If you are receiving spam texts, phishing links, fake delivery messages, loan-app harassment, threatening chats, or malicious messages from an unknown number or online account, the first thing to know is this: not every annoying message is automatically a cybercrime, but many spam and malicious messages can become reportable when they involve fraud, identity theft, threats, harassment, extortion, data privacy violations, or repeated abusive conduct. This guide explains how cybercrime complaints for spam and malicious messages are handled in the Philippines, where to report them, what evidence to save, and what usually happens after you file.
What Counts as Spam or a Malicious Message in the Philippines?
In everyday language, people use “spam” to mean unwanted messages. Legally, the better question is: what did the message do?
A message may be merely annoying, or it may be part of a criminal act. Common examples include:
| Type of message | Possible legal issue |
|---|---|
| “You won a prize, click this link” | Phishing, computer-related fraud, identity theft |
| Fake bank, e-wallet, courier, or government SMS | Fraud, social engineering, identity theft |
| Repeated loan-app shaming messages | Unjust vexation, threats, harassment, data privacy violations |
| Messages saying “I will hurt you” or “I will expose you” | Grave threats, coercion, extortion, cybercrime if done through ICT |
| Blackmail using private photos or videos | Threats, coercion, Anti-Photo and Video Voyeurism Act, Safe Spaces Act, cybercrime-related offenses |
| Fake account pretending to be you | Computer-related identity theft |
| Defamatory posts or group messages | Cyber libel, if the legal elements of libel are present |
| Repeated sexual, misogynistic, homophobic, or gender-based messages | Gender-based online sexual harassment under the Safe Spaces Act |
| Messages asking for OTPs, passwords, GCash/Maya/bank details | Fraud, phishing, identity theft, possible financial account scamming |
A good practical rule is this: report to the proper channel based on the harm. If the problem is only a suspicious text, report it for blocking. If money was lost, your account was compromised, you were threatened, or your identity was misused, prepare a formal complaint.
Legal Basis for Cybercrime Complaints Involving Messages
The main law is Republic Act No. 10175, or the Cybercrime Prevention Act of 2012. It covers offenses committed through computers, mobile phones, internet platforms, messaging apps, and other information and communications technology. Under RA 10175, a “computer system” includes devices with data processing capability such as mobile phones and smartphones, so SMS, email, social media messages, and app-based chats may fall within cybercrime investigation when the facts support it.
Important cybercrime provisions include:
- Computer-related fraud — unauthorized input, alteration, deletion, or interference involving computer data or a computer system, causing damage with fraudulent intent.
- Computer-related identity theft — intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of another person’s identifying information without right.
- Cyber libel — libel under Article 355 of the Revised Penal Code when committed through a computer system or similar means.
- Other crimes committed through ICT — under Section 6 of RA 10175, crimes under the Revised Penal Code or special laws may be covered when committed through information and communications technology, with the penalty generally one degree higher.
For the full statutory text, see the Supreme Court E-Library copy of Republic Act No. 10175, Cybercrime Prevention Act of 2012.
Is Spam Itself a Cybercrime?
This is a common point of confusion.
RA 10175 originally included a provision on unsolicited commercial communications. However, in Disini v. Secretary of Justice, G.R. No. 203335, the Supreme Court struck down Section 4(c)(3) on unsolicited commercial communications as unconstitutional. In practical terms, ordinary commercial spam is not automatically a cybercrime just because it is unwanted.
But spam can still be legally serious when it is used for:
- phishing;
- scams;
- fake job offers;
- fraudulent investment schemes;
- loan harassment;
- identity theft;
- illegal collection or use of personal data;
- malicious links;
- account takeover;
- extortion; or
- threats.
The National Privacy Commission has also recognized this distinction: unsolicited commercial messages are not criminal per se after Disini, but the processing of personal data used to send those messages may still be covered by the Data Privacy Act if personal information was collected, used, shared, or processed unlawfully.
