How to Report an Online Scam in the Philippines: NBI, PNP, and Cybercrime Hotlines

How to Report an Online Scam in the Philippines: NBI, PNP, and Cybercrime Hotlines

Last updated based on generally applicable Philippine law and practice as of 2024. Agency phone numbers, email addresses, and web portals change—always confirm details on the agency’s official website or verified social media before you submit anything.

Executive Summary

If you’ve been scammed online in the Philippines, take three parallel tracks immediately:

  1. Contain the damage – secure accounts, notify your bank/e-wallet/telco, and preserve evidence.
  2. Report to law enforcement – file a complaint with the NBI Cybercrime Division or PNP Anti-Cybercrime Group (ACG); use the national cybercrime/cybersecurity hotline or contact center where available.
  3. Escalate to the right regulatorsBSP (banks/e-wallets), SEC (investment/online lending), DTI (e-commerce), NPC (identity theft/data breaches), NTC (SIM/SMS spam), DICT/CICC (coordination & incident response).

The faster you act (ideally within 24–72 hours), the better your odds of freezing funds and preserving digital traces.

What Counts as an “Online Scam” Under Philippine Law

“Online scams” aren’t one single offense. Common legal hooks include:

  • Estafa/Swindling under the Revised Penal Code (RPC, Art. 315) — fraudulent misrepresentations causing you to part with money or property.
  • Access Devices Regulation Act (RA 8484) — credit/debit/ATM fraud.
  • Cybercrime Prevention Act (RA 10175) — qualifies certain crimes when committed through information and communications technologies (e.g., computer-related fraud, identity theft, illegal access, data interference).
  • E-Commerce Act (RA 8792) — recognition of electronic transactions; violations may overlap with consumer protection.
  • Financial Products and Services Consumer Protection Act (RA 11765) — BSP/SEC/IC powers vs. unfair and abusive financial practices.
  • Data Privacy Act (RA 10173) — unlawful processing, security breaches, or identity theft.
  • SIM Registration Act (RA 11934) — obligations on SIM users/telcos that can aid tracing/ blocking.
  • Other special laws depending on the scheme (e.g., Anti-Photo and Video Voyeurism Act, Anti-OSAEC for child exploitation, etc.).

Online scams often involve overlapping crimes (e.g., estafa and computer-related fraud). Don’t worry about “charging” it correctly—law enforcement and prosecutors will classify the offenses from the facts you present.

Which Agency Should You Go To?

1) National Bureau of Investigation (NBI) – Cybercrime Division

  • Handles complex or high-value cases, organized networks, inter-city or foreign elements.
  • You can walk in at NBI offices or file online if the current NBI e-complaints portal accepts cybercrime submissions.
  • NBI can coordinate digital forensics, subpoenas, and inter-agency requests.

2) Philippine National Police (PNP) – Anti-Cybercrime Group (ACG)

  • Handles day-to-day cyber-enabled crimes nationwide via regional/ provincial cybercrime units.
  • Accepts walk-in complaints and online reports when available.
  • Useful when the suspect, device, or transaction is local and time-sensitive (e.g., device seizure, buy-bust/entrapment when feasible).

3) National Cybercrime/Cybersecurity Hotlines (Inter-Agency)

  • The government has operated a centralized contact center (under DICT/CICC) that triages cybercrime and cybersecurity complaints and coordinates with NBI/PNP/regulators.
  • Hotline numbers and web forms change—verify the current official hotline/portal before calling or submitting.

Where to file first? It does not usually matter. File with whichever of NBI or PNP-ACG you can reach fastest, then share the reference number with the other if you escalate. For bank/e-wallet losses, notify your provider immediately and file with BSP’s consumer assistance in parallel.

What to Prepare Before You Report

1) A concise timeline. Dates, times (with time zone if possible), what happened, and amounts lost.

2) Identity & contact info. Valid government ID, your phone/email, and alternative contact details.

3) Evidence pack (originals + working copies).

  • Screenshots that include full screen, address bars, and timestamps.
  • Chat logs (exported files, not just pasted text).
  • Emails with full headers (e.g., “Show original” in Gmail).
  • Transaction proofs (bank/e-wallet statements, reference/trace numbers, chargeback/ dispute IDs).
  • Platform URLs (seller profile, marketplace listing, payment pages).
  • Phone numbers/SIM details involved; if possible, any SIM registration info you lawfully hold.
  • Crypto: wallet addresses, transaction hashes, exchange accounts used.
  • Devices: do not “clean” devices—preserve as-is; if urgent, clone or image before changes.

4) Affidavit of Complaint (or be ready to execute one).

  • Narrate facts in your own words, attach exhibits (mark as Annex “A,” “B,” etc.).
  • Prepare to subscribe and swear before an authorized officer (NBI/PNP/inquest prosecutor/ notary).

5) Consent letters (optional but helpful).

  • Brief letters authorizing your bank/e-wallet/telco to release data to law enforcement and to freeze/hold suspicious proceeds.

