How to File a Cybercrime Complaint for Online Scam in the Philippines

How to File a Cybercrime Complaint for an Online Scam in the Philippines

A practical legal guide for victims, counsel, compliance officers, and law-enforcement liaisons

1) The Legal Landscape (What laws apply)

  1. Cybercrime Prevention Act of 2012 (Republic Act No. 10175).

    • Core offenses often implicated in online scams:

      • Computer-related fraud and computer-related identity theft.
      • Illegal access, illegal interception, data interference, system interference, and misuse of devices, when relevant.

    • Section 6 (Penalty one degree higher): If an offense under the Revised Penal Code (RPC) is committed by, through, and with the use of ICT (e.g., estafa done online), the penalty is one degree higher than that prescribed by the RPC.

  2. Revised Penal Code (RPC).

    • Estafa (Art. 315) frequently applies to scams involving misrepresentation or deceit resulting in damage.
    • Swindling and related deceits, and sometimes robbery/qualified theft (e.g., unauthorized withdrawals).

  3. E-Commerce Act (RA 8792) and Rules on Electronic Evidence (A.M. No. 01-7-01-SC).

    • Recognize electronic documents as functional equivalents of paper.
    • E-documents, logs, screenshots, and metadata are admissible if authenticity and integrity are shown.

  4. Rules on Cybercrime Warrants (A.M. No. 17-11-03-SC).

    • Law enforcement may apply for:

      • WPR (Preservation), WCD (Disclosure), WSSECD (Search, Seizure & Examination of Computer Data), WICD (Interception).

    • These are court-issued warrants used by investigators, not by private complainants, but your complaint often triggers these applications.

  5. Data Privacy Act (RA 10173) (secondary but relevant).

    • For doxxing, unauthorized disclosure of personal data, or breach-related scams, complaints may also be lodged with the National Privacy Commission (NPC), especially for administrative sanctions versus personal information controllers/processors.

  6. Financial Consumer Protection Act (RA 11765) and sector rules.

    • For scams involving banks/e-money issuers, parallel complaints may be made with the BSP or relevant regulator.
    • These do not replace a criminal complaint but help with fund recovery/chargeback and supervisory action.

  7. Jurisdiction and Courts.

    • Special Cybercrime Courts (RTC) have jurisdiction over RA 10175 offenses and related crimes.
    • Section 21, RA 10175 extends jurisdiction if any element occurred in the Philippines, if computer systems/data are here, or if damage is suffered here—even if the offender is abroad.

2) Immediate Actions (first 24–48 hours)

A. Secure your accounts and devices.

  • Change passwords (use a password manager).
  • Enable multi-factor authentication (MFA).
  • Log out of unknown sessions; revoke suspicious app access.

B. Contact your bank/e-wallet and the recipient institution.

  • Report the fraudulent transfers.
  • Request transaction hold/trace/recall where feasible (especially for recent InstaPay/PESONet or e-wallet transfers).
  • Obtain official reference numbers and certified transaction histories for evidence.

C. Preserve evidence (do this before it disappears).

  • Take full-page screenshots (include URL bars, timestamps).
  • Save original files (emails, chats, attachments, voice notes).
  • Export conversation logs with timestamps.
  • Note handles, profile links, phone numbers, device names, IPs (if visible).
  • Keep receipts, proofs of payment, and delivery records.
  • Avoid altering file metadata (no re-saving over originals).

D. Report to law enforcement hotlines/web portals (optional but encouraged).

  • Early incident reports help flag mule accounts and patterns; still file your formal complaint afterward.

3) Where—and How—to File a Criminal Complaint

You generally have two complementary tracks: (1) Police/NBI blotter & investigation; and (2) Prosecutor’s Office for preliminary investigation leading to the filing of an Information in court.

Track 1: Police or NBI (Investigation)

  • PNP Anti-Cybercrime Group (ACG) or your local police station:

    • File a blotter/report and give a brief narrative plus key evidence.
    • Request a Referral/Endorsement to the prosecutor when ready.

  • NBI Cybercrime Division:

    • Accepts walk-ins and online complaints.
    • May conduct forensic imaging, issue subpoenas through the DOJ, and apply for cybercrime warrants via prosecutors.

Tip: Bring multiple sets (printed and electronic) of your evidence. Ask for the case reference number and point person.

Track 2: Prosecutor’s Office (Criminal Complaint)

  • File with the City or Provincial Prosecutor where any element of the offense occurred (e.g., where the complainant received the fraudulent message, where money was withdrawn, where damage was suffered) or where allowed by cybercrime venue rules.
  • Submit a Complaint-Affidavit with annexes and jurats/notarization.
  • Attach witness affidavits (e.g., bank officer’s certification, courier confirmation) and documentary evidence.
  • The prosecutor will issue a Subpoena to respondents for counter-affidavits (Rule 112).
  • After pleadings (including reply/rejoinder if allowed), the prosecutor resolves probable cause and may file an Information in the appropriate RTC Cybercrime Court.

