How to File a Cybercrime Complaint for Online Scams and Recover Funds

Online scams in the Philippines commonly involve fake online sellers, investment “opportunities,” romance scams, phishing, account takeovers, SIM-swap, and impostor “customer support” schemes. This article explains (1) what laws typically apply, (2) how to preserve evidence, (3) where and how to file a complaint, and (4) the practical pathways—often time-sensitive—to freezing accounts and recovering money.

General note: This is legal information for the Philippines and not a substitute for advice from a lawyer who can review your facts and documents.

1) Understand what “cybercrime complaint” usually means in practice

A “cybercrime complaint” is usually a criminal complaint supported by an affidavit-complaint and evidence, filed with law enforcement (for investigation) and/or the Office of the City/Provincial Prosecutor (for inquest/preliminary investigation), alleging crimes committed using computers, phones, the internet, e-wallets, or other ICT systems.

In many scam cases, you will pursue two tracks at the same time:

  1. Immediate fund-recovery steps (bank/e-wallet dispute, freeze request, chargeback, AML red flags)
  2. Criminal case steps (PNP/NBI/Prosecutor for identification, subpoenas, warrants, and prosecution)

A separate civil action for damages/restitution may be filed in appropriate cases, but most victims focus first on: (a) freezing the funds and (b) identifying the person behind the account.

2) Key Philippine laws that commonly apply to online scams

A. Revised Penal Code (RPC): Estafa (Swindling)

Many online scams are prosecuted as Estafa, typically when a scammer deceives you into voluntarily sending money (bank transfer, e-wallet send, remittance, etc.) based on false pretenses (fake seller, fake investment, fake identity).

What prosecutors look for:

  • Deceit/fraudulent representation
  • Reliance by the victim
  • Damage (loss of money/property)

B. Republic Act No. 10175: Cybercrime Prevention Act of 2012

If a traditional offense (like Estafa) is committed through ICT, it may be charged as a cyber-related offense or prosecuted with cybercrime procedures/evidence. RA 10175 also covers offenses like illegal access, data interference, computer-related fraud, identity theft-related conduct, and similar ICT-based wrongdoing.

Practical impact: Enables cybercrime units to seek court orders and warrants relating to digital evidence, subscriber information, traffic data, preservation, and other investigative measures.

C. Republic Act No. 8792: E-Commerce Act

Often used alongside other charges when electronic documents, e-signatures, online transactions, and digital evidence are involved. It supports the admissibility and legal recognition of electronic data messages and documents.

D. Republic Act No. 8484: Access Devices Regulation Act

Relevant where scams involve credit cards, debit cards, ATM cards, card-not-present fraud, skimming, unauthorized use of access devices, or possession/trafficking of device information.

E. Republic Act No. 10173: Data Privacy Act

Usually not the main “scam charge,” but can be relevant when:

  • Personal data was unlawfully obtained/processed (doxxing, misuse of IDs)
  • A platform or entity mishandled personal data (complaints may be filed with the National Privacy Commission in appropriate cases)

F. Republic Act No. 9160 (as amended): Anti-Money Laundering Act (AMLA)

Victims don’t “charge AMLA” directly in most scam cases, but AMLA is important because:

  • Scam proceeds often move through mule accounts and may trigger freezing or suspicious transaction processes.
  • Banks/e-wallets may act faster when a transaction is flagged as fraud/scam, especially if reported promptly.

G. Other possibly relevant laws (depending on facts)

  • Investment scams may implicate securities rules (often involving the SEC and possible criminal liability under securities laws).
  • Identity misuse may overlap with other statutes and cybercrime provisions.

3) First priority: act fast to preserve funds (hours matter)

If money was sent today or recently, treat it as urgent. The best chance of recovery is before the scammer withdraws or disperses the funds.

A. If you paid by credit card (including online card payments)

  • Call the issuing bank immediately and report a fraudulent/unauthorized or scam-related transaction.
  • Ask about chargeback and dispute timelines.
  • Request to block the card, replace it, and document the report reference number.
  • Provide proof of misrepresentation (fake listing, fake merchant, messages, etc.).

Reality check: Chargeback is often the strongest consumer pathway, but outcomes depend on transaction type, authorization, merchant category, and evidence.

B. If you transferred via bank (InstaPay/PESONet/OTC deposit)

  • Call your bank’s hotline and your branch (if needed).
  • Request a fraud report, and ask the bank to coordinate an attempted recall/hold and contact the receiving bank.
  • Gather and submit: transaction reference number, time/date, amount, receiving account details, recipient name.

Reality check: Bank transfers can be hard to reverse once credited and withdrawn. Speed and documentation are critical.

C. If you used e-wallets (GCash/Maya/other)

  • Use in-app report tools and hotline/email support immediately.
  • Request to freeze/hold the recipient account for suspected fraud and provide transaction IDs.
  • Ask what documents they require (often affidavit, IDs, screenshots).

Reality check: E-wallet providers can restrict accounts quickly, but recovery depends on whether funds remain.