Other Philippine Laws That May Apply
Spam and malicious messages often involve more than one law. The investigating agency or prosecutor will determine the proper charge, but the following laws commonly appear in real cases.
| Law | When it may apply |
|---|---|
| Revised Penal Code | Grave threats, light threats, coercion, unjust vexation, estafa, libel |
| RA 10175, Cybercrime Prevention Act | Fraud, identity theft, cyber libel, cyber-enabled crimes |
| RA 10173, Data Privacy Act of 2012 | Unauthorized use, disclosure, or processing of personal data |
| RA 11934, SIM Registration Act | SIM registration issues, fraudulent use of registered SIMs, telco cooperation |
| RA 12010, Anti-Financial Account Scamming Act | Social engineering, money mule activity, fraudulent use of bank/e-wallet accounts |
| RA 11313, Safe Spaces Act | Gender-based online sexual harassment, cyberstalking, sexual remarks, unwanted sexual messages |
| RA 9995, Anti-Photo and Video Voyeurism Act | Threats or sharing involving private sexual photos/videos |
| RA 9262, Anti-VAWC Act | Harassing or threatening messages from a spouse, former spouse, dating partner, or person with whom the woman has or had a sexual relationship |
| RA 11930, Anti-OSAEC and Anti-CSAEM Act | Online sexual abuse or exploitation involving children |
For financial scams, RA 12010 is now especially relevant because it specifically covers social engineering schemes involving electronic communications, including SMS, email, instant messaging, social media messages, and other electronic messages, when used to obtain sensitive identifying information for unauthorized access to a financial account.
Where to File or Report Spam and Malicious Messages
Different offices handle different parts of the problem. Filing in the right place saves time.
| Situation | Best office or channel |
|---|---|
| You received a scam or spam SMS but did not lose money | NTC text scam/spam reporting page, telco spam report form, eGovPH eReport |
| You lost money, clicked a phishing link, or gave OTP/password/bank details | PNP Anti-Cybercrime Group, NBI Cybercrime Division, CICC hotline 1326, bank/e-wallet immediately |
| You are being threatened, blackmailed, or extorted | Nearest police station for urgent safety, then PNP ACG or NBI Cybercrime Division |
| Your personal data is being misused | National Privacy Commission, plus PNP/NBI if there is fraud or harassment |
| A fake account is pretending to be you | Platform report, PNP ACG or NBI if identity theft or fraud is involved |
| A spouse, ex-partner, or dating partner is harassing or threatening a woman | Barangay VAW desk, police Women and Children Protection Desk, prosecutor, PNP ACG if online |
| A child is involved | PNP Women and Children Protection Center, NBI, DSWD, local police, prosecutor |
PNP Anti-Cybercrime Group
The PNP Anti-Cybercrime Group (PNP ACG) handles many public cybercrime complaints, including online scams, phishing, identity theft, cyber libel, online threats, and malicious messages. Many complainants file with the ACG because it has cybercrime investigators and regional anti-cybercrime units.
You can usually begin by preparing your documents and filing personally at the nearest PNP ACG office or regional cybercrime unit. For urgent threats, go first to the nearest police station so an immediate incident report can be made, then ask for referral to the cybercrime unit.
NBI Cybercrime Division
The NBI Cybercrime Division also receives cybercrime complaints. The NBI Citizen’s Charter states that for investigative assistance to victims of computer crimes, the complainant proceeds to the Cybercrime Division, fills out the complaint form, undergoes preliminary interview and initial investigation, and may execute sworn statements or submit prepared affidavits and supporting documents.
The NBI page on Investigative Assistance for Victims of Computer Crimes is useful for understanding the intake process.
CICC Hotline 1326 and eGovPH eReport
The Cybercrime Investigation and Coordinating Center (CICC) operates the government’s cybercrime response hotline 1326, commonly used for online scams, phishing, text scams, and other cybercrime reports. For suspicious text scams where you simply received a message and want the number reported for action, the eGovPH app’s eReport feature may also be used.
This is helpful for fast reporting and guidance, but if you need a criminal case filed, you should still prepare a formal complaint-affidavit and evidence package for law enforcement or the prosecutor.
National Telecommunications Commission
For text scams and spam texts, the National Telecommunications Commission (NTC) receives reports and may coordinate with telcos or other agencies for blocking or appropriate action. The NTC has directed the public to use its text scam/spam report page for text scam, text spam, and illegal or threatening messages.
