How to File a Cybercrime Complaint for Identity Misuse by Online Gambling Sites

If an online casino, sportsbook, bingo app, or gambling website used your name, ID, selfie, mobile number, e-wallet, bank account, or other personal details without permission, treat it as both a cybercrime issue and a data privacy issue. In the Philippines, identity misuse connected to online gambling can lead to fake accounts, unauthorized KYC verification, suspicious financial transactions, harassment, account freezes, or even your name appearing in investigations involving illegal gambling or fraud. This guide explains what laws apply, where to file, what evidence to preserve, and how the complaint process usually works in practice.

What “identity misuse” by an online gambling site usually means

Identity misuse is broader than someone simply pretending to be you. In online gambling cases, it often happens in one of these ways:

  • A gambling account is created using your full name, birthday, address, ID number, or mobile number.
  • Your government ID or selfie was uploaded for KYC verification without your consent.
  • A gambling site links your GCash, Maya, bank account, or crypto wallet to an account you did not open.
  • Your identity is used to receive, move, or withdraw gambling-related funds.
  • A fake or unlicensed gambling site uses your personal information to pressure you to pay “tax,” “verification fees,” “withdrawal charges,” or “anti-money laundering clearance.”
  • A licensed platform refuses to close an account or correct wrong personal information after you report that the account is not yours.
  • Your ID is recycled from another transaction, such as lending apps, Telegram groups, job applications, online selling, or previous KYC submissions.

The legal issue depends on the facts. The same incident may involve computer-related identity theft, computer-related fraud, unauthorized processing of personal information, estafa, falsification, or violations of gaming regulations.

Main Philippine laws that may apply

RA 10175: Cybercrime Prevention Act of 2012

The key law is the Cybercrime Prevention Act of 2012, Republic Act No. 10175.

For identity misuse, the most relevant provision is Section 4(b)(3), computer-related identity theft. It covers the intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another person, without right.

In plain English, this may apply when someone uses your identity details online without permission, such as by creating or verifying a gambling account under your name.

Other RA 10175 offenses may also be relevant:

Possible cybercrime When it may apply
Computer-related identity theft Your personal information, ID, selfie, mobile number, or account details were used without authority
Computer-related fraud There was fraudulent input, alteration, or use of computer data that caused damage or attempted financial gain
Illegal access Your existing account, email, mobile app, wallet, or gambling profile was accessed without authority
Data interference or system interference Data was altered, deleted, or manipulated in a computer system

The Supreme Court case Disini v. Secretary of Justice, G.R. No. 203335 (2014) upheld important parts of RA 10175 while striking down some unconstitutional provisions. The decision is useful because it confirms that the Philippines recognizes cybercrime prosecution, while still requiring constitutional safeguards such as due process and privacy protections. The decision is available on Lawphil.

RA 10173: Data Privacy Act of 2012

The Data Privacy Act of 2012, Republic Act No. 10173, protects personal information and sensitive personal information.

For gambling-related identity misuse, the most important data may include:

  • Full name
  • Birthday
  • Address
  • Mobile number
  • Email address
  • Government ID number
  • Passport, driver’s license, PhilID, UMID, PRC ID, or other ID image
  • Selfie or biometric-style verification photo
  • Bank, card, wallet, or transaction details

Under Section 16 of RA 10173, a data subject has rights such as the right to be informed, access personal data, object to certain processing, correct inaccurate data, and seek damages when privacy rights are violated.

If an online gambling operator, app, payment processor, affiliate, or verification provider collected or processed your personal data without lawful basis, you may file a privacy complaint with the National Privacy Commission (NPC). The NPC has an official page on filing formal complaints.

Revised Penal Code: estafa, falsification, and use of false identity

Cybercrime is not always the only route. The Revised Penal Code may also apply, especially when money, fake documents, or misrepresentation are involved.

Common provisions include:

  • Article 315, estafa — if someone deceived you or another person to obtain money or property.
  • Articles 171 and 172, falsification — if documents, IDs, records, or statements were falsified.
  • Article 178, using fictitious name and concealing true name — if a person used a false name to hide identity and cause damage or evade responsibility.

If your ID was used to open an account and then receive funds, withdraw winnings, launder money, or scam others, law enforcement may evaluate both cybercrime and regular criminal offenses.

