How to Report and Investigate Online Scam Accounts Using Dummy Identities

1) The practical problem: scams move faster than the law

Online scam accounts (on Facebook/Instagram/X/TikTok, marketplaces, messaging apps, dating apps, email, and e-wallet channels) typically rely on:

  • Impersonation (using a brand/person’s name, stolen photos, “verified-looking” pages)
  • Social engineering (pressure, urgency, fear, romance, “limited slots,” “proof of payment” tricks)
  • Payment-layer abuse (mules, rapid cash-out, multiple wallets/bank accounts)
  • Evidence fragility (accounts get deleted, chats “unsent,” links expire, stories disappear)

Your goals should be:

  1. Stop further loss (freeze transfers, warn institutions/platforms)
  2. Preserve admissible evidence (for investigators and prosecutors)
  3. Trigger lawful investigation tools (data preservation, disclosure orders, warrants)

Using dummy identities to “investigate” may feel effective, but it often creates legal exposure and can undermine a case.

2) Why “dummy identities” are legally risky (and often counterproductive)

Creating or using a false identity to engage a scammer can cross lines into:

  • Misrepresentation/falsehoods that expose you to civil or criminal complaints depending on what is done and what harm results
  • Impersonation (especially if you mimic a real person, company, or professional status)
  • Unauthorized access risks if you attempt to enter accounts, bypass security, or obtain non-public data
  • Privacy violations if you collect, store, or share personal data beyond legitimate purposes
  • Obstruction/contamination of evidence if your interactions provoke deletion, alter the narrative, or create “manufactured” chat logs

Even when your intent is good, a defense can argue you induced conduct, tampered with evidence context, or performed acts better left to trained officers operating under lawful authority.

Bottom line: In the Philippine context, effective “investigation” for civilians is primarily lawful preservation + reporting + coordination, not undercover role-play.

3) Relevant Philippine laws commonly implicated in online scams

Online scams are usually prosecuted through combinations of these:

A. Revised Penal Code (RPC)

  • Estafa (Swindling) – when deceit causes another to part with money/property.
  • Falsification / use of falsified documents – when fake IDs, receipts, permits, or documents are used.
  • Other fraud-related offenses depending on scheme specifics.

B. RA 10175 – Cybercrime Prevention Act of 2012

Covers crimes committed through ICT and can elevate or specifically criminalize conduct such as:

  • Computer-related fraud
  • Identity theft (when personal identifying information is misused)
  • Cyber-related offenses connected to deception and digital systems

It also enables lawful investigative measures, including:

  • Preservation of computer data
  • Disclosure orders
  • Search/seizure of computer data under cybercrime warrants

C. RA 8792 – Electronic Commerce Act

Recognizes electronic data messages and signatures; often relevant to proving electronic transactions and communications.

D. RA 10173 – Data Privacy Act

When scam operations involve mishandling personal data, and also when victims/complainants collect and share personal data. It matters for:

  • How you collect evidence
  • How you store/share suspect information
  • Avoiding unlawful disclosure/doxxing

E. AMLA (RA 9160, as amended)

If scam proceeds are laundered through bank accounts/e-wallets/mules, reporting to financial institutions can trigger internal controls and AML processes.

F. SIM Registration law (implementation-dependent in practice)

Phone-number-based scams may intersect with SIM registration compliance and telco subscriber data—access typically requires lawful process.

4) The right first moves: stop loss, preserve evidence, document chronology

A. If money was sent: do this immediately

  1. Contact your bank/e-wallet provider at once (fraud hotline / dispute channel).

    • Ask about reversal, hold, trace, and recipient account tagging.

  2. Preserve transaction artifacts:

    • Reference numbers, receipts, timestamps, screenshots of transfer confirmations

  3. If it’s card payment: request chargeback options (where applicable).

Time matters: scam networks move funds quickly; early reporting increases the chance of intervention.

B. Preserve evidence like a prosecutor will read it

Create a single folder (cloud + offline backup) with:

1) Identity of the scam presence

  • Profile/page URL, username/handle, ID numbers shown on the platform (if visible)
  • Screenshots of the profile, posts, “about” sections, and any listings
  • Any advertised phone numbers, emails, wallet addresses, QR codes

2) Conversation logs

  • Full chat thread screenshots from the start, including timestamps
  • Exported chats if the platform allows (retain original file)
  • Voice notes, calls, and recordings: note consent/legal issues; do not violate platform rules or laws

3) Transaction trail

  • Proof of payment, bank/e-wallet confirmations, invoices, courier details, tracking numbers
  • Any “proof” the scammer sent (often fabricated): keep it as evidence

4) Device and metadata notes

  • Device used, app used, account used, date/time, and what happened step-by-step
  • Avoid editing original files; keep copies and work on duplicates

Best practice: write a clear chronology (timeline) that matches your screenshots and receipts.

5) Reporting pathways in the Philippines: where to report and what each one does

A. Report to the platform first (fastest disruption)

Use in-app reporting tools for:

  • Impersonation
  • Fraud/scam
  • Fake business/page
  • Phishing links

Include:

  • URLs, screenshots, and a short narrative
  • Proof you are the victim or the legitimate entity being impersonated (if applicable)

Platform action can remove accounts quickly, but platform takedowns do not substitute for criminal complaints.