D. If you used remittance centers or cash pick-up

  • Report to the remittance provider ASAP and request a hold (if not yet claimed).
  • Obtain claim details and control numbers; keep receipts.

E. If crypto was involved

  • Report to the exchange used (if any). Request freeze/flag of receiving address if identifiable within their platform.
  • Preserve wallet addresses, transaction hash (TXID), timestamps, exchange account details.
  • Crypto recovery is difficult unless it passes through regulated exchanges that can act on law-enforcement requests.

4) Preserve evidence properly (this makes or breaks cases)

A. What to collect (minimum evidence set)

  1. Full conversation logs (Messenger/WhatsApp/Viber/Telegram/SMS/email)

  2. Screenshots showing:

    • Account/profile/username/URL
    • Offers, price, promises, instructions
    • Payment directions and confirmations

  3. Transaction proof

    • Bank transfer confirmations, receipts, reference numbers
    • E-wallet transaction IDs
    • Remittance receipts/control numbers

  4. Profile identifiers

    • Phone numbers, email addresses
    • Bank/e-wallet account name and number
    • Delivery addresses (if any), tracking numbers
    • Any IDs the scammer sent

  5. Platform details

    • Links to listings/pages
    • Seller/shop names
    • Order pages, invoices, chat support logs

  6. Timeline summary

    • Dates/times of key events: first contact, agreement, payment, follow-ups, blocking, etc.

B. Evidence-handling tips (to avoid “inadmissible” or “weak” evidence)

  • Do not edit screenshots (cropping is okay, but keep originals too).
  • Export chats where possible (some apps allow chat export).
  • Keep files in original format with metadata if available.
  • Write a contemporaneous narrative while details are fresh.
  • If you recorded calls, note that recording rules and admissibility can be sensitive—get case-specific guidance.

C. Identify whether the loss is “unauthorized” vs “authorized but induced”

This affects remedies:

  • Unauthorized transaction (account hacked, card used without consent): bank/e-wallet dispute frameworks may help more.
  • Authorized transfer induced by deceit (you sent money voluntarily because of lies): often prosecuted as Estafa; recovery relies more on freezing/identifying the recipient and subsequent legal process.

5) Where to file in the Philippines

A. Law enforcement cybercrime units (for investigation support)

  • PNP Anti-Cybercrime Group (PNP-ACG)
  • NBI Cybercrime Division (or NBI regional offices with cybercrime capability)

These offices can assist with:

  • Case intake and evidence assessment
  • Identifying suspects through lawful requests/court processes
  • Coordinating with banks/e-wallets/platforms
  • Preparing complaint documents for prosecutor filing

B. Prosecutor’s Office (for the criminal case to move forward)

For most scam cases, the formal criminal process is initiated by filing an Affidavit-Complaint at the:

  • Office of the City Prosecutor or Office of the Provincial Prosecutor

They will determine:

  • Whether to require respondent’s counter-affidavit (preliminary investigation)
  • Whether there is probable cause to file an Information in court

C. Local police blotter

A police blotter entry can help document the incident date/time and may be useful when coordinating with banks/e-wallets, but it is usually not enough to prosecute by itself.

6) Step-by-step: filing a cybercrime complaint (practical workflow)

Step 1: Draft your Affidavit-Complaint

This is your sworn statement of facts. It typically includes:

  • Your identity and contact details
  • Full narrative of events (chronological)
  • How you were deceived
  • Exact amounts lost
  • The accounts used by the suspect (bank/e-wallet/phone/email)
  • Attached evidence list (marked as Annex “A”, “B”, etc.)

Tip: A clear, chronological affidavit with a clean evidence bundle saves months of back-and-forth.

Step 2: Prepare attachments and certifications

Common attachments:

  • Government ID copies
  • Screenshots/printouts (messages, profiles, posts)
  • Transaction receipts
  • Demand message (if any) and proof of being blocked
  • Any shipping/booking info

Some offices may ask you to:

  • Print and mark annexes
  • Provide extra copies (for respondent, prosecutor file, etc.)
  • Provide digital copies on USB/email (varies)

Step 3: Notarize the affidavit (and key supporting affidavits)

  • Affidavit-Complaint must be sworn.
  • If there are witnesses (e.g., someone who saw the transaction or helped communicate), get supporting affidavits.

Step 4: File with the Prosecutor (and/or through cybercrime unit endorsement)

You may file:

  • Directly at the Prosecutor’s Office; or
  • With PNP-ACG/NBI first, then file with their assistance/endorsement

Step 5: Preliminary investigation process

  • The prosecutor issues a subpoena to the respondent (if identifiable or if service is possible).
  • Respondent submits counter-affidavit; you may reply.
  • Prosecutor resolves whether probable cause exists and where/how to proceed.

Common hurdle: Scammers hide behind fake names. Identification may require lawful requests to banks/e-wallets/telcos/platforms, sometimes needing court processes.

Step 6: Case filing in court and warrants (if warranted)

If probable cause is found, the case is filed in court. Court processes may follow for arrest warrants and other orders, depending on the case and respondent’s status.

7) How fund recovery works in the real world (and why it’s hard)

A. Best-case recovery scenario

You report quickly; the recipient account still holds funds; the bank/e-wallet freezes it; funds are returned via internal processes or after legal documentation.

This is most likely when:

  • Reporting is within hours
  • Recipient is a mule account that gets flagged quickly
  • Funds haven’t been cashed out or moved

B. Common scenario: funds have moved

Scammers often:

  • Withdraw immediately
  • Split funds across multiple accounts
  • Convert to crypto
  • Use money mules

In these cases, recovery may require:

  • Identifying the individual(s) behind accounts
  • Coordinated law enforcement action
  • Civil claims or restitution orders after conviction (which can still be difficult to collect)

C. Civil action vs criminal action (and what “restitution” actually means)

  • Criminal case punishes and may order civil liability (restitution/damages) as part of the judgment.
  • Civil case focuses on money recovery but requires identifying the defendant and assets.

Even with a favorable judgment, collection may require:

  • Locating assets
  • Garnishment/levy procedures
  • Enforcement steps that can take time

8) Special playbooks by scam type

A. Fake online seller / online marketplace scam

Typical charge: Estafa (often cyber-related) Best recovery lever: fast freeze + platform reporting Evidence focus: listing screenshots, order details, chat showing promises and payment instructions, proof of non-delivery and blocking

B. Investment scam / “guaranteed returns”

Add-on actions:

  • Report to the SEC (especially if unregistered solicitation, fake “trading,” “pooling,” etc.)
  • Preserve marketing materials, group chats, webinar recordings, influencer posts

C. Phishing / account takeover / SIM-swap

Immediate steps:

  • Lock accounts, change passwords, enable 2FA
  • Report to bank/e-wallet as unauthorized transaction
  • Coordinate with telco to secure SIM Evidence focus: login alerts, OTP messages, device changes, emails, timeline

D. Romance scam / blackmail / sextortion

Immediate steps:

  • Do not pay further
  • Preserve evidence
  • Report to platform
  • Consider safety planning These cases may involve additional crimes depending on threats and content.

9) Practical checklist: what to bring when filing

  • 2–3 valid IDs (and photocopies)
  • Notarized Affidavit-Complaint
  • Printed annexes labeled and organized
  • Transaction records (bank/e-wallet/remittance)
  • Timeline summary (one page helps)
  • Soft copy of evidence (USB or organized folder), if accepted
  • Contact info of your bank/e-wallet and any reference/ticket numbers from your fraud report

10) Sample structure for an Affidavit-Complaint (outline)

  1. Caption / Title (Complaint-Affidavit for Estafa and related cybercrime offenses)
  2. Personal circumstances (name, address, age, etc.)
  3. Narrative of facts (chronological; include dates/times)
  4. Deceit and inducement (what was promised, what made it believable)
  5. Payment details (how much, where sent, reference numbers)
  6. Non-performance and disappearance (non-delivery, blocking, excuses)
  7. Damages (amount lost and other impacts)
  8. Respondent identifiers (accounts, numbers, profiles, links)
  9. Prayer (request investigation and filing of appropriate charges)
  10. Annex list (A, B, C…)
  11. Jurat / notarization

11) Avoid these common mistakes

  • Delaying the report “to see if they refund” (scammers use delay to withdraw funds).
  • Sending more money to “unlock,” “verify,” “release,” or “recover” funds (often a second scam).
  • Relying on verbal promises without preserving chats and receipts.
  • Posting sensitive info publicly that can compromise investigation or expose you to further harm.
  • Handing originals away without keeping copies and an organized evidence set.

12) What to expect: timelines and outcomes

  • Fund freezing (if possible) can happen quickly only if you report promptly and the provider acts.

  • Criminal case progress depends heavily on identifying the respondent and the responsiveness of institutions to lawful requests.

  • Some cases move faster when:

    • The respondent is known (real name/address)
    • The receiving account is traceable and local
    • Evidence is complete and well-organized

Even when recovery is uncertain, filing helps:

  • Build a record
  • Support account freezes against repeat scamming
  • Potentially link your complaint to other victims’ cases

13) Quick action plan (printable)

  1. Stop losses: secure accounts, change passwords, enable 2FA
  2. Report to bank/e-wallet immediately: ask for freeze/recall/chargeback steps and get ticket numbers
  3. Preserve evidence: chats, profiles, links, receipts, timeline
  4. File with PNP-ACG or NBI Cybercrime: for guidance and investigative support
  5. File Affidavit-Complaint with the Prosecutor: attach annexes and complete documentation
  6. Follow up consistently: keep reference numbers and dates of submissions
  7. Watch for recovery scams: do not pay “agents” claiming guaranteed recovery

If you want, share (copy/paste) a sanitized summary—platform used, payment method, dates, and current status of the transaction (no OTPs/passwords)—and a checklist of what evidence you already have. A tailored filing and recovery path can be mapped based on your exact scam type and payment rail.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login