How to Report a Scam Number in the Philippines

Scam calls and scam texts are now a routine part of daily life in the Philippines. They come in many forms: fake bank alerts, bogus delivery notices, phishing links, impersonation of government agencies, “wrong number” investment pitches, loan threats, sextortion demands, fake job offers, and SIM-based fraud. When a scam uses a phone number, many people ask the same question: where exactly should that number be reported, under Philippine law and practice?

The answer is not limited to one office. In the Philippines, reporting a scam number can involve several parallel tracks: your telco, the National Telecommunications Commission (NTC), the National Privacy Commission (NPC), the Philippine National Police Anti-Cybercrime Group (PNP-ACG), the National Bureau of Investigation Cybercrime Division (NBI), and in some cases the bank, e-wallet, or platform involved. The right response depends on what the scammer actually did, what information was exposed, and whether money was lost.

This article explains the Philippine legal framework, the proper agencies, what evidence matters, how to report effectively, what remedies may exist, and what people should realistically expect after making a report.

I. What is a “scam number”?

A scam number is any mobile or landline number used to facilitate fraud, deception, harassment, identity theft, phishing, extortion, unauthorized access, or similar unlawful conduct. The number may be used to:

  • send fraudulent text messages or “smishing” links;
  • make impersonation calls pretending to be a bank, courier, e-wallet, police officer, lawyer, or government office;
  • solicit OTPs, PINs, passwords, or account details;
  • induce payments or transfers through deceit;
  • threaten, blackmail, or harass;
  • collect personal data without lawful basis for fraudulent use;
  • operate through messaging apps linked to a Philippine mobile number.

A number does not have to be registered in the scammer’s real name to become reportable. In practice, scam numbers may be registered using false identities, stolen identities, mule SIMs, or accounts that later become subject to investigation.

II. Why reporting matters

Reporting serves several legal and practical purposes.

First, it helps create a record. A single text may seem minor, but repeated reports from multiple users can establish a pattern useful to regulators, telcos, law enforcement, or prosecutors.

Second, it may support blocking, deactivation, watchlisting, or investigation. Telcos and state agencies are more likely to act when there is documented evidence.

Third, it may help protect others. Many scam campaigns are mass operations. A prompt report may prevent additional victims.

Fourth, if money was stolen or data was compromised, an early report improves the chance of tracing digital activity, freezing accounts, or preserving electronic evidence.

III. Core Philippine laws relevant to scam numbers

A scam number can trigger several Philippine laws at once. The number itself is only the tool; the legal issue is the conduct behind it.

1. Cybercrime Prevention Act of 2012

Republic Act No. 10175

This law is central when the scam involves computer systems, internet-enabled fraud, phishing links, fake online identities, hacking, illegal access, online extortion, computer-related fraud, or computer-related identity theft. Even if contact began by text, the scheme often migrates to a link, app, bank portal, social media account, or e-wallet.

Possible offenses implicated include:

  • illegal access;
  • computer-related fraud;
  • computer-related identity theft;
  • cyber-related forgery or misuse of data;
  • online extortion or threats, depending on facts.

2. Data Privacy Act of 2012

Republic Act No. 10173

This becomes relevant when the scam involves unauthorized collection, processing, use, disclosure, or misuse of personal data. It also matters when a victim’s phone number or other personal data appears to have been obtained, leaked, or used without lawful basis.

Examples:

  • you receive highly targeted scam messages containing your full name, account type, or transaction details;
  • someone uses your personal data to register a SIM or open an account;
  • a company or individual unlawfully shares your number or personal information.

3. SIM Registration Act

Republic Act No. 11934

This law requires SIM registration and was intended in part to deter anonymous scams. A scam number may therefore be reportable not only as fraud, but as a number that should be traceable through registration records, subject to lawful process. The law does not mean every scammer will immediately be identifiable, but it strengthens the regulatory and investigative basis for tracing numbers through telcos and state authorities.

4. Access Devices Regulation Act

Republic Act No. 8484

This law may apply where the scam involves ATM cards, debit cards, credit cards, account numbers, access credentials, electronic wallets, or similar payment instruments.

5. Revised Penal Code

Traditional crimes may still apply, depending on the facts, including:

  • estafa by means of deceit;
  • grave threats;
  • unjust vexation;
  • coercion;
  • libel or other offenses, in unusual cases.

A scam executed through a phone number does not stop being a crime merely because the first contact happened by SMS or call.

6. Anti-Photo and Video Voyeurism Act, Anti-VAWC, and related laws

In sextortion, blackmail, image-based abuse, and partner-related harassment cases, other special laws may also apply, depending on the relationship between the parties and the nature of the threat.

