How to Report and Document Scam Calls and Fraudulent Phone Numbers in the Philippines

A Philippine legal-context article on preserving evidence, reporting pathways, and practical documentation for enforcement and dispute resolution.

1. Overview: Why reporting and documentation matter

Scam calls, smishing (SMS phishing), vishing (voice phishing), SIM-swap, and app-based fraud in the Philippines are not merely “nuisance” communications—they may constitute multiple criminal offenses and consumer-law violations, and they frequently intersect with banking, e-wallet, and telecom regulatory processes.

In practice, documentation is the difference between a dead-end complaint and an actionable case. Proper records can:

  • support criminal investigation and prosecution,
  • trigger telco blocking/trace processes,
  • enable bank/e-wallet dispute handling and incident containment,
  • strengthen complaints to regulators (e.g., consumer protection and data privacy), and
  • help establish patterns (repeat numbers, scripts, modus operandi) that investigators can link to organized fraud operations.

2. Common scam patterns in the Philippines (and what they usually try to obtain)

Understanding the usual playbooks helps you document facts in the right way.

2.1 “Bank/GCash/Maya verification” vishing

Caller claims to be from a bank or e-wallet provider; asks for OTP, CVV, PIN, or to “reverse a charge.” Sometimes they instruct victims to “verify” by reading an OTP aloud.

Key legal/technical point: OTPs are authentication factors. Sharing them is often the final step that enables unauthorized transfers.

2.2 “Delivery rider / parcel / customs fee” scams

Caller or SMS claims a parcel is pending and you must pay a fee via link or e-wallet transfer. Often includes short URLs.

2.3 “Text lottery / raffle / ayuda / government program” bait

Asks for personal data, ID photos, or small “processing fee.” Sometimes escalates to identity theft.

2.4 SIM swap / number takeover

Scammer gathers personal info then convinces a telco or uses compromised processes to port/replace your SIM, capturing OTPs.

2.5 “Job offer / crypto / investment” scams via calls and messaging apps

Call is the entry point; later moved to Viber/WhatsApp/Telegram with “handlers,” payment instructions, or remote access apps.

3. Philippine legal framework: what laws are typically implicated

Scam calls may involve overlapping offenses. A single incident can trigger multiple statutes depending on facts.

3.1 Revised Penal Code (RPC): fraud and related crimes

Many phone scams fit classic estafa (swindling) concepts when deceit causes the victim to part with money or property. Related provisions can apply if there is falsification, impersonation, or coercion.

3.2 Cybercrime Prevention Act of 2012 (RA 10175)

If the scam uses information and communications technology to commit fraud—especially where electronic systems, online transfers, phishing links, or digital identity misuse are involved—cybercrime provisions and rules on investigation and evidence may be relevant.

3.3 Access Devices Regulation Act (RA 8484)

Where the conduct involves credit/debit card data, account access credentials, or payment “access devices,” this law is often implicated.

3.4 Data Privacy Act of 2012 (RA 10173)

If the scam involves unauthorized processing, collection, disclosure, or misuse of personal data (including leaks that enable targeting), Data Privacy Act concepts can arise. Victims may also consider privacy complaints if there are grounds that personal information was mishandled by entities subject to the Act.

3.5 E-Commerce Act (RA 8792) and electronic evidence concepts

Electronic messages, logs, screenshots, and transaction records can be relevant in establishing identity, intent, and the chain of events.

3.6 Anti-Financial Account Scamming Act (AFASA) (RA 12010)

This newer statute specifically targets financial account scams—including schemes involving bank/e-wallet accounts, mule accounts, and fraud in electronic fund transfers—strengthening coordination and enforcement mechanisms. Where the scam involves unauthorized transfers, mule accounts, or financial credential theft, AFASA may be directly relevant.

Practical takeaway: you do not need to “label” the crime correctly when reporting. Your job is to preserve facts and evidence; authorities determine the proper charge.

4. The evidentiary core: what to document, and why

A strong report has two pillars: (1) accuracy and (2) traceability.

4.1 The minimum incident record (do this immediately)

Create a single incident note (paper or digital) with:

  1. Date and time (include timezone; Philippines is UTC+8).
  2. Calling number (exact digits; include country code if shown).
  3. Channel (voice call, SMS, Viber, WhatsApp, Telegram, Facebook call).
  4. What was claimed (e.g., “BDO fraud unit,” “GCash verification,” “NBI,” “delivery”).
  5. What they asked you to do (give OTP, click link, install app, transfer funds, provide ID).
  6. What you did (ignored, answered, gave partial info, clicked link, transferred).
  7. Any identifiers mentioned (agent name, “ticket number,” employee ID, case reference).
  8. Any link, account number, e-wallet handle, QR, or bank details they provided.
  9. Any money lost (amount, transaction time, reference number, destination account).
  10. Your telco and device (Smart/Globe/DITO; phone model) and whether number is prepaid/postpaid.