Step-by-Step: Reporting to NBI

  1. Contact/Visit the nearest NBI office or the NBI Cybercrime Division.
  2. Intake: provide IDs, narrative, and evidence pack; get a reference/control number.
  3. Execution of Affidavit: you may sign an Affidavit-Complaint and Consent to Examine Device/Accounts if needed.
  4. Preservation/Requests: NBI may issue letters or subpoenas to banks/e-wallets/platforms to preserve and produce data (see “Legal Tools,” below).
  5. Case Build-Up: forensics, money-flow tracing (may coordinate with AMLC).
  6. Filing with the Prosecutor: the NBI files a complaint for inquest (if arrest happened) or regular preliminary investigation.
  7. Case Status: keep your control number; follow up in person or via the official channel you used to file.

Step-by-Step: Reporting to PNP-ACG

  1. Proceed to the nearest PNP-ACG regional field unit or cybercrime desk of your local police station.
  2. Initial Blotter: get an incident blotter entry (this helps downstream banks/ platforms recognize the case).
  3. Formal Complaint & Affidavit: submit narrative and evidence; sign consents if device/account examination is needed.
  4. Operational Actions: where feasible, ACG may do entrapment, hot pursuit, or search/seizure with appropriate warrants.
  5. Prosecutor Referral: ACG will endorse to the City/Provincial Prosecutor for preliminary investigation/ inquest.

National Cybercrime/Cybersecurity Hotline or Contact Center

  • Use the national hotline/portal (maintained under DICT/CICC) to triage incidents, especially outside office hours or if you’re unsure which office to approach.
  • Provide the same evidence pack. Ask for the ticket number and the agency your case is being sent to.
  • Confirm the latest hotline/portal on DICT/CICC official channels before submitting.

Parallel Reporting & Escalations (Very Important)

Depending on the scam’s nature, also report to:

  • Your bank or e-wallet (BSP-supervised) — request immediate freeze/hold on beneficiary accounts and trace requests. Escalate via the provider’s Consumer Protection channel.
  • Bangko Sentral ng Pilipinas (BSP) — file a consumer assistance case if the loss involves a bank/e-money issuer/payment operator.
  • Securities and Exchange Commission (SEC)investment scams, online lending apps, Ponzi schemes.
  • Department of Trade and Industry (DTI)seller-buyer fraud in online marketplaces and e-commerce disputes.
  • National Privacy Commission (NPC)identity theft, doxxing, account takeovers, data breaches.
  • National Telecommunications Commission (NTC)SIM-related fraud, spam SMS, spoofed calls.
  • AMLC via law enforcement** — for freeze petitions/financial intelligence on proceeds of crime.
  • Platforms (Facebook, Instagram, Shopee, Lazada, Carousell, TikTok, YouTube, Telegram, etc.) — use their law-enforcement or abuse reporting paths and request preservation.

Do not rely on a single report. Multi-track reporting increases the chance of freezing funds and preserving evidence before it ages out.

Legal Tools Available to Investigators (What Happens After You Report)

  • Rule on Cybercrime Warrants (A.M. No. 17-11-03-SC)

    • WDCDWarrant to Disclose Computer Data (subscriber info, traffic data, content data held by service providers).
    • WSSECDWarrant to Search, Seize and Examine Computer Data (on devices/servers).
    • WICDWarrant to Intercept Computer Data (real-time traffic/content under strict standards).

  • Data Preservation (RA 10175, Sec. 13)

    • Service providers must preserve traffic/subscriber/content data for set periods upon proper request.

  • Extraterritorial Reach (RA 10175, Sec. 21)

    • Philippine courts may take jurisdiction where acts produce detrimental effects in the Philippines or involve Philippine systems/ victims, even if offenders are abroad.

  • MLA/MUTUAL LEGAL ASSISTANCE

    • Through DOJ-Office of Cybercrime (OOC) for cross-border data and evidence sharing.

  • AMLC actions

    • Suspicious Transaction Reports (STRs), freeze orders (via CA), and cooperation with law enforcement to trace and restrain proceeds.

Evidence & Procedure: Practical Tips That Make or Break a Case

  1. Preserve First, Share Copies Later. Keep original files/devices untouched; give forensic copies to investigators.
  2. Keep It Verifiable. Export complete chat/email threads and metadata (email headers, download logs). Avoid editing/redacting originals; create redacted copies for sharing if privacy is a concern.
  3. Log Everything. Maintain a case diary: dates, whom you spoke to, ticket/control numbers, and what was submitted.
  4. Don’t Pay “Recovery Agents.” Scammers often resurface as “recovery experts.” Report them too.
  5. Move Fast on Payments. Ask your bank/e-wallet for inter-bank holds and recall requests; provide proof of police report promptly. Some windows close within 24–72 hours.
  6. Two-Track Your Remedy. Criminal case for punishment and civil action for recovery. Consider small claims if the amount fits the current Supreme Court threshold (check the latest limit and rules).