IV. Who should receive the report?

A common mistake is sending the complaint only to one place. In serious cases, multiple reports should be made at the same time.

V. Reporting to your mobile network or telco

Your first report is often to the telco that carried the message or call. This is important because telcos can:

  • receive complaints about spam or scam traffic;
  • review message patterns;
  • take internal fraud-control action;
  • coordinate with regulators or law enforcement;
  • in some cases block or restrict abusive activity.

This is especially useful where:

  • you received a scam SMS or call but did not lose money;
  • you want the number flagged quickly;
  • the number appears to be part of mass spam or phishing.

When reporting to the telco, include:

  • the scam number;
  • date and exact time of the message or call;
  • screenshots of SMS, chat, or call logs;
  • the full content of the message;
  • links sent, if any;
  • whether you clicked a link, replied, disclosed data, or transferred money.

Do not rely on paraphrasing. Preserve exact text.

VI. Reporting to the National Telecommunications Commission (NTC)

The NTC is the key regulator in the telecommunications space. In Philippine practice, scam and spam complaints involving mobile numbers may be escalated to the NTC, especially when:

  • the number is repeatedly used for deceptive texts or calls;
  • the telco response is unsatisfactory;
  • there is a broader concern involving telecom misuse;
  • the report may support regulatory action.

The NTC is not a substitute for criminal investigation, but it is an important regulatory venue. If your complaint is mainly about a suspicious number and telecom misuse, NTC reporting is appropriate.

A useful complaint to the NTC should identify:

  • the number complained of;
  • your own number;
  • your telco;
  • dates and times;
  • screenshots and logs;
  • why the content is fraudulent or deceptive;
  • whether you already reported the matter to the telco.

VII. Reporting to the PNP Anti-Cybercrime Group (PNP-ACG)

If the scam involved fraud, hacking, phishing, impersonation, account compromise, threats, extortion, investment schemes, or online deception, the PNP Anti-Cybercrime Group is often one of the most practical law-enforcement points of contact.

This is especially important if:

  • you lost money;
  • your account was accessed;
  • your OTP, password, or personal data was obtained;
  • the scam moved from SMS to messaging apps, websites, social media, or payment apps;
  • there were threats, coercion, or sexual extortion.

The PNP-ACG can receive complaints, assess cybercrime angles, and prepare matters for investigation. For many victims, this is the proper avenue when the scam is more than simple nuisance texting.

VIII. Reporting to the NBI Cybercrime Division

The NBI Cybercrime Division is another major channel for serious online and digital-fraud complaints. It is appropriate in many of the same circumstances as PNP-ACG, particularly where the case involves:

  • phishing or fake websites;
  • account takeovers;
  • fraudulent digital transactions;
  • identity misuse;
  • coordinated scam operations;
  • digital evidence requiring specialized investigation.

A complainant is not usually required to choose perfectly between PNP-ACG and NBI at the outset. What matters is making a credible, documented report promptly.

IX. Reporting to the National Privacy Commission (NPC)

The NPC is relevant when the issue includes misuse of personal data. People often overlook this.

Report to the NPC when:

  • the scammer clearly had personal information they should not have had;
  • you suspect your phone number or personal data came from a leak, unauthorized sale, or unlawful sharing;
  • your data was processed or disclosed without consent or lawful basis;
  • an organization’s poor data handling exposed you to scam contact.

The NPC is not the agency that prosecutes every scam, but it is highly relevant when the complaint is about where the scammer got your data or how your personal information was unlawfully used.

X. Reporting to banks, e-wallets, and financial platforms

If the scam involved money, this is urgent. Report immediately to the relevant:

  • bank;
  • e-wallet provider;
  • remittance service;
  • digital lending app;
  • crypto platform, if applicable;
  • online marketplace or payment intermediary.

The reason is simple: the fastest chance of limiting damage may be through the financial channel, not the criminal case alone. Request:

  • account restriction or temporary hold where possible;
  • transaction tracing;
  • recipient account identification;
  • preservation of records;
  • fraud investigation.

In practice, a victim should not wait for a police report before notifying the bank or wallet provider.

XI. Reporting to the platform where the scam continued

Many scam numbers do not finish the fraud by text alone. They move the victim to:

  • WhatsApp, Viber, Telegram, Messenger;
  • Facebook, Instagram, TikTok;
  • fake websites;
  • e-commerce pages;
  • loan apps.

Report the associated account, page, URL, profile, or listing inside that platform. Platform reporting is not the same as legal reporting, but it helps remove the scam infrastructure and creates another record.

