How to File Cybercrime Complaint for Online Scam Philippines

Philippine legal framework; practical pathways for victims of phishing, marketplace fraud, investment scams, account takeovers, e-wallet/bank fraud, and impersonation. General information only.

1) Legal Foundations

Core statutes and rules

  • Cybercrime Prevention Act of 2012 (RA 10175). Defines key cyber offenses, procedures, and digital evidence rules. Includes:

    • Illegal access/interception; data/system interference; misuse of devices;
    • Computer-related fraud and identity theft;
    • Aiding/abetting and attempts;
    • Section 6: Crimes under the Revised Penal Code (RPC) and special laws committed “by, through, and with the use of ICT” are penalized one degree higher (e.g., estafa committed online).

  • Revised Penal Code (RPC) – Estafa/Swindling (Art. 315) and related fraud provisions (as amended by RA 10951). Often paired with RA 10175 §6 for online variants.

  • Access Devices Regulation Act (RA 8484). Fraudulent use of cards/access devices; frequently invoked in card-not-present and e-wallet breaches.

  • E-Commerce Act (RA 8792). Electronic transactions, signatures, computer misuse; notice-and-takedown expectations via platform policies.

  • Data Privacy Act (RA 10173). Breaches involving personal data; empowers the National Privacy Commission (NPC).

  • Financial Products and Services Consumer Protection Act (RA 11765) and BSP/SEC/IC rules. Redress and conduct standards for banks, e-money issuers, and investment solicitations.

  • SIM Registration Act (RA 11934). Subscriber identity linkage useful for sender number tracing and SIM blocking (via telcos/NTC).

  • Rules on Cybercrime Warrants (A.M. No. 17-11-03-SC). Specialized warrants: WDCD (Warrant to Disclose Computer Data), WSSECD (Search, Seizure & Examination), WICD (Intercept Content Data), WTD (Track Data).

Jurisdiction & venue

  • RTCs designated as cybercrime courts have jurisdiction. Venue may lie where any element occurred, where the offended party resides, or where the computer system or data is located, depending on the offense and rules.

2) Who Handles What (Philippine Agencies)

  • NBI – Cybercrime Division (NBI-CCD). Complex, multi-jurisdictional, and high-value cases; forensic support; international coordination.
  • PNP Anti-Cybercrime Group (PNP-ACG) and Regional Anti-Cybercrime Units. Frontline intake nationwide; quick coordination with local police and banks.
  • Department of Justice – Office of Cybercrime (DOJ-OOC). Central authority for MLA/foreign evidence; supports prosecutors and law enforcement.
  • BSP (for banks/e-wallets), SEC (investment scams, unregistered solicitations), DTI (consumer/e-commerce seller issues), NPC (privacy breaches), NTC (SIM/telco concerns), AMLC (possible freeze/monitoring of suspicious flows through the anti-money laundering regime).

You may report to either NBI-CCD or PNP-ACG (or both). Parallel regulatory complaints (BSP/SEC/DTI/NPC) can unlock freezes, takedowns, and redress while the criminal case proceeds.

3) First 24–72 Hours: Urgent Actions to Limit Losses

  1. Safety & containment

    • Change passwords, revoke active sessions, enable MFA, de-link compromised devices/apps.
    • For email-led scams, rotate recovery emails/phone numbers first.

  2. Freeze the money trail

    • Notify your bank/e-wallet immediately to request a temporary hold/recall of disputed transfers. Provide reference numbers, timestamps, account/QR/GCash/Maya handles, device/browser used, and exact amounts.
    • Ask the receiving institution (through your bank or directly) for beneficiary account freeze subject to their fraud protocols and regulator rules.
    • Consider a BSP consumer complaint if response is slow; for investment solicitations, alert SEC; for marketplace seller misrepresentation, alert DTI.

  3. Preserve evidence (do not delete)

    • Screenshots + exports of chats, emails (include full headers), social media profiles/URLs, listings, group names/IDs.
    • Transaction proof: receipts, SMS/OTP logs, push notifications, reference/trace IDs, ATM/CAM images if any.
    • Device artifacts: keep phones/PCs unchanged; avoid factory resets. If possible, image the device and compute SHA-256 hashes for files you’ll submit.
    • Maintain a timeline log: “what happened, when, where, who.”

  4. Report quickly

    • Lodge an initial incident report with NBI-CCD or PNP-ACG. Early reports help them issue preservation requests to platforms/service providers so logs aren’t overwritten.

4) What Offense Fits Your Scenario?