Use the NTC route when the main goal is to report a number or suspicious SMS. Use PNP/NBI when you need investigation, identification of the sender, preservation of evidence, or prosecution.
National Privacy Commission
If the issue involves misuse of your personal data, such as receiving messages that contain your full name, address, employer, loan details, contacts, photos, or private information, the National Privacy Commission (NPC) may be the correct agency for a data privacy complaint.
The NPC provides a formal process through its filing a complaint page. A formal NPC complaint generally requires a specific complaint form, supporting documents, and notarization.
What to Do Before Filing: Preserve Evidence First
Many cybercrime complaints fail not because the victim is lying, but because the proof was deleted, cropped, or cannot be authenticated.
Before blocking the sender, deleting the chat, changing phones, or resetting accounts, do the following:
Take screenshots immediately. Capture the full message, sender name or number, date, time, profile photo, username, URL, and any visible account details.
Record the exact timeline. Write down when the first message arrived, what happened next, whether you clicked a link, whether you replied, and whether you lost money or data.
Save the original messages. Do not delete SMS, Messenger chats, Viber/WhatsApp/Telegram messages, emails, or call logs if you may file a case.
Copy links and usernames. For social media, save the profile URL, post URL, group name, page name, username, and screenshots showing the account.
Export data when possible. Some platforms allow downloading or exporting chat history. Save this together with screenshots.
Keep transaction records. For financial scams, save bank statements, e-wallet transaction receipts, reference numbers, QR codes, account names, mobile numbers, and customer service tickets.
Preserve device and account logs. If your account was hacked, save login alerts, email notifications, OTP messages, password reset notices, IP/location alerts, and device activity logs.
Do not edit screenshots. Do not crop out the date, sender, or URL. If you must redact for privacy in public posts, keep the unredacted original for authorities.
Back up the evidence. Store copies in cloud storage, email, USB drive, or another secure device.
Stop engaging if there is danger. If the message contains threats or extortion, do not argue with the sender. Preserve evidence and report.
Required Documents for a Cybercrime Complaint
Requirements vary by office, but for a strong complaint package, prepare the following:
| Document | Practical notes |
|---|---|
| Valid government ID | Passport, driver’s license, UMID, PhilID/ePhilID, PRC ID, etc. |
| Complaint-affidavit | A sworn written statement narrating the facts chronologically |
| Screenshots and printouts | Include full sender details, date, time, message content, URLs |
| Digital copies | Save original files, emails, exported chats, photos, videos, links |
| Transaction records | Bank/e-wallet receipts, reference numbers, payment slips |
| Proof of account ownership | Screenshot of your profile, email ownership, phone number, business registration if relevant |
| Witness affidavits | If someone else saw the messages or was also contacted |
| Authority to file | SPA, board resolution, secretary’s certificate, or parent/guardian documents if filing for another person |
| Police blotter or incident report | Helpful for urgent threats, harassment, or financial loss |
| Platform reports | Confirmation emails from Facebook, Google, TikTok, X, telco, bank, or e-wallet provider |
What Should Be in the Complaint-Affidavit?
A complaint-affidavit is a sworn statement. It should be factual, organized, and supported by annexes.
Include:
- your full name, address, contact number, email, and ID details;
- the respondent’s name, number, username, account link, or description if unknown;
- the platform used: SMS, Messenger, Viber, email, Facebook, Instagram, TikTok, Telegram, WhatsApp, etc.;
- the date and time of each important message;
- the exact words used in threats, demands, or scam messages;
- what you did in response;
- what damage you suffered: money lost, account compromised, anxiety, reputational harm, harassment, privacy breach;
- a list of evidence marked as Annex “A,” “B,” “C,” and so on;
- a clear request for investigation and filing of appropriate charges.
A simple structure is:
- Who you are.
- Who sent the messages, if known.
- How the messages were sent.
- What the messages said.
- What harm resulted.
- What evidence supports your complaint.
- What action you are requesting.
Step-by-Step: How to File a Cybercrime Complaint for Spam or Malicious Messages
1. Classify the incident
Before filing, identify the main problem:
- Is it a suspicious SMS only?
- Did you lose money?
- Were you threatened?
