How to Report an Online Scam in the Philippines (NBI, PNP-ACG, SEC, BSP)

How to Report an Online Scam in the Philippines (NBI, PNP-ACG, SEC, BSP)

This is a practical legal guide for victims, families, counsel, compliance teams, and platform moderators operating in the Philippines. It explains who to contact, what laws apply, what evidence to gather, and how a case typically proceeds. It does not replace advice from your own lawyer. Hotline numbers, forms, and portals change frequently—verify current channels on the agencies’ official sites before filing.

TL;DR — Where do I report?

  • Unauthorized bank/e-wallet/instaPay/PESONet/card transaction:

    1. Your bank/e-wallet (immediately), then 2) Bangko Sentral ng Pilipinas (BSP) if unresolved, and 3) NBI Cybercrime Division or PNP-Anti-Cybercrime Group (ACG) for criminal investigation.

  • Investment/pyramiding/“trading bot”/unregistered securities: Securities and Exchange Commission (SEC) (for regulatory action) + NBI/PNP-ACG (for criminal investigation). If money moved through banks/e-wallets, also use BSP escalations.

  • Account hacks, phishing, sextortion, doxxing, online marketplace swindles, identity theft, vendor “no delivery”: NBI Cybercrime or PNP-ACG (criminal), and if it’s a consumer sale dispute, DTI may also help (civil/administrative). For privacy breaches, notify National Privacy Commission (NPC).

  • Smishing/robocalls/SIM-based scams: NBI/PNP-ACG (criminal) and NTC (telecom regulation), plus NPC for data privacy issues.

Step 1: Act Immediately (First 24–48 hours)

  1. Secure accounts & devices

    • Change passwords; enable multi-factor authentication.
    • Log out of all sessions; revoke suspicious app access.
    • Run malware/AV checks on affected devices.

  2. Contact your bank/e-wallet NOW

    • Report the unauthorized transaction; request transaction dispute, trace & recall, and temporary holds on suspect counterparties when available.
    • Ask for a written case/reference number and next-step timelines.
    • Keep statements, SMS/email alerts, and dispute forms.

  3. Preserve evidence

    • Do not delete chats/posts/emails—even if embarrassing (e.g., sextortion).
    • Take full-screen screenshots showing URL bars, timestamps, and profile handles.
    • Export chats (Messenger/WhatsApp/Telegram/Viber), download email headers, save bank receipts, GCash/Maya references, and delivery platform logs.
    • Note dates, times, IP addresses (if shown), device names, and geolocation data.
    • Keep a chronology (who/what/where/how much).

  4. Report on-platform

    • Use built-in reporting tools (social networks, marketplaces, payment apps) to flag and preserve content.

Step 2: Choose the Right Philippine Agency (and What Each Does)

A. NBI Cybercrime Division (NBI-CCD)

  • When to go: Hacking; phishing; account takeovers; computer-related fraud; identity theft; sextortion/online extortion; large-scale swindling; cross-border scams; coordinated syndicates.
  • What they can do: Digital forensics; undercover ops; coordination with ISPs/platforms; case build-up and referral to prosecutors; apply for cybercrime warrants (see below).
  • What to bring: Valid ID; Complaint-Affidavit (notarized if possible); evidence (screenshots, exports, receipts); bank dispute numbers; list of witnesses; any platform ticket numbers.

B. PNP Anti-Cybercrime Group (PNP-ACG)

  • When to go: Same as NBI; also practical if the incident is ongoing, local, or you need a police blotter quickly.
  • What they can do: Investigate, preserve evidence, coordinate with local stations/regions, inquest for arrested offenders, request cyber warrants via prosecutors/Courts.
  • What to bring: Same evidence set; be ready to give a sworn statement.

NBI vs PNP-ACG? Either can investigate cybercrime. Pick the one you can reach fastest; they also coordinate with each other. For complex inter-agency cases, your report at one often gets shared with the other as needed.

C. Securities and Exchange Commission (SEC)

  • When to go: Investment scams—unregistered investment contracts, Ponzi/pyramids, unlicensed brokers, illegal “forex/crypto” solicitations, “trading bots,” “pay-in, payout” schemes.
  • What they can do: Issue Advisories, Cease and Desist Orders, revoke registrations, impose administrative penalties, refer criminal charges to DOJ, and coordinate with NBI/PNP for enforcement.
  • What to bring: Proof of solicitation (ads, chats, videos), payment proofs, contracts/receipts, affiliate codes, list of recruiters/uplines, and victim list (if collective filing).

D. Bangko Sentral ng Pilipinas (BSP)

  • When to go: Disputes and consumer protection issues with BSP-supervised institutions (banks, e-money issuers like e-wallets, remittance agents, and certain payment system operators).

