How to File a Cybercrime Complaint for Online Scam in the Philippines

How to File a Cybercrime Complaint for an Online Scam in the Philippines

This article explains, in practical and legal terms, how a victim of an online scam in the Philippines can preserve evidence, choose the proper forum, and file a criminal complaint—plus parallel civil, administrative, and consumer-protection remedies. It is for general information only and is not a substitute for legal advice about your specific case.

1) What counts as a “cybercrime” or related offense?

Online scams can fall under one or more of these laws (often simultaneously):

  • Cybercrime Prevention Act of 2012 (R.A. 10175). Frequently-implicated offenses include:

    • Computer-related fraud (e.g., manipulating computer data, phishing, account takeovers that cause loss).
    • Computer-related identity theft (using another’s identifying data to obtain a benefit or cause harm).
    • Illegal access/illegal interception, data interference, device misuse, and other core offenses.

  • Revised Penal Code (RPC) – Estafa (Art. 315). Classic swindling by means of false pretenses or fraudulent acts done online (e.g., “buyer” or “seller” scams).

  • Access Devices Regulation Act (R.A. 8484). Unauthorized use/possession of credit/debit cards or account credentials.

  • Financial Products and Services Consumer Protection Act (R.A. 11765). Duties of banks/EMIs/fintechs; administrative remedies for consumer victims.

  • Anti-Financial Account Scamming Act (R.A. 11967). Liability for mule accounts and those who knowingly permit their accounts to be used for scams.

  • E-Commerce Act (R.A. 8792) and related rules on electronic documents and signatures (useful for evidence).

  • Data Privacy Act (R.A. 10173). If your personal data was misused, there may be a notifiable security incident/personal data breach.

You do not need to decide exactly which law applies before filing. Investigators and prosecutors will assess the final charge(s) once facts and evidence are in.

2) Immediate steps (first 24–48 hours)

  1. Secure your accounts and money:

    • Reset passwords; enable multi-factor authentication (email, social, banking, telco, e-wallet).
    • Notify your bank/e-wallet/fintech in writing; request a temporary hold/freeze on disputed transfers, card blocks, and investigation case number.

  2. Preserve evidence before anything disappears:

    • Take full-screen, timestamped screenshots of chats, posts, listings, emails, and profiles (include handles/URLs).
    • Save original files (HTML, PDFs, images, voice notes), plus metadata if available.
    • Download transaction records (bank/e-wallet statements, receipts, reference numbers).
    • Keep phone call logs and SMS (export where possible).
    • List all usernames, phone numbers, emails, wallet IDs, bank accounts, and links connected to the scam.
    • Note dates, times, and amounts precisely.

  3. Tell involved platforms: Report the account/post to the marketplace, social network, or messaging app, but keep copies first.

  4. File a bank/telco/platform complaint ticket and save the ticket/acknowledgment.

  5. Do not engage further with the scammer except if law enforcement instructs you for a controlled entrapment.

3) Where to file a criminal complaint

You can go to either (or both):

  • NBI – Cybercrime Division (and regional NBI offices).
  • PNP – Anti-Cybercrime Group (ACG) (and Regional Anti-Cybercrime Units).

Both accept walk-ins and online intake (varies by office). They coordinate with the DOJ Office of Cybercrime (OOC) and the National Prosecution Service for inquest or preliminary investigation. If charges are filed, trial is before a designated Cybercrime Court.

Venue/Jurisdiction (practical guide): Cybercrime venue is flexible; it may be where any element of the offense occurred, where the victim or offender is located, or where the computer system or data is situated. If unsure, file with NBI or PNP-ACG and they will route appropriately.

4) What to bring

  • Valid government ID (and copies).
  • Complaint-Affidavit (see outline below), subscribed and sworn (notarized or before a prosecutor).
  • Annexes: screenshots, chat exports, emails with headers, bank/e-wallet records, deposit slips, tracking numbers, platform takedown receipts, telco call/SMS logs, and any forensic images/hash values if you have them.
  • Witness Affidavits, if any (e.g., the person who saw the transaction or helped capture evidence).
  • Authorization/Special Power of Attorney if filing for someone else.

