1) What “filing a cybercrime case” usually means in practice

In the Philippines, victims of online scams typically pursue criminal liability (so the offender can be investigated, charged, and prosecuted) and sometimes civil recovery (to get money back). “Filing a cybercrime case” commonly involves:

1. Preserving and organizing evidence (especially electronic evidence).
2. Reporting promptly to the proper agency (PNP Anti-Cybercrime Group, NBI Cybercrime Division, and/or other regulators).
3. Executing a sworn complaint-affidavit with attachments.
4. Lodging a criminal complaint for preliminary investigation at the Office of the City/Provincial Prosecutor (or through an investigating agency that will help build the case for the prosecutor).
5. If there is probable cause: the prosecutor files an Information in court, and the case proceeds in a designated cybercrime court (for cyber-related offenses).

Online scams often overlap “regular” crimes (like estafa) with cyber-related offenses under Republic Act No. 10175 (Cybercrime Prevention Act).

---

2) Common laws used against online scammers (Philippine context)

A. Revised Penal Code (RPC): Estafa (Swindling)

Many online scams are prosecuted as estafa (Article 315, RPC). Typical patterns include:

• Pretending to sell goods/services and taking payment with no intent to deliver;
• Using fake identities or false pretenses to obtain money;
• Investment/loan/job scams built on misrepresentations.

Why it matters: Even if the scam happened online, estafa is often the “anchor” charge because it squarely fits “deceit + damage.”

B. RA 10175 (Cybercrime Prevention Act of 2012)

RA 10175 covers offenses committed through ICT (computers, phones, internet). Depending on facts, a scam may be charged as:

• A cyber-related offense (when a traditional crime is committed through ICT, penalties may be affected under RA 10175), and/or
• Offenses like computer-related fraud (fact-dependent).

Why it matters: If the scam used online platforms, electronic communications, and digital transactions, the cybercrime framework strengthens investigation tools and venue rules, and may affect penalties.

C. RA 8792 (E-Commerce Act) + Rules on Electronic Evidence

RA 8792 recognizes the legal effect of electronic data messages and electronic documents, while the Rules on Electronic Evidence govern how electronic evidence is authenticated and admitted.

Why it matters: Your screenshots, chat logs, emails, transaction records, and platform messages can be admitted—if properly preserved and authenticated.

D. Other laws sometimes relevant (case-specific)

Depending on the scheme, additional laws may apply, such as:

• RA 8484 (Access Devices Regulation Act) if cards/access devices are involved;
• Data Privacy Act (RA 10173) where personal data misuse is part of the scheme (usually handled with care; not every scam becomes a data privacy case);
• Securities/investment regulations for investment scams (often coordinated with regulators).

---

3) Where to report vs. where to “file the case”

Think of it as two tracks that you can do in parallel:

Track 1: Report to investigating agencies (to help build the case)

• PNP Anti-Cybercrime Group (ACG)
• NBI Cybercrime Division

They can:

• Take your complaint, interview you, and help structure evidence;
• Coordinate preservation requests and investigative steps;
• Guide next actions for prosecutor filing.

Track 2: File a criminal complaint for preliminary investigation

• Office of the City Prosecutor / Provincial Prosecutor (jurisdiction depends on facts; see venue section below)

This is where the formal criminal complaint typically proceeds:

• Complaint-affidavit + attachments are submitted;
• Respondent is ordered to answer (counter-affidavit);
• Prosecutor resolves probable cause;
• If probable cause exists, the case is filed in court.

Practical tip: Many victims start with PNP ACG or NBI because they help organize the complaint and identify the right charges/respondents—especially when identities are unclear.

---

4) Immediate actions (first 24–72 hours): protect funds + preserve evidence

A. Try to stop further loss and trace the money

1. Contact your bank/e-wallet immediately

   • Request that they flag the transaction, freeze/hold if possible, and document your report via ticket/reference number.

2. Report the receiving account details (account name/number, e-wallet number, bank, timestamps).

3. Report to the platform used (Facebook/Instagram, marketplace, Telegram, etc.)

   • Request account takedown and preservation of records.

You may not recover money quickly, but early reporting improves the chance of tracing funds.

B. Preserve evidence properly (do this before chats disappear)

Online scammers delete accounts and messages. Preserve fast:

Must-have evidence:

• Full conversation logs (Messenger/WhatsApp/Viber/Telegram/SMS/email), including:

  • Username/profile link/ID
  • Time stamps
  • Any phone numbers or emails used

• Screenshots and exports where available:

  • Download your data / export chat feature if the platform has it

• Proof of payment:

  • Bank transfer receipts, e-wallet confirmations, reference numbers
  • Screenshot + official transaction history

• The “offer” itself:

  • Listings, posts, ads, product photos, terms

• Identity claims:

  • IDs they sent, selfies, business permits, “DTI/SEC certificates” (often fake), delivery tracking, etc.