  • Phishing/Account Takeover → Illegal access (RA 10175) + computer-related identity theft/fraud, possibly RA 8484 if access devices used.
  • Marketplace “paid-then-ghosted” seller → Estafa (RPC) via ICT (penalty raised by §6 of RA 10175).
  • Investment scheme/“double your money” → Securities law violations (SEC), estafa via ICT, computer-related fraud.
  • Impersonation profile collecting money → Identity theft/fraud (RA 10175), possible unjust vexation or libel depending on content.
  • Malware/remote tool intrusions → Illegal access, data/system interference, misuse of devices.

A prosecutor may stack charges (e.g., estafa and computer-related fraud), depending on facts.

5) Where and How to File the Criminal Complaint

A) Filing with NBI-CCD or PNP-ACG (frontline)

  • Walk-in or online intake (varies by office). You will provide:

    • Complainant’s details and government ID;
    • Narrative (concise, chronological facts);
    • Evidence (digital and paper, see §6);
    • Loss computation;
    • Known identifiers of suspect accounts/numbers/devices.

  • They may take sworn statements, collect digital images, and coordinate preservation with banks/e-wallets/social platforms.

  • For cross-border aspects, they liaise with DOJ-OOC, Interpol, and foreign 24/7 points of contact.

B) Prosecutor’s Office (inquest or regular filing)

  • After fact-finding, law enforcement forwards to the City/Provincial Prosecutor for inquest (if the suspect is arrested) or preliminary investigation (if at large).
  • You may file directly with the prosecutor (bring the same documentary set) if advised.

Barangay conciliation? Not required for cyber fraud with penalties beyond barangay thresholds or where parties reside in different cities/abroad; cyber offenses generally proceed without barangay mediation.

6) Evidence: What to Bring and How to Package It

Digital evidence (primary)

  • Full email headers; .eml/.msg copies;
  • Chat exports (platform native export if available), plus screenshots with visible timestamps/usernames/URLs;
  • Transaction proofs (bank/e-wallet receipts, reference IDs, payee details, IP if available);
  • Device info: OS version, app version, browser fingerprint, suspected phishing URL/QR code.

Physical/ancillary evidence

  • Delivery receipts, waybills, seller packaging, handwritten notes.
  • Notes of phone calls, names/accents/time, and numbers used.

Forensic integrity

  • Keep original media untouched; submit forensic copies when possible.
  • Record hash values (SHA-256) of key files.
  • Maintain a chain-of-custody log: who handled what, when, where stored.

Tip: Label exhibits (e.g., Exhibit A – Chat Export, Exhibit B – BPI Receipt). Provide a table of exhibits cross-referenced to paragraphs in your affidavit.

7) The Sworn Complaint-Affidavit (Anatomy & Sample Outline)

Structure

  1. Affiant identity and capacity.
  2. Jurisdiction/venue (where acts/effects occurred; where you reside).
  3. Narrative of facts in chronological order (attach timeline).
  4. Modus operandi (phishing link, fake marketplace page, investment pitch).
  5. Elements mapping (why acts satisfy estafa/identity theft/computer-related fraud).
  6. Losses and remedies sought (criminal prosecution; restitution; asset freeze where possible).
  7. List of exhibits (A–Z) with brief descriptions.
  8. Prayer (issuance of subpoenas/warrants; preservation orders; referral to AMLC/SEC/NTC as needed).
  9. Verification & jurat (notarization/oath).

Annex practicals

  • Contact matrix for banks/e-wallets/platforms already notified (with ticket numbers).
  • Device identifiers (IMEI, serial numbers) if theft/clone suspected.

8) How Authorities Get the Data (Without You Breaking Any Laws)

  • Preservation requests (RA 10175 §13). Service providers can be required to preserve relevant traffic/subscriber data for a limited period to avoid loss—typically initiated by law enforcement or prosecutor.

  • Cybercrime warrants (A.M. No. 17-11-03-SC).

    • WDCD: Compels disclosure of subscriber info, traffic and content data specified.
    • WSSECD: Authorizes on-site seizure or forensic imaging of computers/devices.
    • WICD: Authorizes interception of content (e.g., live communications) on probable cause.
    • WTD: Authorizes real-time collection of non-content traffic data under strict safeguards.

  • Subpoena duces tecum/ad testificandum via prosecutor/court.

  • International assistance through DOJ-OOC where the platform/host is overseas.

