This article explains, in practical legal terms, how to preserve evidence, where to file, what forms and affidavits to prepare, and how the process typically unfolds when reporting online fraud and related cybercrimes in the Philippines. It is written for victims, counsel, compliance officers, and platform trust & safety teams.

I. Legal Groundwork (What Laws Typically Apply)

Online scams in the Philippines are commonly pursued under a mix of special laws and the Revised Penal Code (RPC). Depending on the act and the evidence, authorities and prosecutors frequently use one or more of the following:

Cybercrime Prevention Act of 2012 (Republic Act No. 10175)
- Covers illegal access, computer-related fraud, forgery, identity theft, cyber-libel, and aids law enforcement with digital forensics and preservation orders.
Revised Penal Code (RPC)
- Estafa/Swindling (Art. 315) and related provisions often apply when there is deceit, misrepresentation, and damage.
Access Devices Regulation Act (RA 8484)
- For unauthorized use of credit/debit cards and access devices; often overlaps with phishing and account takeovers.
E-Commerce Act (RA 8792) & Rules on Electronic Evidence
- Recognize electronic documents and signatures; guide admissibility and weight of screenshots, logs, and metadata.
Data Privacy Act (RA 10173)
- Implicated when personal data is misused or breached; the National Privacy Commission (NPC) may be involved for privacy violations.
Financial Consumer Protection Act (RA 11765)
- Sets duties for financial service providers and remedies for financial consumers; relevant for banks and e-wallet disputes.
Anti-Photo and Video Voyeurism Act (RA 9995), Anti-Child Pornography Act (RA 9775), Anti-Trafficking (RA 9208 as amended)
- Applicable in specific fact patterns.
SIM Registration law and anti-spam measures
- Can support traceability for mobile-facilitated scams.

Jurisdiction & venue. Cybercrimes often have multi-venue rules (e.g., where any element occurred, where data was accessed, where the victim is located). Digital evidence can justify venue. Discuss venue strategy with counsel before filing.

II. Preserve First: Evidence That Makes or Breaks the Case

Before reporting, secure and organize evidence. Authenticity, chain of custody, and completeness matter.

A. What to capture

Full conversation threads (messenger, email, SMS), including headers, timestamps, and profile URLs.
Screenshots + native exports (PDF/HTML/JSON) from platforms; annotate only on copies, never on the original.
Transaction proofs: bank/e-wallet reference numbers, account names/numbers, amounts, time stamps, device used.
Device & network details: IP addresses (if available), login alerts, authentication logs.
File artifacts: invoices, images, voice notes, attachments, site archives (WARC/HTML save).
Delivery/shipper records for marketplace disputes.
Any admissions by the scammer, including voice/video (mind Anti-Wiretapping rules; do not illegally record private conversations).

B. Chain of custody basics

Keep a clean, read-only copy (e.g., exported chat in original format).
Hash files when possible (SHA-256) and keep a simple evidence log: what, when, by whom, where stored.
Do not “edit” originals; make separate working copies for annotation.

C. Corroboration

If others were defrauded by the same account/page/number, gather sworn statements from them.
Capture platform takedown notices and bank dispute reference numbers to show diligence.

III. Filing with Law Enforcement

Two primary units investigate cybercrime: NBI Cybercrime Division (NBI-CCD) and PNP Anti-Cybercrime Group (PNP-ACG). You may file with either or both; duplication is acceptable if you disclose parallel filings.

A. NBI Cybercrime Division (NBI-CCD)

1) Prepare

Complaint-Affidavit (see template below).
Copies of IDs (valid government ID).
Evidence packet (index + annexes).
If the complainant is a corporation, include Board/Secretary’s Certificate authorizing the representative.

2) How to file

Walk-in at NBI-CCD (or nearest NBI office handling cybercrime referrals).
Some offices accept e-complaints; verify current procedure, but always be ready with scans/PDFs.
Request receipt/acknowledgment and case reference number.

3) What happens next

Case build-up: validation, technical forensics, and coordination with platforms/banks.
Possible Preservation Orders/Subpoenas to platforms/ISPs/financial institutions.
Referral to the Prosecutor for inquest (if an arrest) or for preliminary investigation (regular filing).

B. PNP Anti-Cybercrime Group (PNP-ACG)

1) Prepare the same set of documents and evidence.

2) How to file

Walk-in at PNP-ACG national or regional/city cybercrime units.
Provide a clear timeline and loss computation.

3) Typical process

Blotter/Incident Record → Investigation → Subpoenas/Coordination → Referral to Prosecutor.
For ongoing scams, you may request immediate platform reports or account freezes through coordination channels.

