If someone is threatening you online from a fake Facebook, Instagram, TikTok, Telegram, email, or mobile number, the most important thing is to preserve evidence before it disappears and file with the right cybercrime office. Anonymous threats can still be investigated in the Philippines, but the process is different from simply “reporting the account” to the platform. You need a clear evidence package, a sworn complaint, and—when identity records are needed—law enforcement or prosecutors must use the proper legal processes to obtain subscriber, traffic, or platform data.
What Counts as an Anonymous Cybercrime Threat in the Philippines?
An anonymous online threat usually involves a person hiding behind a fake name, dummy account, prepaid SIM, encrypted app, or spoofed identity while sending messages such as:
- “I know where you live. I will hurt you.”
- “Pay me or I will post your private photos.”
- “I will expose your information to your employer.”
- “I will create more fake accounts until you answer me.”
- “I will send your photos to your family unless you meet me.”
- “I will kill you when I see you.”
- “I have your address and your child’s school.”
The word “cybercrime” does not automatically mean every rude, insulting, or frightening online message is one specific offense under the Cybercrime Prevention Act. In practice, Philippine investigators and prosecutors look at the actual act behind the message.
For example:
| Situation | Possible Philippine offense |
|---|---|
| Death threat or threat to physically harm you | Grave threats under Article 282 of the Revised Penal Code, possibly in relation to Section 6 of RA 10175 |
| Threat to expose intimate photos or videos | Grave threats, coercion, RA 9995, RA 11313, or other special laws depending on the facts |
| Threat to publish lies about you | Cyberlibel if defamatory matter is actually published online |
| Repeated unwanted sexual messages or gender-based harassment | Safe Spaces Act, RA 11313 |
| Impersonation using your name or photos to deceive others | Computer-related identity theft under RA 10175 |
| Hacking or unauthorized access to your account | Illegal access or related cybercrime under RA 10175 |
| Threats sent through a mobile number | May involve RPC offenses, RA 10175, and possible SIM registration records under RA 11934 |
The key point: anonymous does not mean unreachable. It only means the case may require cybercrime investigators to trace account records, device activity, IP logs, SIM registration records, financial trails, or platform data through lawful procedures.
Legal Basis for Filing Cybercrime Complaints Against Anonymous Threats
Cybercrime Prevention Act of 2012: RA 10175
The main law for cybercrime complaints is the Cybercrime Prevention Act of 2012, Republic Act No. 10175. It covers cybercrime offenses such as illegal access, illegal interception, data interference, system interference, misuse of devices, cybersquatting, computer-related forgery, computer-related fraud, computer-related identity theft, cybersex, child pornography through a computer system, and online libel. It also covers crimes under the Revised Penal Code or special laws when committed “by, through and with the use of information and communications technologies,” with the penalty generally one degree higher under Section 6. (Lawphil)
This is why an online death threat may be treated as grave threats under the Revised Penal Code in relation to Section 6 of RA 10175, rather than as a separate offense called “cyber threat.”
RA 10175 also gives Philippine courts jurisdiction when any element of the offense was committed in the Philippines, when a computer system wholly or partly situated in the Philippines was used, or when damage was caused to a person who was in the Philippines at the time. It also covers violations committed by Filipino nationals regardless of place of commission. (Lawphil)
Revised Penal Code: Grave Threats, Light Threats, Coercion, and Unjust Vexation
For threats, the usual starting point is the Revised Penal Code.
Article 282 punishes grave threats, which involve threatening another person with harm to their person, honor, property, or family, when the threatened harm amounts to a crime. Article 285 covers certain light threats, and Article 286 covers grave coercions. Article 287 includes unjust vexation, a broad offense sometimes used when the conduct seriously annoys, disturbs, or harasses another person but does not neatly fit a more specific crime. (Lawphil)
In real cybercrime complaints, the complaint-affidavit often states the offense this way:
Grave Threats under Article 282 of the Revised Penal Code, in relation to Section 6 of Republic Act No. 10175, and such other offenses as the evidence may warrant.
That wording allows investigators and prosecutors to evaluate whether the facts support grave threats, coercion, unjust vexation, cyberlibel, identity theft, or another offense.
Cyberlibel and Online Defamation
Cyberlibel is based on libel under Article 355 of the Revised Penal Code, committed through a computer system under RA 10175. In Disini v. Secretary of Justice, the Supreme Court upheld the constitutionality of online libel but struck down or limited several other provisions of the cybercrime law, including provisions affecting free speech and privacy. (Lawphil)
Cyberlibel usually requires publication to a third person. A private threat sent only to you is not automatically cyberlibel, although it may still be grave threats, coercion, unjust vexation, or another offense. If the anonymous person posts false accusations publicly—such as “scammer,” “criminal,” “prostitute,” or similar defamatory statements—cyberlibel may become relevant.