- Was your identity used?
- Was private information exposed?
- Is the sender a loan app, collector, ex-partner, scammer, fake seller, or unknown number?
This helps determine whether to go to NTC, NPC, CICC, PNP ACG, NBI, the prosecutor, or another office.
2. Preserve and organize evidence
Create a folder with:
- screenshots in chronological order;
- original files;
- links and usernames;
- transaction records;
- call logs;
- account recovery notices;
- a short timeline.
Use file names like:
2026-07-01 SMS phishing from 09XXXXXXXXX.pngAnnex A - Screenshot of first threat.pdfAnnex B - GCash transaction receipt.pdfAnnex C - Facebook profile URL of respondent.pdf
This makes the investigator’s job easier.
3. Report urgent safety issues immediately
If the message threatens physical harm, kidnapping, rape, stalking, doxxing, or exposure of intimate content, go to the nearest police station or call emergency responders first. A cybercrime complaint can follow, but immediate safety comes first.
For women and children, ask for assistance from the Women and Children Protection Desk. For barangay-level assistance, the barangay may help with protection, documentation, or referral, although serious cybercrime and VAWC matters should not be treated as ordinary neighborhood disputes.
4. Submit a report to the appropriate office
For suspicious SMS spam, report through:
- NTC text scam/spam report page;
- your telco’s spam/scam reporting channel;
- eGovPH eReport;
- CICC hotline 1326 if cyber fraud is involved.
For criminal investigation, file with:
- PNP Anti-Cybercrime Group;
- NBI Cybercrime Division;
- the proper Office of the City or Provincial Prosecutor, usually after or with law enforcement assistance.
In practice, victims often go first to PNP ACG or NBI because they can evaluate digital evidence, conduct cybercrime investigation, and assist in requests for preservation or disclosure of computer data when legally available.
5. Execute or submit a sworn complaint-affidavit
Some offices provide forms and assist complainants during intake. Others may ask you to bring a prepared notarized affidavit.
If you are filing from abroad, you may need:
- a notarized affidavit executed before the Philippine Embassy or Consulate;
- consular acknowledgment;
- apostille or authentication, depending on where the document was executed and how it will be used;
- a Special Power of Attorney if someone in the Philippines will file or follow up for you.
Foreigners may file complaints in the Philippines if they are victims of offenses connected to the Philippines, such as messages sent from or received in the Philippines, scams using Philippine bank/e-wallet accounts, Philippine phone numbers, Philippine-based respondents, or damage suffered while the victim was in the Philippines.
6. Undergo interview or initial assessment
Expect the investigator to ask:
- How did you first receive the message?
- Do you know the sender?
- Did you reply?
- Did you click the link?
- Did you send money?
- Did you give OTP, password, ID, or personal information?
- Is the message still accessible?
- Do you still have the device?
- Are there other victims?
Be honest about mistakes. Many victims clicked links or gave OTPs under pressure. The point is to document exactly what happened.
7. Ask about preservation of data
Under RA 10175, preservation of computer data can be important because telco, platform, and service provider logs may not be available forever. The law provides for preservation of traffic data and subscriber information for a minimum period, and law enforcement may act through proper legal processes.
As a complainant, you cannot personally force Facebook, Google, a telco, or a bank to disclose confidential subscriber data. But you can give investigators the details they need to request preservation, disclosure, or court processes where legally justified.
8. Follow up with the case reference number
Get proof that you filed:
- complaint reference number;
- receiving copy;
- investigator’s name or unit;
- date of filing;
- contact details for follow-up.
Follow up politely and keep additional evidence. If new messages arrive, do not start a separate scattered record. Add them to your timeline and inform the investigator.
What Happens After You File?
A cybercrime complaint usually goes through several stages.
| Stage | What happens | Practical timeline |
|---|---|---|
| Intake | Complaint is received; initial interview and assessment | Same day to several days |
| Evidence review | Investigator checks screenshots, links, accounts, numbers, transactions | Days to weeks |
| Preservation or requests | Law enforcement may seek preservation/disclosure through proper legal channels | Weeks or longer |
| Case build-up | Witness statements, affidavits, certifications, technical findings | Weeks to months |
| Referral to prosecutor | Complaint may be filed for preliminary investigation | Varies |
| Preliminary investigation | Prosecutor evaluates probable cause; respondent may file counter-affidavit | Often months |
| Court case | If probable cause exists, Information is filed in court | Longer, depending on docket |
For simple spam-number reports, action may be faster if the goal is blocking. For criminal prosecution, expect a longer process because the authorities must identify the sender, authenticate evidence, connect the account or number to a person, and establish the legal elements of an offense.