• Delivery/fulfillment proof:

  • Non-delivery evidence, courier responses, fake tracking screenshots

• Your own records:

  • Timeline of events (date/time/amount/where you communicated)

Best practice for credibility:

• Keep original files (not just pasted screenshots).
• Don’t edit images; keep them in a folder with dates.
• If possible, record your screen while scrolling the conversation to show continuity.

---

5) Understanding venue/jurisdiction (where to file)

Venue can get confusing for cyber-enabled crimes because communications cross cities.

Common anchors for venue include:

• Where you sent the money / where your account is located;
• Where you received the fraudulent communications (your location when you read/relied on them);
• Where the offender is located (if known);
• Where any essential element happened.

Practical approach: If you’re unsure, start with PNP ACG/NBI Cybercrime or your local prosecutor’s office; they can help identify the best venue based on your documents.

---

6) Building a strong complaint: what prosecutors look for

A successful scam complaint usually needs:

1. Identity of the suspect (or at least traceable identifiers)
2. Deceit / fraudulent representation
3. Your reliance on it
4. Damage/loss (money/property)
5. Linkage evidence connecting the suspect to the account/number/profile that received funds

Even when the real-world identity is unknown at first, you can still file against:

• The person using “John Doe / Jane Doe” plus known handles, numbers, bank/e-wallet accounts, profile links …and request investigative steps to identify the true person behind them.

---

7) Step-by-step: how to file the case (end-to-end)

Step 1: Prepare a case folder (organized evidence pack)

Create a single folder (printed and digital) with:

• Timeline summary (1–2 pages)

• Complaint-affidavit (sworn)

• Annexes (labeled and paginated):

  • Annex “A” – Screenshots of listing/ad
  • Annex “B” – Chat logs
  • Annex “C” – Proof of payment
  • Annex “D” – Bank/e-wallet report reference
  • Annex “E” – Profile link screenshots + identifiers
  • Annex “F” – Demand message and response (if any)

Step 2: Write a sworn Complaint-Affidavit

A good complaint-affidavit is clear, chronological, and specific.

Typical structure:

1. Your identity and capacity (victim, Filipino/resident, address)

2. Short statement of what happened (one paragraph)

3. Detailed narration by date/time:

   • Where you saw the offer
   • What the suspect promised/claimed
   • What you paid and when
   • What you received (or didn’t)
   • How you discovered fraud

4. Identify the suspect using all known identifiers:

   • Name used, profile link, username
   • Phone numbers, emails
   • Bank/e-wallet receiving account details

5. State your loss (amount, additional costs)

6. Attach and reference annexes (“Attached as Annex ‘C’ is the transaction receipt…”)

7. Prayer:

   • Request investigation and filing of appropriate charges
   • Request issuance of subpoenas/preservation as necessary

8. Signature + jurat (notarization)

Important: Don’t exaggerate. Stick to what you can prove with annexes.

Step 3: Notarize the affidavit and prepare copies

• Notarize the complaint-affidavit.

• Print annexes clearly; label each page.

• Prepare multiple sets:

  • Prosecutor set
  • Investigating officer set
  • Your own set

Step 4: File with PNP ACG / NBI Cybercrime (recommended) and/or directly with the Prosecutor

Option A (common and helpful): File with PNP ACG or NBI Cybercrime They can assist in:

• Refining charges,
• Identifying suspect accounts,
• Coordinating next investigative steps.

Option B: File directly with the Office of the Prosecutor Submit the complaint-affidavit and annexes for preliminary investigation.

Step 5: Preliminary investigation process (what to expect)

Once docketed:

1. Prosecutor issues subpoena to the respondent (if identifiable/servable).

2. Respondent submits counter-affidavit + evidence.

3. You may file a reply-affidavit (if allowed/needed).

4. Prosecutor issues a resolution:

   • Dismissal (insufficient evidence), or
   • Finding of probable cause → Information filed in court

If the respondent is unknown, agencies may work on identification using lawful processes and records.

Step 6: Court stage (if probable cause is found)

• The case is filed in court (often a designated cybercrime court for cyber-related offenses).
• Court may issue a warrant of arrest depending on rules and circumstances.
• Trial proceeds; you may be a witness.
• You can pursue restitution/damages via civil action where applicable.

---

8) Electronic evidence: how to make your screenshots “count”

Screenshots help—but prosecutors and courts prefer evidence that is:

• Complete (shows context, timestamps, continuity),
• Authentic (traceable to source, not obviously altered),
• Corroborated (supported by bank records, platform identifiers, etc.).