Fees: Criminal complaints with the prosecutor generally do not require docket fees. Notarial and copy costs apply.

4) Building a Strong Complaint (elements & evidence)

A. Identify the right offenses

  • Estafa under the RPC (deceit + damage), as qualified by RA 10175 Sec. 6 if done via ICT.
  • Computer-related fraud/identity theft if credentials or card details were used to defraud.
  • Illegal access if accounts were hacked to move funds.

B. Prove each element with specific evidence

  • Deceit/Misrepresentation: Ads, messages, false profiles, spoofed websites.
  • Reliance and Causation: Your decision to pay/transfer was induced by the deceit.
  • Damage: Payment confirmations, account statements, valuation of loss.
  • Use of ICT: Screenshots of online chats, URLs, IP logs, device IDs, timestamps.

C. Electronic evidence basics (admissibility)

  • Original vs. printout: Keep originals; attach printouts with a statement explaining how they were produced.
  • Authenticity: If possible, include hash values (e.g., SHA-256) for key files; explain collection steps to maintain integrity.
  • Best persons to authenticate: The victim (for screenshots/communications), bank/e-wallet officer (for transaction records), IT personnel/forensic examiner (for logs and device imaging).

D. Chain of custody (for seized devices/data)

  • If law enforcement forensically images a device, ensure documented chain from seizure to analysis to storage.

5) Model Structure: Complaint-Affidavit (Criminal)

Title: People of the Philippines v. [Name/Username Unknown, a.k.a. “John Doe”], for Estafa (Art. 315 RPC in relation to Sec. 6, RA 10175) and Violations of RA 10175 (Computer-Related Fraud/Identity Theft)

  1. Affiant’s Identity.

    • Name, age, citizenship, civil status, address, contact details, valid ID.

  2. Jurisdiction/Venue Allegations.

    • State where the key acts/elements occurred (receipt of messages, transfer of funds, residence where damage was suffered), and that the offense was committed by, through, and with the use of ICT.

  3. Narrative of Facts (Chronology).

    • Date/time-stamped sequence: discovery of offer/post, communications, inducement, transfers, failed delivery/refund, blocking, etc.

  4. Elements & How Each Is Met.

    • Bullet points matching evidence to legal elements (deceit, reliance, damage; or elements of computer-related fraud/identity theft).

  5. Evidence Summary (Annex List).

    • A: Screenshots of chat (platform, handle, timestamps).
    • B: Bank/e-wallet statements & certified copies.
    • C: Proofs of payment (InstaPay/PESONet reference numbers; e-wallet trace numbers).
    • D: Device & browser logs (if available).
    • E: Delivery/courier records (if goods were promised).
    • F: Affidavits of witnesses (bank officer, courier, co-victims).
    • G: Photo/scan of valid ID.
    • H: Notarized SPA (if filed by representative).
    • I: Forensic report (if any).

  6. Reliefs/Prayer.

    • Find probable cause for estafa (one degree higher per Sec. 6, RA 10175) and pertinent RA 10175 offenses; issue subpoenas; file Information; seek restitution/return of property; and request application for cybercrime warrants or AMLC coordination as needed.

  7. Verification & Undertaking.

    • That statements are true, evidence is authentic to the best of knowledge; willingness to testify.

  8. Jurat/Notarization.

    • Affiant signs before an authorized officer; attach government-issued ID.

6) Parallel and Ancillary Remedies (run these in tandem)

  1. Bank/e-Money Dispute & Recall.

    • File a formal dispute citing fraud.
    • Ask for freeze/hold on recipient or mule accounts where permitted by law/regulation.
    • Request certifications for prosecutor use.

  2. Regulatory Complaints.

    • BSP (banks/e-money), SEC (unregistered investment schemes), NPC (privacy breaches), DTI (consumer protection in certain e-commerce contexts).
    • Regulators can sanction entities/platforms and issue public advisories.

  3. AMLC Coordination (through investigators/prosecutors).

    • For large-value scams, investigators may coordinate with AMLC for freeze orders (via Court of Appeals) and bank inquiries under the AMLA.

  4. Civil Action for Damages/Rescission.

    • Independently or together with the criminal action, you may sue for actual, moral, exemplary damages, and attorney’s fees.
    • Consider pre-trial asset preservation remedies (e.g., preliminary attachment) if you can identify respondent assets.

  5. Platform/Marketplace Reporting.

    • File in-platform reports to suspend accounts, takedown content, and preserve records. Ask the platform to preserve logs pending a law-enforcement request.