5) The Complaint-Affidavit (outline you can adapt)

  1. Your identity and capacity (name, address, age, contact details).
  2. The respondent(s) (real names if known; otherwise usernames/handles, numbers, emails, links, account names).
  3. Chronology of events (clear, dated narrative: who, what, when, where, how; attach exhibits and mark them Annex “A,” “B,”…).
  4. Money trail (amounts, reference numbers, accounts used, exact timestamps).
  5. Technical details (platforms, devices, IPs if available, URLs, message IDs).
  6. Elements of the offense (briefly tie facts to computer-related fraud/identity theft and/or estafa).
  7. Reliefs prayed for: investigation, issuance of cybercrime warrants (see §7), coordination with banks/telcos, and prosecution.
  8. Attestation (truthfulness) and Jurat (sworn statement).

Tip: Number paragraphs, cross-reference annexes in-text, and keep filenames consistent (e.g., Annex C – GCash Receipt 2025-09-15.pdf).

6) How the criminal process typically unfolds

  1. Intake & blotter: officer records your complaint and reviews evidence.
  2. Case build-up: investigators may issue subpoenas to platforms/banks and request data preservation from service providers (initial 6 months, extendible).
  3. Cybercrime warrants: upon application to a cybercrime court (see §7).
  4. Inquest or Preliminary Investigation: prosecutor assesses probable cause based on affidavits and evidence; respondents may file counter-affidavits.
  5. Filing of Information in court if probable cause is found; arrest warrant may issue.
  6. Trial (arraignment, pre-trial, presentation of evidence).
  7. Restitution/Forfeiture: courts may order return of funds or forfeiture of seized proceeds/instruments.

Timelines vary based on complexity, cross-border requests, platform responsiveness, and financial traces.

7) Cybercrime warrants (what they are, why they matter)

Under the Supreme Court Rule on Cybercrime Warrants (A.M. No. 17-11-03-SC), investigators may apply for specialized warrants, including—for example:

  • Warrant to Disclose Computer Data (WDCD) – to compel providers to disclose subscriber info, traffic logs, transaction logs, etc.
  • Warrant to Intercept Computer Data (WICD) – to lawfully intercept content or traffic data (prospectively, upon strict showing).
  • Warrant to Search, Seize, and Examine Computer Data (WSSECD) – for on-site/off-site imaging and forensic examination of devices/data.

These are powerful tools to unmask account holders, freeze or trace funds, and preserve evidence that only providers/banks have.

8) Parallel and supportive remedies (do these alongside, not after)

  • Bank / EMI / Fintech: File a written dispute; request chargeback, good-faith reversal, or provisional credit where applicable.
  • BSP Consumer Assistance Mechanism: For banks and e-money institutions; escalate if internal resolution fails.
  • SEC (Enforcement and Investor Protection Department): For investment scams, unregistered securities, Ponzi/pyramiding.
  • DTI / E-Commerce Bureau: For online retail or platform-seller disputes under consumer laws.
  • National Privacy Commission (NPC): If personal data was compromised or misused.
  • AMLC: Investigators may coordinate for freeze/monitoring if the funds flow indicates money laundering/predicate crimes.
  • Civil action for damages under the Civil Code or RPC (may be deemed instituted with the criminal case unless reserved; or filed separately).
  • Small Claims (no lawyers required): a speedy route for pure money claims up to the latest threshold (check current cap; file ASAP).

9) Evidence tips that make or break cybercrime cases

  • Originals over screenshots. Export native files (e.g., .html from browsers; .csv/.pdf bank statements; complete chat exports).
  • Header and log data. Keep email headers, server timestamps, message IDs, reference numbers, and device identifiers.
  • Link each peso to a document. Every transfer should have a reference/trace ID. Build a simple table of Date–Time–Amount–Reference–From–To–Annex.
  • Do not “edit” images. If you must annotate, keep a clean original and a marked-up copy; note which is which.
  • Hash values for forensics. If a technician imaged a device, record MD5/SHA-256 hashes and who handled it (basic chain of custody).
  • Keep communications professional. Don’t threaten suspects online; let law enforcement handle entrapments.
  • Prescriptive periods run. File quickly; some offenses (e.g., certain frauds or data offenses) can prescribe sooner than you expect.

