Discovering that your Facebook account was hacked and then used to send scam messages to your relatives is a nightmare that hits especially hard in the Philippines. Your family members, seeing messages that appear to come from you asking for urgent help with hospital bills, bail, or “utang,” often send money through GCash, bank transfer, or remittance without a second thought. The hacker exploits trust built over years of family chats and photos. This article explains what is happening legally, gives you a clear step-by-step plan to recover your account as fast as possible, shows how to contain the damage to your relationships, and details exactly how to report the incident to Philippine authorities so you have an official record that protects you.

The situation involves two overlapping problems: unauthorized access to your account and the subsequent use of your identity to commit fraud against people who trust you. Under Republic Act No. 10175, or the Cybercrime Prevention Act of 2012, the hacker’s actions constitute illegal access to a computer system, computer-related identity theft, and computer-related fraud. These are distinct criminal offenses. The Revised Penal Code provisions on estafa (swindling) may also apply to the hacker when money is obtained through deceit. You, as the account owner, are a victim of these cybercrimes. Philippine courts have consistently upheld that the original owner is not criminally liable for acts committed after the account was taken over without their knowledge or participation, provided you act promptly to report and mitigate harm.

What Philippine law says about your rights and obligations

Section 4(a)(1) of RA 10175 penalizes illegal access — gaining entry to any part of a computer system without right. Section 4(b)(3) covers computer-related identity theft, which includes the unauthorized use of your identifying information to commit fraud. Section 4(b)(2) addresses computer-related fraud when the hacker alters data or interferes with the system to cause damage with fraudulent intent. Penalties range from prision mayor (six to twelve years) to higher degrees when qualified by the amount of damage or when committed against vulnerable persons.

You have the right to report these offenses and to request that law enforcement preserve evidence and investigate. You also have the practical right to use official reports to show family members, banks, e-wallet providers, and, if needed, barangay or court officials that the scams occurred during a period when you had no control over the account. Prompt reporting strengthens your position if anyone later claims you benefited from or authorized the transactions.

Immediate steps to recover your account and stop further scams

Act within the first few hours if possible. Every minute the hacker retains access risks more messages and more money leaving your relatives’ accounts.

1. Go to Facebook’s official hacked account recovery page at facebook.com/hacked using a computer or phone you have used before. Enter the email, phone number, or full name associated with the account. Follow the prompts to identify yourself as the real owner. Facebook may ask you to upload a clear photo of a government-issued ID (PhilID, passport, driver’s license, or UMID work well). Review any recent changes to email, phone, or password and reverse them if the option appears. Confirm recent logins and devices you do not recognize.

2. Secure your linked email account first, before or at the same time as Facebook recovery. Change its password, enable app-based two-factor authentication (such as Google Authenticator or Authy), sign out all other sessions, and check for suspicious forwarding rules or recovery phone numbers. Do the same for your mobile number — contact your telecom provider (Globe, Smart, DITO, or TNT) immediately if you suspect a SIM swap and ask them to block unauthorized changes while documenting the reference number of your report.

3. Once you regain access to Facebook, change the password to a strong, unique one you have never used before. Immediately log out of all sessions and devices through Settings and Privacy > Security and Login. Turn on two-factor authentication using an authenticator app, not SMS if possible. Remove any unknown email addresses, phone numbers, or recovery methods the hacker added. Review and remove suspicious connected apps, linked Instagram accounts, and any business pages or ad accounts where the hacker may have added themselves as admins or spent money.

4. Warn your relatives and close contacts right away through other channels — phone calls, family Viber or WhatsApp groups, a temporary new Facebook or Instagram account, or SMS. Be calm and factual: state the exact period your account was compromised, say clearly that any money requests or links sent from the old account during that time were not from you, and ask everyone to stop sending money or sharing OTPs. Request that they take screenshots of the scam messages with timestamps and send them to you. Avoid long emotional explanations at this stage; focus on stopping further transfers.

5. Preserve evidence before you delete anything. Take screenshots of password-change emails or SMS alerts from Facebook, login notifications from unfamiliar locations or devices, the scam messages themselves (both what the hacker sent and what your relatives received), any transaction receipts or GCash reference numbers, and your own recovery attempts. Create a simple timeline on paper or in a document noting dates, times, and events. Save everything in at least two places (phone gallery + cloud storage you control, plus printed copies if possible). Do not delete messages or posts from the account until you have clear records.

6. Report the financial aspect separately and quickly. If relatives sent money to specific GCash numbers, bank accounts, or e-wallets, contact those providers directly with the transaction details and reference your upcoming police report. Many e-wallet companies will at least log the complaint and may freeze the receiving account pending investigation, though full reversal is never guaranteed once funds are withdrawn.

Reporting to Philippine authorities — creating an official record that protects you

File a report as soon as you have basic evidence. This creates a contemporaneous record of when you discovered the hack and lost control, which is invaluable if family members later file complaints or if you need to explain the situation to banks or in any future proceeding.

You can start with any of these options:

• Call or visit the Philippine National Police Anti-Cybercrime Group (PNP ACG). Hotline: (02) 8723-0401 local 5313 or check acg.pnp.gov.ph for the latest e-complaint options. They handle many “hijack profile scam” cases and are familiar with Facebook account takeovers used to target relatives.
• Call the Cybercrime Investigation and Coordinating Center (CICC) hotline 1326 (available 24/7 for voice and SMS). They coordinate with PNP and NBI and can help with initial intake and referral.
• Go to the National Bureau of Investigation Cybercrime Division (NBI CCD) if the case involves larger amounts, known suspects, or cross-border elements. Main line in Manila is (02) 8523-8231 to 38.
• For immediate documentation, file a police blotter at your local station or the nearest police station to where you are. Bring your ID and a short written narrative. Ask for a certified copy of the blotter entry.