Common Problems That Delay or Weaken Complaints
Deleting the messages too soon
Many victims block and delete immediately. Blocking is understandable, but save evidence first. If the messages are gone, investigators may still try other methods, but your case becomes harder.
Only submitting cropped screenshots
A cropped screenshot showing only the message may not prove who sent it, when it was sent, or through what platform. Always capture the number, username, date, time, URL, and context.
Filing the wrong type of complaint
For example, an ordinary spam advertisement is not necessarily a cybercrime after Disini. But if the same message contains a phishing link that steals your bank details, it becomes a fraud or identity theft issue.
Posting accusations online before filing
Publicly naming someone as a “scammer” or “criminal” without enough proof can expose you to a counterclaim for defamation or cyber libel. It is safer to report to platforms, telcos, banks, NTC, CICC, PNP, NBI, or NPC first.
Expecting instant identification of anonymous senders
A phone number or fake account does not automatically identify the human sender. SIM registration helps, but scammers may use mule SIMs, stolen IDs, spoofed sender names, fake accounts, VPNs, compromised accounts, or accounts registered under another person’s name.
Waiting too long
Some logs are time-sensitive. Cyber libel has a particularly important timing issue: in Berteni Cataluña Causing v. People, the Supreme Court held that cyber libel under RA 10175 prescribes in one year from discovery by the offended party, authorities, or their agents. If the malicious message is potentially defamatory, act promptly.
Special Situations
If you lost money through GCash, Maya, bank transfer, or QR code
Report immediately to:
- your bank or e-wallet provider;
- the receiving bank or wallet, if known;
- CICC hotline 1326;
- PNP ACG or NBI Cybercrime Division.
Provide the transaction reference number, account name, mobile number, amount, date, time, QR code, and screenshots. Under RA 12010, financial institutions may have mechanisms involving disputed transactions, fraud management systems, and coordinated verification. Fast reporting improves the chance of tracing or holding funds, but recovery is not guaranteed.
If the message contains a malicious link
Do not click it again. Save the link by copying it carefully if safe to do so, screenshot the message, and report it. If you already clicked:
- disconnect from suspicious pages;
- change passwords from a clean device;
- revoke suspicious app permissions;
- enable two-factor authentication;
- inform your bank or e-wallet;
- monitor transactions;
- save login alerts and OTP messages.
If the sender is a loan app or collection agent
Loan-app harassment may involve several issues:
- unfair debt collection;
- data privacy violations if your contacts, photos, employer, or private data were accessed or disclosed;
- unjust vexation or threats under the Revised Penal Code;
- cybercrime if ICT was used in the commission of another offense;
- possible complaints with the NPC, SEC, PNP/NBI, or other regulators depending on the lender.
Save all shaming messages, contact-list messages, threats, call logs, loan documents, app permissions, and screenshots showing who was contacted.
If the sender is outside the Philippines
You may still report if there is a Philippine connection: you are in the Philippines, the damage occurred here, a Philippine bank/e-wallet/SIM/account was used, or the offender used a computer system partly situated in the Philippines. RA 10175 recognizes jurisdiction where elements are committed in the Philippines, where a computer system is wholly or partly situated in the country, or where damage is caused to a person in the Philippines.
International cases move more slowly because they may require platform cooperation, foreign service providers, mutual legal assistance, or coordination through appropriate government channels.
If you are abroad and the malicious messages involve the Philippines
Filipinos abroad, OFWs, and foreigners overseas can still prepare a complaint. In practice, you may need:
- screenshots and original digital evidence;
- a sworn affidavit executed before a Philippine consulate or properly notarized/apostilled abroad;
- a Special Power of Attorney for a representative in the Philippines;
- proof of identity;
- proof of the Philippine connection, such as Philippine numbers, bank accounts, respondents, or victims.
Fees, Costs, and Timelines
There is usually no large filing fee simply to report a cybercrime incident to PNP ACG, NBI, CICC, NTC, or NPC intake channels. However, costs may arise for:
- notarization of affidavits;
- printing and photocopying;
- lawyer’s drafting assistance, if you choose to hire one;
- consular notarization or apostille abroad;
- transportation to law enforcement offices;
- certified records from banks, telcos, or platforms if required.
Timelines vary widely. A simple text-spam blocking report may move faster. A criminal case requiring identification of an anonymous sender, platform data, bank tracing, and prosecutor review can take months or longer.
Frequently Asked Questions
Can I file a cybercrime complaint for spam texts in the Philippines?
Yes, but the proper route depends on the content. If it is just an unwanted commercial message, report it to NTC, your telco, eGovPH eReport, or CICC. If it involves phishing, fraud, threats, identity theft, harassment, or financial loss, prepare evidence and file with PNP ACG or NBI Cybercrime Division.
Is spam illegal under Philippine cybercrime law?
Ordinary unsolicited commercial spam is not automatically a cybercrime because the Supreme Court struck down RA 10175’s provision on unsolicited commercial communications in Disini v. Secretary of Justice. However, spam used for scams, phishing, identity theft, threats, or harassment may still violate other laws.
Where do I report scam text messages in the Philippines?
You may report scam texts to the NTC text scam/spam report page, your telco’s scam reporting channel, the eGovPH eReport feature, CICC hotline 1326, PNP ACG, or NBI Cybercrime Division. If money was lost or your account was compromised, report to your bank or e-wallet immediately as well.
What evidence do I need for malicious messages?
Save screenshots showing the sender, number or username, date, time, message content, links, and platform. Keep the original messages, transaction receipts, account recovery alerts, call logs, and any proof of damage. Do not rely on cropped screenshots alone.
Can police trace an anonymous number or fake account?
Sometimes, but it requires proper legal process and available records. Investigators may need telco, platform, bank, or service provider data. SIM registration helps but does not guarantee immediate identification because scammers may use mule SIMs, fake accounts, stolen identities, or spoofing methods.
Should I block the sender?
Save evidence first. After you have preserved screenshots, original messages, links, and logs, blocking may be reasonable for safety and peace of mind. For threats or extortion, avoid further engagement and report promptly.
Can I file if I am a foreigner?
Yes, if the incident has a Philippine connection, such as a Philippine respondent, Philippine phone number, Philippine bank or e-wallet account, Philippine platform activity, or damage suffered while in the Philippines. Bring your passport or valid ID and proof of the connection.
Can I file from abroad?
Yes, but you may need a sworn affidavit executed before a Philippine consulate or properly notarized/apostilled abroad. If someone in the Philippines will file or follow up for you, prepare a Special Power of Attorney.
What if the malicious message is from my ex-partner?
If the sender is a spouse, former spouse, dating partner, or person with whom a woman has or had a sexual relationship, the case may involve RA 9262, especially if the messages involve threats, harassment, psychological abuse, or coercion. If the messages are online or through SMS, cybercrime and digital evidence rules may also matter.
How long do I have to file?
File as soon as possible. Some digital records disappear quickly. For cyber libel, the Supreme Court has held that the prescriptive period is one year from discovery. Other offenses have different periods depending on the crime and penalty, so delay can seriously weaken a case.
Key Takeaways
- Spam alone is not always a cybercrime, but spam used for fraud, phishing, threats, harassment, or identity theft can be legally actionable.
- Save evidence before blocking, deleting, resetting, or changing phones.
- Report simple scam texts to NTC, telcos, eGovPH eReport, or CICC hotline 1326.
- File criminal cybercrime complaints with PNP ACG or NBI Cybercrime Division when there is fraud, loss, threats, identity theft, blackmail, or serious harassment.
- Use the NPC process when the issue involves misuse of personal data.
- Prepare a clear complaint-affidavit, full screenshots, transaction records, links, usernames, and a timeline.
- Act quickly because digital records may disappear and some offenses have short prescriptive periods.