B. Report to law enforcement cyber units

Common channels include:

  • PNP Anti-Cybercrime Group (ACG)
  • NBI Cybercrime Division

Bring:

  • Printed copies of key screenshots (with URLs shown)
  • Soft copies on a USB drive
  • Valid IDs and your written chronology
  • Receipts/transaction documents

Expect:

  • Statement-taking
  • Case evaluation (criminal angles and jurisdiction)
  • Guidance on filing complaint affidavits and attaching evidence

C. File with the Prosecutor’s Office (for criminal case buildup)

Most cyber-fraud cases proceed through:

  1. Complaint-affidavit with attachments
  2. Preliminary investigation (respondent may be unknown initially)
  3. Law enforcement coordinates for data requests and warrants as leads emerge

D. Data Privacy angles (optional but powerful in certain cases)

If the scam involves misuse of personal data, you may consider the National Privacy Commission (NPC) for privacy-related complaints. This is especially relevant when:

  • Your identity was used to create accounts
  • Personal data was harvested/posted to pressure you

E. Notify financial institutions for mule disruption

Even if reversal fails, reporting:

  • Helps tag mule accounts
  • Creates institutional records
  • Supports AML monitoring

6) Lawful “investigation” for civilians: what you can do without crossing lines

Think of your role as evidence preserver + information organizer, not an undercover operator.

A. Open-source checks (OSINT) that are generally lawful

  • Check whether the account has prior complaints in public posts/comments
  • Compare brand pages: verified pages vs newly-created impostors
  • Examine inconsistencies (recent creation date, copied content, low engagement, sudden “sale” posts)

Rule: stay within publicly available information. Do not access private accounts, bypass restrictions, or use coercion/deception to obtain data.

B. Link analysis from what the scammer already gave you

From receipts/messages you already have:

  • Names tied to accounts (may be fake—but still a lead)
  • E-wallet numbers, bank account numbers, QR codes
  • Courier references and delivery addresses (if any)
  • Device fingerprints aren’t for civilians; leave to investigators

Provide these to PNP ACG/NBI so they can pursue lawful requests and warrants.

C. Witness and victim pooling (carefully)

If multiple victims exist:

  • Coordinate to share your own evidence packs
  • Avoid posting suspect personal info publicly (doxxing risks; privacy issues)
  • Keep communications factual and evidence-backed

D. Use notarized documentation when stakes are high

If the amount is large, having key statements and documentary bundles properly organized (and sometimes notarized where appropriate for affidavits) can help, but notarization is not a magic shield; authenticity and chain of custody still matter.

7) What investigators can do (and why your preservation matters)

Law enforcement can pursue tools civilians cannot, typically under RA 10175 and the Rules on Cybercrime Warrants (Supreme Court issuance), including:

  • Preservation orders to prevent deletion of relevant computer data
  • Disclosure orders compelling certain data production under legal standards
  • Search, seizure, and examination of computer data/devices with judicial authorization

Your best contribution is giving them:

  • Exact URLs/handles and timestamps
  • Complete chats (not just selected excerpts)
  • Transaction identifiers
  • A clean narrative with minimal speculation

8) Common mistakes that weaken scam cases

  1. Only saving partial screenshots (missing URL, timestamp, or context)
  2. Continuing to engage until the scammer deletes everything
  3. Publicly accusing with names/photos (privacy/civil liability/cyberlibel risk depending on statements and proof)
  4. Altering files (compressing, re-uploading repeatedly, editing images)
  5. Trying to “recover funds” through a second scam (fake recovery agents, “hackers,” paid trackers)
  6. Assuming platform takedown = case closed (criminal process still needs affidavits and evidence)

9) If you’re a business, public figure, or professional being impersonated

Add these steps:

  • File platform impersonation reports using business verification channels where available
  • Publish a fraud advisory on official pages (without doxxing; stick to verified facts)
  • Coordinate with counsel for takedowns, demand letters where appropriate, and criminal complaints
  • Train staff on customer verification scripts to reduce successful scams

10) A practical checklist (Philippines)

Within 0–24 hours

  • Report to bank/e-wallet; request hold/trace
  • Report the account to the platform
  • Preserve all chats, links, receipts, and profile data
  • Draft a timeline

Within 1–7 days

  • File report with PNP ACG or NBI Cybercrime Division
  • Prepare complaint-affidavit and attachments for prosecutor route (as guided)
  • Coordinate with other victims privately, evidence-first

Ongoing

  • Keep originals and backups
  • Avoid public accusations; channel information to investigators
  • Watch for follow-on scams (recovery scams)

11) Key takeaways

  • “Dummy identity” tactics are legally hazardous and can compromise evidence integrity.
  • The strongest victim-led approach is rapid reporting + meticulous preservation + clean documentation.
  • Philippine cybercrime enforcement relies heavily on lawful data preservation/disclosure/warrants—your job is to supply what makes those requests precise and credible.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login