Civil Code remedies for privacy, dignity, and damages

The Civil Code may matter if you suffered reputational harm, harassment, financial damage, or emotional distress.

Relevant provisions include:

  • Article 19 — everyone must act with justice, give everyone their due, and observe honesty and good faith.
  • Article 20 — a person who causes damage contrary to law must indemnify the injured party.
  • Article 21 — a person who willfully causes loss or injury in a manner contrary to morals, good customs, or public policy may be liable for damages.
  • Article 26 — protects human dignity, personality, privacy, and peace of mind.

These provisions are usually raised in a civil claim for damages or as supporting legal basis in a complaint narrative.

RA 12010: Anti-Financial Account Scamming Act

If your bank account, e-wallet, payment account, or financial credentials were used in connection with the gambling site, the Anti-Financial Account Scamming Act, Republic Act No. 12010, may also become relevant.

This law targets financial account scamming and related schemes. It is especially important when the identity misuse involves:

  • money mule activity;
  • unauthorized transfers;
  • phishing or account takeover;
  • use of an account to receive scam proceeds;
  • suspicious movement of funds through e-wallets or bank accounts.

In practical terms, this means you should also report the incident immediately to your bank, e-wallet provider, or payment platform and ask for a case or ticket number.

Is the online gambling site legal or illegal?

This matters because your complaint may go to different offices.

PAGCOR regulates gaming in the Philippines. Its Electronic Gaming Licensing Department states that PAGCOR regulates games of chance and licenses gaming operations within Philippine territory, including certain local online gaming platforms connected with licensed operations. PAGCOR also maintains a current list of PAGCOR-accredited gaming system administrators and registered brands/domain names.

Do not rely only on a logo at the bottom of a website. Many scam sites copy PAGCOR seals, fake license certificates, or names similar to legitimate brands.

Use this quick distinction:

Situation What it usually means Where to report
Site appears on PAGCOR’s current registered brand/domain list It may be a regulated local gaming platform PAGCOR, platform’s data protection officer, NPC, PNP/NBI if criminal conduct exists
Site claims “PAGCOR licensed” but domain is not on the list License claim may be fake or misleading PNP ACG or NBI Cybercrime Division; PAGCOR for verification
Site targets foreign players from the Philippines as offshore gaming Offshore gaming operations were banned under EO 74 PNP/NBI, PAGCOR, possibly immigration/law enforcement if foreigners or organized operations are involved
Site asks for taxes, clearance fees, AML fees, or recharge payments before releasing winnings Common scam pattern PNP ACG or NBI Cybercrime Division; bank/e-wallet fraud unit
Your identity was used but no money was lost yet Still report early to preserve logs and prevent future liability PNP/NBI, NPC, platform, bank/e-wallet

Under Executive Order No. 74, series of 2024, Philippine Offshore Gaming Operators, Internet Gaming Licensees, and other offshore gaming operations were ordered to cease operations. This is different from PAGCOR-regulated local electronic gaming platforms. For ordinary complainants, the practical lesson is simple: verify the exact website domain, not just the brand name.

Where to file a cybercrime complaint in the Philippines

1. PNP Anti-Cybercrime Group

The Philippine National Police Anti-Cybercrime Group (PNP ACG) investigates cybercrime incidents, including online identity theft, scams, hacking, and fraud.

A walk-in report is often best when:

  • the incident is urgent;
  • money is moving through e-wallets or bank accounts;
  • you need help preserving digital evidence;
  • the suspect is still communicating;
  • the platform may delete logs soon;
  • you need guidance on whether the case is cybercrime, estafa, data privacy, or illegal gambling.

Bring printed and digital copies of evidence. The investigator will usually conduct an initial interview, evaluate jurisdiction, and advise whether a complaint-affidavit or additional documents are needed.

2. NBI Cybercrime Division

The National Bureau of Investigation Cybercrime Division also handles computer-related offenses. The NBI Citizen’s Charter page for investigative assistance for victims of computer crimes indicates that complainants may fill out the complaint form and submit it to the proper personnel.

The NBI may be practical when:

  • the case involves organized scams;
  • there are multiple victims;
  • the suspect or website is operating across regions;
  • the matter involves foreign nationals or offshore elements;
  • you need technical investigation or coordination with other agencies.

