How to File a Cybercrime Case for Online Hacking and Scamming

A Legal Article in Philippine Context

I. Introduction

In the Philippines, victims of online hacking and scamming often begin with the same urgent questions: Where do I report it? What evidence should I preserve? Is it a cybercrime case, an estafa case, or both? Should I go to the police, the NBI, the prosecutor, the bank, the platform, or all of them? Can I still recover my money if the scammer used fake names, stolen accounts, e-wallets, or social media? What if my Facebook, email, bank account, or e-wallet was hacked and then used to defraud others?

These questions arise because “online hacking and scamming” is not one single offense. It may involve one or more of the following:

  • unauthorized access to an account or device,
  • identity theft,
  • phishing,
  • online fraud,
  • social media takeover,
  • e-wallet compromise,
  • unauthorized bank transfer,
  • fake online selling,
  • investment scam,
  • romance scam,
  • account impersonation,
  • SIM-based takeover,
  • malicious use of stolen personal data,
  • extortion after hacking,
  • or hacking used as a tool to commit estafa or other fraud.

The legal response therefore depends on the actual facts. In many cases, the victim is dealing not with one isolated offense but with a combination of cybercrime, fraud, identity misuse, and unlawful access to data or systems. Filing the right case requires understanding three things at once:

  1. what offense was committed,
  2. what evidence proves it, and
  3. which office should receive the complaint first.

This article explains, in Philippine legal context, how to file a cybercrime case for online hacking and scamming, what laws may apply, where to report, how to preserve evidence, what documents are useful, how cybercrime complaints usually move from complaint to investigation to prosecution, what special issues arise in banking, e-wallet, and social media cases, and what civil, criminal, and administrative remedies may also exist.

II. The First Crucial Distinction: Hacking Case, Scam Case, or Both

A. Hacking and scamming are not always the same offense

A person may be a victim of:

  • hacking without immediate monetary loss, such as unauthorized access to email, social media, or cloud accounts;
  • scamming without actual hacking, such as fake sellers, investment fraud, fake job offers, or fraudulent online solicitations;
  • or both at once, such as when an account is hacked and then used to trick other people into sending money.

B. Why this matters

The exact offense affects:

  • the legal theory,
  • the kind of evidence needed,
  • the investigating office’s approach,
  • whether digital forensic work is needed,
  • and how the complaint is framed.

C. Common combinations

In practice, the most common combinations include:

  1. Unauthorized access plus fraud Example: your e-wallet was accessed without permission and money was transferred out.

  2. Account takeover plus impersonation Example: your Facebook account was hacked and used to solicit funds from your contacts.

  3. Phishing plus theft of credentials plus financial loss Example: you clicked a fake banking link and your account was emptied.

  4. Pure online scam without actual hacking Example: fake online seller, fake investment, or fake loan processing.

  5. Hacking plus blackmail or extortion Example: a private account is compromised and the attacker demands money.

A complaint may therefore involve more than one offense.

III. Main Legal Framework in the Philippines

A. Cybercrime law

The principal law governing cybercrime offenses is the Cybercrime Prevention Act. This law covers, among others, conduct involving:

  • illegal access,
  • illegal interception,
  • data interference,
  • system interference,
  • misuse of devices,
  • computer-related forgery,
  • computer-related fraud,
  • computer-related identity theft,
  • and other cyber-related offenses.

B. Revised Penal Code and related penal laws

Even where the offense happens online, traditional crimes may still apply, including:

  • estafa,
  • falsification-related offenses in some settings,
  • threats,
  • coercion,
  • unjust vexation,
  • extortion-related conduct depending on facts,
  • and related offenses.

In many cybercrime complaints, the online method does not replace the old offense; it may instead aggravate it or bring it within cybercrime treatment.

C. Data privacy and other regulatory rules

Where the incident involves misuse of personal data, identity information, or unauthorized disclosure, other legal frameworks may also become relevant.