Tip: If you face urgency (active account siphoning, live sextortion threats), indicate “URGENT—ONGOING HARM” in your cover letter and ask for expedited preservation.

IV. Prosecutor’s Office: Preliminary Investigation

Filing can be conducted by the investigator (after case build-up) or by private counsel.
Complaint-Affidavit with annexes is required, plus Affidavits of Witnesses and expert/IT custodian statements if available.
Respondents are issued a subpoena; counter-affidavits follow; rejoinders/replies as allowed.
Prosecutor resolves probable cause. If found, Information is filed in court.

V. Parallel and Platform-Level Remedies

You should run three tracks in parallel: (1) law enforcement, (2) platform/bank/e-wallet actions, and (3) civil/administrative remedies.

A. Banks & E-Wallets (GCash, Maya, etc.)

Immediate report via app/phone/branch: ask for transaction freeze/hold if still reversible, and account flagging of recipient accounts.
File a formal dispute with transaction IDs, device used, timeline, and a copy of the police/NBI acknowledgment.
Request copies of logs related to your account under applicable consumer and data privacy rules.
For card payments, invoke chargeback pathways via your issuing bank (subject to network rules & timelines).
Keep ticket/reference numbers; escalate to BSP Consumer Assistance or relevant regulators if mishandled.

B. Social Platforms (Facebook, Instagram, TikTok, X, etc.)

Report the account/page/ad as Fraud/Scam using in-app tools.
Include case numbers from NBI/PNP when following up; request evidence preservation (platforms often preserve upon law-enforcement request, but your report helps create a trail).
Capture confirmation emails or in-app receipts of your report.

C. E-Commerce Marketplaces (Shopee, Lazada, etc.)

File a dispute/return/refund within platform deadlines.
Upload proof of non-delivery/damaged goods and chat logs.
If the seller used fake waybills or counterfeit goods, note this specifically.
Ask the platform to suspend the merchant and preserve records for law enforcement.

D. Telcos & SMS

Report smishing numbers and phishing URLs via the telco’s reporting channels.
Request blocking of the sender and SIM/account investigation; keep the ticket number.

E. National Privacy Commission (NPC)

If your personal data was compromised or misused, file a complaint or report with the NPC.
This can run parallel to criminal action and may prompt additional compliance obligations on the erring entity.

VI. Drafting the Complaint-Affidavit (Practical Guide)

Core elements

Complainant details (identity, contact, capacity/authority if corporate).
Respondent identification (real name if known, otherwise handles/URLs/aliases, phone numbers, account numbers).
Statement of facts in chronological order: who, what, when, where, how, and how much.
Offenses invoked (e.g., estafa under Art. 315; computer-related fraud under RA 10175; RA 8484 if access devices were used).
Evidence list (Annex “A” to “Z”) with short descriptions.
Reliefs sought: investigation, prosecution, preservation orders, coordination with platforms/banks, return of funds when reachable.
Verification/Jurat before a notary public or authorized officer.

Short template (editable)

COMPLAINT-AFFIDAVIT I, [Name], of legal age, [civil status], and residing at [address], after being duly sworn, depose and state:

I am the owner/user of [device/account/email/phone no.].

On [date/time], I was contacted by [respondent/handle/URL/number]. Through deceit/misrepresentation, I was induced to [transfer money/provide credentials/purchase goods], causing me damage amounting to [₱ amount].

Attached are true and faithful copies of our communications, transaction records, and related evidence, marked as Annexes “A” to “__”.

I respectfully charge [Name/Unknown; a.k.a. handle/URL] with [estafa under Art. 315 of the RPC; Computer-Related Fraud under Sec. __ of RA 10175; RA 8484], and pray for the issuance of preservation/subpoena and for prosecution.

I execute this affidavit to attest to the truth of the foregoing. [Signature] [Jurat/Notarial Block]

VII. Evidence Index (Annex Guide)

Annex A – Timeline of events (table with date/time, action, actor, source).
Annex B – Full chat export (native + PDF screenshots).
Annex C – Payment proofs (bank/e-wallet, with IDs).
Annex D – Account/Page/Ad URLs and screenshots.
Annex E – Device logs, login alerts, IP (if available).
Annex F – Platform/bank dispute reference numbers.
Annex G – Affidavits of corroborating witnesses.
Annex H – Corporate authority (if applicable).

VIII. Strategy: Choosing Between NBI-CCD and PNP-ACG (or Both)

NBI-CCD: Often tapped for cases requiring deeper forensics, inter-agency coordination, or complex financial trails.
PNP-ACG: Strong regional presence and rapid incident intake, useful for on-the-ground leads and live threats.
Parallel filing can speed preservation and multiplies avenues for subpoenas, but keep both units updated to avoid duplication conflicts.