Practical authentication tips

• Take screenshots that show:

  • The profile/username and the message in the same frame where possible
  • Date/time indicators

• Do a screen recording scrolling through the conversation from top to bottom

• Keep original files (don’t compress or re-save repeatedly)

• Include transaction histories from the bank/e-wallet app (not only the “success” pop-up)

• If you can export data (email headers, chat exports), include them

Getting stronger third-party records

When possible, request:

• Bank/e-wallet certifications or transaction details
• Courier confirmations (for fake waybills)
• Platform report reference numbers

(Actual disclosure of platform data typically follows legal processes; the point is to document identifiers early and preserve what you can.)

---

9) If you only have a username and no real name

You can still file. Use:

• “John/Jane Doe” respondent designation

• Every traceable identifier you have:

  • Profile links
  • Usernames
  • Phone numbers
  • Bank/e-wallet receiving account details
  • Any QR codes used
  • Emails, Telegram handles, etc.

Investigators can sometimes identify the user behind these through lawful requests and record correlations—your job is to preserve and present the identifiers cleanly.

---

10) Recovery options beyond the criminal case

Criminal prosecution is primarily about accountability; recovery can be difficult but not impossible.

A. Bank/e-wallet dispute and escalation

• Report immediately, keep all reference numbers
• Follow up in writing
• Provide complaint documents once docketed (if requested)

B. Platform complaints

• File reports with the marketplace/social platform
• Request takedown and preservation

C. Civil action / damages

Depending on circumstances, you may pursue civil recovery (sometimes alongside the criminal case). If the scam amount is modest and the defendant is identifiable and reachable, civil avenues may be more practical—but they still require proof and enforceability.

---

11) Special scenarios and how they change the approach

Online selling scam (non-delivery / bogus seller)

Key evidence:

• Listing/ad, chats, payment proof, non-delivery proof, identity claims

Likely charges:

• Estafa (+ cyber-related aspect if committed online)

Investment/crypto “doubling” schemes

Key evidence:

• Promotion materials, promised returns, recruitment messages, proof of deposits, withdrawal denials

Also consider:

• Reporting to relevant regulators (investment solicitations often implicate regulatory violations)

Account takeover / phishing leading to loss

Key evidence:

• Phishing links, login alerts, device logs, bank transfer chain, SIM swap indicators

Approach:

• Report to bank/telecom immediately, preserve security alerts and logs

Romance scam / long con

Key evidence:

• Timeline showing grooming + requests for money, false identity proofs, remittance trail

Approach:

• Focus on deceit + damage, and money trail

---

12) Mistakes that weaken cases (avoid these)

• Delaying reports until accounts disappear
• Submitting only selective screenshots that don’t show context
• Editing screenshots or messages (even “just to hide private info”) without keeping originals
• Posting public “exposés” that risk counterclaims or complicate investigation
• Not documenting the money trail (reference numbers, exact times, receiving account details)

---

13) A practical checklist you can follow today

Evidence checklist (minimum viable)

• Screenshot of scammer profile + URL/handle
• Screenshot(s) of offer/listing/promise
• Full chat screenshots + screen recording
• Proof of payment (receipt + transaction history)
• Receiving account details (bank/e-wallet number/name)
• Timeline (date/time/amount/event)
• Your government ID (often requested for reporting)
• Any report reference numbers (bank/platform)

Filing checklist

• Complaint-affidavit drafted and notarized
• Annexes labeled, paginated, printed clearly
• Soft copy of all evidence saved (USB/cloud)
• Report filed with PNP ACG or NBI Cybercrime (recommended)
• Complaint filed for preliminary investigation with prosecutor (or coordinated through investigators)

---

14) Simple Complaint-Affidavit outline (copy-ready structure)

You can use this as a guide (not a fill-in form):

1. Title: Complaint-Affidavit

2. Affiant details: name, age, citizenship, address

3. Statement: “I am executing this affidavit to complain against [Name/John Doe], using [handles/accounts], for defrauding me through an online scam.”

4. Facts (chronological):

   • Date I saw the offer
   • Representations made
   • My actions relying on them
   • Payment details (amount, date/time, reference no.)
   • Non-delivery/refusal/blocked communication

5. Identifiers of respondent: profile link, username, phone, email, bank/e-wallet receiving account

6. Loss/damage: amount + related costs

7. Annex references

8. Prayer: investigation and filing of appropriate charges

9. Signature + notarization

---

15) Final reminders

• Move fast: the money trail and digital trail go cold quickly.

• The strongest scam cases are the ones with:

  • clear deceit,
  • clear payment proof,
  • clear linkage to receiving accounts/identifiers,
  • organized annexes and a coherent timeline.

This article is general legal information for the Philippine setting and is not a substitute for advice on your specific facts. If you want, paste a redacted version of your timeline (dates, platform used, how you paid, what identifiers you have), and I’ll map it to the most likely filing path and evidence gaps to fix—without exposing your private data.