How to Report an Online Scam in the Philippines

Introduction

Online scams have become one of the most common forms of financial and identity-related harm in the Philippines. They appear through social media marketplaces, messaging apps, email, fake investment platforms, phishing websites, online lending schemes, romance scams, job scams, cryptocurrency fraud, fake bank alerts, delivery scams, SIM-related fraud, and account takeovers.

Reporting an online scam is not merely a practical step to recover money or stop harassment. It may also trigger criminal investigation, preservation of digital evidence, freezing of suspicious accounts, takedown of fraudulent pages, and possible prosecution under Philippine law. The proper reporting route depends on the nature of the scam, the platform used, the amount involved, the identities known, and whether the scam involved bank accounts, e-wallets, SIM cards, personal data, impersonation, threats, or unauthorized access.

This article explains the Philippine legal framework, the agencies that may receive reports, the evidence a victim should preserve, the steps for filing a complaint, and the remedies that may be available.

I. What Counts as an Online Scam?

An online scam is a fraudulent scheme conducted through the internet, electronic communications, digital platforms, or information and communications technology. It usually involves deception intended to obtain money, property, account access, personal information, identity documents, passwords, one-time passwords, SIM access, or other benefits.

Common examples include:

  1. Online selling scams — the seller accepts payment but does not deliver the item, sends a fake item, or disappears after payment.

  2. Fake buyer scams — the scammer pretends to buy an item, sends fake payment proof, or tricks the seller into clicking a phishing link.

  3. Phishing — fraudulent emails, texts, websites, or messages designed to steal login credentials, OTPs, credit card details, e-wallet information, or banking credentials.

  4. Investment scams — fake trading, crypto, forex, “double your money,” Ponzi, pyramiding, or unauthorized securities offerings.

  5. Romance scams — emotional manipulation used to obtain money, gifts, bank transfers, crypto, or personal information.

  6. Job and task scams — fake employment offers, “like-and-earn,” “recharge” schemes, or work-from-home scams requiring advance payments.

  7. Loan scams — fake lenders requiring processing fees, insurance fees, or collateral payments before releasing a nonexistent loan.

  8. Identity theft and impersonation — use of another person’s name, photos, IDs, social media account, or credentials to deceive others.

  9. Account takeover — unauthorized access to email, social media, banking, e-wallet, or marketplace accounts.

  10. SIM-related scams — misuse of registered SIMs, spoofed numbers, scam texts, or mobile-number-based fraud.

  11. Fake government, bank, courier, or company messages — messages claiming that an account will be suspended, a package is held, a prize is waiting, or a fee must be paid.

  12. Online blackmail or sextortion — threats to release private images, conversations, or fabricated materials unless money is paid.

II. Philippine Laws That May Apply

Several Philippine laws may apply to online scams. The exact charge depends on the facts.

A. Revised Penal Code: Estafa

The traditional offense most often associated with scams is estafa under Article 315 of the Revised Penal Code. Estafa generally involves defrauding another person through abuse of confidence, deceit, false pretenses, fraudulent acts, or similar means.

In an online scam, estafa may be present when the scammer falsely represents that goods, services, investments, jobs, loans, or benefits exist, causing the victim to part with money or property.

Examples:

  • A seller accepts payment for an item but never intends to deliver it.
  • A person pretends to be an investment agent and induces payment.
  • A scammer falsely claims to be a bank, courier, employer, or government representative.
  • A fake online store collects payments and disappears.

Where the fraudulent act is committed through digital means, cybercrime laws may also apply.

B. Cybercrime Prevention Act of 2012

Republic Act No. 10175, known as the Cybercrime Prevention Act of 2012, is central to online scam reporting.

It penalizes several offenses involving computer systems, including:

  • Illegal access
  • Illegal interception
  • Data interference
  • System interference
  • Misuse of devices
  • Computer-related forgery
  • Computer-related fraud
  • Computer-related identity theft
  • Cybersex
  • Cyber libel
  • Other offenses committed through information and communications technology

For scam cases, the most relevant provisions are often:

  1. Computer-related fraud — when fraudulent acts are carried out through computer systems or digital platforms.

  2. Computer-related identity theft — when a person knowingly acquires, uses, misuses, transfers, possesses, alters, or deletes identifying information belonging to another person.

  3. Illegal access — when an account, system, or device is accessed without authority.

  4. Computer-related forgery — when digital documents, messages, screenshots, transaction confirmations, IDs, or communications are falsified.

The law also allows certain traditional crimes under the Revised Penal Code and special laws to be treated as cybercrimes when committed through information and communications technology.

C. Access Devices Regulation Act

Republic Act No. 8484, the Access Devices Regulation Act of 1998, may apply where the scam involves credit cards, debit cards, account numbers, passwords, access credentials, banking information, or similar access devices.