IX. Timelines, Expectations, and Practical Realities

Preservation vs. production: Platforms may preserve data quickly upon formal request, but content/metadata production follows their legal process and local/international cooperation rules.
Unmasking: Expect reliance on subscriber information, IP logs, and KYC data from banks/e-wallets; anonymity tools can slow this down.
Cross-border scams**:** Mutual legal assistance (MLA) can extend timelines; meanwhile, prioritize platform/bank freezes and civil recovery if any assets still sit in local rails.
Refunds/chargebacks: Possible in limited windows and under network rules; move immediately.
Small claims/civil actions: Consider for purely contractual disputes or when the scammer is identified but criminal proof is thin. (Check the current small-claims jurisdictional amount before filing.)

X. Common Scam Patterns and Special Notes

Phishing/Smishing/Quishing: Don’t click shortened or QR-code links; capture the message and report to telco and law enforcement.
Investment/crypto “doublers”: Document the promised returns, group chats, and wallets. For on-chain transfers, include transaction hashes and blockchain explorer prints.
Marketplace non-delivery: Keep shipping scans and seller chats; escalate within platform deadlines.
Account takeovers: Show auth logs, password reset emails, and any MFA disable notices.

XI. Victim Support & Risk Mitigation

Credential hygiene: Rotate passwords, enable MFA, revoke suspicious sessions.
Credit freeze/monitoring: Ask banks to flag your accounts; watch for new credit lines opened in your name.
Data privacy: If IDs were shared, consider masking copies going forward (where lawful) and notify affected institutions.
Psychological harm: Seek support; sextortion victims should request urgent takedowns and avoid further engagement with the extorter.

XII. Practical Checklists

Emergency Same-Day Checklist

Freeze/flag transactions with your bank/e-wallet; open a formal dispute.
Report offending accounts/pages/numbers on the platform; save the report confirmation.
Prepare a one-page timeline and zip all evidence.
File with NBI-CCD or PNP-ACG; get a case/reference number.
Update the bank/platform with your law-enforcement reference number.

Filing Packet Checklist

Complaint-Affidavit (signed and notarized).
Valid ID (and corporate authority if needed).
Evidence Index + Annexes (native exports + PDFs).
Cover letter requesting preservation/subpoenas to named platforms/banks/ISPs.
Contact details for follow-ups.

XIII. Frequently Asked Questions

Q: Can I file in both NBI and PNP? Yes. Disclose parallel filings; share reference numbers to both.

Q: Do I need a lawyer? Not strictly to report, but counsel helps craft the affidavit, frame the offenses, and coordinate civil recovery.

Q: Will platforms give me the scammer’s data directly? Usually no; disclosure typically goes to law enforcement via formal process.

Q: The scammer deleted the account—am I out of luck? Not necessarily. Preservation may still be possible if you reported promptly and kept URLs/screens.

Q: Can I get my money back? Sometimes—through chargebacks, platform refunds, or civil settlements—but it becomes harder the longer you wait and the more “hops” funds have taken.

XIV. Final Notes and Good Practice

Move fast: platforms and banks operate on strict internal deadlines for reversals and disputes.
Be organized: a clean timeline and indexed annexes dramatically improve your case.
Stay truthful and specific: exaggeration or speculation can weaken probable cause.
Protect your privacy: file redacted public copies when necessary and lawful.

Appendix: One-Page Timeline Table (copy/paste into your affidavit as Annex A)

#	Date & Time	Event/Action	Actor	Platform/Channel	Evidence Reference
1	YYYY-MM-DD HH:MM	Initial contact from [handle/URL/number]; promised [X]	Respondent	[FB/IG/Marketplace/SMS]	Annex B-1
2	YYYY-MM-DD HH:MM	Payment of ₱[amount], Ref. [txn id]	Complainant	[Bank/E-wallet]	Annex C-1
3	YYYY-MM-DD HH:MM	Non-delivery / refusal / blocking	Respondent	[Channel]	Annex B-2
4	YYYY-MM-DD HH:MM	Platform report filed, Ticket [#]	Complainant	[Platform]	Annex F-1
5	YYYY-MM-DD HH:MM	Law-enforcement filing, Case Ref [#]	Complainant	[NBI/PNP]	Annex X-1

This guide is intended for general information only and is not a substitute for tailored legal advice. For high-stakes matters (large losses, minors involved, cross-border elements), consult counsel and coordinate closely with NBI-CCD or PNP-ACG.