How to Report an Online Scammer to NBI and PNP Anti-Cybercrime Group (Philippines)

How to Report an Online Scammer to the NBI and PNP Anti-Cybercrime Group (Philippines)

This article explains, in Philippine context, how to report online scams to the National Bureau of Investigation–Cybercrime Division (NBI-CCD) and the Philippine National Police Anti-Cybercrime Group (PNP-ACG), what documents and evidence to prepare, what laws apply, what to expect procedurally (from blotter to prosecution), and practical tips to protect your rights and improve the odds of recovery or prosecution.

1) What counts as an “online scam”?

“Online scam” is not a single crime but a pattern of acts punishable under various laws, often charged together:

  • Estafa/Swindling (Art. 315, Revised Penal Code) — deceit causing damage (e.g., “paid but no delivery,” investment swindles, romance scams, job offer scams).
  • Cybercrime Prevention Act of 2012 (RA 10175) — if any element is committed through a computer system/online platform, penalties are usually one degree higher than their offline counterparts. The law also provides procedural tools (data preservation, disclosure, search/seizure of computer data, interception with court warrant).
  • Access Devices Regulation Act (RA 8484) — credit/debit card or account takeovers, card-not-present fraud.
  • E-Commerce Act (RA 8792) — electronic documents and signatures; used to prove online transactions.
  • Data Privacy Act (RA 10173) — for unauthorized processing/leaks of personal data in scams or identity theft (coordinate also with the National Privacy Commission).
  • Financial Products and Services Consumer Protection Act (RA 11765) — complaints against BSP-supervised institutions, SEC-registered investment entities, and insurers (regulatory remedies parallel to criminal action).
  • Special laws, as applicable: Anti-OSAEC (RA 11930), Anti-Photo and Video Voyeurism (RA 9995), Anti-Cybersex (Sec. 4(c)(1), RA 10175), Anti-Violence Against Women and Their Children (RA 9262) for sextortion, etc.

2) Where to report: NBI-CCD vs. PNP-ACG

Both agencies are competent to investigate cybercrime nationwide. You may choose either (or both), depending on convenience and the case’s nature.

  • NBI–Cybercrime Division (NBI-CCD)

    • Focus: complex investigations, inter-agency/foreign coordination, digital forensics.
    • Accepts walk-in complaints at NBI headquarters and regional NBI offices (which route cyber cases to CCD).
    • Often used when suspects are overseas, schemes are large-scale, or bank/fintech cooperation is needed.

  • PNP Anti-Cybercrime Group (PNP-ACG)

    • Focus: rapid response, entrapment operations, on-the-ground coordination with local police stations and cyber units in regional offices.
    • Accepts walk-ins at Camp Crame and regional ACG offices; local stations can also blotter and endorse to ACG.

You can:

  1. File a police blotter (to fix the incident in time and place), then
  2. File a formal complaint with NBI-CCD or PNP-ACG (or both). Duplication is acceptable; agencies often coordinate.

3) Evidence: what to collect and how to preserve it (Philippine rules)

Proper evidence handling greatly increases the chance of prosecution and recovery.

A. Collect immediately

  • Full conversation threads (marketplace chats, emails, messaging apps).
  • Account identifiers: profile links/handles, phone numbers, email addresses, wallet addresses, bank/GCash numbers, order IDs, ads/listings.
  • Transaction proof: deposit slips, e-wallet/bank app screenshots, reference numbers, dates/times, amounts, merchant/acquirer info, card last four digits (mask the rest).
  • Digital artifacts: website URLs, order pages, WHOIS screens, shipping tracking, IP emails headers (if available).
  • Any voice/video calls (recordings if lawfully obtained) and voicemail.
  • Device and platform details: your phone/PC model, OS, app versions, your IP (if relevant).

B. Preserve like a litigator

Philippine Rules on Electronic Evidence (A.M. No. 01-7-01-SC) allow electronic data as admissible evidence if authenticity and integrity are shown.

  • Don’t delete the app/thread; keep the device unchanged.
  • Capture full-screen screenshots showing date/time and URL where applicable. For chats, scroll to include the counterpart’s handle and thread title.
  • Export chat logs to PDF/HTML when the app allows; keep native files (e.g., .eml for emails).
  • Retain metadata when possible (avoid re-saving images that strip EXIF).
  • Maintain a simple chain-of-custody log: when you captured, by whom, on what device; store files in a labeled folder.
  • Optional but helpful: compute and note cryptographic hashes (e.g., SHA-256) of files to demonstrate integrity.
  • Back up to an external drive/cloud; never share originals except with investigators/counsel.