This may be relevant in cases involving:

  • Unauthorized credit card use
  • Stolen card details
  • Fake payment links
  • Card-not-present fraud
  • Use of another person’s account credentials
  • Phishing that obtains bank or card information

D. Data Privacy Act of 2012

Republic Act No. 10173, the Data Privacy Act of 2012, may apply if the scam involves unauthorized collection, processing, use, disclosure, or sale of personal information.

This is relevant where scammers misuse:

  • Full names
  • Birthdates
  • Addresses
  • Government IDs
  • Selfies with IDs
  • Bank or e-wallet information
  • Contact lists
  • Photos
  • Employment records
  • Medical or sensitive information

Victims may report data privacy concerns to the National Privacy Commission, especially when personal data is misused, leaked, sold, or processed without consent.

E. SIM Registration Act

Republic Act No. 11934, the SIM Registration Act, is relevant when scam texts, calls, or messaging accounts are tied to mobile numbers. The law requires SIM registration and is intended to help deter and investigate fraud committed through mobile communications.

A victim should preserve the scammer’s number, screenshots of texts or calls, timestamps, and any profile information connected with the SIM.

F. Securities Regulation Code and Investment Scam Rules

If the scam involves investments, securities, crypto-like schemes, pooled funds, profit-sharing arrangements, or promises of passive income, the Securities and Exchange Commission may have jurisdiction.

Many online investment scams are not merely private fraud cases. They may involve unregistered securities, unauthorized solicitation of investments, Ponzi schemes, pyramiding, or fraudulent investment contracts.

Examples include:

  • “Guaranteed return” online investment offers
  • Fake crypto trading groups
  • Unauthorized forex or commodities trading pools
  • Referral-based investment schemes
  • “Double your money” platforms
  • Online lending or investment apps soliciting funds from the public

G. Consumer Protection Laws

Where the scam involves online purchases, defective goods, non-delivery, false advertising, or deceptive sales practices, consumer protection laws may also be relevant. Reports may be brought to agencies such as the Department of Trade and Industry for consumer-related online transactions, although clear fraud or criminal deception should also be reported to law enforcement.

III. Where to Report an Online Scam in the Philippines

The correct reporting office depends on the type of scam.

A. Philippine National Police Anti-Cybercrime Group

The PNP Anti-Cybercrime Group, often called PNP-ACG, investigates cybercrime complaints, including online scams, phishing, hacking, identity theft, account takeovers, cyber fraud, online blackmail, and other ICT-facilitated crimes.

A report to the PNP-ACG is generally appropriate when:

  • Money was lost through an online transaction.
  • A scammer used social media, email, website, SMS, messaging app, or online marketplace.
  • A bank, e-wallet, or crypto wallet was used to receive funds.
  • The scammer’s account, phone number, email, or digital identity is known.
  • Personal information or identity documents were misused.
  • The victim’s account was hacked.
  • The scam involves threats, extortion, or blackmail.

Victims may report to the nearest PNP-ACG office or cybercrime desk, or inquire through official PNP-ACG channels.

B. National Bureau of Investigation Cybercrime Division

The NBI Cybercrime Division also investigates online scams and cybercrime offenses.

A complaint to the NBI may be appropriate where:

  • The scam is large-scale or organized.
  • The scammer used multiple accounts, bank accounts, e-wallets, or fake identities.
  • The matter involves identity theft, hacking, phishing, or online extortion.
  • The victim needs assistance with formal complaint preparation.
  • There is a need for digital forensic investigation.

The NBI may require the complainant to submit a sworn complaint-affidavit and supporting evidence.

C. Bank, E-Wallet Provider, or Financial Institution

If the victim transferred money through a bank, e-wallet, payment app, remittance center, or card transaction, the victim should immediately report to the financial institution used.

This is urgent because some transactions may still be traceable, reversible, frozen, held, flagged, or investigated internally.

Report immediately to:

  • The sending bank
  • The receiving bank, if known
  • The e-wallet provider
  • The card issuer
  • The payment gateway
  • The remittance provider
  • The online marketplace payment support team

The report should include:

  • Transaction reference number
  • Amount
  • Date and time
  • Account name and number
  • E-wallet number
  • Screenshots of payment confirmation
  • Conversation with the scammer
  • Police or NBI report, if already available

Banks and e-wallet providers may ask for a formal dispute form, affidavit, police report, or other documents. Filing quickly matters.

D. Securities and Exchange Commission

Report to the SEC when the scam involves investments, securities, lending, financing, crypto investment schemes, profit-sharing arrangements, or solicitation of funds from the public.

