How to Report Cybercrime and Update Identity Theft Records in the Philippines

I. Introduction

Cybercrime and identity theft have become common legal and practical problems in the Philippines. Victims may discover that their name, mobile number, email address, government identification, bank account, e-wallet, social media account, SIM registration, or business credentials have been misused without authority. The harm may include unauthorized loans, fraudulent online purchases, fake social media accounts, phishing messages, extortion, account takeovers, leaked personal data, or criminal activity falsely linked to the victim.

In the Philippine legal setting, reporting cybercrime is not only a way to seek investigation and prosecution. It is also an important step in correcting records, protecting one’s identity, limiting financial exposure, preserving evidence, and creating a paper trail for banks, e-wallet providers, government agencies, credit-related institutions, employers, schools, and law enforcement offices.

This article discusses the legal framework, where and how to report cybercrime, what evidence to preserve, how to update identity theft records, and what practical steps a victim should take after reporting.

II. Governing Laws and Legal Framework

Several Philippine laws may apply depending on the facts of the incident.

A. Cybercrime Prevention Act of 2012

Republic Act No. 10175, or the Cybercrime Prevention Act of 2012, is the principal law addressing cybercrime in the Philippines. It covers offenses committed through or involving computer systems, information and communications technology, electronic communications, and the internet.

Common offenses relevant to identity theft and online fraud may include:

  1. Illegal access Unauthorized access to a computer system, email account, social media account, cloud account, online banking account, or digital wallet.

  2. Illegal interception Unauthorized interception of private communications or computer data.

  3. Data interference Unauthorized alteration, damaging, deletion, or deterioration of computer data.

  4. System interference Unauthorized hindering or interference with the functioning of a computer system.

  5. Misuse of devices Possession, production, sale, procurement, importation, distribution, or use of devices, passwords, access codes, or similar data intended for cybercrime.

  6. Computer-related forgery Input, alteration, or deletion of computer data resulting in inauthentic data with legal significance.

  7. Computer-related fraud Unauthorized input, alteration, deletion, or suppression of computer data, or interference in the functioning of a computer system, causing damage or fraudulent benefit.

  8. Computer-related identity theft The intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another, whether natural or juridical, without right.

  9. Cybersex, child pornography-related offenses, unsolicited commercial communications, and cyberlibel These may arise in particular cases, especially where identity theft is connected to blackmail, fake profiles, defamatory posts, or sexual exploitation.

The Cybercrime Prevention Act also recognizes that if a crime already punished under the Revised Penal Code or special laws is committed through ICT, it may be prosecuted with the corresponding cybercrime implications.

B. Data Privacy Act of 2012

Republic Act No. 10173, or the Data Privacy Act of 2012, protects personal information and sensitive personal information. It is relevant when the incident involves unauthorized collection, processing, disclosure, breach, misuse, or sale of personal data.

Examples include:

  • Unauthorized use of a government ID;
  • Leaked customer information;
  • SIM or account registration using another person’s identity;
  • Unauthorized disclosure of bank, health, school, employment, or contact information;
  • Data breach by a company, app, online platform, employer, school, or service provider;
  • Failure of a personal information controller or processor to secure personal data.

The National Privacy Commission handles complaints involving privacy violations, personal data breaches, and unlawful processing of personal data.

C. Revised Penal Code

Traditional crimes may also apply even if technology was used. Depending on the facts, possible offenses include:

  • Estafa or swindling;
  • Falsification of public, official, commercial, or private documents;
  • Using fictitious names or concealing true name;
  • Grave coercions or unjust vexation;
  • Threats or blackmail-related conduct;
  • Libel, if defamatory statements are involved;
  • Theft or qualified theft, in certain property-related digital contexts.

D. Access Devices Regulation Act

Republic Act No. 8484, as amended, may apply to fraudulent use of credit cards, debit cards, account numbers, online payment credentials, or access devices. Identity theft often overlaps with access device fraud, especially where a victim’s personal information is used to open or use financial accounts.

E. SIM Registration Act

Republic Act No. 11934, or the SIM Registration Act, may be relevant when a person’s identity is used to register a SIM card without authority or when a mobile number is used to conduct scams, phishing, or account takeovers. Victims may need to coordinate with the telecommunications company and law enforcement to dispute unauthorized SIM registrations or misuse of mobile numbers.

F. E-Commerce, E-Wallet, Banking, and Financial Regulations

Cybercrime incidents involving banks, e-wallets, online lending apps, payment platforms, remittance services, or financial technology providers may also involve regulations enforced or supervised by the Bangko Sentral ng Pilipinas, the Securities and Exchange Commission, the Department of Trade and Industry, or other regulators depending on the entity involved.

III. What Counts as Cybercrime or Identity Theft

A cybercrime report may be appropriate when a person experiences any of the following:

  1. Unauthorized access to an email, social media, banking, cloud, business, or work account;
  2. Unauthorized use of personal information to open accounts, obtain loans, register SIMs, buy goods, or receive money;
  3. Online scams, phishing, smishing, vishing, or fake websites;
  4. Use of a fake profile impersonating the victim;
  5. Use of stolen photos, IDs, signatures, selfies, or biometric images;
  6. Unauthorized transactions from bank accounts, credit cards, debit cards, or e-wallets;
  7. Threats, extortion, sextortion, blackmail, or doxxing;
  8. Malware, ransomware, hacking, or device compromise;
  9. Fraudulent online selling, fake investment schemes, or crypto-related scams;
  10. Data breach involving personal data;
  11. Cyberlibel or defamatory posts made through digital means;
  12. Unauthorized access to work systems or business records;
  13. Fake job offers, fake recruitment pages, or fraudulent employment records using a victim’s identity;
  14. Online lending harassment or misuse of contact lists;
  15. Unauthorized use of government IDs, tax information, PhilHealth, SSS, GSIS, Pag-IBIG, driver’s license, passport, or national ID details.

Identity theft may be committed even if no money was actually lost, because unauthorized acquisition, possession, use, transfer, alteration, or deletion of identifying information may already be legally significant.

IV. Where to Report Cybercrime in the Philippines

A victim may report to one or more agencies depending on the incident.

A. Philippine National Police Anti-Cybercrime Group

The PNP Anti-Cybercrime Group investigates cybercrime complaints, including hacking, online scams, phishing, identity theft, cyberlibel, online threats, online sexual exploitation, and other ICT-related crimes.

A victim may report to the PNP Anti-Cybercrime Group or to the nearest police station, which may refer the matter to cybercrime investigators. For serious or technically complex incidents, reporting directly to the cybercrime unit is usually more effective.

B. National Bureau of Investigation Cybercrime Division

The NBI Cybercrime Division also investigates cybercrime cases. Victims may file complaints involving online fraud, hacking, identity theft, fake accounts, cyberlibel, extortion, and other cyber-related offenses.

The NBI may be especially useful where the victim needs an investigative record, affidavit assistance, digital evidence assessment, or coordination for subpoenas, preservation requests, or forensic handling.

C. National Privacy Commission

The National Privacy Commission is the proper agency for complaints involving misuse, unauthorized processing, breach, or disclosure of personal information. It may be relevant when:

  • A company leaked or mishandled personal data;
  • A platform failed to protect account information;
  • A collector or online lending app misused contact lists or personal data;
  • Personal information was processed without consent or lawful basis;
  • A data subject wants correction, blocking, deletion, or access to personal data records;
  • A personal information controller failed to respond to a data subject request.

A complaint before the NPC is civil, administrative, and regulatory in nature. It is different from a criminal complaint, though both may arise from the same incident.

D. Banks, E-Wallets, Credit Card Issuers, and Financial Institutions

Where the incident involves unauthorized financial transactions, the victim should immediately report to the bank, e-wallet provider, credit card issuer, payment gateway, online lender, remittance provider, or financial platform.

The purpose is to:

  • Freeze or block the account;
  • Dispute unauthorized transactions;
  • Request chargeback or reversal where available;
  • Preserve transaction logs;
  • Prevent further withdrawals;
  • Flag the identity as compromised;
  • Obtain a written incident report or case number.

E. Telecommunications Companies

If a mobile number, SIM card, OTP, or SIM registration is involved, the victim should report to the telecommunications provider. This is important where there is:

  • SIM swap;
  • Unauthorized SIM registration using the victim’s identity;
  • Stolen phone or lost SIM;
  • OTP interception;
  • Scam messages using the victim’s number;
  • Account takeover through mobile verification.

The victim should ask the telco to block compromised SIMs, recover legitimate numbers, issue replacement SIMs, investigate unauthorized registration, and provide confirmation of the report.

F. Social Media Platforms, Email Providers, Marketplaces, and Apps

Victims should also report directly to the platform involved, such as social media networks, email providers, online marketplaces, messaging apps, cloud services, or app-based services.

The goal is to:

  • Remove fake accounts or impersonation pages;
  • Recover hacked accounts;
  • Preserve logs;
  • Disable fraudulent listings;
  • Stop further communication by scammers;
  • Report phishing links or malicious pages;
  • Prevent reuse of stolen identity documents.

G. Local Prosecutor’s Office

A criminal complaint may eventually be filed before the Office of the City Prosecutor or Provincial Prosecutor. In many cases, law enforcement investigation comes first, followed by a complaint-affidavit and supporting evidence for preliminary investigation.

A complainant may also consult a private lawyer for preparation of affidavits and filing strategy, especially if the case involves large financial losses, reputational damage, business systems, or multiple respondents.

V. Immediate Steps After Discovering Cybercrime or Identity Theft

A victim should act quickly. Delay may allow evidence to disappear, funds to move, accounts to be deleted, or logs to expire.

Step 1: Secure Accounts

Immediately change passwords for affected accounts and related accounts. Prioritize:

  • Main email account;
  • Online banking;
  • E-wallets;
  • Social media;
  • Work accounts;
  • Cloud storage;
  • Government portals;
  • Mobile carrier account;
  • Password manager.

Use strong, unique passwords. Enable multi-factor authentication. Avoid SMS-based authentication when SIM compromise is suspected; use authenticator apps or hardware keys where available.

Step 2: Preserve Evidence Before Deleting Anything

Do not immediately delete messages, posts, emails, or accounts before preserving evidence. Take clear screenshots and export records where possible.

Evidence should include:

  • URLs;
  • Usernames, handles, account IDs, profile links;
  • Email headers where available;
  • Mobile numbers used;
  • Dates and times;
  • Transaction reference numbers;
  • Bank or e-wallet transaction IDs;
  • Screenshots of conversations;
  • Screenshots of fake profiles or listings;
  • Receipts or invoices;
  • IP logs, login alerts, or device records;
  • Phishing links;
  • Photos or documents misused;
  • Names and contact details of witnesses;
  • Platform case numbers;
  • Prior reports to banks or providers.

For screenshots, include the full screen when possible, showing the date, time, URL, and account name. Keep original files and avoid editing them.

Step 3: Report Financial Exposure Immediately

If money or financial accounts are involved, report first to the bank, e-wallet provider, credit card issuer, or payment platform. Ask for:

  • Temporary freeze or lock;
  • Dispute form;
  • Incident reference number;
  • Written confirmation of report;
  • Transaction history;
  • Account recovery procedure;
  • Fraud investigation timeline;
  • Reversal or chargeback process;
  • Preservation of logs and CCTV where relevant.

Step 4: Report to Law Enforcement

Prepare a complaint narrative and supporting evidence. Report to the PNP Anti-Cybercrime Group, NBI Cybercrime Division, or the nearest police station.

The report should state:

  • Full name and contact details of complainant;
  • Description of the incident;
  • Date and time of discovery;
  • Date and time of suspicious transactions or messages;
  • Accounts, numbers, and platforms involved;
  • Amount of loss, if any;
  • Identity information misused;
  • Suspected perpetrator, if known;
  • Evidence available;
  • Action already taken with banks, platforms, or telcos.

Step 5: Execute an Affidavit or Complaint-Affidavit

Law enforcement or counsel may require a sworn statement. The affidavit should be accurate, chronological, and supported by annexes.

The affidavit should avoid speculation. It should distinguish between:

  • What the victim personally knows;
  • What the victim discovered from records;
  • What third parties reported;
  • What the victim suspects but cannot yet prove.

Step 6: Notify Relevant Institutions

Depending on what was compromised, notify:

  • Employer;
  • School;
  • Bank;
  • Credit card issuer;
  • E-wallet provider;
  • Telco;
  • Government agency;
  • Online marketplace;
  • Lending platform;
  • Insurance provider;
  • Professional organization;
  • Business partners;
  • Clients or customers, if business identity was misused.

Step 7: File Data Privacy Complaints or Requests

If personal data was misused, the victim may exercise rights under the Data Privacy Act, such as access, correction, objection, blocking, erasure, or damages where appropriate.

Requests should be made in writing and should include identity verification, a clear description of the contested data, and the specific action requested.

VI. Evidence Checklist for Cybercrime Reports

A strong cybercrime complaint depends heavily on evidence. The following documents are commonly useful:

  1. Valid government-issued ID of the complainant;
  2. Written complaint or incident narrative;
  3. Complaint-affidavit, if already prepared;
  4. Screenshots of messages, emails, websites, profiles, posts, or transactions;
  5. URLs and account links;
  6. Transaction receipts and reference numbers;
  7. Bank statements or e-wallet transaction history;
  8. Credit card statements;
  9. Proof of ownership of hacked accounts;
  10. Login alerts and security notifications;
  11. Email headers, where available;
  12. Device information;
  13. Police blotter or prior incident report, if any;
  14. Bank, telco, or platform case numbers;
  15. Copies of IDs that were misused;
  16. Notices from creditors, lenders, or collectors;
  17. Demand letters received;
  18. Communications from scammers;
  19. Proof of payment or loss;
  20. Witness statements;
  21. Notarized affidavit of loss, if documents or SIM cards were lost;
  22. Data privacy requests or correspondence;
  23. Any response from the institution involved.

Digital evidence should be preserved in original form whenever possible. Screenshots are helpful, but original emails, files, logs, and metadata may be more useful.

VII. How to Prepare a Cybercrime Complaint Narrative

A clear complaint narrative should be chronological. It may follow this structure:

A. Identification of the Complainant

State the complainant’s name, address, contact details, occupation, and relationship to the account, data, or transaction involved.

B. Background

Briefly explain the affected accounts, IDs, devices, or services. For example, the complainant may state that they own a particular email address, phone number, bank account, e-wallet account, or social media profile.

C. Discovery of the Incident

State when and how the complainant discovered the incident. Examples:

  • Received unauthorized transaction alerts;
  • Could no longer access an account;
  • Friends reported a fake profile;
  • A bank called about suspicious activity;
  • A creditor demanded payment for a loan not taken;
  • A telco sent a SIM registration notice;
  • A company disclosed a data breach;
  • A login alert showed an unknown device.

D. Details of Unauthorized Acts

Describe what happened, including dates, amounts, platforms, account names, numbers, and communications.

E. Harm Suffered

State the loss or damage:

  • Financial loss;
  • Reputational harm;
  • Emotional distress;
  • Business disruption;
  • Denial of access to services;
  • Harassment by collectors;
  • Exposure of private data;
  • Risk of further identity misuse.

F. Actions Taken

List steps already taken:

  • Reported to bank;
  • Changed passwords;
  • Disabled SIM;
  • Reported fake profile;
  • Filed platform complaint;
  • Reported to telco;
  • Contacted credit provider;
  • Requested data correction;
  • Preserved screenshots.

G. Request for Investigation

The complaint may request investigation, preservation of digital evidence, identification of perpetrators, coordination with platforms or institutions, and prosecution of responsible persons.

VIII. Reporting Online Fraud and Unauthorized Transactions

Online financial fraud may involve several overlapping reports.

A. Report to the Financial Institution

The first practical step is to contact the bank, credit card issuer, e-wallet, or financial provider. Use official hotlines, in-app support, branch reporting, or verified email addresses. Avoid links sent by unknown persons.

Request account blocking or freezing immediately. Obtain a case number.

B. File a Written Dispute

A written dispute should identify:

  • Account name;
  • Account number or masked card number;
  • Transaction date;
  • Merchant or recipient;
  • Amount;
  • Reference number;
  • Reason for dispute;
  • Statement that the transaction was unauthorized;
  • Date of discovery;
  • Steps taken to secure the account.

C. Report to Law Enforcement

A law enforcement report helps establish that the transaction is not merely a customer service dispute but a possible criminal act.

D. Preserve Transaction Trails

Fraud investigations often rely on recipient accounts, mobile numbers, device IDs, IP logs, merchant IDs, and transfer routes. The faster the report, the better the chance of preserving records.

IX. Reporting Fake Social Media Accounts and Impersonation

A fake profile using another person’s name, photo, or personal details may involve identity theft, cyberlibel, fraud, harassment, or data privacy violations.

The victim should:

  1. Take screenshots of the profile, posts, messages, friends list, photos, and URL;
  2. Note the username, profile link, display name, and account ID if visible;
  3. Ask friends who received messages to preserve screenshots;
  4. Report the account to the platform for impersonation;
  5. Report to law enforcement if the account is used for fraud, threats, extortion, libel, or other harmful acts;
  6. Consider filing a data privacy complaint if personal information or images were used without authority;
  7. Publish a careful advisory to contacts, avoiding defamatory accusations unless verified.

A victim should avoid engaging in prolonged conversation with the impostor unless advised by investigators. However, existing conversations should be preserved.

X. Reporting Hacked Accounts

Where an account has been hacked, the victim should immediately recover or secure the account.

A. Email Accounts

The victim should check:

  • Recovery email;
  • Recovery phone number;
  • Recent login activity;
  • Forwarding rules;
  • App passwords;
  • Connected devices;
  • Third-party app access;
  • Security questions;
  • Inbox filters;
  • Deleted messages;
  • Sent messages.

Hackers often create forwarding rules or add recovery methods to regain access later.

B. Social Media Accounts

The victim should:

  • Use official account recovery pages;
  • Revoke unknown sessions;
  • Change password;
  • Enable multi-factor authentication;
  • Remove unknown emails or numbers;
  • Check pages, ad accounts, and business manager access;
  • Preserve evidence of unauthorized posts or messages.

C. Work or Business Accounts

For corporate accounts, immediately inform the IT administrator, data protection officer, legal department, or management. A compromised work account may trigger breach notification duties, client notification, internal investigation, or contractual obligations.

XI. Reporting Phishing, Smishing, and Vishing

Phishing involves deceptive messages intended to obtain credentials or personal data. Smishing uses SMS or messaging apps. Vishing uses calls.

Victims should preserve:

  • Full message;
  • Sender number or email;
  • Link;
  • Call logs;
  • Recording, where lawfully obtained;
  • Screenshot of fake website;
  • Information entered;
  • Resulting unauthorized transaction.

Do not click links again for curiosity. Do not enter additional information. Report the link to the platform, bank, telco, or cybercrime unit.

XII. Reporting Cyberlibel, Threats, Harassment, and Extortion

Cybercrime reports may involve speech-based or coercive conduct, including:

  • Defamatory posts;
  • Threatening messages;
  • Blackmail;
  • Sextortion;
  • Doxxing;
  • Publication of private photos;
  • Demands for money;
  • Threats to send images to family, employer, or school.

Victims should preserve the exact words, dates, sender account, and context. In cyberlibel matters, legal advice is especially important because the complaint must identify defamatory imputations, publication, identifiability, malice, and damage. In threats or extortion, the demand, intimidation, and connection to the victim should be clearly documented.

XIII. Identity Theft Records: What They Are and Why They Matter

“Identity theft records” is not a single official Philippine registry for all victims. In practice, it refers to the collection of records across public and private institutions showing that the victim’s identity was compromised, misused, corrected, disputed, blocked, or flagged.

These records may include:

  1. Police or NBI cybercrime complaint;
  2. Complaint-affidavit;
  3. Bank fraud report;
  4. E-wallet dispute record;
  5. Credit card dispute;
  6. Telco report;
  7. SIM replacement or blocking record;
  8. Platform impersonation report;
  9. NPC complaint or data subject request;
  10. Employer or school incident report;
  11. Government agency correction request;
  12. Online lending dispute record;
  13. Collection agency dispute;
  14. Notarized affidavit of identity theft;
  15. Affidavit of loss for stolen IDs;
  16. Court, prosecutor, or investigation records.

Updating identity theft records means ensuring that each relevant institution has accurate notice that the victim disputes the unauthorized use of their identity and requests correction, blocking, investigation, or annotation.

XIV. How to Update Identity Theft Records

A. Prepare a Master Identity Theft File

Victims should create a secure folder containing:

  • Valid ID;
  • Police or NBI report;
  • Complaint-affidavit;
  • Affidavit of identity theft;
  • Affidavit of loss, if applicable;
  • List of compromised IDs and accounts;
  • Chronology of events;
  • Evidence folder;
  • Reports filed with banks, telcos, platforms, and agencies;
  • Case numbers;
  • Contact persons;
  • Dates of follow-up;
  • Written responses.

This file allows the victim to respond consistently when banks, creditors, investigators, or agencies request proof.

B. Execute an Affidavit of Identity Theft

Although the exact format may vary, an affidavit of identity theft usually states:

  1. The affiant’s identity;
  2. The personal data or identification documents compromised;
  3. The unauthorized accounts, transactions, or representations discovered;
  4. The statement that the affiant did not authorize the activity;
  5. The steps taken to report and correct the matter;
  6. The request that institutions treat the incident as identity theft or unauthorized use;
  7. Annexes supporting the affidavit.

This affidavit may be notarized and submitted to banks, telcos, lenders, platforms, or government agencies.

C. Update Bank and E-Wallet Records

The victim should request that the bank or e-wallet provider:

  • Mark the account as subject of fraud or identity theft;
  • Block compromised credentials;
  • Replace cards or account access credentials;
  • Correct unauthorized contact information;
  • Remove unauthorized devices;
  • Reverse unauthorized changes where possible;
  • Preserve records;
  • Provide written confirmation.

Where an account was opened using stolen identity, the victim should request closure, investigation, and written confirmation that the account was unauthorized.

D. Update Credit Card, Loan, and Online Lending Records

If identity theft resulted in unauthorized loans or credit applications, the victim should submit written disputes to the lender or platform.

The dispute should request:

  • Copy of application documents;
  • Verification records;
  • Device or IP logs, if available;
  • Selfie or ID submitted;
  • Loan proceeds disbursement details;
  • Recipient account details;
  • Suspension of collection;
  • Correction of records;
  • Written acknowledgment that the debt is disputed;
  • Cessation of harassment or unlawful collection practices.

Victims should avoid paying debts they did not incur merely to stop harassment, unless advised by counsel after considering the legal consequences. Payment may later be misinterpreted as acknowledgment.

E. Update Telecommunications Records

If a SIM was lost, stolen, swapped, or fraudulently registered, the victim should request:

  • Blocking of the lost or compromised SIM;
  • Replacement SIM;
  • Correction of registration details;
  • Investigation of unauthorized registration;
  • Removal of unauthorized numbers registered under the victim’s identity;
  • Written confirmation of action taken.

The victim should keep all telco reference numbers and written responses.

F. Update Government Agency Records

If government IDs or records were compromised, the victim may need to notify or coordinate with the issuing agency. Examples include:

  • Philippine Statistics Authority or national ID-related records;
  • Department of Foreign Affairs for passports;
  • Land Transportation Office for driver’s licenses;
  • Social Security System;
  • Government Service Insurance System;
  • PhilHealth;
  • Pag-IBIG Fund;
  • Bureau of Internal Revenue;
  • Professional Regulation Commission;
  • Local government offices;
  • School or employment registries.

The appropriate action depends on the document. Some agencies may allow replacement, annotation, correction, cancellation of compromised credentials, or issuance of certification.

G. Update Platform and Marketplace Records

Where identity was used on online platforms, request removal, deactivation, correction, or preservation of relevant accounts.

A written request should include:

  • Proof of identity;
  • Link to fake account or listing;
  • Explanation of unauthorized use;
  • Police or NBI report, if available;
  • Request for takedown;
  • Request for preservation of logs;
  • Request for written confirmation.

H. Update Employer, School, or Professional Records

If identity theft affects employment, school, or professional standing, the victim should notify the institution in writing. This is important where scammers contact colleagues, students, clients, or professional networks.

The notice should be factual and measured. It should identify the compromised account or fake profile and warn recipients not to transact through unauthorized channels.

XV. Data Subject Rights Under Philippine Privacy Law

A victim whose personal data is being misused may invoke data subject rights under the Data Privacy Act.

These include, generally:

  1. Right to be informed The person has the right to know how their personal data is collected, used, stored, disclosed, or processed.

  2. Right to access The person may request access to personal data processed about them.

  3. Right to object The person may object to processing in certain circumstances.

  4. Right to erasure or blocking The person may request deletion, blocking, or removal of personal data when processing is unlawful or no longer necessary.

  5. Right to rectification The person may request correction of inaccurate or outdated personal data.

  6. Right to damages The person may seek damages where legally warranted.

  7. Right to data portability Where applicable, the person may obtain personal data in a structured format.

A victim may send a written data subject request to the personal information controller or processor. If the entity fails to act properly, a complaint may be filed with the National Privacy Commission.

XVI. Sample Contents of a Data Correction or Blocking Request

A request to correct or block identity theft records should include:

  • Full legal name;
  • Contact details;
  • Proof of identity;
  • Description of disputed data;
  • Explanation of why the data is inaccurate or unauthorized;
  • Copies of police, NBI, bank, telco, or platform reports;
  • Specific action requested;
  • Request for written confirmation;
  • Date and signature.

Example request language:

I respectfully request the correction, blocking, removal, or appropriate annotation of records showing that I applied for, authorized, registered, or used the account, transaction, SIM, loan, profile, or service described below. I did not authorize the same, and I have reason to believe that my personal information was used without my consent or lawful basis.

XVII. Preservation of Digital Evidence

Victims should understand that digital evidence may disappear quickly. Platforms may delete accounts, scammers may change usernames, and transaction logs may be retained only for limited periods.

Important preservation practices include:

  1. Save screenshots in original resolution;
  2. Export conversations when possible;
  3. Save original emails instead of only screenshots;
  4. Record URLs and account IDs;
  5. Save files in read-only folders;
  6. Back up evidence to secure storage;
  7. Keep a written chain of events;
  8. Avoid editing images or files;
  9. Note who obtained each screenshot and when;
  10. Keep devices available for forensic review if needed.

Where possible, evidence should be authenticated through affidavits, platform records, bank certifications, telco records, or forensic examination.

XVIII. Affidavits Commonly Used in Identity Theft Cases

A. Complaint-Affidavit

Used to initiate or support a criminal complaint. It narrates the facts and identifies the offense complained of.

B. Affidavit of Identity Theft

Used to inform institutions that personal information was used without authority.

C. Affidavit of Loss

Used when IDs, SIM cards, devices, cards, or documents were lost or stolen.

D. Affidavit of Denial

Used to deny authorship, authorization, debt, account opening, transaction, or communication.

E. Witness Affidavit

Used when another person received scam messages, saw the fake profile, paid money to the scammer, or can confirm facts relevant to the incident.

XIX. Filing a Criminal Complaint: Practical Requirements

A formal criminal complaint usually requires:

  1. Complaint-affidavit;
  2. Supporting affidavits;
  3. Copies of documentary and digital evidence;
  4. Valid IDs of complainant and witnesses;
  5. Proof of damage or loss;
  6. Identification of suspect, if known;
  7. Certification or records from banks, platforms, or telcos, where available;
  8. Jurat or notarization.

Where the suspect is unknown, the complaint may still be filed for investigation. Investigators may attempt to identify the suspect through phone numbers, accounts, IP logs, bank accounts, remittance records, platform data, and other leads.

XX. Jurisdiction and Venue Considerations

Cybercrime often involves parties in different cities, provinces, or countries. In the Philippine setting, reports may be filed where:

  • The victim resides;
  • The victim discovered the offense;
  • The harmful communication was accessed;
  • The financial loss occurred;
  • The affected account is maintained;
  • The suspect resides or acted;
  • The institution involved is located.

Venue can become legally complex, especially for cyberlibel, online fraud, and cross-border incidents. Law enforcement or prosecutors may advise on proper filing location.

XXI. Cross-Border Cybercrime

Many cybercrime incidents involve foreign platforms, foreign IP addresses, overseas scammers, international payment channels, or non-Philippine service providers.

In such cases, victims should still report locally. Philippine authorities may coordinate through formal legal assistance channels, platform compliance units, or international cooperation mechanisms. However, cross-border investigation may take longer and may depend on foreign laws, data retention periods, and platform cooperation.

Victims should act quickly to preserve records before overseas platforms delete or anonymize data.

XXII. Identity Theft Involving Minors

If a minor’s identity is misused, parents or legal guardians should act immediately. The matter may involve child protection laws, cybercrime laws, data privacy laws, and platform safety rules.

Examples include:

  • Fake accounts using a child’s photos;
  • Grooming or exploitation;
  • Use of school records;
  • Unauthorized publication of images;
  • Cyberbullying;
  • Blackmail involving intimate or manipulated images;
  • Use of a minor’s identity for accounts or scams.

Reports may be made to law enforcement, school authorities, the platform, and child protection agencies as appropriate.

XXIII. Identity Theft Involving Businesses

Businesses may also be victims of cybercrime or identity theft. Corporate identity theft may involve:

  • Fake business pages;
  • Fraudulent invoices;
  • Business email compromise;
  • Fake supplier bank details;
  • Unauthorized use of SEC registration or business permits;
  • Fake job postings;
  • Fake franchise offers;
  • Hacked company email;
  • Customer data breach;
  • Misuse of logos or trademarks.

A business should preserve evidence, notify affected customers if necessary, involve IT and legal teams, report to law enforcement, notify banks, and consider data breach obligations.

XXIV. Special Issue: Business Email Compromise

Business email compromise occurs when a fraudster gains access to or imitates a business email to redirect payments, send false invoices, or alter bank details.

Immediate steps include:

  1. Contact the bank to freeze or recall funds;
  2. Notify the recipient bank;
  3. Preserve email headers;
  4. Check forwarding rules;
  5. Reset passwords and revoke sessions;
  6. Notify clients or suppliers;
  7. File a cybercrime report;
  8. Conduct internal breach assessment;
  9. Review whether personal data was exposed;
  10. Consider NPC notification if personal data breach thresholds are met.

XXV. Special Issue: Online Lending Harassment and Identity Misuse

Some identity theft cases involve online lending applications. Victims may be harassed for loans they did not take, or their contacts may be messaged.

The victim should:

  • Dispute the loan in writing;
  • Demand proof of application and disbursement;
  • Deny authorization;
  • Request cessation of collection pending investigation;
  • Preserve harassment messages;
  • Report data privacy violations;
  • Report threats or extortion to law enforcement;
  • Avoid admitting the debt unless true;
  • Notify contacts that the loan is disputed and identity theft is suspected.

XXVI. Special Issue: SIM Swap and OTP Theft

SIM swap fraud occurs when a scammer takes control of the victim’s mobile number, allowing access to OTPs and linked accounts.

Victims should:

  1. Contact the telco immediately;
  2. Request blocking and SIM recovery;
  3. Notify banks and e-wallets;
  4. Change passwords for accounts linked to the number;
  5. Remove the compromised number as recovery method;
  6. File a report with law enforcement;
  7. Ask the telco for written incident confirmation;
  8. Monitor accounts for unauthorized activity.

XXVII. Special Issue: Lost Government IDs

Lost IDs can lead to identity theft. After losing IDs, a person should consider:

  • Filing an affidavit of loss;
  • Reporting theft to police if stolen;
  • Requesting replacement from the issuing agency;
  • Monitoring accounts;
  • Notifying banks or institutions where the ID may be used;
  • Watching for suspicious loans or accounts;
  • Preserving evidence if misuse occurs.

Government IDs should not be casually uploaded to unknown apps or sent through unsecured channels.

XXVIII. Role of Lawyers

A lawyer may assist in:

  • Determining applicable offenses;
  • Drafting complaint-affidavits;
  • Preparing evidence annexes;
  • Coordinating with investigators;
  • Filing prosecutor complaints;
  • Drafting data privacy complaints;
  • Sending demand letters;
  • Responding to collection claims;
  • Protecting the victim from mistaken liability;
  • Filing civil, criminal, or administrative actions.

Legal assistance is particularly important when the case involves large financial loss, public accusations, business compromise, cyberlibel, minors, intimate images, or possible counterclaims.

XXIX. Common Mistakes Victims Should Avoid

Victims should avoid:

  1. Deleting messages before preserving evidence;
  2. Paying unauthorized debts without legal review;
  3. Posting accusations without sufficient proof;
  4. Clicking suspicious links again;
  5. Communicating with scammers using compromised accounts;
  6. Sending more IDs to unknown “support” pages;
  7. Ignoring small unauthorized transactions;
  8. Using the same password after account recovery;
  9. Failing to report to banks quickly;
  10. Relying only on phone calls without written records;
  11. Losing case numbers;
  12. Sending evidence through insecure public channels;
  13. Confronting suspects in a way that alerts them to delete evidence;
  14. Assuming a platform takedown is enough;
  15. Waiting too long before filing reports.

XXX. Record-Keeping System for Victims

A victim should maintain a log with the following columns:

Date Institution Contact Person / Channel Case Number Action Taken Documents Submitted Response Follow-Up Date

This log is useful when dealing with several banks, platforms, telcos, agencies, and investigators.

XXXI. Updating Records After Resolution

Even after the account is recovered or the fake account is removed, the victim should update records.

A. With Banks and Financial Institutions

Request written confirmation that:

  • Unauthorized transactions were disputed;
  • Compromised credentials were replaced;
  • Fraud flags were placed;
  • Unauthorized accounts were closed;
  • No liability is admitted by the victim, where applicable.

B. With Lenders or Collectors

Request written confirmation that:

  • The account is disputed;
  • Collection is suspended or terminated;
  • Records are corrected;
  • The victim is not treated as the borrower if identity theft is confirmed;
  • Adverse reports, if any, are corrected.

C. With Telcos

Request written confirmation that:

  • Compromised SIM was blocked;
  • Unauthorized registration was removed or investigated;
  • Replacement SIM was issued;
  • The victim’s account information was corrected.

D. With Platforms

Request confirmation that:

  • Fake accounts were removed;
  • Hacked accounts were recovered;
  • Unauthorized content was deleted;
  • Reports were logged;
  • Relevant data was preserved where possible.

E. With Government Agencies

Request correction, replacement, annotation, or cancellation of compromised records where the agency allows it.

XXXII. The Importance of Written Confirmation

Oral reports are useful for urgent action, but written confirmation is essential. Victims should ask every institution for:

  • Case number;
  • Date and time of report;
  • Name or ID of representative, if available;
  • Summary of report;
  • Action taken;
  • Next steps;
  • Official email or document confirming receipt.

Written records are important in later disputes, insurance claims, legal proceedings, data privacy complaints, and creditor communications.

XXXIII. Possible Remedies

Depending on the facts, a victim may pursue several remedies.

A. Criminal Investigation and Prosecution

The offender may be prosecuted for cybercrime, estafa, falsification, identity theft, access device fraud, threats, libel, or other offenses.

B. Civil Damages

A victim may seek damages where legal grounds exist, especially for financial loss, reputational harm, or privacy violations.

C. Administrative Complaints

A victim may file complaints with regulators such as the National Privacy Commission or other agencies depending on the entity involved.

D. Account Correction or Blocking

Victims may seek correction, deletion, blocking, or annotation of inaccurate or unlawfully processed data.

E. Takedown or Deactivation

Platforms may remove fake profiles, scam pages, phishing websites, or infringing content.

F. Financial Reversal or Chargeback

Banks and financial providers may reverse unauthorized transactions depending on their rules, facts, timing, and investigation results.

XXXIV. Practical Timeline

A useful response timeline is:

Within the First Hour

  • Secure accounts;
  • Contact bank, e-wallet, or telco;
  • