How to Report a Fraudulent Email Impersonating Law Enforcement

A fake email claiming to be from the PNP, NBI, DOJ, a prosecutor, a court, or another law enforcement office can be frightening—especially when it threatens arrest, a criminal case, deportation, account freezing, or public exposure unless you click a link, send personal documents, or pay a “clearance” or “settlement” fee. In the Philippines, these emails should be treated as a possible cybercrime, phishing attempt, financial scam, and impersonation of authority. The safest response is to stop communicating with the sender, preserve the evidence, verify directly with the real agency, and report it through the proper cybercrime, banking, and consumer-protection channels.

What Counts as a Fraudulent Law Enforcement Email?

A fraudulent law enforcement email is a message pretending to come from a real government or police authority when it does not. It may use the name, seal, logo, badge, signature, or letterhead of an agency such as the Philippine National Police, National Bureau of Investigation, Department of Justice, Bureau of Immigration, a court, a prosecutor’s office, or even a foreign law enforcement agency.

Common examples include emails that say:

  • You have a pending criminal case, warrant, subpoena, or “cybercrime complaint.”
  • Your bank account, passport, visa, or immigration status will be frozen or cancelled.
  • You must pay a fine, “clearance fee,” “settlement fee,” or “anti-money laundering verification fee.”
  • You must send IDs, selfies, bank details, passwords, OTPs, e-wallet information, or passport copies.
  • You must click a link to “verify your case,” “download a subpoena,” or “clear your record.”
  • You are being accused of online gambling, pornography, money laundering, terrorism financing, or cyber libel unless you respond immediately.

Real law enforcement communication should be verifiable through official channels. A message that pressures you to pay into a personal bank account or e-wallet, asks for an OTP or password, threatens instant arrest by email, or refuses to provide a verifiable docket, case, office, or contact reference is a major red flag.

Why This Is a Serious Legal Matter in the Philippines

A fake law enforcement email may involve several overlapping offenses under Philippine law. The exact charge depends on what the scammer did, what information was taken, whether money was lost, and whether the scammer used computer systems, financial accounts, or stolen personal data.

Cybercrime under RA 10175

The Cybercrime Prevention Act of 2012, or Republic Act No. 10175, covers computer-related offenses such as computer-related forgery, fraud, and identity theft. Its implementing rules define computer-related forgery, fraud, and identity theft as cybercrime offenses and recognize the roles of the NBI, PNP, and DOJ Office of Cybercrime in cybercrime investigation and coordination. (Supreme Court E-Library)

This matters because a fraudulent email impersonating law enforcement is usually not just an ordinary scam. It may involve the use of information and communications technology to deceive the victim, create fake documents, misuse identities, and obtain money or confidential information. In Disini v. Secretary of Justice, the Supreme Court discussed RA 10175 as the law addressing crimes committed through computer systems, including fraud and theft through false representations in cyberspace. (Supreme Court E-Library)

RA 10175 also states that crimes under the Revised Penal Code and special laws, when committed through information and communications technology, may be prosecuted as cybercrime-related offenses, without preventing prosecution under other laws. (Supreme Court E-Library)

Estafa, impersonation, and misuse of authority under the Revised Penal Code

If the scammer obtains money by pretending to be a law enforcement officer or by using fake legal threats, the conduct may fall under estafa under Article 315 of the Revised Penal Code, particularly estafa by false pretenses or fraudulent acts. Article 315 includes deceit involving fictitious names, false qualifications, influence, agency, business, or imaginary transactions. (Supreme Court E-Library)

Depending on the facts, the scammer may also be exposed to offenses involving false representation of public authority. The Revised Penal Code punishes acts such as usurpation of official functions, use of fictitious names, and illegal use of uniforms or insignia. These provisions become relevant when a person pretends to be a police officer, investigator, prosecutor, immigration officer, court officer, or other public authority. (Supreme Court E-Library)

Financial account scams under RA 12010

If the email asks you to send money, disclose bank or e-wallet credentials, provide OTPs, or transfer funds to a mule account, Republic Act No. 12010, the Anti-Financial Account Scamming Act, may also be relevant. This 2024 law protects the public from cybercriminals and criminal syndicates targeting financial accounts. It covers electronic communications, which include email, and applies to financial accounts such as bank accounts, credit cards, and e-wallet accounts. (Lawphil)