SEC reporting is especially important when the scammer claims to be:

  • A corporation
  • A lending company
  • A financing company
  • An investment platform
  • A trading company
  • A crypto investment group
  • A cooperative-like investment operation
  • A crowdfunding or pooling entity
  • An online broker or fund manager

Even if the victim also reports to PNP or NBI, the SEC may investigate regulatory violations such as unregistered securities offerings or unauthorized investment solicitation.

E. National Privacy Commission

Report to the National Privacy Commission if the scam involves misuse, unauthorized processing, or exposure of personal data.

Examples:

  • Scammer used your ID, selfie, or personal information.
  • Your personal data was posted online.
  • Your personal details were used to open accounts.
  • Your contact list was harvested.
  • Your identity was used to scam others.
  • A company, app, or platform mishandled your personal information.
  • Loan app harassment involved disclosure of personal information.

The NPC is especially relevant when personal data protection, not just money loss, is at issue.

F. Department of Trade and Industry

The DTI may be relevant for consumer complaints involving online sellers, defective goods, non-delivery, false advertising, or deceptive sales practices.

However, not every online selling dispute is automatically a criminal scam. Some matters may be civil or consumer disputes. If there is clear deception, fake identity, disappearing seller, multiple victims, forged proof, or intent to defraud, the matter should also be reported to law enforcement.

G. Online Platform, Marketplace, or Social Media Site

Victims should also report the scammer directly to the platform used, such as:

  • Facebook
  • Instagram
  • TikTok
  • X
  • Shopee
  • Lazada
  • Carousell
  • Messenger
  • Telegram
  • Viber
  • WhatsApp
  • Email provider
  • Website host
  • Domain registrar

Platform reports can lead to takedown, suspension, preservation of records, or account restrictions. However, platform reporting alone is usually not enough for criminal prosecution.

H. Barangay or Local Police Station

For immediate assistance, victims may also go to the local police station or barangay. However, online scam cases often require cybercrime handling. The local station may refer the matter to PNP-ACG, NBI, or the prosecutor’s office.

A barangay blotter or police blotter may help document the incident, but a blotter is not the same as a full criminal complaint.

IV. Evidence to Preserve Before Reporting

Evidence is crucial. Online scam cases often fail or slow down because victims delete messages, block accounts too early, lose transaction details, or submit incomplete screenshots.

Preserve everything before confronting the scammer further.

A. Screenshots

Take clear screenshots of:

  • The scammer’s profile
  • Username, display name, account URL, user ID, phone number, or email
  • Conversation history
  • Product listing or advertisement
  • Investment offer
  • Payment instructions
  • Promises, guarantees, or representations
  • Proof of payment
  • Delivery details
  • Threats or blackmail
  • Deleted-message notices
  • Group chats or channels
  • Comments from other victims

Include timestamps where possible.

B. Links and Digital Identifiers

Record:

  • Profile links
  • Post links
  • Marketplace listing links
  • Website URLs
  • Email addresses
  • Phone numbers
  • Bank account numbers
  • E-wallet numbers
  • Crypto wallet addresses
  • QR codes
  • Telegram usernames
  • Viber or WhatsApp numbers
  • IP addresses, if available
  • Domain names
  • Transaction IDs

C. Financial Records

Preserve:

  • Deposit slips
  • Online transfer receipts
  • Transaction reference numbers
  • Account names
  • Account numbers
  • E-wallet numbers
  • Card statements
  • Bank statements
  • Remittance receipts
  • Crypto transaction hashes
  • Payment confirmation emails
  • Chargeback or dispute correspondence

D. Identity Documents and Personal Data

If personal information was shared, preserve copies of:

  • IDs sent
  • Forms filled out
  • Selfies or verification photos submitted
  • Applications completed
  • Links clicked
  • Personal data requested
  • Messages showing why the data was requested

This helps determine if identity theft or Data Privacy Act issues are involved.

E. Device and Account Evidence

If hacking or unauthorized access occurred, preserve:

  • Login alerts
  • Password reset emails
  • Security notifications
  • Device logs
  • Account recovery messages
  • Unauthorized transactions
  • Changed email or phone notifications
  • Suspicious sessions
  • IP or location alerts shown by the service

Do not factory reset the device before reporting if the device may contain evidence.

F. Witnesses and Other Victims

List:

  • Names and contact details of other victims
  • Group chat members
  • People who saw the post or transaction
  • People who referred you to the scam
  • People who received messages from the impersonator

Large-scale reports are often stronger when multiple victims coordinate evidence.

V. Immediate Steps After Discovering an Online Scam

Step 1: Stop Communicating Strategically

Do not send more money. Do not provide more IDs, OTPs, passwords, selfies, or verification codes. Avoid threatening the scammer, as this may cause deletion of evidence.

It is often better to silently preserve evidence first.