The NBI also has an online complaint page, but serious identity misuse cases are usually easier to explain with documents during a personal appearance or through direct coordination with the relevant NBI office.

3. National Privacy Commission

File with the National Privacy Commission when the main issue is misuse, unauthorized disclosure, refusal to correct or delete data, unlawful KYC processing, or failure of a company to protect your personal information.

For an NPC complaint, expect more formal paperwork than a police blotter. The NPC requires a complaint in a specific format, usually notarized, with supporting evidence. Its official instructions are on the NPC page for filing a complaint.

NPC is especially relevant if:

  • a licensed gambling operator processed your personal data without consent or lawful basis;
  • the company refuses to tell you how your data was obtained;
  • your ID and selfie were used for KYC without your participation;
  • your data was shared with affiliates, agents, or payment processors without proper basis;
  • the company ignored your request for correction, deletion, blocking, or account closure.

4. PAGCOR

PAGCOR is not a substitute for a criminal complaint, but it matters if the website is a PAGCOR-regulated platform or falsely claims to be one.

Report to PAGCOR when:

  • the website claims to be PAGCOR licensed;
  • the domain appears on PAGCOR’s list but the operator mishandled your identity;
  • a licensed platform refuses to act on your identity misuse report;
  • you want PAGCOR to verify whether a domain, brand, or certificate is legitimate.

PAGCOR’s official contact page provides current contact information, and its regulatory section lists electronic gaming contacts.

Step-by-step guide to filing the complaint

Step 1: Stop the damage first

Before preparing the legal complaint, protect yourself immediately:

  1. Change passwords for email, e-wallets, banking apps, and social media.
  2. Enable two-factor authentication.
  3. Call your bank or e-wallet fraud hotline if money or account linking is involved.
  4. Ask the bank or wallet provider to freeze suspicious transactions if possible.
  5. Save the ticket number or reference number.
  6. Do not send additional “verification,” “tax,” “AML,” or “unlocking” payments to the gambling site.
  7. Do not delete messages, even if they are embarrassing or stressful.

Speed matters because digital logs, IP addresses, device identifiers, session records, and transaction trails may become harder to obtain later.

Step 2: Preserve evidence properly

Do not rely on screenshots alone if you can preserve stronger proof.

Collect:

  • Screenshots of the gambling profile showing your name, photo, ID, username, or account number
  • Full website URL and domain
  • App name and download link, if any
  • Messages from customer service, Telegram, Viber, WhatsApp, Facebook, SMS, or email
  • Emails confirming registration, OTP, deposits, withdrawals, or verification
  • Transaction receipts from GCash, Maya, banks, cards, crypto wallets, or remittance centers
  • Phone numbers, account names, QR codes, and wallet numbers used
  • Copies of IDs that were misused
  • Proof that you did not create the account, such as your own device history or travel/work records if relevant
  • Screen recording showing the website, account page, URL bar, and date/time
  • A written timeline of events

For screenshots, include the URL, date, time, sender, full phone number or email address, and complete conversation thread where possible. Cropped images are weaker because investigators may ask how the message connects to the suspect or website.

Step 3: Verify whether the site is listed by PAGCOR

Check the site’s exact domain against PAGCOR’s registered brands and URLs. Be careful with lookalike domains.

For example, these are different:

  • example.ph
  • example.com
  • example-vip.com
  • example88.net
  • example.ph-login.com

A fake site may use the name of a real brand but operate through a different domain. Include your verification result in your complaint:

“The site claims to be licensed by PAGCOR, but I could not find the exact domain in PAGCOR’s published list of registered brands and domain names.”

or:

“The domain appears to correspond to a listed brand, so I am also reporting this to PAGCOR and the operator’s Data Protection Officer.”

Step 4: Send a preservation and account-freeze request

If there is an identifiable operator, email or message the platform immediately. Keep the tone factual.

Ask them to:

  • suspend the account using your identity;
  • preserve all logs, KYC files, uploaded IDs, selfies, IP addresses, device IDs, login history, transaction records, and linked payment accounts;
  • identify the Data Protection Officer or privacy contact;
  • confirm whether your data was processed and when;
  • provide a copy of personal data processed about you, subject to lawful limitations;
  • block further use of your identity.