D. Banking, e-money, and platform regulation

If the scam or hacking affected:

  • bank accounts,
  • e-wallets,
  • electronic money issuers,
  • payment processors,
  • digital exchanges,
  • or regulated financial platforms,

there may be additional reporting and remedial channels beyond the criminal complaint.

IV. Common Offenses in Online Hacking and Scamming Cases

A. Illegal access

This generally refers to unauthorized access to a computer system, account, or digital environment. Examples:

  • breaking into email or social media,
  • taking over cloud accounts,
  • entering an online banking account without permission,
  • accessing a device or platform account unlawfully.

B. Computer-related fraud

This often applies where computer systems or digital processes are used to commit fraudulent deprivation of money, property, or economic value.

C. Computer-related identity theft

This may apply where another person’s identifying information, credentials, or digital identity is misused online.

D. Computer-related forgery

This may arise where digital records, messages, or documents are manipulated to create false authenticity.

E. Estafa

Where deceit induced the victim to part with money or property, estafa may still be central, even if the communication happened through social media, messaging apps, or other digital means.

F. Unauthorized bank or e-wallet transactions

These may involve multiple theories at once: illegal access, fraud, identity theft, and estafa-type conduct depending on the facts.

G. Account takeover used to scam others

A hacked victim may also need to report that his account was used to deceive third persons, both to protect himself and to support the criminal complaint.

V. The Most Important Immediate Rule: Preserve Evidence Before It Disappears

A. Digital evidence is fragile

In cybercrime cases, the biggest early mistake is losing evidence. Messages get deleted, accounts get suspended, links go dead, numbers get deactivated, posts disappear, and call logs get overwritten.

B. Preserve first, argue later

Before engaging emotionally with the scammer or attacker, the victim should preserve as much evidence as possible.

C. What should be preserved

The victim should keep copies of:

  • screenshots of chats, emails, texts, and app messages,
  • profile URLs and usernames,
  • account names and handles,
  • phone numbers,
  • email addresses,
  • transaction reference numbers,
  • bank transfer slips,
  • e-wallet transaction history,
  • login alerts,
  • IP or device notifications if available,
  • recovery emails,
  • unauthorized device logs,
  • payment receipts,
  • fake offers or advertisements,
  • photos or IDs used by the scammer,
  • website URLs,
  • browser history,
  • timestamps,
  • audio messages,
  • and names of witnesses or other victims.

D. Preserve metadata where possible

A screenshot is useful, but full context is better. Keep:

  • full chat threads, not just cropped images,
  • original emails with headers if possible,
  • transaction confirmations,
  • app notifications,
  • and device-generated security alerts.

E. Do not alter the evidence

Do not edit screenshots in a way that removes time, sender, URL, or account information. Keep originals when possible.

VI. Immediate Protective Steps Before Filing the Case

A. Secure compromised accounts

If the case involves hacking, the victim should quickly:

  • change passwords,
  • log out suspicious sessions,
  • enable two-factor authentication,
  • change recovery email or phone if still possible,
  • revoke device access,
  • secure linked accounts,
  • and preserve security notifications before deleting anything.

B. Notify banks or e-wallets immediately

If money is involved, immediate notice to the bank, e-wallet, or payment platform is critical. Ask them to:

  • freeze or block suspicious transactions if still possible,
  • lock the account,
  • record the complaint,
  • issue reference numbers,
  • and preserve transaction logs.

C. Notify the platform

If the incident involves social media, marketplace apps, messaging platforms, or email services, report the compromised account or scam profile through official platform channels.

D. Warn contacts if your account was hijacked

If your account is being used to scam others, notify your contacts quickly and preserve proof that you did so.

E. Document all reports made

Keep complaint ticket numbers, email confirmations, chat transcripts with support teams, and hotline reference numbers.

VII. Where to File the Cybercrime Complaint

A. Law enforcement cybercrime units

Victims commonly report cybercrime cases to:

  • cybercrime-focused law enforcement units,
  • the cybercrime divisions of the police,
  • or the cybercrime units of the NBI.