Step 2: Secure Your Accounts

Immediately change passwords for:

  • Email
  • Online banking
  • E-wallets
  • Social media
  • Marketplace accounts
  • Cloud storage
  • Messaging apps

Enable two-factor authentication using a secure method. Log out unknown devices. Revoke suspicious app permissions.

Step 3: Contact the Bank or E-Wallet Provider

Report the transaction immediately. Ask whether the receiving account can be flagged, frozen, investigated, or whether a dispute can be filed.

The victim should request a case number or reference number.

Step 4: Preserve Evidence

Download, screenshot, export, or print the evidence. Keep original files when available.

Do not rely only on screenshots stored in the same phone if the account or phone may be compromised.

Step 5: Report to Law Enforcement

File a complaint with PNP-ACG, NBI Cybercrime Division, or the appropriate police cybercrime unit.

Step 6: Report to Regulators or Platforms

Report to the SEC, NPC, DTI, platform, bank, telco, or other relevant body depending on the case.

VI. Preparing a Complaint-Affidavit

For formal criminal action, a victim may be required to execute a complaint-affidavit. This is a sworn written statement narrating the facts.

A complaint-affidavit should usually include:

  1. Full name, age, citizenship, address, and contact details of the complainant.

  2. A clear statement that the complainant is filing a complaint for online scam, estafa, computer-related fraud, identity theft, or other applicable offenses.

  3. The date, time, and manner of first contact with the scammer.

  4. The platform used.

  5. The representations made by the scammer.

  6. The reason the complainant relied on those representations.

  7. The amount paid or property lost.

  8. The payment method and transaction details.

  9. The scammer’s known details, such as name, alias, username, profile link, phone number, email, bank account, or e-wallet number.

  10. The discovery that the transaction was fraudulent.

  11. Efforts to demand refund, recover the account, contact the seller, or report to the platform.

  12. Description of attached evidence.

  13. A statement that the facts are true based on personal knowledge and authentic records.

  14. Signature before a notary public or authorized officer, if required.

The affidavit should be factual, chronological, and specific. Avoid exaggeration, speculation, or unsupported accusations.

VII. Sample Structure of a Complaint Narrative

A complaint may be organized as follows:

1. Introduction

“I am filing this complaint for online scam/fraud committed through [platform], which caused me financial loss in the amount of PHP [amount].”

2. First Contact

“On [date], I saw a post/account/message from [name or username] offering [goods, service, investment, job, loan, etc.].”

3. Deceptive Representation

“The person represented that [specific promise]. The person sent [proof, documents, photos, links, registration papers, testimonials, etc.].”

4. Payment

“Relying on these representations, I sent PHP [amount] on [date and time] through [bank/e-wallet/remittance] to [account name, account number, phone number].”

5. Fraud Discovered

“After payment, the person [blocked me, stopped responding, failed to deliver, demanded more money, sent fake tracking, deleted the account, etc.].”

6. Evidence

“I preserved screenshots of the conversation, profile, payment receipt, transaction reference, and related records, attached as Annexes.”

7. Requested Action

“I respectfully request investigation and appropriate action for possible violation of the Revised Penal Code, Cybercrime Prevention Act, and other applicable laws.”

VIII. Is a Demand Letter Required?

A demand letter is not always required before reporting an online scam, especially where there is clear fraud, account takeover, phishing, identity theft, or disappearing scammers.

However, in some online selling or business disputes, a demand letter may help show that the complainant gave the other party a chance to deliver, refund, or explain. It may also help distinguish fraud from mere delay, mistake, or breach of contract.

A demand letter may be useful when:

  • The seller is identifiable.
  • The transaction may be civil or commercial in nature.
  • The seller claims delay but refuses refund.
  • The amount is significant.
  • The complainant wants to document demand before filing a complaint.

A demand letter should not be used to harass, threaten, defame, or extort. It should simply state the facts, amount, deadline, and intended legal action.

IX. Online Scam, Civil Case, or Criminal Case?

Not every failed online transaction is automatically a criminal scam. Philippine law generally distinguishes between:

A. Civil Dispute

A civil dispute may exist when there is a genuine contract but one party fails to perform. Examples include delayed delivery, defective item, misunderstanding about specifications, or inability to refund.

B. Criminal Fraud

A criminal scam is more likely when there is deceit from the beginning. Indicators include:

  • Fake identity
  • Fake business documents
  • Fake proof of shipment
  • Fake payment confirmation
  • Immediate blocking after payment
  • Multiple victims
  • False promises of guaranteed profit
  • Use of mule accounts
  • Refusal to provide real identity
  • Use of stolen photos
  • Disappearing website or page
  • Repeated pattern of accepting payments without delivery

The key issue is often whether there was fraudulent intent at or before the time the victim gave money or property.