4.2 Screenshots (how to do them so they’re usable)

For SMS/call log screenshots:

  • capture the full number, timestamp, and message content in one frame where possible;
  • take multiple screenshots if content scrolls;
  • do not crop out status bars/time;
  • keep the original files (don’t rely only on chat-app forwarded copies).

For link-based scams:

  • screenshot the full URL (tap/hold to reveal full link if possible);
  • screenshot any landing page;
  • do not log into accounts from suspicious pages.

4.3 Call recordings: legal and practical considerations

If your phone supports it or you can legally and technically record, recordings are powerful, but treat them carefully:

  • keep original audio file metadata intact;
  • note who participated, when, and on what device.

Important caution: Wiretapping/recording rules can be fact-sensitive. If you’re unsure, focus on contemporaneous notes, screenshots, and telco logs; and ask authorities how they want audio handled.

4.4 Preserve telco and device logs

  • Export or screenshot your call history showing inbound/outbound, duration, and time.
  • Keep SMS in the original inbox until authorities advise otherwise.
  • If using messaging apps, export chat history (where possible) and keep the exported file and media folder intact.

4.5 Preserve financial evidence (for bank/e-wallet related scams)

Gather:

  • transaction reference numbers, screenshots, email/SMS confirmations;
  • recipient account details (account number, name if displayed, bank/e-wallet);
  • your bank’s case/ticket number if you reported it;
  • any “authorization” prompts you received (OTP, device enrollment alerts, new login notices).

5. Immediate containment steps (before you report)

These steps reduce harm and also improve your documentation.

5.1 If you only received a scam call/SMS (no money lost)

  • do not call back;
  • block the number on your device;
  • report within your telco/app and preserve screenshots.

5.2 If you clicked a link or installed an app

  • disconnect from the internet (airplane mode / Wi-Fi off);
  • uninstall suspicious apps;
  • run a reputable mobile security scan if available;
  • change passwords from a different, clean device;
  • enable multi-factor authentication on primary email and banking.

5.3 If you disclosed OTP/PIN/password or lost funds

  • immediately contact your bank/e-wallet support and request:

    • account freeze/lock,
    • reversal/recall process (if possible),
    • case reference number;

  • change passwords and secure your primary email;

  • report to appropriate law enforcement channels with your compiled evidence.

6. Where to report in the Philippines: practical pathways

Reporting is not “one-size-fits-all.” Use parallel channels depending on what happened.

6.1 Telco reporting (first-line for nuisance and pattern blocking)

Report the number to your mobile network operator’s scam/spam reporting channels (typically via hotline, app, or official reporting mechanisms). Provide:

  • offending number, date/time, screenshots, and a short description.

Goal: network-level blocking, trend analysis, and assistance in trace requests when coordinated with law enforcement.

6.2 PNP Anti-Cybercrime Group (PNP-ACG) / NBI Cybercrime Division

For scam calls linked to fraud, phishing, identity theft, unauthorized transfers, or organized schemes, file a complaint with cybercrime-capable law enforcement. Provide:

  • incident narrative, evidence pack, and financial/transaction records if any.

Goal: case build-up, subpoenas/requests for records, coordination with financial institutions and telcos.

6.3 DOJ Office of Cybercrime (where appropriate)

The DOJ’s cybercrime offices may be involved in coordination and prosecutorial aspects for cybercrime matters.

6.4 Bangko Sentral ng Pilipinas (BSP) / bank complaint escalation

If a bank or BSP-supervised institution is involved and you believe resolution is inadequate, you can escalate through formal complaint mechanisms. Goal: consumer protection resolution and compliance pressure for regulated entities.

6.5 National Privacy Commission (NPC) (data privacy angles)

If there is a credible basis that your personal information was improperly processed or exposed, consider a privacy complaint. Goal: accountability for personal data mishandling and privacy law remedies.

6.6 Platform reporting (messaging apps and social platforms)

For Viber/WhatsApp/Telegram/Facebook scams, report the user/profile/number within the platform and preserve proof.

7. How to write an effective complaint affidavit or incident narrative

Authorities and regulated entities respond best to structured, chronological facts.