9) Parallel Tracks That Help Your Case (and Your Money)

  • Bank/e-wallet disputes & reversals. File within issuer deadlines; keep acknowledgment and case numbers. Non-response or denial can be elevated to BSP under consumer protection rules.
  • SEC complaint for investment scams, unregistered “profit-sharing,” or lending without license. SEC advisories bolster probable cause and platform takedowns.
  • DTI complaint for seller non-delivery/misrepresentation in e-commerce; can drive refunds, mediation, and administrative penalties.
  • NPC report for data breaches/identity theft; helps compel platform cooperation and account recovery.
  • NTC/telco reports for number blocking and SIM-related abuse.
  • AMLC coordination (via law enforcement) for freeze/monitor of suspected mule accounts and layered transfers.

10) Court Process & Remedies

  • Preliminary investigationInformation filed in cybercrime court → ArraignmentPre-trialTrial.
  • Restitution can be pursued with the criminal case (civil liability ex delicto) or via separate civil action.
  • Pre-trial relief may include account preservation/seizure (through AML/forfeiture channels) and injunctions (e.g., to stop ongoing solicitations).
  • Plea bargaining and mediation may resolve low-value, first-offense cases where restitution is feasible—subject to prosecutor/court approval.

11) Special Situations

  • Account-takeover with OTP/social engineering. Even where a victim shared an OTP under deception, criminal liability for the scammer remains; regulatory redress may still apply if the provider failed security duties or ignored red flags.
  • Mule accounts. Holders of receiving accounts can face criminal exposure (aiding/abetting; AML violations; access device fraud) even if they “just lent” their account.
  • Minors as offenders. The Juvenile Justice and Welfare Act applies (diversion, confidentiality). Civil liability may attach to parents/guardians.
  • Cross-border platforms. Expect reliance on MLA and platform trust & safety programs; takedown hinges on well-documented notices (include ticket numbers in your affidavit).

12) Timelines, Prescription, and Practical Expectations

  • Report early. Fast reporting improves odds of freezes/takedowns and log preservation.
  • Prescription follows the underlying offense (e.g., estafa) or the special cyber offense charged; timelines vary with penalty. Early complaint filing interrupts prescription.
  • No guaranteed recovery. Criminal conviction does not assure repayment; combine the criminal track with regulatory complaints and civil claims for best recovery prospects.

13) Victim’s Checklist (One-Page)

Immediately

  • Change passwords/MFA; secure devices.
  • Call bank/e-wallet; request freeze/recall; obtain ticket/ref numbers.
  • Screenshot and export all chats/emails/listings; save headers and URLs.
  • Start a timeline log; list amounts, times, and counterparties.

Within 24–72 hours

  • File with NBI-CCD or PNP-ACG (bring ID, device, receipts, exhibits).
  • File bank/e-wallet dispute; escalate as needed to BSP.
  • If investment-type: SEC complaint; if seller dispute: DTI complaint; if privacy breach: NPC; if SIM abuse: NTC.
  • Ask investigators to issue preservation requests to platforms.

Documentation pack

  • Sworn complaint-affidavit with exhibit table.
  • Proof of payments/transfers and loss computation.
  • Device/app details; hashes if available.
  • Copies of tickets from bank/platform/regulators.

14) Model Paragraphs You Can Reuse

A. Opening of affidavit (facts + venue)

I am [Name], of legal age, residing at [Address]. This complaint is filed in [City], where substantial parts of the offense occurred and where I suffered the effects of the online scam described below.

B. Elements mapping (example for marketplace estafa via ICT)

The respondent, by means of deceit through an online platform, induced me to transfer ₱[amount] for a product he never intended to deliver. The deceit and damage elements of estafa are present; the offense was committed through ICT, attracting the higher penalty under Section 6, RA 10175.

C. Prayer

I respectfully pray for the issuance of subpoenas and cybercrime warrants to obtain subscriber, traffic, and content data from the platform and receiving banks/e-wallets; for referral to AMLC and regulators for asset preservation; and for prosecution under RA 10175, RPC estafa, and related laws.

15) Key Takeaways

  • File fast, preserve everything, and run parallel tracks. Early bank/e-wallet freezes, platform preservation, and agency complaints materially improve outcomes.
  • Charge theory matters. Most online scams are estafa via ICT plus computer-related fraud/identity theft; access-device statutes often apply.
  • Digital evidence wins cases. Headers, exports, device logs, and a clean chain of custody are crucial.
  • Cross-agency coordination (NBI/PNP, BSP/SEC/DTI/NPC/NTC, AMLC, DOJ-OOC) increases your leverage for recovery and takedown.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login