X. Reporting Bank and E-Wallet Transactions

Because many online scams involve bank transfers and e-wallets, reporting to financial institutions is critical.

Victims should immediately ask the sending institution to:

  • File a fraud report
  • Trace the transaction
  • Contact the receiving institution
  • Flag the recipient account
  • Preserve records
  • Provide a case reference number
  • Advise on dispute or recovery procedure

Victims should also report to the receiving institution if the receiving bank or e-wallet is known. The receiving institution may require a police report, affidavit, or proof of scam before taking action.

Important details to provide:

  • Account name
  • Account number or mobile number
  • Amount
  • Date and time
  • Transaction reference number
  • Screenshots of payment instructions
  • Screenshots proving fraud
  • Police/NBI report, if available

Time is important. Delayed reporting may reduce the chance of freezing or tracing funds.

XI. Special Case: Phishing and Unauthorized Bank Transactions

Phishing cases are urgent because they may involve continuing access to bank, e-wallet, or email accounts.

A victim should immediately:

  1. Call the bank or e-wallet hotline.
  2. Freeze or block affected accounts.
  3. Change passwords.
  4. Disable compromised cards.
  5. Revoke unauthorized devices.
  6. Report unauthorized transactions.
  7. Preserve phishing messages and links.
  8. File a cybercrime report.
  9. Check email forwarding rules and recovery details.
  10. Monitor credit, banking, and identity misuse.

Do not click the phishing link again. Do not enter more credentials. Do not share OTPs even with persons claiming to be bank representatives.

XII. Special Case: Investment Scams

Investment scams should be reported both as fraud and as possible securities violations.

Red flags include:

  • Guaranteed returns
  • No risk
  • Very high profits in a short time
  • Referral commissions
  • Pressure to recruit others
  • Vague business model
  • No verifiable registration
  • Fake SEC certificates
  • Use of celebrity endorsements
  • Claims of secret trading bots
  • Crypto wallet deposits
  • Group chats showing fake earnings
  • Withdrawal allowed at first, then later blocked
  • Requirement to pay tax, verification fee, or unlock fee before withdrawal

A company’s registration as a corporation does not automatically mean it is authorized to solicit investments. Corporate registration is different from authority to sell securities or investment contracts.

Victims should preserve:

  • Investment contracts
  • Chat group records
  • Admin names
  • Wallet addresses
  • Bank accounts
  • Promotional materials
  • Screenshots of dashboards
  • Withdrawal requests
  • Proof of deposits
  • Referral structures
  • Names of recruiters

XIII. Special Case: Online Lending App Harassment

Some online lending issues involve both debt disputes and possible privacy or cybercrime violations.

Reportable conduct may include:

  • Threats
  • Public shaming
  • Contacting phone contacts
  • Posting personal information
  • Sending defamatory messages
  • Harassment
  • Unauthorized access to contact lists
  • Excessive or abusive collection tactics
  • Use of fake legal threats
  • Misuse of uploaded IDs or selfies

Possible reporting channels include:

  • National Privacy Commission
  • PNP-ACG or NBI Cybercrime Division
  • SEC, if the lending company is regulated or claims to be a lending/financing company
  • Platform stores, if the app violates platform policies

Preserve screenshots, call logs, messages sent to contacts, app permissions, loan documents, payment records, and the app’s name or developer information.

XIV. Special Case: Sextortion or Online Blackmail

Sextortion involves threats to release intimate images, videos, conversations, or fabricated sexual content unless money is paid.

Victims should:

  • Stop paying.
  • Preserve evidence.
  • Do not negotiate extensively.
  • Screenshot threats and account details.
  • Report the account to the platform.
  • Report to PNP-ACG or NBI Cybercrime Division.
  • Secure social media privacy settings.
  • Warn close contacts if necessary.
  • Avoid deleting evidence out of panic.

If the victim is a minor, child protection laws and specialized law enforcement handling may apply. This should be treated as urgent.

XV. Special Case: Identity Theft and Impersonation

If a scammer uses your name, photos, ID, or account to scam others, act quickly.

Steps:

  1. Preserve the fake profile or account link.
  2. Screenshot posts, messages, and victim complaints.
  3. Report the impersonation to the platform.
  4. Post a careful public warning if necessary, avoiding defamatory claims beyond verified facts.
  5. File a cybercrime report for identity theft.
  6. Notify banks, e-wallets, and contacts if financial identity may be compromised.
  7. Consider reporting to the National Privacy Commission if personal data was misused.

Identity theft can expose the victim to reputational damage and false accusations. A police or NBI report helps document that the victim is also a complainant.