B. National Bureau of Investigation

The NBI Cybercrime Division is one of the principal offices that can receive complaints involving hacking, fraudulent online schemes, account compromise, and related cyber offenses.

C. Philippine National Police cybercrime units

The PNP Anti-Cybercrime Group and related cyber units are also major receiving points for complaints.

D. Local police station

If specialized units are not immediately accessible, the victim may start with the local police station, especially to create an initial blotter or incident report. But purely cyber cases are often better elevated quickly to specialized cybercrime investigators.

E. Prosecutor’s office

Ultimately, criminal cases are filed for prosecution through the prosecutor’s office, but victims usually first go through law enforcement investigation and complaint evaluation, especially where digital tracing is needed.

F. Why starting point matters

A specialized cybercrime unit is often better equipped to understand:

  • device logs,
  • online platform evidence,
  • transaction tracing,
  • IP-related issues,
  • preservation requests,
  • and account-link analysis.

VIII. Which Office Is Better: NBI or PNP Cybercrime

A. No single universal answer

Both may receive complaints. The better practical choice often depends on:

  • location,
  • urgency,
  • complexity,
  • whether financial tracing is needed,
  • whether the victim already has a local police report,
  • and ease of access to investigators.

B. NBI may be especially helpful in complex digital fraud or multi-platform cases

This can include:

  • social media takeovers,
  • cross-platform scams,
  • fake online selling rings,
  • digital identity misuse,
  • and cases needing digital evidence evaluation.

C. PNP cybercrime units may also be effective, especially for immediate police coordination

This can be important where:

  • threats are ongoing,
  • local tracing is needed,
  • money movement is recent,
  • or urgent protective steps are required.

D. The key is to go to a competent office quickly

Delay harms traceability.

IX. What to Bring When Filing the Complaint

A victim should ideally bring:

  • valid government-issued ID,
  • a written narration of facts,
  • screenshots and printouts of evidence,
  • soft copies of files in a USB or device where appropriate,
  • bank or e-wallet transaction records,
  • complaint ticket numbers from platforms or banks,
  • copies of emails and headers if available,
  • device logs or security alerts,
  • proof of ownership of hacked account,
  • and names of witnesses or other victims if known.

A. Why a written chronology helps

Cybercrime complaints are often confusing if narrated only orally. A written timeline should ideally state:

  • when the hacking or scam started,
  • how contact was made,
  • what account or system was compromised,
  • what was lost,
  • what the scammer asked for,
  • what transfers occurred,
  • and what steps the victim already took.

B. Keep the chronology factual

Do not exaggerate. Accuracy matters more than drama.

X. The Complaint-Affidavit

A. Central document in filing

The core complaint usually takes the form of a complaint-affidavit or sworn statement explaining the facts.

B. What it should contain

A strong complaint-affidavit usually includes:

  1. identity of the complainant,
  2. account or platform involved,
  3. date and manner of hacking or scam,
  4. description of communications,
  5. how money or access was taken,
  6. losses suffered,
  7. efforts made to stop or report the incident,
  8. identification of the suspect if known,
  9. attached supporting documents and screenshots,
  10. request for investigation and filing of the proper criminal case.

C. Avoid legal conclusions you cannot support

State facts clearly first. Let investigators and prosecutors determine the precise legal labeling if needed.

D. Sworn execution matters

The affidavit is usually subscribed before a proper officer or investigator as required.

XI. If the Suspect’s Real Identity Is Unknown

A. This is common in cybercrime

Many victims know only:

  • a social media account,
  • phone number,
  • GCash or Maya number,
  • bank account name,
  • email address,
  • delivery account,
  • or marketplace profile.

B. Unknown identity does not prevent filing

A complaint can still be filed against a person whose exact legal identity is unknown, as long as the available identifiers are described.