RA 12010 is important in scams where victims are tricked into transferring money, giving access to accounts, or allowing their accounts to be used by criminals. Its framework is supported by Bangko Sentral ng Pilipinas rules on fraud management, temporary holding of disputed funds, verification, and coordination with law enforcement. (Bureau of the Treasury)

Electronic evidence under RA 8792 and the Rules on Electronic Evidence

Emails, screenshots, headers, attachments, links, transaction confirmations, and chat logs can become evidence. The Electronic Commerce Act of 2000, or Republic Act No. 8792, recognizes electronic documents and electronic data messages when their integrity, reliability, and authentication can be shown. (Supreme Court E-Library)

This is why preserving the original email is so important. A screenshot is helpful, but the original email file and full email headers are much better because they may show routing details, sender information, reply-to addresses, domains, and technical traces that investigators can use.

What to Do Immediately Before You Report

Before filing a report, take these steps. They can make the difference between a useful complaint and a weak one.

  1. Do not reply to the email. Do not argue, ask questions, or confirm your name, address, phone number, employer, passport number, or bank details. Replying may confirm that your email address is active.

  2. Do not click links or download attachments. Fake subpoenas, “case files,” and “warrants” may contain malware or lead to phishing pages.

  3. Do not pay any fee. A real criminal complaint, warrant, subpoena, or investigation is not cleared by sending money to a personal bank account, GCash, Maya, crypto wallet, or remittance center.

  4. Preserve the original email. Do not delete it. Do not only take a screenshot and move on. Keep the original message in your inbox and, if possible, export it as an .eml or .msg file.

  5. Take screenshots. Capture the sender, subject line, date and time, message body, links, attachments, email address, and any demand for payment or personal information.

  6. Save the full email headers. In Gmail, Outlook, Yahoo, and most email platforms, there is an option such as “Show original,” “View message source,” or “View headers.” These technical headers may help investigators.

  7. Change passwords if you clicked anything. Use a clean device. Change your email password, banking passwords, e-wallet PINs, and any reused passwords. Turn on two-factor authentication.

  8. Call your bank or e-wallet immediately if money or credentials were involved. Ask for account blocking, transaction dispute, reversal, temporary hold, or fraud investigation. Record the reference number.

  9. Verify directly with the real agency. Use official websites, published numbers, or in-person offices. Never use the phone number, link, QR code, or email address inside the suspicious message.

Where to Report a Fake Law Enforcement Email in the Philippines

The right reporting channel depends on what happened. If you only received a suspicious email, you may report it for cybercrime monitoring and prevention. If you lost money, disclosed financial information, or downloaded malware, you should report it more urgently and through multiple channels.

Situation Where to Report Practical Purpose
You received a suspicious law enforcement email but did not click or pay CICC / Inter-Agency Response Center, PNP Anti-Cybercrime Group, NBI Cybercrime Division Record the scam, get guidance, and help authorities identify patterns
You clicked a link or downloaded an attachment CERT-PH, PNP ACG, NBI CCD, your IT provider or company security team Technical incident response and possible malware investigation
You sent money or exposed bank/e-wallet details Your bank/e-wallet first, then PNP ACG or NBI CCD, and BSP if needed Attempt to freeze, hold, reverse, or trace funds
The scam used your personal data or leaked IDs NPC, PNP ACG, NBI CCD Data privacy and identity misuse concerns
You are overseas but the scam involves a Philippine account, agency, or victim Bank/e-wallet, CICC 1326 if reachable, PNP ACG/NBI online channels, Philippine Embassy or Consulate for notarization needs Remote reporting and evidence preparation

CICC and the 1326 hotline

The Cybercrime Investigation and Coordinating Center has promoted the 1326 hotline and Scam Watch channels for reporting online scams, including phishing and impersonation-related schemes. Government announcements describe 1326 as a central reporting number for online scam concerns, including suspicious emails and impersonation scams. (Philippine News Agency)

This is useful for quick initial reporting, especially if you need guidance on where to send the complaint or how to preserve evidence.