XVI. What Happens After Filing a Report?

After a report is filed, authorities may:

  • Evaluate the complaint.
  • Ask for additional evidence.
  • Require a sworn affidavit.
  • Conduct digital investigation.
  • Coordinate with banks, telcos, platforms, or service providers.
  • Identify account holders.
  • Trace financial transactions.
  • Invite parties for clarification.
  • Refer the case to prosecutors.
  • Recommend criminal charges.
  • Assist with preservation requests where legally available.

The process may take time, especially if the scammer used fake identities, mule accounts, foreign platforms, VPNs, cryptocurrency, or overseas infrastructure.

XVII. Can the Victim Recover the Money?

Recovery is possible but not guaranteed. It depends on how quickly the report is made, whether funds remain in the recipient account, whether the recipient is identified, and whether the financial institution can freeze or reverse the transaction.

Possible recovery routes include:

  1. Bank or e-wallet dispute process
  2. Freezing or holding of suspicious funds
  3. Settlement or restitution
  4. Civil action for sum of money or damages
  5. Criminal case with restitution
  6. Small claims case, where applicable for money claims
  7. Insurance or platform buyer protection, if available
  8. Chargeback, for certain card transactions

Victims should not assume that filing a police report automatically returns the money. Separate bank, platform, civil, and criminal remedies may be necessary.

XVIII. Small Claims and Civil Remedies

If the scammer is identifiable and the case involves recovery of money, the victim may consider civil remedies.

The small claims process may be useful for certain money claims because it is designed to be faster and does not require lawyers to appear for the parties. However, small claims are not a substitute for criminal prosecution where fraud is involved.

Civil remedies may include:

  • Return of money
  • Damages
  • Interest
  • Costs
  • Enforcement against property, if judgment is obtained

A civil claim may proceed separately from a criminal complaint, depending on the circumstances.

XIX. Jurisdiction and Venue

Online scams create jurisdiction issues because the victim, scammer, bank, platform, and servers may be in different places.

In general, a complaint may be filed where:

  • The victim resides or suffered damage;
  • The fraudulent communication was received;
  • Payment was made;
  • The account or transaction was processed;
  • The offender may be found; or
  • The investigating agency has authority to receive cybercrime complaints.

Cybercrime complaints are often best filed with specialized cybercrime units because they are more familiar with electronic evidence and digital tracing.

XX. Electronic Evidence in Online Scam Cases

Philippine courts may consider electronic evidence, but it must be properly authenticated.

Useful electronic evidence includes:

  • Screenshots
  • Emails
  • Chat exports
  • Webpages
  • Metadata
  • Transaction records
  • Login records
  • Digital receipts
  • Call logs
  • Audio or video recordings, subject to legal limitations
  • Platform records
  • Bank records
  • Device records

To strengthen electronic evidence:

  1. Preserve the original message or file.
  2. Keep the device used in the transaction.
  3. Save URLs and timestamps.
  4. Export chats where possible.
  5. Print screenshots with dates.
  6. Avoid editing screenshots.
  7. Keep backup copies.
  8. Organize evidence chronologically.
  9. Label annexes clearly.
  10. Include a statement explaining how the evidence was obtained.

XXI. Mistakes Victims Should Avoid

Victims should avoid:

  • Deleting chats after taking only partial screenshots.
  • Blocking the scammer before saving evidence.
  • Sending more money to “unlock” refunds.
  • Sharing OTPs or passwords with supposed investigators.
  • Posting unverified accusations against unrelated persons.
  • Harassing the account holder if the account may be a mule.
  • Paying private “recovery agents” who promise to retrieve funds.
  • Sending IDs to unknown “refund processors.”
  • Relying only on platform reporting.
  • Waiting too long before contacting the bank or e-wallet.
  • Using edited or cropped screenshots that hide important details.
  • Failing to record transaction reference numbers.
  • Assuming a corporate registration means investment authority.
  • Settling without written proof of payment or admission.

XXII. Reporting Checklist

Before going to PNP-ACG, NBI, or another agency, prepare:

  • Government-issued ID
  • Your contact details
  • Written timeline of events
  • Name or alias of scammer
  • Profile links and usernames
  • Phone numbers and email addresses
  • Screenshots of conversations
  • Screenshots of posts, listings, or ads
  • Payment receipts
  • Transaction reference numbers
  • Bank or e-wallet details
  • Demand messages, if any
  • Platform report confirmation, if any
  • Bank or e-wallet report reference number
  • Names of other victims, if known
  • Copies of IDs or personal data shared, if relevant
  • Printed copies and digital copies of evidence

Organized evidence helps investigators evaluate the complaint faster.