C. Why filing still matters

Investigators may be able to pursue:

  • subscriber data,
  • account registration details,
  • transaction trails,
  • device links,
  • platform records,
  • financial account traces,
  • and related identifiers.

D. The complaint should include all known digital footprints

Even small fragments matter.

XII. Role of Banks, E-Wallets, and Payment Platforms

A. Immediate reporting is crucial

If money was transferred through a bank or e-wallet, the victim should report the incident immediately.

B. Why this helps the criminal case

Banks and e-wallets may hold:

  • transaction logs,
  • destination account details,
  • KYC information,
  • timestamps,
  • and reference numbers.

These can become crucial evidence.

C. Ask for complaint reference and account details preservation

Even if funds cannot be reversed immediately, the records can help investigation.

D. The financial institution is not a substitute for the criminal complaint

Its internal complaint process is important, but separate from the criminal case.

XIII. Role of Social Media, Email, and Online Platforms

A. Platform reports matter

If the scam or hacking occurred through:

  • Facebook,
  • Instagram,
  • TikTok,
  • X,
  • Telegram,
  • Viber,
  • WhatsApp,
  • email providers,
  • online marketplaces,
  • or gaming platforms,

make a formal report to the platform.

B. Why this matters

The platform may preserve:

  • account history,
  • login activity,
  • messages,
  • linked email or phone data,
  • and abuse reports.

C. Save the report confirmation

This helps show timely action and may later support law enforcement coordination.

XIV. If the Hacked Account Was Used to Scam Other People

A. You may be both victim and potential target of complaints

If your hacked account was used to solicit money from your contacts, some of them may initially think you were the scammer.

B. Why immediate reporting protects you

Prompt reporting to law enforcement and the platform helps show that:

  • you were hacked,
  • you did not authorize the solicitations,
  • and you acted to stop the misuse.

C. Preserve proof of loss of control

Keep evidence such as:

  • inability to log in,
  • password reset alerts,
  • unauthorized login notifications,
  • device or IP changes,
  • conversations from friends showing the fake solicitations.

D. This can also support identity-theft and illegal-access aspects of the complaint

XV. Jurisdiction and Venue Concerns

A. Cybercrime can cross locations easily

The victim may be in one city, the scammer in another, the payment account in another region, and the platform servers elsewhere.

B. This does not make the case impossible

Cybercrime law and criminal procedure allow investigation and filing despite the digital spread of events, though the exact venue analysis can be complex.

C. Practical rule

File promptly with a competent Philippine cybercrime unit where the victim is located or where material elements of the offense occurred, then let investigators and prosecutors address venue specifics.

D. Delay is more harmful than imperfect initial venue choice

An early report is usually better than waiting too long while evidence goes cold.

XVI. What Investigators Usually Do After the Complaint

A. Initial evaluation of complaint and attachments

Investigators assess whether the facts suggest:

  • cybercrime offenses,
  • estafa or fraud,
  • identity misuse,
  • illegal access,
  • or related offenses.

B. Affidavit-taking and documentary collection

The victim may be asked to:

  • execute a sworn statement,
  • submit printed and digital evidence,
  • clarify the sequence of events.

C. Coordination for account tracing

Investigators may coordinate with:

  • banks,
  • e-wallets,
  • telecoms,
  • social media platforms,
  • internet service providers,
  • and other relevant entities, subject to legal processes.

D. Referral for inquest does not usually happen the same way as in street arrests

Cybercrime cases usually proceed through complaint evaluation and investigation rather than immediate inquest, unless a suspect has already been arrested under special circumstances.

E. Case build-up can take time

Tracing digital actors is often slower than victims expect.

XVII. Filing Before the Prosecutor

A. Complaint must eventually be prosecuted

After investigation and evidence gathering, the case may be referred for preliminary investigation before the prosecutor.

B. The prosecutor examines probable cause

The prosecutor determines whether sufficient basis exists to file the criminal information in court.