PNP Anti-Cybercrime Group

The PNP Anti-Cybercrime Group handles cybercrime complaints and cyber-related investigations. You may submit an initial complaint or inquiry through official PNP ACG channels, including its eComplaint portal and official email as listed in government sources. (www.foi.gov.ph)

PNP ACG is commonly approached when the matter involves phishing, fake law enforcement identities, cyber extortion, fake subpoenas, online threats, account compromise, or online financial fraud.

NBI Cybercrime Division

The NBI Cybercrime Division also provides investigative assistance for victims of computer crimes. The NBI Citizen’s Charter states that victims may proceed to the Cybercrime Division to file a complaint, fill out a complaint sheet, undergo a preliminary interview, and submit sworn statements, devices, and supporting documents for examination. It also lists no government fee for this initial investigative assistance and gives an estimated frontline processing time for the intake stage. (National Bureau of Investigation)

In practice, the intake stage may be quick, but the full investigation can take longer depending on the email provider, financial institution, platform, telco, foreign service provider, and court orders needed.

CERT-PH / National Computer Emergency Response Team

If the email contains malware, suspicious attachments, fake login pages, or appears to be part of a broader technical attack, you may report the incident to CERT-PH, the national computer emergency response team under the DICT. CERT-PH publishes incident-reporting contact details and has warned the public about phishing emails impersonating official cybersecurity entities. (NCERT)

CERT-PH is especially relevant for companies, schools, government offices, law firms, NGOs, and organizations that received phishing emails targeting employees.

Your bank, e-wallet, or credit card issuer

If you transferred money or gave out account information, contact your financial institution first. Speed matters. Funds can move through several accounts within minutes.

Ask for:

  • Immediate blocking or temporary restriction of the account or card
  • Dispute or fraud case creation
  • Temporary hold or coordinated verification of disputed transactions, where applicable
  • Written reference number or ticket number
  • Instructions on submitting affidavits, IDs, screenshots, and transaction records

BSP rules issued under the Anti-Financial Account Scamming Act provide mechanisms for fraud management, temporary holding of disputed funds, and coordination among financial institutions and law enforcement. (Bureau of the Treasury)

If the financial institution does not respond properly, you may escalate through the BSP Consumer Assistance Mechanism, after first reporting the concern to the bank or supervised financial institution. BSP guidance directs consumers to report to the institution’s consumer assistance channel first, then escalate to BSP with the reference number and supporting documents if unresolved. (Bureau of the Treasury)

Step-by-Step Guide to Reporting the Email

Step 1: Build an evidence folder

Create one folder on your computer or cloud storage and save everything related to the scam. Include:

  • Original email file in .eml or .msg format
  • Full email headers or “show original” page
  • Screenshots of the message, sender, subject, and date
  • Screenshots of links, but do not click them again
  • The exact URL shown when hovering over links, if safely visible
  • Attachments, but do not open suspicious files
  • Fake subpoena, warrant, badge, ID, or letterhead
  • Names, titles, signatures, and phone numbers used by the sender
  • Bank or e-wallet account numbers where payment was requested
  • Receipts, transfer confirmations, reference numbers, and timestamps
  • Follow-up emails, SMS, Viber, WhatsApp, Telegram, Messenger, or phone call logs
  • Your own written timeline of events

For the timeline, keep it simple:

Date and Time What Happened Evidence
June 10, 2026, 9:14 a.m. Received email claiming to be from NBI Screenshot, original email
June 10, 2026, 9:20 a.m. Sender demanded ₱8,500 “clearance fee” Email body
June 10, 2026, 9:35 a.m. Payment sent to e-wallet Receipt, reference number
June 10, 2026, 9:45 a.m. Reported to e-wallet provider Ticket number

Step 2: Verify the supposed law enforcement notice

If the email claims there is a real case, warrant, subpoena, immigration matter, or court order, verify it directly.

Do not use the contact details in the suspicious email. Instead:

  • Check the official website of the agency allegedly involved.
  • Call the main trunkline or published office number.
  • Visit the local police station, NBI office, prosecutor’s office, court, or immigration office if needed.
  • Ask whether the docket number, case number, subpoena, or named officer is real.
  • If the email names a court, verify through the court’s official contact information or the Office of the Clerk of Court.