Prepare a clear narrative that includes: your full name and contact details, the exact Facebook profile URL and any old email or phone linked to it, when and how you discovered the problem, what changes the hacker made, the period the scams occurred, names and contact details of affected relatives (with their permission), approximate amounts sent if known, and all the evidence you have gathered. You do not need a lawyer to file the initial report, although one can help draft a more formal complaint-affidavit later if significant losses or formal charges are involved.

Common challenges and real scenarios many Filipinos face

Family members may still be angry or demand their money back even after you explain. Show them the police blotter or blotter copy, the timeline of the hack, and the warnings you sent. Offer to accompany them when they report the receiving accounts to GCash or their bank. Most relatives calm down once they see official documentation that the account was compromised.

If Facebook has already disabled or restricted the account because many people reported the scam messages, recovery becomes harder. Continue using the hacked recovery flow and mention in your police report that you need assistance obtaining data or account restoration. Law enforcement can sometimes coordinate with Meta, although this takes time.

SIM swapping is common in these cases. If your phone number suddenly stopped working or you received no OTPs, report it to your telecom provider the same day and get a new SIM with the same number if possible, while documenting everything.

Overseas Filipino workers or foreigners managing family accounts in the Philippines face extra steps. The technical recovery process through facebook.com/hacked remains the same. For reporting, a family member in the Philippines can file the initial blotter or complaint with a special power of attorney or simply with your written authorization and copy of your passport or ID. Apostille is usually not required for police reports or initial cybercrime complaints.

If the hacker also posted defamatory content or accessed private photos and messages, mention this in your report. It strengthens the identity theft and data privacy aspects under RA 10173 (Data Privacy Act) as well.

Frequently Asked Questions

How long does it usually take to recover a hacked Facebook account?
Many people regain access within a few hours to two days if they can provide ID verification and still have access to the original email or phone. If the hacker changed everything and Facebook asks for more verification or the account is disabled, it can take several days or longer. Keep trying the recovery tool daily and document every attempt.

Can I be held criminally responsible if money was sent because of messages from my hacked account?
Generally no, if you had no knowledge, received no benefit, and reported the incident promptly. The hacker is the one who committed illegal access and fraud. A police report showing the timeline of compromise is your strongest protection. Cooperate fully with any investigation and keep records of everything you did to warn people and stop the activity.

What should I tell relatives who already sent money?
Be direct and empathetic. Explain that your account was taken over during a specific period, that you have reported it to the police, and that you are doing everything possible to help identify the receiving accounts. Ask them for screenshots and transaction details so you can include them in the official report. Offer to go with them to report the transaction to GCash or the bank.

Where exactly should I report this in the Philippines?
Start with the PNP Anti-Cybercrime Group hotline (02) 8723-0401 loc 5313, the CICC hotline 1326, or your local police for a blotter. You can also go directly to the NBI Cybercrime Division. Provide the same set of evidence to whichever agency you choose first; they often coordinate with each other.

Is it realistic to get the scammed money back?
Recovery of funds is difficult once the money has been withdrawn or converted, especially if it went through multiple accounts or crypto. However, reporting quickly to the e-wallet or bank and to police increases the chance that the receiving account can be frozen or traced. Focus first on stopping further losses and creating an official record.

What evidence is most useful for proving the account was hacked?
Screenshots of Facebook security alerts about password or email changes, login notifications from unknown devices or locations, the exact scam messages with timestamps, your relatives’ screenshots of the same messages, any emails from Facebook about suspicious activity, and records of your recovery attempts. A simple chronological timeline helps investigators and family members understand the sequence.

Should I file a formal case against the hacker?
You can request that the police or NBI investigate and file appropriate charges under RA 10175. Identifying the individual behind the keyboard is not always possible quickly, but the report itself protects you and may help other victims. If the hacker is later identified and substantial amounts were lost, you may also explore civil claims for damages.

How do I prevent this from happening again after I recover the account?
Use a strong, unique password and app-based two-factor authentication on Facebook, your email, and your phone. Never click suspicious links or share OTPs. Regularly review active sessions and connected apps. Consider adding trusted contacts or backup recovery methods before any future problem. Warn family members never to send money based solely on chat messages without voice or video confirmation using a known number.

Can PNP or NBI actually help me get my Facebook account back?
They cannot directly reset your Facebook password, but they can document the compromise, request preservation of data from Meta when appropriate, and provide you with official reports that support your own recovery efforts with Facebook. Their main role is investigation and creating the legal record you need.

Key Takeaways

• Move fast on the first day: recover the account through facebook.com/hacked, secure your email and phone, warn your family through other channels, and preserve every screenshot and timeline.
• The hacker, not you, committed the crimes of illegal access and identity theft under RA 10175. A prompt police or cybercrime report creates the official proof that protects your relationships and legal position.
• Report to PNP ACG, CICC (1326), NBI Cybercrime Division, or your local police station with clear evidence and a simple narrative. Ask for copies of everything you file.
• Warn relatives calmly and factually, collect their evidence, and help them report receiving accounts to GCash, banks, or remittance services.
• After recovery, strengthen security everywhere, monitor for weeks, and consider a short public explanation on your restored account or through family channels so people know the scam window has closed.
• You are not alone in this. Many Filipino families have faced the exact same “hijack profile scam.” Acting methodically with evidence and official reports gives you the best chance to regain control, limit damage, and begin restoring trust.