10) Special scenarios

  • Seller never ships / buyer disappears: Estafa + computer-related fraud; preserve the product listing, chat, and payment trail.
  • Account takeover via SIM swap/phishing: Illegal access + identity theft; notify your telco and bank immediately and request logs.
  • Mule accounts: R.A. 11967 creates liability for owners who allow use of their accounts for scams—identify and include them as respondents.
  • Cross-border actors: NBI/PNP-ACG may use MLAT or platform law-enforcement portals; expect longer timelines.
  • Minors: Additional child-protection and anti-online abuse statutes may apply—flag this up front to investigators.

11) Practical filing checklist (print and tick)

  • Changed passwords and enabled MFA on all accounts
  • Informed bank/e-wallet; obtained dispute ticket number(s)
  • Captured screenshots and saved native exports (chats, emails, statements)
  • Listed all linked identifiers (numbers, emails, handles, wallets, bank accounts)
  • Prepared Complaint-Affidavit + Annexes (labeled and paginated)
  • Brought valid ID(s); printed copies + USB with digital evidence
  • Reported to NBI Cybercrime or PNP-ACG (kept the acknowledgment)
  • Filed/initiated parallel complaints (BSP/SEC/DTI/NPC as applicable)

12) Frequently asked questions

Q: Can I get my money back through the criminal case? A: The court can order restitution or civil liability with a conviction. For speed, pursue bank chargebacks/reversals and small claims in parallel.

Q: Do I need a lawyer to file? A: Not strictly, but counsel can draft a stronger complaint, anticipate defenses, and pursue multi-track remedies.

Q: Is barangay conciliation required? A: Generally no for cybercrime/estafa with penalties above Katarungang Pambarangay thresholds or with public interest; police/NBI intake is proper.

Q: What if the scammer used a fake name or prepaid SIM? A: Investigators can apply for cybercrime warrants to obtain subscriber and transaction data, and coordinate with banks/telcos/platforms.

Q: I only have screenshots—file anyway? A: Yes. File now and keep collecting better evidence (native exports, receipts). Investigators can subpoena providers for logs.

13) Simple template: Complaint-Affidavit caption

REPUBLIC OF THE PHILIPPINES [City/Province] x-----------------x

[YOUR NAME], Complainant,

– versus –

[RESPONDENT NAME/ALIAS/USERNAME], Respondent.

x-----------------x

COMPLAINT-AFFIDAVIT

I, [Name], of legal age, Filipino, with address at [address], after having been duly sworn, depose and state that:

  1. On [date/time], I encountered the respondent through [platform/link] under the handle [@username/number/email]. (Annex A)
  2. Respondent represented that [misrepresentation].
  3. Relying on said representation, I transferred ₱[amount] via [bank/e-wallet] with Ref. No. [xxx]. (Annex B)
  4. Respondent failed/refused to [deliver/refund], causing damage to me in the amount of ₱[amount].
  5. Attached are copies of our communications and transaction records. (Annexes C–H)
  6. Based on the foregoing, respondent is liable for [computer-related fraud/identity theft] under R.A. 10175 and estafa under Art. 315, RPC, among others.

PRAYER: That this Complaint be given due course; that respondents be investigated and prosecuted; and that appropriate cybercrime warrants be issued to obtain subscriber information, logs, and records from concerned banks, telcos, and platforms.

[Signature above printed name]

SUBSCRIBED AND SWORN to before me this [date] in [city], affiant exhibiting [ID details].

14) Final pointers

  • Speed + documentation win cybercrime cases.
  • Always write down the case numbers you receive from banks, platforms, NBI/PNP, and prosecutors.
  • If contacted by “recovery agents,” be cautious—secondary scams are common.
  • For significant losses or complex schemes, consider retaining counsel experienced in cybercrime + fintech disputes.

If you want, I can turn this into a fill-in-the-blanks Complaint-Affidavit and a one-page evidence log you can print and use right away.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login