XII. What evidence should be preserved?

In scam-number cases, electronic evidence is everything. A weak report usually fails because the victim no longer has the original message, deleted the link, or cannot show the sequence of events.

Preserve the following:

A. Basic telecom evidence

  • screenshots of the SMS thread;
  • screenshots of the call log;
  • date and time stamps;
  • the full number, including country code if shown;
  • whether the number called, texted, or both.

B. Message content

  • exact words used;
  • URLs and shortened links;
  • threats, requests, or instructions;
  • account names or payment details mentioned.

C. Transaction evidence

  • receipts;
  • bank confirmations;
  • e-wallet reference numbers;
  • screenshots of transfers;
  • names and account numbers of recipients.

D. Account compromise evidence

  • OTP messages;
  • password reset notices;
  • device login alerts;
  • emails showing unauthorized access;
  • screenshots of account changes.

E. Identity and data misuse evidence

  • screenshots showing your name or personal data used by the scammer;
  • proof that data disclosed in the message was accurate and non-public;
  • documents showing identity theft or unauthorized registration, if any.

F. Witness and contextual evidence

  • notes on how the scam began;
  • any phone conversation summary written immediately after the call;
  • names of customer service representatives you spoke with;
  • case reference numbers from telcos, banks, or agencies.

G. Device preservation

Do not factory-reset your phone immediately if the device itself may contain important logs, app traces, or malware indicators. If you suspect malware or spyware, stop sensitive use and preserve evidence first.

XIII. How to write an effective complaint

A good complaint is factual, chronological, and supported by attachments. It should answer six questions:

  1. Who contacted you? State the number.

  2. When did it happen? Give dates and times.

  3. What exactly was said or sent? Quote the message or summarize the call precisely.

  4. What did the scammer want? OTP, password, money, personal data, photos, remote access, investment, loan payment, etc.

  5. What harm occurred? None yet, data exposed, account compromised, money transferred, threats received.

  6. What action do you seek? Investigation, tracing, blocking, record preservation, coordination with telco or financial institution, prosecution where warranted.

A legally useful complaint avoids exaggeration. Do not insert conclusions you cannot prove. State facts and attach evidence.

XIV. Sample structure of a Philippine scam-number complaint

A concise complaint may be organized this way:

  • Your full name and contact details
  • Subject: Complaint regarding scam number [number]
  • Date of incident
  • Description of incident
  • Why you believe it is fraudulent
  • Evidence attached
  • Financial loss or data exposure, if any
  • Agencies or institutions already informed
  • Request for investigation and appropriate action

This format works whether you are writing to a telco, regulator, law-enforcement unit, or financial institution, with slight modifications.

XV. What to do immediately after receiving a scam message or call

The legal response begins with practical self-protection.

If you have not yet clicked anything or sent money:

  • do not reply;
  • do not click links;
  • do not call back the number unless necessary for evidence and only with caution;
  • take screenshots;
  • report to the telco and relevant authority;
  • block the number on your device after preserving evidence.

If you clicked a link:

  • disconnect risky sessions;
  • change passwords immediately, especially email, banking, and e-wallet accounts;
  • enable or review multi-factor authentication;
  • monitor accounts for unauthorized access;
  • notify affected providers.

If you gave an OTP or password:

Treat it as an emergency. The scam may already be in progress. Change credentials immediately and contact the bank, wallet, or service provider without delay.

If you sent money:

  • contact the receiving and sending institutions at once;
  • preserve proof of transfer;
  • make a law-enforcement report promptly;
  • request trace, hold, or fraud review where available.

XVI. Spam, scam, phishing, and harassment are not always the same

This distinction matters legally.

Spam

Unsolicited bulk messages, often promotional. Not every spam text is criminal, though it may violate regulations or platform rules.

Scam or fraud

Deceptive messages intended to induce loss, payment, or disclosure of sensitive information.

Phishing or smishing

Messages designed to trick you into revealing credentials or entering data on a fake site.

Harassment or threats

Messages aimed at intimidation, coercion, or distress, which may trigger separate criminal or protective remedies.

Data privacy violation

Use or disclosure of personal data without lawful basis, whether or not money was lost.

A single incident may fall into several categories at once.

XVII. Does SIM registration guarantee that the scammer can be identified?

No. It improves traceability, but it is not magic.

Some scammers use:

  • fake IDs;
  • identities of other persons;
  • SIMs registered through fraud;
  • intermediaries;
  • accounts controlled through apps rather than direct calling;
  • foreign or internet-based routing.

Still, SIM registration can support lawful requests for subscriber information and is an important part of the enforcement framework.