7.1 Use a timeline format

Example outline (adapt as needed):

  1. Background (your number, telco, and relevant account ownership—only what’s needed).
  2. First contact: date/time, number, what was said.
  3. Deceptive acts: impersonation claims, instructions, threats.
  4. Your actions: what you disclosed or clicked; whether you transferred funds.
  5. Resulting harm: money lost, account takeover, unauthorized transactions.
  6. Steps taken: contacted bank/e-wallet, ticket number, account lock, screenshots saved.
  7. Evidence list: annexes (screenshots, recordings, logs, transaction slips).

7.2 Focus on facts, not conclusions

Avoid “they committed estafa” in the narrative body. Instead:

  • “Caller claimed to be ___ and requested my OTP.”
  • “After I provided the OTP, my account reflected an unauthorized transfer of PHP ___ at :.”

7.3 Identify exhibits clearly

Label files and printouts as:

  • Annex “A” – Call log screenshot;
  • Annex “B” – SMS screenshot with phishing link;
  • Annex “C” – Bank transfer confirmation;
  • Annex “D” – Chat export.

7.4 Maintain consistency

Your timestamps, amounts, and numbers must match across screenshots and narrative. If uncertain, state uncertainty:

  • “Approx. 2:15 PM” and explain why.

8. Building an “evidence pack” (recommended structure)

Make a folder with this structure:

  1. 00_Summary.txt (one-page incident summary, timeline, losses).
  2. 01_Screenshots/ (call log, SMS, chat, URLs).
  3. 02_Audio/ (if any recordings).
  4. 03_Financial/ (transaction refs, statements, ticket numbers).
  5. 04_Device_Telco/ (telco info, SIM type, device model, relevant alerts).
  6. 05_Identity_Proof/ (only if required by authorities; redact where possible).

Tip: Keep originals. Create copies for sharing.

9. Privacy and redaction: sharing evidence safely

When submitting reports, share what’s needed while avoiding unnecessary exposure.

  • Redact unrelated personal data (full address, full ID numbers) unless required.
  • Keep unredacted originals for authorities if formally requested.
  • If you must email evidence, consider password-protecting archives and sending the password separately.

10. Special scenarios and how to document them

10.1 Threatening or extortion calls

Document exact words, threats, and any demands. Extortion and intimidation aspects can matter even if no money moved.

10.2 Impersonation of government agencies (NBI, PNP, courts, BIR, etc.)

Record the claimed office, alleged case number, and demand (payment, personal info, appearance). These details help show impersonation patterns.

10.3 SIM swap indicators

Document:

  • loss of signal, “SIM not provisioned,” sudden inability to receive OTP,
  • notifications of SIM change or device enrollment,
  • the precise time service disruption began.

Immediately request telco assistance and obtain reference numbers.

10.4 Account mule transfers

If the scam asked you to deposit to a person’s account, keep deposit slips and names displayed. Mule accounts are often key investigative leads.

11. What not to do (mistakes that weaken cases)

  • Don’t delete messages or wipe your phone right away if funds were stolen; preserve evidence first.
  • Don’t publicly post full screenshots showing links, account numbers, or your own identifiers; it can spread the scam and expose you.
  • Don’t engage further to “gather evidence” if it risks more loss or compromise.
  • Don’t alter screenshots (markup is okay on a copy, but keep the original untouched).

12. Reporting outcomes: what to realistically expect

  • Telco actions: blocking, spam tagging, investigation support where legally requested.
  • Law enforcement: may request additional evidence, sworn statements, device inspection, or coordination with banks/telcos; timelines vary.
  • Bank/e-wallet disputes: depend heavily on speed of reporting, whether authentication factors were compromised, and the traceability of recipient accounts.
  • Regulator complaints: can help with institutional accountability and consumer redress but may not immediately identify the caller.

13. Prevention that also improves traceability (legal-practical)

  • Enable call/SMS spam filtering features where available.
  • Use strong account hygiene: unique passwords, MFA on email, device lock.
  • Avoid using your primary number for public postings and raffles.
  • Maintain updated account contact details so you receive legitimate fraud alerts.
  • Treat any request for OTP/PIN/CVV as presumptively fraudulent; legitimate institutions generally do not ask you to disclose these in a call.

14. A compact template you can copy into your notes

Incident Report – Scam Call/Fraudulent Number (Philippines)

  • Date/Time (UTC+8):
  • Number/Handle Used:
  • Telco / Platform:
  • Device:
  • What caller claimed:
  • Script highlights (exact phrases if possible):
  • What they asked for / instructed:
  • Links / accounts provided:
  • What I did:
  • Loss/impact (PHP amount, transaction ref, account affected):
  • Steps taken (bank/telco/platform report + reference nos.):
  • Evidence attached (Annex list):

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login