Do not argue endlessly with customer service. A clear written request creates a record that you reported the misuse early.

Step 5: Prepare a complaint-affidavit

For a criminal complaint, you will usually need a complaint-affidavit. This is a sworn written statement of facts. It should be chronological, specific, and supported by attachments.

A practical structure:

  1. Your full name, address, contact details, nationality, and ID details.
  2. How you discovered the gambling account or identity misuse.
  3. What personal information was used.
  4. Why the use was unauthorized.
  5. Exact website, app, account name, username, phone number, or wallet involved.
  6. Money lost or risk created, if any.
  7. Steps you took to report to the platform, bank, wallet, PAGCOR, or NPC.
  8. Names or identifiers of suspects, if known.
  9. List of attachments.
  10. Request for investigation for possible violations of RA 10175, RA 10173, Revised Penal Code provisions, and other applicable laws.

If you are filing with the NPC, use the NPC’s required complaint form and format instead of submitting only a free-form affidavit.

Step 6: File with PNP ACG or NBI

Bring the following:

Requirement Practical notes
Valid government ID Passport, driver’s license, PhilID, UMID, PRC ID, or similar ID
Complaint-affidavit Some offices may provide a template or ask you to revise after interview
Evidence bundle Printed copies plus digital copies on USB or accessible cloud folder
Transaction records Include reference numbers, dates, amounts, recipient names, wallet numbers
Platform reports Emails or tickets sent to the gambling site, PAGCOR, bank, wallet, or NPC
Timeline A one-page timeline helps investigators understand the sequence quickly
Contact details Your active phone number and email for follow-up

Expect an initial evaluation. Not every report immediately becomes a filed criminal case. Investigators may first determine whether the case is within their office’s mandate, whether more evidence is needed, or whether another agency should also receive the complaint.

Step 7: Ask about preservation, disclosure, and warrants

The Philippines has a Supreme Court Rule on Cybercrime Warrants, A.M. No. 17-11-03-SC, which covers warrants and orders involving preservation, disclosure, interception, search, seizure, examination, custody, and destruction of computer data.

As a complainant, you do not personally issue these orders. Law enforcement and prosecutors handle the legal process. But you can help by clearly identifying what data may exist, such as:

  • subscriber records;
  • KYC documents;
  • IP logs;
  • login history;
  • device information;
  • OTP records;
  • wallet transaction logs;
  • linked bank accounts;
  • chat records;
  • admin records showing who approved verification.

The more specific your evidence request, the easier it is for investigators to evaluate what legal process may be needed.

Step 8: File related complaints if needed

Identity misuse by an online gambling site often requires more than one report.

Problem Additional action
Misused personal data or ID File with NPC
Licensed or supposedly licensed gambling platform Report to PAGCOR
Bank or e-wallet used Report to bank/wallet fraud unit immediately
SIM used for OTP or scam messages Report to telco and law enforcement
Fake ID or forged document Include falsification allegations in criminal complaint
Threats, extortion, harassment Preserve messages and include them in PNP/NBI report
Foreign scam site File cybercrime report and include all Philippine links: victims, payment channels, phone numbers, accounts, or operators

Sample complaint narrative

A clear narrative helps investigators. Adapt the facts to your situation:

On 10 January 2026, I discovered that an online gambling account on [website/app] was registered under my name and mobile number without my consent. The account contained or appeared to use my government ID/selfie/personal details. I never created, verified, funded, or authorized this account.

I learned of the account when I received [OTP/email/customer service message/bank notice/collection message]. I immediately contacted [platform/bank/e-wallet] and requested suspension and preservation of records. Attached are screenshots, transaction records, emails, and copies of the misused ID.

I respectfully request investigation for possible computer-related identity theft under RA 10175, violations of the Data Privacy Act under RA 10173, and other offenses such as fraud, falsification, or estafa if supported by the evidence.

Keep it factual. Avoid speculation such as “the owner is definitely a syndicate” unless you have evidence. Use “possible,” “appears,” or “based on the attached records” when the fact still needs investigation.

Common pitfalls that weaken cybercrime complaints

Deleting messages or blocking too early

Blocking may be necessary for safety, but first capture the full thread, account details, phone number, username, profile link, and payment instructions. Once deleted, messages may be difficult to reconstruct.