  • What they can do: Enforce Financial Consumer Protection rules (response/handling standards, fair treatment); direct supervised institutions to address complaints; impose regulatory sanctions.

  • Process:

    1. File first with your bank/e-wallet;
    2. If unresolved/unsatisfactory or urgent (e.g., systemic fraud), escalate to BSP with your case/reference numbers and documents.

Also consider: NPC (Data Privacy Act breaches), DTI (e-commerce consumer complaints), NTC (SIM/smishing), AMLC (freezing/analysis of suspicious transactions), and CICC/DICT (cybersecurity coordination). These can run in parallel with NBI/PNP-ACG and SEC/BSP channels.

Step 3: Know the Laws Frequently Invoked

  • Cybercrime Prevention Act (RA 10175) — illegal access; data interference; device misuse; computer-related fraud; cyber-sex crimes; cyber-extortion; venue rules for cyber cases; real-time collection and preservation with judicial authorization.
  • E-Commerce Act (RA 8792) — recognizes electronic data messages and e-signatures; penalizes hacking/violations (often superseded by the heavier penalties under RA 10175).
  • Rules on Electronic Evidence (A.M. No. 01-7-01-SC) & Revised Rules of Evidence — govern admissibility and authentication of screenshots, logs, emails, and metadata.
  • Revised Penal CodeEstafa/Swindling (Art. 315), Other Deceits (Art. 318), Theft (where applicable), Grave threats (for extortion), etc.
  • Access Devices Regulation Act (RA 8484) — credit/debit/ATM/e-wallet access device fraud.
  • Financial Products and Services Consumer Protection Act (RA 11765) — duties of financial institutions; complaint handling; restitution/compensation mechanisms through regulators.
  • Data Privacy Act (RA 10173) — unlawful processing/data breach; right to lodge a complaint with NPC.
  • National Payment Systems Act (RA 11127) — oversight of payment systems and operators.
  • Anti-Money Laundering Act (RA 9160, as amended) — STRs/CTRs; possible freeze orders via AMLC/Court of Appeals (separate proceeding).
  • SIM Registration Act (RA 11934) — identity/accountability for SIMs; basis for subpoenas to telcos.
  • Special laws for sexual imagery and minorsRA 9995 (Anti-Photo and Video Voyeurism), RA 9775 (Anti-Child Pornography), RA 11930 (Anti-OSAEC).

Step 4: Build a Strong File — Evidence Checklist

Capture the scam “story” end-to-end:

  • Identity & handles: Profile names/URLs, email addresses, phone/SIM numbers, wallet IDs, bank account names/numbers, platform IDs, domain names.
  • Communications: Full chat/email exports (not just screenshots), voicemail recordings, call logs. For emails, include full headers.
  • Transactions: Bank statements, transfer receipts, e-wallet references, card charge slips, courier/delivery logs, platform order IDs.
  • Devices & network: Device model/OS, app versions, IP addresses shown in security alerts, login locations, and timestamps.
  • Metadata: Filenames, hashes (if you know how), message IDs, EXIF (for images).
  • Preservation letters: If you have counsel, request platforms to preserve content and logs (litigation hold) pending subpoena/warrant.

Chain of custody tip: Keep originals; note who handled each file, when, and how it was copied. Avoid editing originals (even cropping). Use read-only media for storage.

Step 5: How to File — Per Agency

A. NBI Cybercrime Division (NBI-CCD)

  1. Prepare a Complaint-Affidavit

    • Facts in chronological order; identify suspects (or “John/Jane Does”); describe devices/accounts used; specify amounts and dates.
    • Attach Annexes (A: screenshots; B: receipts; C: chat export; etc.).
    • Sign before a notary public (or administer oath at NBI office).

  2. Submit & get a control number

    • You may be interviewed; provide storage media (USB) with electronic evidence.
    • Ask how to deliver supplements (new screenshots, new victims), and how you’ll receive updates.

  3. Case build-up

    • NBI may apply for cybercrime warrants under the Rule on Cybercrime Warrants (A.M. No. 17-11-03-SC):

      • Warrant to Disclose Computer Data (WDCD),
      • Warrant to Intercept Computer Data (WICD),
      • Warrant to Search, Seize, and Examine Computer Data (WSSECD) (terminology varies in practice), and related authority for forensics and subscriber information.

    • Expect coordination with banks, telcos, platforms, and possibly MLAT (mutual legal assistance) for data abroad.

  4. Filing with Prosecutor / DOJ

    • After investigation, NBI files a criminal complaint with the Office of the City/Provincial Prosecutor for inquest (if arrest) or regular preliminary investigation. You may also file directly with the prosecutor if needed.