XVIII. Can a telco reveal the subscriber identity to you directly?

Ordinarily, private subscriber information is not simply handed to another private person on demand. Subscriber data is generally protected and may require lawful process, agency action, or authorized investigation. This is one reason why filing through proper channels matters.

Victims often want the telco to “just tell me who owns the number.” In most cases, the better route is to make a documented complaint so the proper authority can compel or request records lawfully.

XIX. Is a screenshot enough?

A screenshot is helpful, but not always enough by itself. It is stronger when supported by:

  • original message on the device;
  • call logs;
  • transaction records;
  • account alerts;
  • metadata or timeline consistency;
  • corroborating communications with banks or platforms.

Keep the original device and do not edit images.

XX. Is reporting still useful if no money was lost?

Yes. A report is still worthwhile because:

  • the number may be part of a broader fraud pattern;
  • regulators and telcos can track repeated complaints;
  • law enforcement may connect it to other cases;
  • early data may later matter if the same number or method resurfaces.

Not every report leads to prosecution, but underreporting helps scammers operate.

XXI. What if the scammer used a messaging app, not ordinary SMS?

If the account is tied to a phone number or the number appears in profile information, the same general principle applies: preserve the number, the username, the profile links, screenshots, and chat exports if available. Then report both:

  • the app account through the platform; and
  • the number and related fraud through the proper Philippine channels.

Do not assume that using an app removes the matter from Philippine law. If the victim, infrastructure, or effects are in the Philippines, Philippine authorities may still have a basis to act.

XXII. What if the number threatens you with arrest, unpaid loans, or criminal charges?

This is a common tactic. Scam callers may pretend to be from:

  • a bank;
  • a lending app;
  • a law office;
  • the police;
  • the NBI;
  • a court;
  • the BIR or other government agency.

In general:

  • real agencies do not resolve legal matters by demanding rushed e-wallet transfers through a random mobile number;
  • official enforcement actions follow proper procedures;
  • a demand for secrecy, immediate payment, or OTP disclosure is a major red flag.

Where threats are involved, preserve all messages and escalate to law enforcement promptly.

XXIII. What if the scam number belongs to a loan collector or lending app?

This can be legally sensitive. Not every aggressive debt message is automatically a scam, but many debt-related contacts cross into unlawful harassment, misrepresentation, doxxing, unauthorized contact of third parties, or data privacy violations.

If a number connected to a lending app:

  • falsely claims criminal liability for ordinary debt;
  • threatens arrest without basis;
  • circulates your personal data;
  • contacts unrelated persons in your phone book;
  • shames or coerces you;

then the matter may involve not only telecom misuse, but also privacy, harassment, unfair collection behavior, and cyber-related misconduct. Preserve all evidence and consider reporting to law enforcement and the NPC, in addition to the platform or lender.

XXIV. What if the scammer spoofed a legitimate number?

Number spoofing complicates matters. Sometimes the displayed number belongs to an innocent party, while the real origin is masked. This does not make reporting useless. On the contrary, it is another reason to file a detailed report, because technical analysis may be needed.

In your complaint, mention any facts suggesting spoofing:

  • the bank later confirmed the message was fake;
  • the sender ID looked official but the link was suspicious;
  • the number format was odd;
  • the legitimate institution denied contacting you.

XXV. Can you sue the scammer directly?

In theory, yes, but in practice the first problem is identification. Civil action becomes realistic only after the person or entity behind the number is identified or linked to an account, platform, or business. Criminal complaint and investigative tracing often come first.

If a business, platform, or data handler contributed to the harm through unlawful disclosure or negligent handling of data, separate civil or administrative remedies may also be considered depending on facts.

XXVI. Administrative, criminal, and practical remedies can overlap

A scam-number incident may create three different tracks:

Administrative

Against a telco, data controller, or regulated entity through bodies such as the NTC or NPC, depending on facts.

Criminal

Through PNP-ACG, NBI, and the prosecutor’s process where evidence supports offenses such as estafa, cybercrime, threats, identity theft, or privacy-related violations.

Practical-remedial

Bank holds, account freezes, platform takedowns, password resets, SIM replacement, device cleanup, and records preservation.

Victims should not think in only one track.

XXVII. What happens after a report is filed?

Typically, one or more of the following may happen:

  • you receive a case, reference, or complaint number;
  • the agency or institution asks for more evidence;
  • the telco or regulator forwards or escalates the matter internally;
  • law enforcement conducts initial evaluation;
  • the bank or wallet investigates the transaction trail;
  • you may be asked to execute a sworn statement or formal complaint affidavit;
  • for prosecution, stronger proof and procedural steps will be required.