C. Ask for data preservation

Under RA 10175, investigators can seek Preservation of Computer Data and Disclosure orders via court-issued cyber warrants. You can also promptly notify banks/e-wallets and platforms (marketplaces, social networks) about the scam and request account freeze/flag and log preservation. Time is critical because logs rotate.

4) Step-by-step: Filing with the PNP-ACG

  1. Prepare your packet

    • Valid ID (government-issued).
    • Affidavit-Complaint (“Sinumpaang Salaysay”) narrating facts in chronological order: who, what, when, where, how you were deceived, amounts, and damages.
    • Annexes: evidence list with exhibit labels (A, A-1, etc.).
    • Contact details and availability for follow-ups.

  2. Blotter at the nearest police station or go directly to a PNP-ACG office.

  3. Intake & triage: ACG officer records your report, reviews evidence, and may advise immediate bank/e-wallet dispute and platform reporting.

  4. Case build-up: ACG gathers additional proof, may coordinate with banks/telcos/platforms, and (with prosecutor/court) apply for Cybercrime Warrants—e.g.,

    • WDCD (Warrant to Disclose Computer Data),
    • WSSECD (Warrant to Search, Seize, and Examine Computer Data),
    • WICD (Warrant to Intercept Computer Data), if legally justified.

  5. Referral to the Prosecutor: Once sufficient evidence exists, the case is filed with the Office of the City/Provincial Prosecutor for preliminary investigation (unless an in-flagrante arrest occurred).

  6. Subpoena & counter-affidavits: Prosecutor issues subpoena to respondents; you may need to reply to defenses via reply-affidavit.

  7. Filing in court: If probable cause is found, an Information is filed with the proper Regional Trial Court (designated Cybercrime Court); a warrant of arrest may issue.

5) Step-by-step: Filing with the NBI-CCD

  1. Prepare the same packet (ID, affidavit, annexes).
  2. Walk-in at the nearest NBI office (or CCD) and state you are filing a cybercrime complaint.
  3. Interview & evaluation by NBI agent; you may be asked to provide devices for forensic imaging (with your consent and proper documentation).
  4. Digital forensics & requests: NBI may send preservation requests to platforms, work with BSP-supervised institutions, and seek cyber warrants through the DOJ and courts.
  5. Prosecutor referral and the same preliminary investigation steps as above.
  6. Case filing in the appropriate cybercrime court.

6) Venue, jurisdiction, and cross-border cases

  • Venue/Jurisdiction (RA 10175): A case may be filed where any element occurred, or where any computer system used is located (e.g., where the victim accessed the deceptive message or transferred funds). Cybercrime cases are handled by designated RTCs acting as cybercrime courts.
  • Extraterritoriality: If offenders or servers are abroad, authorities may use MLATs and 24/7 cybercrime contact networks for cooperation. Expect longer timelines but do file—financial trails and platform logs can still be obtained.
  • Important constitutional note: The Supreme Court (Disini v. Sec. of Justice, 2014) struck down the takedown/blocking provision of RA 10175; investigators must use court-issued cyber warrants for data access and restraint, respecting due process.

7) Criminal vs. regulatory vs. civil remedies (you can pursue several)

  • Criminal: Estafa, cybercrime-qualified offenses, access device fraud, identity theft-type offenses.

  • Regulatory (parallel):

    • BSP-supervised institutions (banks, e-money, payment systems): file a transaction dispute/fraud report and a formal complaint through the institution’s consumer protection channel; escalate to BSP if unresolved.
    • SEC: for investment scams or unregistered solicitations.
    • Insurance Commission: if insurers/health plans are involved.
    • National Privacy Commission: for identity theft/data misuse or breaches.
    • DTI: deceptive online sales practices by merchants.

  • Civil: Claim damages and/or rescission of the contract. For purely monetary claims up to ₱1,000,000, consider Small Claims (no lawyer required; A.M. No. 08-8-7-SC, as amended 2023). Civil action may be filed independently of criminal action.

8) Drafting your Affidavit-Complaint (practical template)

Title: Affidavit-Complaint for Estafa (Art. 315) in relation to RA 10175

  1. Identity paragraph (name, age, nationality, address, ID).

  2. Jurisdiction/venue paragraph (why the office/court has venue—where you saw the post, where you paid, where you suffered damage).