Be careful: scammers sometimes use real names of police officers, prosecutors, lawyers, judges, or government employees copied from public sources. A real name does not make the email real.

Step 3: Report to your bank or e-wallet immediately if money is involved

If you paid or gave financial credentials, do not wait for the police report before contacting the bank or e-wallet. Financial institutions can sometimes act faster than investigators in the first few hours.

Tell them clearly:

  • “I am reporting a fraudulent transaction caused by a phishing email impersonating law enforcement.”
  • “Please create a fraud case and give me a reference number.”
  • “Please check whether a temporary hold, recall, reversal, or coordinated verification is available.”
  • “Please preserve records related to this transaction.”

Under BSP regulations implementing the Anti-Financial Account Scamming Act, temporary holding of disputed transactions is subject to rules and time limits. BSP materials refer to temporary holding periods and coordination mechanisms, including a general maximum of 30 calendar days unless extended by a court. (Bureau of the Treasury)

Step 4: File a cybercrime complaint with PNP ACG or NBI CCD

Bring or submit your evidence packet. For in-person filing, bring a valid government ID. If you are a foreigner, bring your passport and, if applicable, your ACR I-Card, visa documents, or proof of Philippine address.

Expect to provide:

  • Your full name, contact number, email, and address
  • A written complaint or narrative
  • A sworn statement or affidavit, if required
  • Copies of emails, screenshots, headers, and attachments
  • Financial transaction records, if any
  • Device used to receive the email, if examination is needed
  • Authorization documents if reporting for a company, employer, minor child, elderly parent, or absent victim

For NBI Cybercrime Division matters, the Citizen’s Charter describes a process involving a complaint sheet, preliminary interview, sworn statement, and possible examination of devices or supporting documents. (National Bureau of Investigation)

Step 5: Ask about preservation of data

Email providers, platforms, telcos, and financial institutions may not keep all data forever. Under the RA 10175 rules, service providers are required to preserve certain traffic and subscriber data for six months from the transaction date, and content data may be preserved for six months from receipt of a law enforcement order requiring preservation. (Supreme Court E-Library)

This is one reason early reporting matters. Investigators may need preservation requests, disclosure orders, or cybercrime warrants depending on the type of data sought.

Step 6: Cooperate with follow-up investigation

Do not expect investigators to “trace the sender” instantly from a screenshot alone. Many scammers use spoofed email addresses, VPNs, compromised accounts, foreign email providers, mule accounts, and disposable phone numbers.

Under the Rule on Cybercrime Warrants, Philippine courts may issue warrants and orders for preservation, disclosure, search, seizure, examination, custody, and related handling of computer data in cybercrime investigations.

In practical terms, this means the investigator may need time to:

  • Evaluate your affidavit and evidence
  • Request preservation of data
  • Coordinate with email providers, platforms, banks, telcos, or foreign counterparts
  • Apply for appropriate cybercrime warrants or court orders
  • Trace financial accounts or mule accounts
  • Prepare a referral for prosecutor evaluation

Documents You May Need

Requirement When Needed Practical Notes
Valid government ID Almost always Passport, driver’s license, UMID, PhilSys ID, PRC ID, or similar
Passport and ACR I-Card Foreign complainants in the Philippines Bring visa or immigration documents if relevant
Original email file Strongly recommended Better than screenshots because it preserves technical metadata
Full email headers Strongly recommended Helps identify routing, domains, and technical traces
Screenshots Always useful Include sender, date, time, links, payment instructions, and threats
Affidavit or sworn statement Often required for formal complaint May need notarization
Transaction receipts If money was sent Include reference numbers, recipient account, date, time, and amount
Bank/e-wallet ticket number If financial account involved Useful for police, NBI, BSP, and follow-up
Company authorization If reporting for a business Secretary’s certificate, board authorization, or written authority may be requested
Special power of attorney If reporting for another person Often needed if the victim is abroad, incapacitated, or unavailable

Fees and Timelines to Expect

Reporting a cybercrime complaint to law enforcement generally should not require paying the scammer, an “agent,” or a supposed “clearance officer.” The NBI Citizen’s Charter lists no government fee for initial investigative assistance for victims of computer crimes handled by the Cybercrime Division. (National Bureau of Investigation)

However, you may still spend money on practical requirements such as printing, photocopying, notarization, courier delivery, travel, certified bank records, or consular notarization if you are abroad.