Step-by-Step: If Money Moved Through…

Banks (local):

  • Call the bank’s fraud hotline; request freeze/hold on the receiving account and a recall through PhilPaSS/instapay/pesonet rails as applicable.
  • Get a case/ticket number. Ask the bank for beneficiary bank details so you can alert them too.
  • Provide police blotter or NBI/PNP reference within the deadline they give.

E-wallets:

  • Report in-app immediately; request freeze on the recipient wallet and elevated review.
  • If your own wallet was compromised, lock your SIM, change credentials, and enable biometrics.
  • Escalate via BSP if the provider response is inadequate.

Crypto:

  • Immediately notify the exchange (if any) with the transaction hash and wallet address; request a freeze on accounts receiving your funds.
  • Share your police report and consent to share information with law enforcement.

Card payments:

  • File a chargeback with your card issuer, citing fraud/merchant misrepresentation; submit all evidence before the issuer’s internal cut-off.

Venue and Jurisdiction for Filing Cases

  • Under RA 10175 and general criminal procedure, venue can lie where any element of the offense occurred, where the victim resides, where the device/data is located, or where the detrimental effect was felt.
  • For inquest (when an arrest was made), filing occurs where the arrest took place or where the offense was committed.
  • For regular preliminary investigation, file with the City/Provincial Prosecutor having venue; NBI/PNP typically handles filing.

Templates (You Can Reuse/Adapt)

A. Affidavit-Complaint (Outline)

  1. Affiant’s Identity (name, age, citizenship, address).
  2. Authority to Administer Oath (who will notarize/administer).
  3. Narration of Facts in chronological order.
  4. Modus Operandi (how the scam worked).
  5. Loss/ Damage (amounts, accounts used, reference numbers).
  6. Evidence (attach and mark Annexes).
  7. Offenses Alleged (e.g., Estafa under Art. 315, Computer-Related Fraud under RA 10175).
  8. Prayer (investigate, prosecute, recover funds).
  9. Signature & Jurat (with ID details).

B. Bank/E-Wallet Freeze & Data Request (Victim Letter)

  • Your name/contact, incident summary, date/time, transaction details.
  • Request immediate freeze/hold, trace, and safe-keeping of logs/records.
  • Attach ID, proof of ownership, police/NBI/PNP reference.
  • Include consent to release data to law enforcement.

C. Platform Takedown/Preservation Notice

  • Identify URLs, handles, posts, and timestamps.
  • Demand takedown for fraud/impersonation and preservation of logs and content for 90–180 days pending warrant/subpoena.
  • Attach proof and a law-enforcement contact if available.

Frequently Asked Questions

Q: Do I need a lawyer to report? Not to report. For preliminary investigation and potential civil actions, a lawyer helps—especially for high-value losses or cross-border elements.

Q: Can funds be recovered? Sometimes. Success improves if you report within hours and the funds are still within the local banking/e-wallet system. Once cashed out or off-ramped abroad, recovery becomes harder and may rely on AMLC/MLA and platform cooperation.

Q: Will my identity be public? Your identity appears in complaints, but agencies can withhold sensitive data consistent with the Data Privacy Act. Ask investigators about redaction where appropriate.

Q: What if the scammer is overseas? Still report. RA 10175 allows extraterritorial reach in certain cases, and DOJ-OOC can invoke mutual legal assistance.

Do’s and Don’ts (At a Glance)

Do

  • Act within 24–72 hours for freezes/recalls.
  • Keep original evidence and make verified copies.
  • Use multiple channels (NBI, PNP-ACG, hotline, bank, regulator, platform).
  • Enable MFA, change passwords, secure your SIM and devices.

Don’t

  • Delete or “clean up” devices/chat threads.
  • Pay “recovery” services or fees to strangers.
  • Stall on reporting—time kills traces.

Quick Checklists

Incident Day 0 (Hour 0–6)

  • Freeze/recall with bank/e-wallet/card.
  • SIM lock / password resets / MFA on.
  • Screenshot/export evidence with timestamps.
  • Blotter + lodge report with NBI or PNP-ACG (get reference #).
  • Notify platform; send preservation request.

Day 1–3

  • File formal Affidavit-Complaint.
  • Escalate to BSP/SEC/DTI/NPC/NTC as relevant.
  • Follow up with banks/e-wallets on freeze/trace.
  • Consider civil remedies (e.g., small claims where applicable).

Week 1+

  • Track case status; maintain diary of actions.
  • Consider counsel for PI/inquest and possible settlement/recovery actions.

Final Notes on Hotlines & Portals

  • NBI Cybercrime Division and PNP-ACG maintain walk-in desks and, at times, online report forms/emails.
  • The government has deployed a central contact center for cybercrime/cybersecurity.
  • Because hotline numbers, emails, and portals change, always check the official NBI, PNP-ACG, and DICT/CICC pages (and verified Facebook/X pages) for the current reporting channels before you submit.

Disclaimer

This article provides general information about reporting online scams in the Philippines and is not legal advice. Facts matter. For significant losses, cross-border issues, or urgent relief (e.g., freezing orders), consult counsel or coordinate closely with investigators.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login