In 2024, the Supreme Court clarified that courts may impose a fine instead of imprisonment for online libel in proper cases, and discussed the fine range for online libel after RA 10951 amendments to the Revised Penal Code. (Supreme Court of the Philippines)
Safe Spaces Act: RA 11313
The Safe Spaces Act, RA 11313, also called the “Bawal Bastos Law,” covers gender-based sexual harassment in online spaces. This may apply when the anonymous threats include unwanted sexual remarks, misogynistic or homophobic harassment, threats to release sexual images, rape threats, stalking-like conduct, or repeated online harassment based on sex, gender, sexual orientation, or gender identity. (Lawphil)
Anti-Photo and Video Voyeurism Act: RA 9995
If the anonymous person threatens to upload, share, sell, or send intimate photos or videos, the Anti-Photo and Video Voyeurism Act of 2009, RA 9995, may apply. This law protects the dignity and privacy of persons against non-consensual recording, copying, reproduction, distribution, or publication of sexual images or videos. (Lawphil)
SIM Registration Act: RA 11934
If the threat came from a mobile number, the SIM Registration Act, RA 11934, may help investigators because SIM users are required to register. But you cannot simply demand the registered name from the telecom company yourself. RA 11934 allows telcos to provide registration information only through proper legal processes, such as a subpoena by competent authority in an investigation based on a sworn complaint involving a specific mobile number used for a crime or unlawful act. (Lawphil)
Where to File a Cybercrime Complaint for Anonymous Threats
You can file with law enforcement agencies that handle cybercrime investigations. Which office is best depends on urgency, location, evidence, and the type of threat.
| Office | Best for | Practical notes |
|---|---|---|
| PNP Anti-Cybercrime Group (PNP-ACG) or Regional Anti-Cybercrime Unit | Online threats, fake accounts, hacking, cyber harassment, scam-linked threats | PNP has an ACG e-complaint channel and official cybercrime units; an FOI response from PNP also referred complainants to the ACG eComplaint link and ACG email. (www.foi.gov.ph) |
| NBI Cybercrime Division / Cybercrime Regional Centers | Computer-related threats, extortion, identity theft, hacking, cases needing digital forensics | NBI’s Citizen’s Charter lists investigative assistance for victims of computer crimes, including complaint filing, preliminary interview, sworn statements, and examination of relevant devices. (National Bureau of Investigation) |
| DOJ Office of Cybercrime | Cybercrime coordination, prosecution monitoring, cross-border cybercrime concerns | RA 10175 created the DOJ Office of Cybercrime and designated it as a central authority for cybercrime-related cooperation. (Department of Justice) |
| CICC / 1326 cybercrime reporting channels | Fast reporting of cyber incidents, especially scams and urgent cyber complaints | The Cybercrime Investigation and Coordinating Center has publicly used Hotline 1326 as a cybercrime complaint channel, and government reports have referenced 1326 for cyber fraud reports. (Facebook) |
| Local police station or barangay | Immediate safety, blotter, local response, threats involving physical danger | Useful for immediate documentation and safety response, but usually not enough for tracing anonymous accounts. |
For serious threats, do not rely only on “Report this account” inside Facebook, Instagram, TikTok, X, Telegram, or Gmail. Platform reporting may remove the account, but removal can also make evidence harder to preserve if you have not saved it properly.
Step-by-Step Guide: How to File a Complaint Against an Anonymous Online Threat
1. Secure your immediate safety first
If the threat is specific and urgent—such as “I am outside your house,” “I will kill you tonight,” or “I know where your child studies”—treat it as a safety issue, not just a cyber issue.
Do these first:
- Move to a safe place if needed.
- Tell a trusted family member, friend, building security guard, school officer, or employer security team.
- Call local emergency or police assistance if there is imminent danger.
- Make a police blotter if the threat may involve physical harm.
- Avoid meeting the person unless law enforcement specifically directs an operation.
A cybercrime complaint can identify the offender later, but safety measures protect you now.
2. Preserve the evidence before blocking, deleting, or reporting
Many complainants accidentally weaken their case by immediately blocking the account, deleting conversations, or only saving cropped screenshots.
Before you block or report, preserve:
- Full screenshots showing the threat, username, profile name, date, and time.
- Screen recordings scrolling through the conversation from the profile page to the threat.
- The exact URL or profile link of the account.
- User ID, handle, email address, phone number, group name, or channel name.
- The platform used, such as Facebook Messenger, Instagram DM, TikTok, X, Telegram, Viber, WhatsApp, Gmail, or SMS.
- The device where the message was received.
- Your phone’s date and time settings, especially if messages show relative time like “Yesterday.”
- Any prior messages showing context.
- Any demand for money, sex, photos, meeting, silence, or deletion of posts.
- Receipts, GCash/Maya/bank records, crypto wallet addresses, or payment links if there is extortion.
- Names of witnesses who saw the posts or received forwarded threats.
Do not edit the screenshot except to make duplicate working copies. Keep the original files on your phone or computer. If you print screenshots, keep the digital originals.
Electronic records matter. The Supreme Court has recognized that chat logs and videos may be used as evidence in criminal cases when presented for a proper purpose, and the Rules on Electronic Evidence apply when electronic documents or data messages are offered in evidence. (Supreme Court of the Philippines)
3. Create a simple evidence timeline
Investigators work faster when the story is organized. Prepare a short timeline like this:
| Date and time | What happened | Evidence |
|---|---|---|
| June 1, 2026, 9:12 PM | Anonymous Instagram account sent first threat | Screenshot 1, screen recording A |
| June 2, 2026, 8:45 AM | Same account sent my home address | Screenshot 2 |
| June 3, 2026, 11:30 PM | Account demanded ₱10,000 or threatened to post private photos | Screenshot 3, GCash number |
| June 4, 2026 | I reported the account to Instagram but did not delete messages | Platform report email |
This prevents your complaint from sounding vague. “Someone is harassing me online” is harder to act on than “This account, using this handle, sent these exact threats on these dates, attached as Annexes A to D.”
4. Prepare your complaint-affidavit
A complaint-affidavit is your sworn written statement. It should be factual, specific, and chronological.
Include:
- Your full name, address, age, civil status, nationality, and contact details.
- The anonymous account, number, email, or handle used by the offender.
- How you first encountered the account.
- The exact words of the threat.
- Dates and times.
- Why you believe the threat is serious.
- Any link to a known person, former partner, customer, coworker, online seller, lender, troll account, or prior dispute.
- The harm caused: fear, missed work, safety measures, reputational damage, financial loss, emotional distress, or risk to family.
- A list of attachments.
- A request for investigation and preservation of relevant digital records.
A practical wording is:
I am filing this complaint for Grave Threats under Article 282 of the Revised Penal Code, in relation to Section 6 of Republic Act No. 10175, and for such other offenses as may be supported by the evidence, against the person or persons using and controlling the account/mobile number described in this affidavit.
If you do not know the offender’s real name, identify the respondent as:
The person using, controlling, or operating the Facebook account “[profile name]” with URL “[profile link],” whose true identity is currently unknown.
For criminal investigation purposes, that is usually more useful than guessing a name without proof.
5. Attach your evidence properly
Use annex labels:
- Annex “A” – Screenshot of profile page
- Annex “B” – Screenshot of first threat
- Annex “C” – Screenshot of demand for money
- Annex “D” – Screenshot showing mobile number or email
- Annex “E” – Screen recording saved on USB drive
- Annex “F” – Payment receipt or transaction record
- Annex “G” – Police blotter, if any
Printouts help investigators review the file, but the digital copies are important because they may contain metadata or may be needed for forensic examination.
Bring the device where the messages were received. The NBI Cybercrime Division’s citizen charter specifically contemplates complainants submitting sworn statements or affidavits and having relevant devices examined as part of the probe. (National Bureau of Investigation)
6. File with PNP-ACG, NBI Cybercrime, or the prosecutor
For anonymous threats, it is usually better to start with PNP-ACG or NBI Cybercrime because you need investigation before the respondent can be properly identified.
When you appear, expect the following:
- Intake or complaint sheet.
- Preliminary interview.
- Review of screenshots and devices.
- Execution or submission of sworn statement.
- Possible referral to a specific investigator.
- Possible request for additional evidence.
- Case reference or acknowledgment.
For NBI computer-crime complaints, the Citizen’s Charter lists no fee for the initial process and describes steps such as filing the complaint, preliminary interview, sworn statements, collection of supporting documents, and approval of authority to investigate. It lists a total frontline processing time of about 1 hour and 10 minutes for the initial assistance process, not the entire investigation. (National Bureau of Investigation)
7. Ask about preservation of data
Digital records can disappear quickly. Social media accounts can be deleted. Platforms may retain logs only for limited periods. Telecom and service provider records also have retention limits.
Under RA 10175 and its implementing rules, traffic data and subscriber information relating to communication services are preserved for at least six months from the date of transaction, while content data may be preserved for six months from receipt of a preservation order from law enforcement authorities. (Supreme Court E-Library)
This is why delay matters. If the threat happened months ago, file as soon as possible and clearly ask whether investigators can issue or seek the proper preservation request or cybercrime warrant.
8. Understand cybercrime warrants and why you cannot “just get the IP address”
Private individuals cannot usually compel Facebook, Google, Apple, TikTok, Telegram, telcos, or internet service providers to disclose account identity, IP logs, subscriber records, or message content.
Investigators may need legal tools under the Rule on Cybercrime Warrants, A.M. No. 17-11-03-SC. This rule covers warrants and related orders involving preservation, disclosure, interception, search, seizure, examination, custody, and destruction of computer data in cybercrime investigations. (Office of the Court Administrator)
Commonly relevant warrants or processes include:
- Warrant to Disclose Computer Data – to obtain subscriber, traffic, or content data from a service provider when legally justified.
- Warrant to Search, Seize, and Examine Computer Data – to search or examine devices or systems.
- Warrant to Examine Computer Data – to examine lawfully obtained devices or data.
- Preservation orders – to prevent deletion of relevant data while investigation is ongoing.
This is also why screenshots alone may not identify the offender. Screenshots prove what you received or saw; warrants and platform records may help prove who controlled the account.
Required Documents for Filing
Bring both printed and digital copies when possible.
| Requirement | Notes |
|---|---|
| Valid government ID | Passport, driver’s license, national ID, UMID, PRC ID, or other accepted ID |
| Complaint-affidavit | Sworn before a prosecutor, authorized officer, or notary depending on the office |
| Screenshots of threats | Include full screen with date, time, account name, and message context |
| Screen recording | Especially useful for fake accounts that may be deleted |
| Profile links or URLs | Copy exact links, not just display names |
| Device used | Bring the phone or laptop where the messages were received |
| Digital copies | USB drive or cloud folder, but keep originals on the device |
| Payment records | Required if there was extortion, blackmail, scam, or financial demand |
| Police blotter | Helpful for urgent threats or physical safety concerns |
| Witness affidavits | Useful if others saw the post or received related messages |
| Prior communications | Shows context, motive, identity clues, or escalation |
Common Problems in Anonymous Threat Cases
“The account is fake. Can they still trace it?”
Possibly, but not always. Investigators may look at account recovery details, linked phone numbers, email addresses, IP logs, login locations, device information, payment trails, SIM registration records, and the suspect’s mistakes. But fake accounts, VPNs, public Wi-Fi, hacked accounts, foreign platforms, or identity-mule SIMs can slow the process.
“The threat was on Telegram or an encrypted app.”
Encrypted or privacy-focused platforms can be harder to investigate. You should still preserve the username, phone number if visible, group/channel link, profile photo, messages, and any payment or identity clues. Even if message content cannot be easily obtained from the platform, the offender may have left evidence elsewhere.
“The account was deleted after I reported it.”
This is common. Save evidence first. If the account was deleted before you saved anything, collect secondary evidence: notification emails, phone notifications, witness screenshots, platform report acknowledgments, cached links, forwarded messages, and any related accounts.
“I know who it is, but the account is anonymous.”
Do not rely only on suspicion. State why you suspect that person: writing style, private facts only they knew, timing after a dispute, reused photos, linked numbers, payment accounts, prior admissions, or witnesses. Let investigators connect the digital evidence to the person.
“The offender is abroad.”
RA 10175 can still allow Philippine jurisdiction if the legal elements are met, especially if the victim was in the Philippines or damage occurred in the Philippines. But cross-border cases are slower because foreign platform data, mutual legal assistance, or DOJ Office of Cybercrime coordination may be needed. (Lawphil)
“I am abroad but the threat affects me or my family in the Philippines.”
If you are a Filipino or foreigner outside the Philippines, you can still prepare a complaint-affidavit and coordinate with relatives or counsel in the Philippines. Documents executed abroad may need consular notarization or apostille, depending on where they were executed and how they will be used. The DFA’s authentication office provides apostille-related guidance and requirements for documents used across borders. (Apostille.gov.ph)
Practical Timelines and Fees
| Stage | Typical practical timeline | Fees |
|---|---|---|
| Evidence preservation by victim | Same day | None |
| Police blotter for urgent safety issue | Same day | Usually none |
| Initial filing with NBI Cybercrime | About 1 hour and 10 minutes for frontline intake based on NBI Citizen’s Charter | NBI lists none for that frontline process |
| Assignment and investigation | Days to months, depending on complexity | Usually none for government filing; private notarization/copying may cost extra |
| Data preservation or warrant processes | Varies depending on investigator, prosecutor, court, and platform | Government process generally no filing fee for complainant |
| Prosecutor evaluation/preliminary investigation | Often several weeks to months | Usually no filing fee for criminal complaint |
| Court case if information is filed | Months to years | No criminal filing fee for the complainant, but private counsel and civil claims may involve costs |
The biggest bottlenecks are usually incomplete evidence, delay in filing, lack of exact URLs or account identifiers, platform data retention limits, foreign service providers, and difficulty linking a fake account to a real person.
Mistakes to Avoid
- Do not delete the conversation.
- Do not rely only on cropped screenshots.
- Do not threaten the offender back.
- Do not pay blackmail money unless law enforcement is supervising a documented operation.
- Do not post the suspected person’s private information online without proof.
- Do not create fake evidence or edit screenshots.
- Do not assume a barangay blotter is enough for cyber tracing.
- Do not wait months before filing if account or telco records may disappear.
- Do not send your only copy of evidence to someone else without keeping originals.
- Do not ignore threats involving children, intimate images, weapons, home addresses, or stalking behavior.
Frequently Asked Questions
Can I file a cybercrime complaint if I do not know the real name of the person threatening me?
Yes. You can file against the person using or controlling the anonymous account, email address, or mobile number. For investigation purposes, describe the account precisely and attach evidence. The offender’s real identity may be determined later through investigation, platform data, telecom records, witnesses, or device evidence.
Should I file with the PNP Cybercrime Group or NBI Cybercrime Division?
Both can handle cybercrime-related complaints. PNP-ACG is often accessible through regional anti-cybercrime units, while NBI Cybercrime is commonly approached for cases needing digital forensic assistance or national-level investigation. If one office says the case belongs elsewhere, ask for a written referral or clear guidance on where to proceed.
Is a screenshot enough to file a complaint?
A screenshot may be enough to start a complaint, but it is better to have more. Save full screenshots, screen recordings, URLs, profile links, device information, and original files. Screenshots can be challenged if they are incomplete, cropped, or cannot be authenticated.
Can police trace a fake Facebook account?
Sometimes. Investigators may need platform records, login data, IP logs, linked emails, linked phone numbers, device information, or other clues. A fake display name alone is not enough. The more complete your evidence package, the better the chance of tracing.
Can I file a case for online death threats?
Yes. Online death threats may fall under grave threats under Article 282 of the Revised Penal Code, possibly in relation to Section 6 of RA 10175 if committed through ICT. If the threat is immediate or specific, also seek local police assistance for safety.
What if the person threatens to leak my private photos?
Preserve the messages and file quickly. The case may involve grave threats, coercion, RA 9995, RA 11313, RA 10175, or other laws depending on the facts. Do not negotiate alone. If the person demands money or sexual acts, tell investigators clearly because that changes the seriousness and possible charges.
Can foreigners file cybercrime complaints in the Philippines?
Yes, if the facts give Philippine authorities jurisdiction—for example, the threat was sent or received in the Philippines, a Philippine-based computer system or mobile number was involved, the damage occurred in the Philippines, or the offender is a Filipino national. Foreign complainants should bring identification and may need properly authenticated documents if filing from abroad.
Can I file directly with the prosecutor?
You can file criminal complaints with the prosecutor, but anonymous online threats often need law enforcement investigation first because the respondent is unknown. Prosecutors generally need a sufficiently identified respondent or investigative records showing who should be charged.
What if the cybercrime office refuses to act?
Ask politely what requirement is missing and whether they can give a written referral. If the issue is incomplete evidence, supplement your complaint. If the issue is inaction despite a complete complaint, you may follow up through the office’s official channels or appropriate government feedback mechanisms. Keep copies of all filing receipts, emails, and reference numbers.
Should I block the anonymous account?
Usually, preserve evidence first. After saving screenshots, screen recordings, URLs, and message history, blocking may be reasonable for safety and mental health. If investigators are considering an operation or further monitoring, ask them before blocking.
Key Takeaways
- Anonymous online threats can be reported even if you do not know the offender’s real name.
- Preserve evidence before blocking, deleting, or reporting the account.
- The usual legal bases include the Revised Penal Code, RA 10175, RA 9995, RA 11313, RA 11934, and related laws depending on the facts.
- File with PNP-ACG, NBI Cybercrime, or appropriate law enforcement when tracing is needed.
- A strong complaint includes a sworn affidavit, full screenshots, screen recordings, URLs, device information, and a clear timeline.
- Do not expect instant tracing; lawful disclosure of account, SIM, IP, or platform records usually requires proper legal process.
- Serious threats involving physical harm, children, intimate images, extortion, or home addresses should be treated urgently.