7) Practical Checklists

Evidence Checklist

  • Screenshots with visible URLs and timestamps
  • Raw files (emails, PDFs, voice notes)
  • Full chat exports (with IDs)
  • Transaction references and certified bank/e-wallet records
  • Courier or delivery proofs
  • Photo of government ID
  • Contact numbers, profile links, usernames, wallet addresses
  • List of other victims (if a serial scam)
  • Hash values (if available), device serials

Filing Packet (for Prosecutor/Police/NBI)

  • Notarized Complaint-Affidavit
  • Witness Affidavits
  • Annexes tabbed and labeled (A, B, C…)
  • USB/Drive with e-copies (read-only if possible)
  • Cover letter & Documentary Evidence Index
  • Referral or police blotter (if already made)

8) Timelines & What to Expect

  • Police/NBI intake: same day for blotter/intake; evidence review may take days to weeks.

  • Preliminary Investigation (Rule 112):

    • Subpoena to respondent; 10 days (typical) to file counter-affidavit; possible reply/rejoinder.
    • Resolution: weeks to a few months depending on complexity.

  • Filing of Information & Court Proceedings:

    • Upon finding of probable cause, prosecutor files in RTC Cybercrime Court.
    • Arraignment, pre-trial, trial follow. Cybercrime warrants may be sought earlier during investigation.

9) Handling Cross-Border or Anonymous Offenders

  • Venue/Jurisdiction: You may file locally if you suffered damage in the Philippines or used PH-based systems.
  • John Doe respondents: Allowed; provide as much unique identifier detail as possible (handles, numbers, transaction IDs).
  • Mutual Legal Assistance/International Cooperation: Triggered by prosecutors/NBI/PNP through DOJ and foreign counterparts for data disclosure and evidence abroad.

10) Common Pitfalls (and how to avoid them)

  • Over-edited screenshots → keep originals; annotate separately.
  • Losing metadata → avoid re-saving; use forensic imaging where feasible.
  • Late bank reporting → report immediately; recall windows are short.
  • Only filing with a regulatoralso file the criminal complaint; regulators don’t prosecute crimes.
  • Naming the wrong charge → Plead both RA 10175 and RPC estafa where facts support; let the prosecutor calibrate.
  • Defamation exposure → Share details only with authorities; avoid public posts naming suspects without counsel’s advice.

11) Frequently Asked Questions

Q: Do I need a lawyer to file? Not mandatory, but counsel helps frame elements, curate electronic evidence, and interface with investigators.

Q: Can I recover my money? Recovery is never guaranteed. Early reporting, quick bank dispute, AMLC coordination, and asset tracing significantly improve odds.

Q: The scammer used a mule account. Whom do I sue? You may proceed against identified account holders and John Does; the investigation can later identify principals/conspirators.

Q: What if I sent crypto? Provide transaction hashes, wallet addresses, and exchange references. Investigators may seek data from VASPs and exchanges; civil injunctive relief can sometimes freeze assets at exchanges.

12) Simple Templates (you can adapt)

A. Evidence Index (sample)

  • Annex A – Screenshots of Facebook Messenger chat with “@user123” dated 15–17 March 2025 (PDF and PNG originals on USB).
  • Annex B – GCash transaction history and certified statement (Ref Nos. …).
  • Annex C – InstaPay proof of transfer to BDO Account ending ****1234 (Ref No. …).
  • Annex D – LBC tracking and non-delivery certification.
  • Annex E – Affidavit of Juan Dela Cruz (bank officer).
  • Annex F – Forensic hash summary (SHA-256) for files A-1 to A-8.

B. Prayer (sample)

WHEREFORE, premises considered, it is respectfully prayed that respondents be prosecuted for Estafa (Art. 315 of the RPC in relation to Sec. 6, RA 10175) and Violations of RA 10175 (Computer-Related Fraud/Identity Theft), and that appropriate cybercrime warrants be sought for the preservation, disclosure, and seizure of relevant computer data. Complainant further prays for restitution and such other reliefs as are just and equitable.

13) Quick Reference: Who Does What

  • Complainant/Victim: Curate evidence, file complaints, attend hearings.
  • Police/PNP-ACG & NBI: Receive reports, investigate, apply for cybercrime warrants (through prosecutors), coordinate with AMLC/regulators.
  • Prosecutor (DOJ/NPS): Conduct preliminary investigation, determine probable cause, file Information in court.
  • RTC Cybercrime Courts: Try cases and issue judicial orders/warrants.
  • Regulators (BSP/SEC/DTI/NPC): Administrative/regulatory actions, advisories, industry directives.
  • AMLC/Court of Appeals: Asset freezing and bank inquiries under AMLA (via proper applications).

14) Final Practical Tips

  • Document everything early and keep a timeline.
  • Double-file: law enforcement and prosecutor; pursue regulator complaints in parallel.
  • Act fast with banks/e-wallets; recall windows close quickly.
  • Think civil remedies (injunctions/attachment) if assets are identifiable.
  • Coordinate with other victims to show pattern and scale.
  • Stay cautious about public posts; let your evidence speak in the proper forum.

Disclaimer

This article provides general legal information for the Philippine setting. It is not a substitute for legal advice tailored to your facts. If you’re currently a victim of an online scam, consider consulting a lawyer for case-specific strategy.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login