C. You may need to execute additional affidavits

Victims may be asked for:

  • supplemental affidavit,
  • clarification affidavit,
  • identification affidavit,
  • or explanation of transaction records.

D. The respondent may submit counter-affidavits if identified

Once a suspect is known and notified, the case enters adversarial preliminary investigation.

XVIII. If the Case Involves Only a Scam but Not Technical Hacking

A. Still reportable as cyber-enabled fraud

A case does not stop being serious just because no password was stolen. If the scam occurred online through deceit, it may still support:

  • estafa,
  • computer-related fraud depending on the mechanism,
  • identity misuse,
  • or related offenses.

B. Examples

  • fake online seller,
  • fake ticketing or travel booking,
  • investment scam,
  • phishing payment link,
  • impersonation scam,
  • fake loan approval scam,
  • romance scam.

C. Evidence still matters just as much

Chats, receipts, account numbers, and screenshots remain central.

XIX. If the Case Involves Threats, Blackmail, or Extortion After Hacking

A. More offenses may be involved

If the hacker demands money to restore access, prevent publication, or stop further harm, additional criminal theories may arise.

B. Do not delete the threats

Preserve:

  • messages,
  • payment demands,
  • screenshots,
  • account handles,
  • voice notes,
  • and any proof linking the threat to the hack.

C. Do not negotiate recklessly

Victims often panic and engage deeply with the attacker. Preserve evidence first and coordinate with authorities where possible.

XX. Civil Recovery and Asset Tracing

A. Criminal case is not the only concern

Victims often want money back, not just punishment.

B. Recovery is harder than reporting

Even when a criminal case is filed, recovering lost funds can be difficult if the scammer quickly layered, transferred, or withdrew the money.

C. Why financial records matter

Bank and e-wallet trails may support both:

  • criminal prosecution, and
  • later recovery efforts.

D. Criminal complaint does not automatically return the money

Victims should be realistic about this while still pursuing the case.

XXI. Multiple Victims and Group Complaints

A. Many online scams have multiple victims

If the same seller, account, or scheme defrauded several people, multiple complainants strengthen the case.

B. Why group evidence helps

It can show:

  • a pattern of fraud,
  • repeated use of the same accounts,
  • common scripts,
  • coordinated deceit,
  • and bad faith beyond a single misunderstanding.

C. But each complainant should still preserve individual proof

Shared outrage is not enough; each victim needs his own evidence trail.

XXII. If the Suspect Is a Known Person

A. Cybercrime does not require anonymity

The hacker or scammer may be:

  • an ex-partner,
  • employee,
  • former friend,
  • co-worker,
  • relative,
  • or known online seller.

B. Known identity changes the case strategy

If the suspect is known, evidence of motive, access, and identity linkage becomes even more important.

C. Still avoid self-help retaliation

Do not hack back, threaten, or dox the suspect. That may create separate legal problems.

XXIII. Common Mistakes Victims Make

1. Waiting too long

Delay weakens traceability.

2. Deleting chats after feeling embarrassed

This destroys core evidence.

3. Failing to notify banks or e-wallets immediately

This may lose the chance for urgent tracing or blocking.

4. Relying only on screenshots without preserving full context

Investigators may need more than isolated images.

5. Not filing because the suspect used a fake name

Unknown identity is common and not a reason to give up.

6. Sending more money to “recover” the first loss

This often worsens the scam.

7. Accepting private excuses without documentation

Scammers often stall victims into inaction.

8. Confusing platform report with criminal filing

Reporting to Facebook or a marketplace is not the same as filing a criminal complaint.

XXIV. Common Mistakes in Complaint Drafting

A. Being too vague

Saying “my account was hacked and I was scammed” is not enough. The complaint must explain:

  • what account,
  • when,
  • how,
  • what happened next,
  • and what loss resulted.

B. Mixing speculation with fact

Do not claim things you cannot support. Separate:

  • what you know,
  • what you suspect,
  • and what records show.