Sending more money to “release winnings”

Scam gambling sites often claim you must pay tax, AML clearance, VIP recharge, verification fee, or withdrawal unlocking fee. Real tax and compliance obligations are not normally paid by sending money to random wallets or personal accounts.

Filing only with PAGCOR when the site is fake

PAGCOR can verify licensing and regulate licensees, but fake gambling sites and identity theft require law enforcement. If the site is not legitimate, file with PNP ACG or NBI.

Filing only with the NPC when money was stolen

The NPC handles privacy violations. If there is fraud, theft, extortion, account takeover, or suspicious movement of funds, also file a cybercrime complaint and report to the bank or wallet provider.

Submitting screenshots without a timeline

Investigators need sequence: when you discovered the account, what data was used, what payments occurred, who contacted you, and what you did next. A simple timeline often makes the complaint much stronger.

Ignoring the exact domain name

Many complaints fail to distinguish between a legitimate brand and a fake lookalike. Always preserve the exact URL, including subdomains.

Practical timelines, fees, and bottlenecks

Timelines vary widely depending on the evidence, agency workload, cooperation of platforms, and whether foreign service providers are involved.

Stage Usual practical timeframe Common bottleneck
Evidence gathering by complainant Same day to 1 week Incomplete screenshots, missing URLs, deleted chats
Initial report to bank/e-wallet Same day Delayed reporting, transfers already withdrawn
PNP/NBI initial evaluation Same day to several weeks Need for clearer affidavit or more evidence
Platform/PAGCOR/NPC response Days to months Wrong contact channel, incomplete proof of identity
Cyber warrant or data request process Weeks to months Need for probable cause, foreign platform, technical specificity
Prosecutor evaluation/preliminary investigation Months or longer Identifying respondents and obtaining admissible records

Typical expenses may include:

  • photocopying and printing;
  • notarization of affidavit;
  • USB storage or evidence compilation;
  • courier fees for NPC filings;
  • authentication, apostille, or consular notarization if documents are executed abroad;
  • certified copies of bank or e-wallet records, if required by the provider.

There is usually no large “filing fee” to report a crime to law enforcement, but formal NPC processes may involve fees under NPC rules, and notarization or document preparation costs are common.

Special notes for OFWs, Filipinos abroad, and foreigners

If you are abroad

You can still prepare a complaint if the incident has a Philippine connection, such as:

  • a Philippine gambling platform;
  • a Philippine victim;
  • a Philippine mobile number;
  • a Philippine bank or e-wallet;
  • a suspect or operator in the Philippines;
  • use of a Philippine government ID;
  • damage suffered in the Philippines.

For documents signed abroad, Philippine agencies may require one of the following:

  • notarization before a Philippine embassy or consulate;
  • local notarization plus apostille if the country is part of the Apostille Convention;
  • consular authentication if apostille is not available or not accepted for that document type.

Because acceptance can vary by agency and document, check the receiving office’s requirements before sending originals.

If you are a foreigner

Foreigners may file complaints in the Philippines when there is a Philippine connection. Bring or attach:

  • passport bio page;
  • visa or ACR I-Card, if applicable;
  • proof of Philippine address or stay, if relevant;
  • proof of the Philippine transaction, platform, phone number, bank, wallet, or respondent;
  • notarized or authenticated affidavit if filing through a representative.

If the misuse involves a passport or foreign ID, also report the identity compromise to your embassy or relevant issuing authority, especially if the ID image may be reused elsewhere.

What to ask the platform, bank, or e-wallet

When communicating with a gambling site, bank, e-wallet, or payment processor, keep the request specific.

Ask for:

  • confirmation whether an account exists under your name, mobile number, email, ID, or selfie;
  • immediate suspension or blocking of the account;
  • preservation of all KYC and transaction records;
  • date and time of registration;
  • method of verification;
  • linked devices, phone numbers, emails, bank accounts, and wallets;
  • copies of personal data processed about you, where legally available;
  • case number or written acknowledgment;
  • name or contact of the Data Protection Officer.

For banks and e-wallets, ask whether a fraud dispute, account restriction, chargeback, or investigation ticket is available. Keep every reference number.