XXIII. Model Evidence Annex List

A complaint may attach evidence as follows:

  • Annex A — Screenshot of scammer’s profile
  • Annex B — Screenshot of product listing or offer
  • Annex C — Conversation showing agreement or promise
  • Annex D — Payment instructions sent by scammer
  • Annex E — Proof of payment
  • Annex F — Transaction confirmation from bank or e-wallet
  • Annex G — Follow-up messages and non-response
  • Annex H — Screenshot showing victim was blocked
  • Annex I — Platform report confirmation
  • Annex J — Bank or e-wallet complaint reference
  • Annex K — Other victims’ screenshots or statements
  • Annex L — Any demand letter or refund request

XXIV. Sample Incident Timeline

A simple timeline may look like this:

Date/Time Event
April 1, 2026, 9:00 AM Saw Facebook Marketplace listing for mobile phone
April 1, 2026, 9:30 AM Messaged seller through Messenger
April 1, 2026, 10:00 AM Seller promised same-day delivery after payment
April 1, 2026, 10:15 AM Sent PHP 15,000 to GCash number/account
April 1, 2026, 10:20 AM Seller confirmed receipt
April 1, 2026, 5:00 PM Seller sent alleged tracking number
April 2, 2026 Tracking number found invalid
April 2, 2026 Seller stopped responding
April 3, 2026 Account became unavailable or victim was blocked
April 3, 2026 Reported transaction to e-wallet provider
April 4, 2026 Prepared complaint and evidence for cybercrime report

XXV. Sample Complaint-Affidavit Template

Republic of the Philippines [City/Municipality]

AFFIDAVIT-COMPLAINT

I, [Name], of legal age, Filipino, and residing at [address], after being duly sworn, state:

  1. I am filing this complaint for an online scam committed against me through [platform/app/website].

  2. On or about [date], I encountered [name/alias/username/profile link], who represented that [state the offer, item, investment, service, job, loan, or other promise].

  3. The said person represented to me that [specific false statements] and induced me to pay or transfer money.

  4. Relying on these representations, I sent the amount of PHP [amount] on [date and time] through [bank/e-wallet/remittance/payment method] to [account name, account number, mobile number, or wallet address].

  5. Attached as evidence are screenshots of our conversation, the scammer’s profile, payment instructions, and proof of payment.

  6. After receiving the payment, the person [failed to deliver, blocked me, stopped responding, demanded more money, deleted the account, or other act].

  7. I later discovered that the transaction was fraudulent because [state facts showing fraud].

  8. I reported the matter to [bank/e-wallet/platform, if applicable] under reference number [reference number].

  9. I respectfully request investigation and the filing of appropriate charges for possible violation of the Revised Penal Code, the Cybercrime Prevention Act of 2012, and other applicable laws.

  10. I am executing this affidavit to attest to the truth of the foregoing and to support my complaint.

IN WITNESS WHEREOF, I have signed this affidavit on [date] at [place].

[Signature] [Name]

Subscribed and sworn to before me this [date] at [place], affiant exhibiting competent proof of identity: [ID details].

XXVI. When the Scammer Is Unknown

Many victims only know the scammer’s username, mobile number, bank account, or e-wallet. That does not prevent reporting.

The complaint may identify the respondent as:

  • “John Doe”
  • “Jane Doe”
  • Unknown person using the account name “[name]”
  • Unknown person using mobile number “[number]”
  • Unknown person using Facebook profile “[profile name/link]”
  • Unknown person using bank/e-wallet account “[details]”

Law enforcement may attempt to identify the person through lawful requests, financial records, platform information, telco data, or other investigative means.

XXVII. Mule Accounts and Fake Names

Many scammers use mule accounts. A mule account is a bank, e-wallet, or payment account used to receive scam proceeds, often under another person’s name.

The account holder may be:

  • The actual scammer
  • A recruiter of victims
  • A paid mule
  • A person who sold or lent an account
  • A person whose identity was stolen
  • A victim of another scam

For this reason, victims should report the receiving account but avoid making unsupported public accusations. Investigators can determine the account holder’s role.

XXVIII. Can a Victim Post the Scammer Online?

Victims often want to warn others. Public warnings may help prevent further harm, but they also carry legal risks if they contain unverified accusations, insults, threats, private data, or defamatory statements.

A safer public warning should be factual and limited, for example:

“Warning: I transacted with this account on [date] for [item/service]. I paid PHP [amount], but the item was not delivered and the account stopped responding. I have reported the matter to the proper authorities. Others should exercise caution.”

Avoid posting:

  • Home addresses
  • Family details
  • Private IDs
  • Unverified claims
  • Threats
  • Edited screenshots
  • Personal attacks
  • Information about unrelated persons

The goal should be warning and evidence preservation, not online retaliation.

XXIX. Prescription Periods and Delay

Criminal and civil actions are subject to limitation periods. The applicable period depends on the offense, penalty, amount, and law involved.