Step Typical Timing Bottlenecks
Bank/e-wallet fraud report Same day, ideally immediately Delayed reporting, funds already transferred out
CICC or hotline report Same day Volume of reports, completeness of details
PNP ACG or NBI intake Same day to several days, depending on office and queue Missing evidence, no affidavit, no transaction details
Technical tracing Days to months Foreign platforms, spoofed addresses, VPNs, mule accounts
Prosecutor referral Weeks to months Need for affidavits, bank certifications, provider data, warrants
Court proceedings Months to years Court dockets, witness availability, accused identification

Special Situations

If you are a Filipino abroad

You can still report if the email targets you, uses a Philippine agency name, involves a Philippine bank or e-wallet, or affects your Philippine legal status. Start by contacting your bank or e-wallet, then use online reporting channels where available.

If a sworn statement is required and you are outside the Philippines, you may need to execute it before a Philippine Embassy or Consulate, or have it notarized locally and apostilled depending on the receiving agency’s requirements. The Philippines has been part of the Apostille Convention since 2019, which can simplify authentication of public documents for use between member countries. (Philippine Embassy Canberra)

If you are a foreigner in the Philippines

A foreigner may report a fraudulent email to Philippine authorities if the scam happened in the Philippines, targeted them while in the Philippines, used Philippine accounts or platforms, or impersonated Philippine law enforcement. Bring your passport and any immigration documents that help establish your identity and contact details.

If the email threatens deportation or immigration arrest, verify directly with the Bureau of Immigration or the appropriate official office. Do not send money to “fix” an immigration issue through an email demand.

If the email was sent to your company

Treat it as both a legal and cybersecurity incident. Preserve the email through your IT administrator, not just the employee’s screenshot. Check whether other employees received similar emails. If personal data was exposed or compromised, the Data Privacy Act and National Privacy Commission rules may become relevant, especially for organizations that control or process personal data. NPC rules require breach notification in certain situations involving sensitive personal information, identity fraud risk, or likely serious harm. (National Privacy Commission)

If the email includes a fake subpoena or warrant

Do not ignore it completely, but do not panic or pay. Verify it.

A real subpoena, court notice, or warrant should have verifiable details such as the issuing office, case number, docket number, names of parties, date, signature, and official contact trail. A “warrant” sent by email demanding payment to avoid arrest is a classic scam pattern.

If you are unsure, bring the document to the nearest police station, prosecutor’s office, court, NBI office, or a trusted legal professional for verification. The important point is to verify through independent official channels, not through the contact details supplied by the suspicious email.

Common Mistakes That Hurt a Report

Deleting the email

Deleting the original email may remove technical information needed for tracing. Keep the original message and export it if possible.

Sending only screenshots

Screenshots are helpful, but they are not enough when technical tracing is needed. Email headers and original message files are much better.

Clicking the link again “for evidence”

Do not re-open phishing links just to document them. If you already captured the URL safely, stop. Opening links can expose your device, location, credentials, or browser session.

Posting the fake email publicly without redaction

Victims sometimes post the fake subpoena or fake police email on Facebook to warn others. That may help, but it can also expose your address, case details, email, phone number, passport, bank information, or the names of real officers whose identities were misused. Redact sensitive information first.

Waiting too long to contact the bank

For financial scams, timing is critical. Funds may pass through several accounts quickly. Contact the bank or e-wallet immediately, even before your formal affidavit is ready.

Assuming a barangay blotter is enough

A barangay blotter can create a local record, but it does not replace a cybercrime complaint with PNP ACG, NBI Cybercrime Division, or the appropriate law enforcement office. For email tracing, platform data, and financial account investigation, cybercrime units are usually more appropriate.

Trusting unofficial “fixers”

Scammers sometimes pretend to help victims recover money or “clear” fake cases. Do not pay recovery agents, supposed officers, or online fixers who promise guaranteed results.