C. Failing to attach the actual proof

Screenshots and transaction records are often more important than emotional narrative.

D. Ignoring timeline

Cybercrime cases are easier to evaluate when the events are chronologically organized.

XXV. Practical Structure of a Strong Complaint Package

A strong complaint package usually includes:

  1. Complaint-affidavit with clear timeline
  2. Screenshots of chats, posts, emails, or threats
  3. Transaction evidence
  4. Account ownership proof
  5. Platform complaint reference numbers
  6. Bank or e-wallet complaint references
  7. Security alerts showing unauthorized access
  8. Witness statements, if any
  9. List of suspect identifiers
  10. Soft copies of evidence for digital review

XXVI. Distinguishing Cybercrime From Mere Private Dispute

A. Not every online disagreement is cybercrime

Sometimes people label an ordinary failed transaction as hacking or cybercrime when the issue is actually:

  • a civil breach,
  • delayed delivery,
  • refund disagreement,
  • or poor service.

B. What raises the case into real cybercrime or fraud

Indicators include:

  • fake identities,
  • unauthorized access,
  • deceptive solicitation,
  • deliberate account takeover,
  • concealment,
  • money extraction by deceit,
  • repeated victimization,
  • falsified digital communications,
  • or malicious use of digital systems.

C. Clear facts matter more than labels

Investigators will look at acts, not outrage alone.

XXVII. The Role of the Victim After Filing

A. Remain reachable

Investigators or prosecutors may need clarifications.

B. Preserve devices if necessary

In some hacking cases, your phone, laptop, or account logs may be relevant. Do not wipe everything immediately if investigators may need to inspect.

C. Keep monitoring for further misuse

The attacker may continue using your data or accounts.

D. Update authorities with new developments

If new victims surface or new payment accounts appear, inform investigators.

XXVIII. Core Legal Principles

Several principles summarize how to file a cybercrime case for online hacking and scamming in the Philippines.

1. “Online hacking and scamming” may involve multiple offenses.

It can be illegal access, fraud, identity theft, estafa, or a combination.

2. Evidence preservation comes first.

Digital proof disappears quickly.

3. Immediate reporting to banks, e-wallets, and platforms is crucial.

This protects both the victim and the evidentiary trail.

4. Specialized cybercrime units are usually the best first law-enforcement contact.

NBI and PNP cybercrime units are central channels.

5. Unknown identity does not prevent filing.

Digital identifiers can still support investigation.

6. A good complaint needs a clear chronology and complete attachments.

Facts and records matter more than anger.

7. Platform reports and criminal complaints are different.

Both may be necessary.

8. Hacking and scamming cases often overlap with ordinary penal offenses.

Cyber means do not erase estafa or related crimes.

9. Filing a case does not automatically recover lost money.

But it is often essential for tracing, accountability, and protection.

10. Delay is one of the victim’s worst enemies.

Fast action improves the chances of tracing data and funds.

XXIX. Conclusion

In the Philippines, filing a cybercrime case for online hacking and scamming requires more than simply telling authorities that you were victimized online. A legally sound complaint begins by identifying the actual conduct involved—whether it was illegal access, phishing, impersonation, online fraud, account takeover, or a combination of these—and then preserving the digital evidence that proves the sequence of events. The victim should act quickly: secure compromised accounts, notify banks or e-wallets, report the account misuse to the relevant platform, and bring the matter to a competent cybercrime unit such as the NBI or PNP cybercrime authorities.

The strongest cases are built on disciplined evidence: screenshots, transaction logs, security alerts, account identifiers, complaint references, and a clear sworn timeline. Even where the scammer’s real name is unknown, a case may still be filed using the digital footprints available. And even where money recovery is uncertain, a formal complaint remains important because it creates the basis for investigation, tracing, prosecution, and protection against further harm.

At bottom, the law does recognize online hacking and scamming as serious offenses. But victims must meet the law halfway by preserving the right evidence, going to the right office, and filing the complaint in a structured and timely way.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login