B. PNP Anti-Cybercrime Group (PNP-ACG)

  1. Blotter and Complaint-Affidavit

    • The blotter documents date/time of the incident.
    • Submit a sworn Complaint-Affidavit with annexes. Bring IDs and device(s) if requested.

  2. Investigation & operations

    • PNP-ACG conducts digital and field ops, may coordinate with local stations and seek cyber warrants via prosecutors.
    • For ongoing extortion (“pay now or else”), call immediately; do not send more money.

  3. Prosecution

    • PNP submits to prosecutors for inquest or preliminary investigation. Attend clarificatory hearings if asked.

C. Securities and Exchange Commission (SEC)

  1. Identify the conduct

    • Unregistered investment contracts, Ponzi/pyramid schemes, forex/crypto offerings, “double your money,” profit-sharing without SEC registration, unlicensed brokers/agents.

  2. File with SEC Enforcement

    • Submit complaint details, proof of solicitation (screenshots/videos/ads), payment proofs, list of recruiters and victims, and channels used (FB groups, Telegram, etc.).
    • SEC may issue Advisories/CDOs, refer for criminal prosecution, and coordinate with law enforcement.

  3. Parallel actions

    • Because funds moved through banks/e-wallets, also file NBI/PNP-ACG (criminal) and BSP (for supervised institutions).
    • Consider civil remedies (below) for recovery.

D. Bangko Sentral ng Pilipinas (BSP)

  1. Exhaust your bank/e-wallet’s complaint channel

    • Obtain a written acknowledgment and case number; keep all communications.
    • Ask about recall, reversal, or chargeback options and investigation timelines.

  2. Escalate to BSP (if unresolved or urgent)

    • Provide your narrative, institution case number, copies of IDs, statements, dispute forms, and evidence that you first used the institution’s complaint process.
    • BSP evaluates compliance with financial consumer protection rules and may direct corrective action or impose sanctions.

Expectations: Not all cases result in reimbursement. Outcomes depend on facts (e.g., whether credentials were compromised by phishing vs. system breach). Early reporting improves the odds of recovery.

Criminal, Administrative, and Civil Tracks (How They Interact)

  • Criminal (NBI/PNP → Prosecutor → Courts): Punishes offenders; can include restitution as part of judgment but is not guaranteed.

  • Administrative/Regulatory (SEC/BSP/NPC/NTC): Stops ongoing illegal activity, penalizes regulated entities, and can indirectly enable recovery (e.g., through compliance orders).

  • Civil (filed by the victim): Rescission, damages, unjust enrichment, etc.

    • Small Claims: For money claims without lawyers. Check the current threshold (the Supreme Court raised it in recent years; as of 2023 it was ₱1,000,000, subject to later changes).
    • Where to file: Venue rules generally follow where the defendant resides or where the cause of action arose; cybercrime venue under RA 10175 is broader (anywhere an element occurred or where a relevant computer system is located).

Strategy: Run criminal and regulatory complaints in parallel; consider a civil case for recovery where defendants are identified and collectible.

Special Scenarios

Sextortion / Intimate Image Threats

  • Do not pay. Cut contact; preserve chats and images; report to NBI/PNP-ACG immediately.
  • If a minor is involved, indicate this clearly (triggers special laws and urgent handling).
  • Ask investigators about fast takedown and platform escalation procedures.

Marketplace “No Delivery” & Seller Impersonations

  • File platform dispute; collect order IDs, seller chat logs, and courier scans.
  • For criminal estafa, file NBI/PNP-ACG; for consumer protection against legitimate merchants, consider DTI.

Phishing & Social Engineering

  • Keep the original phishing email with headers; don’t forward in a way that strips metadata.
  • Provide login alerts, IPs, and bank/e-wallet security notifications.

Corporate Victims (Business Email Compromise/BEC)

  • Trigger your incident response plan; notify your bank’s fraud desk for SWIFT recall or local EFT recall.
  • Coordinate NBI/PNP-ACG for rapid subpoenas to beneficiary banks; consider AMLC consultation for tracing.

What Happens After You File

  1. Docketing & initial assessment (agency checks completeness; may request more docs).
  2. Evidence preservation (letters to platforms; applications for cyber warrants).
  3. Tracing funds/accounts (bank inquiries, e-wallet flags, STRs with AMLC).
  4. Identification of suspects (subscriber info, KYC files, device forensics, CCTV, delivery IDs).
  5. Filing with Prosecutor (inquest if arrest; otherwise preliminary investigation).
  6. Court proceedings (arraignment, trial). Parallel SEC/BSP/NPC actions may continue.
  7. Restitution/Recovery — possible via criminal judgment, civil compromise, or voluntary refunds through regulators. There is no automatic guarantee of full recovery.