Frequently Asked Questions

Can I file a cybercrime complaint if I did not lose money?

Yes. Computer-related identity theft under RA 10175 may exist even before a large financial loss, especially if your identifying information was used without authority. Early reporting also helps preserve logs and prevent your identity from being used for withdrawals, scams, or suspicious transactions.

Should I file with PNP or NBI?

Either may be appropriate. PNP ACG and NBI Cybercrime Division both handle cybercrime complaints. Many complainants choose based on accessibility, urgency, and the complexity of the case. If the case involves organized scams, foreign elements, or multiple victims, the NBI may be practical. If urgent local action is needed, the nearest PNP ACG or cybercrime unit may be more accessible.

Is identity misuse by an online gambling site a data privacy violation?

It can be. If your personal information, ID, selfie, or financial data was collected, used, disclosed, retained, or verified without lawful basis, RA 10173 may apply. File with the NPC if the issue involves unauthorized processing, refusal to correct or delete data, or failure to protect your information.

What if the gambling site says it is PAGCOR licensed?

Verify the exact domain against PAGCOR’s official list of registered brands and domain names. A logo or certificate on the website is not enough. If the site is licensed, report to PAGCOR and the platform’s Data Protection Officer. If the license claim appears fake, report to PNP ACG or NBI because it may be a scam.

Can I demand deletion of my data?

You can request correction, blocking, deletion, or account closure, especially if the data was unlawfully processed. However, a company may preserve certain records if required by law, regulation, dispute handling, anti-fraud controls, or law enforcement requests. The key is to demand that your data no longer be used for unauthorized gambling activity and that evidence be preserved for investigation.

What if my ID was used to withdraw winnings or receive funds?

Report immediately to PNP ACG or NBI, your bank or e-wallet, and the platform involved. This may implicate cybercrime, fraud, falsification, money mule activity, or anti-money laundering concerns. Make a written record that you did not authorize the account or transaction.

Can I file a complaint if the site is based outside the Philippines?

Yes, if there is a Philippine connection. Examples include a Philippine victim, Philippine payment channel, Philippine phone number, Philippine ID, local operator, or damage suffered in the Philippines. Foreign-hosted platforms may make investigation slower, but the complaint can still be evaluated by Philippine authorities.

Do I need a lawyer to file?

You can file an initial report yourself, especially with PNP ACG, NBI, NPC, PAGCOR, banks, and e-wallets. A lawyer may be useful for drafting affidavits, organizing evidence, dealing with cross-border documents, or pursuing damages, but the first step is often to preserve evidence and report promptly.

Is barangay conciliation required before filing a cybercrime complaint?

Usually no for serious cybercrime complaints. Barangay conciliation generally applies to certain disputes between individuals in the same city or municipality, but offenses punishable by more than one year of imprisonment or a fine exceeding the barangay threshold are not handled as ordinary barangay matters. Identity theft, fraud, and data misuse involving online platforms should be brought to the proper law enforcement or regulatory office.

What if I previously uploaded my ID to another app and it was later used for gambling?

Still report it. Your complaint should explain where you may have submitted the ID before and why the gambling use was unauthorized. Investigators may consider whether the data came from a breach, insider misuse, lending app abuse, phishing, or illegal data sharing.

Key Takeaways

  • Unauthorized use of your name, ID, selfie, mobile number, e-wallet, or bank details by an online gambling site may be computer-related identity theft under RA 10175.
  • The same incident may also be a data privacy violation under RA 10173, especially if your personal data was processed for KYC without lawful basis.
  • File with PNP ACG or NBI Cybercrime Division for criminal investigation, and with the NPC for privacy violations.
  • Report to PAGCOR if the platform claims to be licensed or appears on PAGCOR’s registered domain list.
  • Preserve full evidence: URLs, screenshots, messages, transaction records, account details, and a written timeline.
  • Do not pay “withdrawal,” “tax,” “AML,” “VIP,” or “verification” fees demanded by suspicious gambling sites.
  • If bank or e-wallet accounts are involved, report to the financial provider immediately and keep the case number.
  • OFWs, foreigners, and Filipinos abroad can file if there is a Philippine connection, but affidavits and IDs may need notarization, apostille, or consular authentication.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.