Even if a victim is unsure about deadlines, reporting should be done as soon as possible. Early reporting improves the chances of:

  • Preserving digital evidence
  • Freezing funds
  • Identifying account holders
  • Obtaining platform records
  • Preventing further victims
  • Establishing credibility and timeline

XXX. Online Scam Involving Overseas Scammers

Some scams originate outside the Philippines. A report may still be filed in the Philippines if the victim is in the Philippines, the damage occurred in the Philippines, Philippine accounts were used, or Philippine laws are implicated.

However, cross-border cases are more difficult because they may involve:

  • Foreign platforms
  • Foreign bank accounts
  • Cryptocurrency wallets
  • Overseas phone numbers
  • VPNs
  • Fake identities
  • Mutual legal assistance issues

Victims should still report. Even if overseas prosecution is difficult, reports can help identify local mule accounts, local recruiters, or domestic accomplices.

XXXI. Practical Reporting Route by Scam Type

Scam Type Recommended Reporting Channels
Online seller took payment and disappeared PNP-ACG or NBI; bank/e-wallet; platform; possibly DTI
Phishing and unauthorized bank transfer Bank/e-wallet immediately; PNP-ACG or NBI
Fake investment platform SEC; PNP-ACG or NBI; bank/e-wallet
Identity theft PNP-ACG or NBI; platform; NPC if personal data involved
Loan app harassment NPC; SEC if lending entity involved; PNP-ACG or NBI for threats
Fake job/task scam PNP-ACG or NBI; bank/e-wallet; platform
Sextortion PNP-ACG or NBI urgently; platform
Hacked account used to scam others Platform; PNP-ACG or NBI; warn contacts
SIM-based scam texts Telco; PNP-ACG or NBI; relevant financial institution
Consumer non-delivery dispute DTI; platform; PNP-ACG/NBI if fraud is clear

XXXII. Practical Tips for a Strong Report

A strong report is specific, complete, and organized.

Good reporting practice includes:

  • Use exact dates and times.
  • Provide the full transaction trail.
  • Attach complete conversations, not only selected lines.
  • Include the scammer’s profile URL, not just the display name.
  • Include payment reference numbers.
  • Explain why you believed the scammer.
  • State what happened after payment.
  • Identify the law enforcement or bank reports already made.
  • Bring both printed and digital copies.
  • Keep a master folder of evidence.
  • Do not alter screenshots.
  • Maintain a written timeline.

XXXIII. Legal Consequences for Scammers

Depending on the facts, scammers may face liability for:

  • Estafa
  • Computer-related fraud
  • Computer-related identity theft
  • Illegal access
  • Computer-related forgery
  • Unauthorized access device offenses
  • Data privacy violations
  • Securities violations
  • Consumer law violations
  • Threats, coercion, unjust vexation, or extortion-related offenses
  • Money laundering-related investigation where scam proceeds are moved through financial channels

The exact charges depend on the evidence and prosecutorial evaluation.

XXXIV. Role of the Prosecutor

Law enforcement investigation is not always the final step. For criminal prosecution, the case may be referred to the prosecutor’s office for preliminary investigation or inquest, depending on the circumstances.

The prosecutor evaluates whether there is probable cause to charge a person in court.

The complainant may be asked to submit:

  • Complaint-affidavit
  • Supplemental affidavit
  • Additional evidence
  • Clarificatory details
  • Witness affidavits

The respondent may be allowed to submit a counter-affidavit. The prosecutor then determines whether to dismiss the complaint or file an information in court.

XXXV. Importance of Acting Quickly

Speed matters in online scam cases because digital evidence and money move fast.

Immediate action may:

  • Prevent further unauthorized access
  • Preserve logs before they are deleted
  • Help banks flag accounts
  • Stop additional victims
  • Strengthen the timeline
  • Improve the possibility of recovery
  • Support law enforcement tracing

A victim should report first to the bank or e-wallet for urgent financial containment, then proceed with law enforcement and regulator reports as appropriate.

Conclusion

Reporting an online scam in the Philippines requires both practical urgency and legal organization. The victim should preserve evidence, secure accounts, report financial transactions immediately, and file complaints with the proper authorities such as PNP-ACG, NBI Cybercrime Division, banks or e-wallets, SEC, NPC, DTI, telcos, and online platforms depending on the nature of the case.

The main legal frameworks include the Revised Penal Code on estafa, the Cybercrime Prevention Act of 2012, the Access Devices Regulation Act, the Data Privacy Act, the SIM Registration Act, securities laws, and consumer protection rules. The success of a report often depends on the quality of evidence, speed of reporting, clarity of the affidavit, and coordination with the correct agency.

An online scam should be treated as both a legal problem and an evidence problem. The most effective first response is to stop further loss, preserve proof, secure accounts, report the financial transaction, and file a clear, documented complaint with the proper Philippine authorities.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login