Practical Tips That Make or Break Cases

  • Names & dates win cases. Build a timeline with amounts, references, and links.
  • Originals > screenshots. Exports of chats, CSVs of transactions, and full email headers carry more weight.
  • Don’t sanitize evidence. Cropping/redacting can raise authenticity issues—submit clean originals and a redacted set for sharing.
  • Use consistent pesos conversion (if crypto or foreign currency). Record rate/date used.
  • Victim clustering helps. Group complaints (same scheme, same recruiters) for impact and efficiency.
  • Be precise about damages. Principal, fees, interest, and consequential losses should be itemized.

Templates (You Can Copy-Paste and Fill In)

1) Complaint-Affidavit (Outline)

COMPLAINT-AFFIDAVIT I, [Name], Filipino, of legal age, with address at [Address], after having been duly sworn, depose and state:

  1. Parties/Accounts Involved: (handles, numbers, URLs).
  2. Narrative of Facts: (chronological—dates, amounts, references).
  3. Modus: (phishing/investment solicitation/sextortion/etc.).
  4. Evidence: (Annex “A” to “__” with brief descriptions).
  5. Laws Violated: (e.g., RA 10175 computer-related fraud; Art. 315 Estafa; RA 8484; RA 8792; RA 11765).
  6. Reliefs Sought: (criminal prosecution; preservation of data; subpoenas; coordination with banks/telcos/platforms; restitution). Affiant further says nothing. [Signature over Printed Name] ID No./Issuer/Expiry: SUBSCRIBED AND SWORN… [notarial jurat]

2) Bank/E-Wallet Dispute Letter (Short Form)

Subject: Unauthorized Transaction Dispute — [Acct No./Wallet ID] Date/Time of Incident: Transaction Ref(s): Amount(s): Narrative: I did not authorize these transactions. Please initiate trace & recall, freeze related accounts when possible, and provide written acknowledgment and timeline under financial consumer protection rules. Attached are IDs, statements, device alerts, and police/NBI reference numbers. [Name, Signature, Contact]

3) SEC Investment Scam Report (Short Form)

Subject: Complaint re: Unregistered Investment Solicitation by [Entity/Persons] Details: (how I was solicited; promised returns; dates; channels; recruiters; amounts paid; number of victims known). Attachments: Proof of ads/solicitation, chats, receipts, bank/e-wallet proofs, list of affected investors with contacts (if available). Relief: Advisory/CDO; referral for criminal prosecution; coordination with NBI/PNP; bank/e-wallet coordination.

Frequently Asked Questions

Q: Can I get my money back through BSP? A: BSP enforces consumer protection and can order regulated entities to fix handling deficiencies, but reimbursement depends on facts, contracts, and network rules (e.g., chargebacks). File promptly and pursue criminal/civil routes in parallel.

Q: NBI or PNP-ACG—who’s faster? A: It depends on the case and location. File where you can engage quickly and supply complete evidence; they coordinate when needed.

Q: The scammer is abroad. Is it hopeless? A: Harder, not hopeless. Investigators can use MLAT channels, platform cooperation, and banking trails. Early preservation and strong evidence increase options.

Q: Should I pay the extortionist to buy time? A: No. Payment often triggers more demands and complicates prosecution. Preserve evidence and report immediately.

Q: Are screenshots admissible? A: Yes, subject to the Rules on Electronic Evidence—but original exports and metadata are stronger.

Common Pitfalls

  • Waiting days before telling your bank/e-wallet.
  • Deleting chats/photos “to clean up.”
  • Submitting only cropped screenshots without sources.
  • Not getting a case/reference number from institutions.
  • Relying solely on platform takedowns without filing with authorities.
  • Expecting automatic refunds or recoveries.

Final Checklist (Print and Tick Off)

  • Accounts secured, MFA enabled.
  • Bank/e-wallet notified; dispute filed; reference number recorded.
  • Evidence preserved (original exports, headers, receipts).
  • On-platform report filed; ticket/URL saved.
  • Complaint-Affidavit prepared and notarized (if feasible).
  • Filed with NBI or PNP-ACG (kept control/blotter number).
  • Filed with SEC (investment scams) and/or BSP (financial services issues).
  • Considered NPC/DTI/NTC/AMLC as applicable.
  • Evaluated civil recovery (small claims or regular civil action).
  • Calendarized follow-ups and deadlines.

A Note on Expectations

Online scam cases range from simple one-off swindles to organized syndicates using money mules and foreign platforms. Results vary by speed of reporting, quality of evidence, and cross-border cooperation. Your best leverage is early action, meticulous documentation, and pursuing all appropriate tracks—criminal, regulatory, and civil—at the same time.

If you want, I can tailor the above into a printable one-pager or fillable templates for your specific case details.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login