Frequently Asked Questions

Can I report a fake PNP, NBI, or DOJ email online?

Yes. You can make an initial report through cybercrime and scam-reporting channels such as CICC/1326, PNP ACG channels, or other official agency contact points. For a formal criminal complaint, however, you may still be asked to submit a sworn statement, IDs, original evidence, and supporting documents.

Should I reply to the email to ask if it is real?

No. Do not reply to the sender. Verify directly with the real government office using official contact details from the agency’s website, published directory, or physical office. Replying can confirm that your email is active and may expose more personal information.

Is a subpoena or warrant sent by email valid in the Philippines?

Do not assume an emailed subpoena or warrant is fake just because it came by email, but do not assume it is real either. Verify it independently. A real legal process should be traceable to an issuing court, prosecutor, law enforcement office, or government agency. An email demanding payment to avoid arrest is a strong warning sign of fraud.

What if I already sent money to a bank account, GCash, Maya, or another e-wallet?

Report it to the financial institution immediately and ask for a fraud case number, transaction hold, dispute, reversal, or recall where available. Then report to PNP ACG or NBI Cybercrime Division and include receipts, recipient account details, timestamps, reference numbers, and screenshots. If the bank or e-wallet does not respond properly, you may escalate through BSP consumer assistance after first filing with the institution.

Can the PNP or NBI trace the sender from an email address?

Sometimes, but not always quickly. Investigators may need the original email, headers, platform records, subscriber information, bank records, telco data, and cybercrime warrants or court orders. If the sender used spoofing, VPNs, foreign providers, compromised accounts, or mule accounts, tracing may take time.

Is a screenshot enough evidence?

A screenshot is useful but usually not enough by itself. Preserve the original email, full headers, attachments, URLs, transaction receipts, and related messages. Electronic evidence is stronger when its source, integrity, date, and chain of custody can be explained.

Do I need a notarized affidavit?

For an initial report, you may be able to start with a complaint form or interview. For a formal criminal complaint, you will usually need a sworn statement or affidavit. If you are abroad, you may need consular notarization or apostille depending on the agency’s requirements.

Can a foreigner report a fake Philippine law enforcement email?

Yes. A foreigner may report if the scam occurred in the Philippines, used Philippine financial accounts, impersonated Philippine authorities, or targeted the foreigner in connection with Philippine legal or immigration matters. Bring your passport and any relevant visa, ACR I-Card, address, or transaction documents.

Should I file a barangay blotter first?

You may file a barangay blotter for record purposes, especially if there are local threats or harassment. But for a fraudulent email, phishing attempt, fake law enforcement identity, or online financial scam, you should also report to PNP ACG, NBI Cybercrime Division, CICC, your bank or e-wallet, and other appropriate agencies.

What if the email used real logos, seals, or names of real officers?

That can still be fake. Scammers often copy official logos, seals, letterheads, signatures, and real names from public sources. Verify through the actual office. Preserve the fake document because it may support cybercrime, estafa, identity theft, forgery, or impersonation allegations.

Key Takeaways

  • A fraudulent email impersonating law enforcement should be treated as a possible cybercrime, phishing attempt, financial scam, and impersonation offense.
  • Do not reply, click links, download attachments, send IDs, provide OTPs, or pay any “clearance” or “settlement” fee.
  • Preserve the original email, full headers, screenshots, attachments, URLs, transaction records, and a clear timeline.
  • Verify any supposed subpoena, warrant, case, or law enforcement notice directly with the real agency using independent official contact details.
  • Report urgent scams through CICC/1326 and file formal complaints with PNP ACG or NBI Cybercrime Division when appropriate.
  • If money or bank/e-wallet credentials were involved, contact the financial institution immediately before funds disappear.
  • Screenshots help, but original email files and headers are much stronger for investigation.
  • Foreigners and Filipinos abroad can report Philippine-related scams, but sworn statements may require notarization, consular acknowledgment, or apostille depending on the situation.
  • A barangay blotter may create a record, but it is not a substitute for cybercrime reporting.
  • Early action gives investigators, banks, and platforms a better chance to preserve data, trace accounts, and prevent further harm.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.