  3. Narrative

    • How you encountered the offer/ad; exact handles/links.
    • Misrepresentations (quote messages; attach screenshots).
    • Dates/times and transaction references for payments.
    • Non-delivery/ghosting/other acts; any further demands.

  4. Damages (principal amount + incidental costs).

  5. Offenses charged (estafa; qualified by use of information and communications technology under RA 10175; add special laws if applicable).

  6. Prayer (investigate, prosecute; issue preservation requests/warrants; coordinate with banks/telcos/platforms).

  7. Verification & jurat (sworn before prosecutor/notary/administering officer).

Annexes: A (ID), B (screenshots, with dates), C (payment proof), D (conversation export), E (platform report receipts), F (dispute letters).

9) Banking/e-wallet and platform actions (time-sensitive)

  • Immediately contact your bank/e-wallet to report fraud and request temporary freeze/hold, chargeback/recall (if card rails), and log preservation. Provide the reference number of your dispute.
  • Report inside the app/platform (marketplace, social media) to trigger risk controls and preserve internal logs.
  • Keep ticket numbers; include them in your affidavit and give them to investigators.

10) What happens after filing

  • Initial case build-up: Investigators may call for clarifications, request original files/devices for imaging (with receipts), and send lawful requests to banks/telcos/platforms.
  • Possible entrapment (for ongoing scams).
  • Prosecutor stage: exchange of affidavits; resolution typically issues finding probable cause or dismissing.
  • Court stage: arraignment, pre-trial, trial. Cyber evidence is offered following the Rules on Electronic Evidence; investigators and forensics personnel testify on authenticity and chain of custody.
  • Restitution/Recovery: Criminal courts may order restitution; banks may process chargebacks separately. Civil/regulatory paths can aid recovery even if the accused is not immediately arrested.

11) Common pitfalls to avoid

  • Deleting chats or resetting your phone before exporting evidence.
  • Altering screenshots (cropping out timestamps/usernames).
  • Paying “verification fees” to impostors posing as NBI/PNP agents—verify identities in person or via official channels.
  • Announcing case details publicly that could tip off suspects or expose personal data.
  • Relying only on chat screenshots—export full threads and keep native files.

12) Quick checklist (print-ready)

  • Government ID
  • Affidavit-Complaint (signed and sworn)
  • Evidence index with labeled annexes
  • Full chat exports + full-screen screenshots with timestamps/URLs
  • Payment proofs (receipts, reference numbers)
  • Platform report receipts / ticket numbers
  • Bank/e-wallet dispute reference
  • Your contact info and preferred times for calls
  • Storage drive/cloud folder with backups and (optional) file hashes

13) Frequently asked questions

Q: Can I report to both NBI and PNP-ACG? Yes. Provide the same evidence packet to both. They coordinate and may endorse to each other or to the proper prosecutor’s office.

Q: The scammer is abroad. Is reporting still useful? Yes. Funds often touch local accounts/e-wallets or card acquirers; platforms maintain logs. Authorities can seek cross-border assistance.

Q: Do I need a lawyer? Not strictly to file with NBI/PNP, but counsel helps craft affidavits, assert preservation measures, and handle parallel civil/regulatory actions.

Q: Can law enforcement just “take down” a page? Not unilaterally. Blocking/takedown requires lawful process; takedown-by-executive order was struck down by the Supreme Court. Investigators can request preservation and obtain cyber warrants.

Q: How fast can money be recovered? Time is critical; success varies. Immediate bank/e-wallet reporting improves odds. Criminal action punishes; civil/regulatory action targets restitution.

14) Final practical tips

  • File as soon as possible; many logs are retained only for limited periods.
  • Keep communications professional and concise; investigators handle many cases.
  • Use a single case folder with a clear naming convention (e.g., 2025-09-21_Online-Scam_[Platform]_[Amount]).
  • If you fear retaliation, request that your address/phone be treated with appropriate confidentiality, consistent with data privacy rules.
  • Consider placing fraud alerts with your bank/e-wallet and monitoring your credit/loan apps for new accounts you didn’t open.

Bottom line

Reporting to PNP-ACG or NBI-CCD is straightforward if you prepare a sworn affidavit and a clean, well-preserved evidence set. Combine criminal investigation, bank/platform disputes, and—when appropriate—regulatory and civil remedies. Acting quickly, preserving data properly, and following the procedure above will maximize your chances of accountability and recovery.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login