A report is often the beginning of the process, not the end of it.

XXVIII. Will the scam number be blocked immediately?

Not always. People often expect an instant nationwide block. In reality, outcomes depend on:

  • quality of evidence;
  • volume of complaints against the number;
  • telco procedures;
  • whether the number is still active;
  • whether the issue is spoofing, SIM misuse, or app-based fraud;
  • whether law enforcement needs the number to remain observable for investigation.

Blocking on your own device is immediate. Regulatory or network-level action may take longer and is not guaranteed in every single case.

XXIX. Is there criminal liability for using someone else’s identity to register or operate a scam number?

Potentially yes. Depending on the facts, this may implicate identity theft, falsification-related issues, privacy violations, fraud, or SIM-registration-related offenses. A false or stolen identity used for SIM registration can materially aggravate the legal picture.

XXX. What should not be done by victims

Several actions damage a case:

  • deleting the message thread too early;
  • wiping the phone before preserving evidence;
  • sending emotional replies that muddy the record;
  • publicly posting sensitive screenshots containing your own OTPs, addresses, or account numbers;
  • confronting the scammer with unverified accusations;
  • making additional test transfers “to see what happens”;
  • trusting a second “recovery agent” who offers to get the money back for a fee.

Victims are often scammed twice: once by the original fraudster, and again by fake recovery services.

XXXI. Special issue: minors, vulnerable persons, and family devices

If the victim is a minor, elderly person, or someone especially vulnerable, preserve evidence and consider having a parent, guardian, or trusted relative assist in reporting. Where there are sexual threats, coercion, or exploitation, urgency increases significantly.

Family-shared devices can also create evidentiary problems. Record who used the device and when.

XXXII. Can a lawyer help?

Yes, especially where:

  • substantial money was lost;
  • there is identity theft;
  • a sworn complaint or affidavit must be prepared;
  • a privacy complaint is being considered;
  • a business or institution may share liability;
  • there are threats, blackmail, or reputational harm.

A lawyer can help organize evidence, identify the best legal theory, and reduce inconsistencies in the complaint record.

XXXIII. A practical reporting sequence in the Philippines

For most serious scam-number cases, the most sensible sequence is:

  1. Preserve evidence immediately.
  2. Contact the bank/e-wallet/platform immediately if money or account access is involved.
  3. Report the number to your telco.
  4. Report to PNP-ACG or NBI Cybercrime Division if there is fraud, phishing, extortion, account compromise, or financial loss.
  5. Report to NTC for telecom misuse and escalation.
  6. Report to NPC if personal data misuse, leakage, or unlawful disclosure appears involved.
  7. Prepare a sworn narrative if the matter becomes a formal case.

That is often more effective than sending one vague complaint to only one office.

XXXIV. A model factual statement for a complaint

A strong factual paragraph might read like this:

On 15 March 2026 at around 9:12 a.m., I received an SMS from mobile number 09XXXXXXXXX stating that my bank account was temporarily suspended and directing me to click a link. The message used my full name. I did not authorize any disclosure of my personal information. After clicking the link, I was redirected to a page resembling my bank’s login portal. Shortly thereafter, I received OTP prompts and noticed unauthorized transactions from my account. I have attached screenshots of the SMS, the link, OTP messages, transaction alerts, and my call log.

That kind of statement is clear, chronological, and legally useful.

XXXV. Limits of reporting

A complete article on the subject must also be realistic.

Reporting a scam number does not guarantee:

  • immediate arrest;
  • recovery of money;
  • instant identification of the subscriber;
  • immediate shutdown of all related accounts;
  • a public update from the authorities.

But failure to report greatly weakens the possibility of action.

XXXVI. Bottom line

In the Philippines, reporting a scam number is not just a matter of blocking the sender. It is a legal and evidentiary process that may involve telecom regulation, cybercrime enforcement, data privacy law, and financial fraud response all at once.

At minimum, the victim should preserve evidence and report the number to the telco. Where there is fraud, phishing, identity misuse, threats, or financial loss, the matter should also be brought to the PNP Anti-Cybercrime Group or the NBI Cybercrime Division, with NTC and NPC involvement where the facts warrant. If money moved, the bank or e-wallet provider must be notified immediately.

The key rule is simple: preserve first, report fast, and report in the correct channels. In scam-number cases, delay destroys evidence, weakens tracing, and helps the fraud continue.

XXXVII. Important caution

Because agency procedures, complaint channels, and enforcement practices can change, the legal principles in this article are stable, but the exact reporting mechanics may vary over time. The safest approach is to use the current official channel of the relevant telco, agency, bank, or platform when making the actual report.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login