspect is located, or where a material element occurred (e.g., where you sent funds, where the account is maintained)—depending on the offense and prosecutor’s assessment.
  • Cyber-enabled cases can involve special handling because electronic evidence and conduct cross jurisdictions.

Best practice: Start with PNP-ACG/NBI for guidance if:

  • the suspect is unknown,
  • the account is under a different region,
  • funds were routed through multiple institutions.

6) What you need to prepare: the standard complaint packet

A. Core documents

  1. Complaint-Affidavit

    • Your sworn narrative: who, what, when, where, how, and how you were deceived.

  2. Attachments (marked and organized)

    • Screenshots, receipts, IDs, URLs, chat logs, email headers.

  3. Proof of identity

    • Government ID (and authorization if filing for someone else).

  4. Affidavit of witnesses (if any)

    • Anyone who saw the transaction, helped communicate, or can authenticate evidence.

B. Organizing evidence (highly recommended)

Create an index:

  • Annex “A”: Screenshot of listing/profile
  • Annex “B”: Full chat thread screenshots/export
  • Annex “C”: Payment receipt with reference number
  • Annex “D”: Bank/e-wallet account details of recipient
  • Annex “E”: Subsequent messages/refusal/blocking

Add a one-page timeline:

  • Date/time of first contact → agreement → payment → promised delivery → follow-ups → blocking.

C. Authenticating electronic evidence

Electronic evidence is usable, but it should be:

  • clearly attributable (show account handle/number),
  • complete (avoid selective fragments),
  • consistent with transaction logs,
  • preserved with minimal alteration.

Where possible:

  • keep original files (exported chats, downloaded receipts),
  • maintain the device where data is stored,
  • avoid reinstalling apps that might wipe logs.

7) Drafting the Complaint-Affidavit: what prosecutors look for

A strong Complaint-Affidavit is factual, chronological, and ties evidence to legal elements.

Suggested structure

  1. Personal circumstances

    • Name, age, address, ID, contact details.

  2. How you encountered the suspect

    • Platform, username, phone number, links.

  3. Representation and deception

    • What the suspect claimed; what convinced you.

  4. Your reliance and payment

    • Amount, method, date/time, reference numbers.

  5. Non-performance and demand

    • Failure to deliver, excuses, blocking, refusal to refund.

  6. Damage

    • Amount lost and other harm (e.g., identity misuse, hacked accounts).

  7. Identification details

    • All known identifiers: bank/e-wallet account name/number, phone numbers, delivery addresses, social accounts.

  8. Prayer

    • Request investigation and prosecution for the appropriate offense(s), and civil damages.

Common pitfalls

  • Vague timelines (“sometime last month”)
  • Missing reference numbers
  • Cropped screenshots removing usernames/timestamps
  • Not explaining why the act is deceitful (mere “he did not deliver” without showing misrepresentation)

8) Step-by-step filing process (typical route)

Route 1: Start with PNP-ACG or NBI Cybercrime

  1. Bring your evidence (printed + digital copy).
  2. Give a statement; they may ask you to execute an affidavit.
  3. They evaluate possible offenses and investigative steps.
  4. They may coordinate with providers/platforms or advise you on next filing steps with the prosecutor.

Good for: unknown suspects, hacking/phishing, account takeover, more complex tracing.

Route 2: File directly at the Prosecutor’s Office

  1. Prepare your Complaint-Affidavit and annexes.
  2. Submit to the OCP/OPP docket section.
  3. Pay filing/administrative fees if applicable (varies by locality and type).
  4. The prosecutor issues a subpoena to the respondent (if identified and locatable).
  5. Preliminary investigation proceeds (exchange of affidavits).
  6. If probable cause is found, the Information is filed in court.

Good for: identified suspect with address and solid documentation.

Route 3: Parallel administrative/regulatory complaints

  • Submit complaint to SEC/BSP/NPC/DTI as appropriate. This can run alongside the criminal complaint.

9) Special situations and how complaints differ

A. Fake online seller / non-delivery scams (most common)

  • Core charge often: Estafa (deceit + payment + damage).
  • Evidence focus: listing, representations, payment proof, non-delivery, post-payment conduct (blocking).

Tip: Show that the seller induced payment through misrepresentation (fake identity, fake stock, fake tracking).

B. Investment and “guaranteed returns” scams

  • Criminal: estafa and related offenses; sometimes broader schemes.
  • Regulatory: SEC is crucial if solicitation involves unregistered securities or Ponzi patterns.

Evidence to collect:

  • “Return” promises, group chats, referral structure, screenshots of payouts (if any), names of organizers, bank accounts used.

C. Phishing/OTP theft/account takeover

  • Time-sensitive: prioritize bank/e-wallet and account security.
  • Evidence: phishing link, sender details, OTP messages, unauthorized transactions, login alerts.

Expect:

  • A stronger need for cybercrime investigators and coordination with financial institutions.

D. Romance scams / impersonation / sextortion

  • Criminal characterization varies (fraud, threats, extortion-like conduct, cyber-enabled offenses).
  • Evidence: identity claims, money requests, threats, payment proof, blackmail messages.

E. SIM-swap / number hijacking

  • Evidence: sudden loss of signal, telco change notifications, unauthorized OTP events, telco records.
  • Usually needs technical investigation and coordination.

10) Can you get the money back?

A. If you paid by bank/e-wallet transfer

Recovery depends on:

  • speed of reporting,
  • whether funds are still in the recipient account,
  • institution policies and legal constraints.

What helps:

  • prompt fraud report,
  • police report / complaint affidavit,
  • complete reference details,
  • cooperation of the receiving institution (often requires formal requests).

B. If you paid via card (credit/debit)

Chargeback/dispute frameworks may apply depending on the bank and transaction type. Document immediately.

C. If you paid cash via remittance/courier

Harder to recover unless identity is known and transactions can be traced.

11) Practical checklist: what to bring when filing

  • Government ID + photocopy
  • Printed Complaint-Affidavit (and extra copies)
  • USB/drive copy of evidence (or phone with files ready)
  • Printed annexes, labeled and indexed
  • Transaction receipts with reference numbers
  • URLs written in print (shortened links can be suspicious—include full URLs when possible)
  • Timeline summary (one page)

12) A usable Complaint-Affidavit template (fill-in format)

COMPLAINT-AFFIDAVIT I, [Full Name], of legal age, Filipino, and residing at [Address], after being duly sworn, depose and state:

  1. I am executing this affidavit to file a complaint for online fraud/estafa and related offenses against [Name/Unknown Person] who used the online identity [username/handle], contact number [number], and received funds through [bank/e-wallet] under the name [account name], account number [number].

  2. On [date/time], I saw/received [an advertisement/listing/message] on [platform] offering [item/service/investment]. The account [handle] represented that [specific promises/claims]. (Screenshot attached as Annex “A”.)

  3. After exchanging messages on [platform] (chat logs attached as Annex “B”), the respondent instructed me to pay PHP [amount] via [bank/e-wallet] to [account details].

  4. Relying on these representations, I transferred the amount on [date/time]. Proof of transfer and reference number [ref no.] are attached as Annex “C”.

  5. After payment, the respondent [failed to deliver / refused to refund / blocked me / made further demands]. My follow-up messages and the respondent’s responses are attached as Annex “D”.

  6. As a result, I suffered damage amounting to PHP [amount] plus incidental expenses [if any].

  7. I respectfully request that charges be filed against the respondent and that I be awarded appropriate damages.

IN WITNESS WHEREOF, I have hereunto set my hand this [date] at [city], Philippines.

[Signature over printed name] Affiant

SUBSCRIBED AND SWORN to before me this [date] at [city], affiant exhibiting [ID type/number].

13) Expectations: timelines, realities, and how to strengthen your case

A. Identifying the perpetrator takes time

Scammers use layered identities, mule accounts, and disposable numbers. Your best leverage is:

  • detailed account identifiers,
  • prompt reporting,
  • consistent documentation.

B. Cooperation of intermediaries is key

Platforms, telcos, and financial institutions hold logs and subscriber/account data. Access is typically mediated through lawful processes and formal requests by authorities.

C. The cleaner your evidence, the faster the evaluation

A complaint packet that is indexed, chronological, and well-supported is easier for investigators and prosecutors to act on.

14) Summary: the most effective “Philippine-practical” approach

  1. Secure accounts and preserve evidence immediately.
  2. Report to bank/e-wallet and platform right away.
  3. File with PNP-ACG or NBI Cybercrime if the suspect is unknown or tech-heavy; otherwise proceed directly to the Prosecutor’s Office with a strong Complaint-Affidavit and annexes.
  4. Add regulator complaints (SEC/BSP/NPC/DTI) when the scam type fits.
  5. Maintain an organized case file: timeline, annex index, original records, and reference numbers.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login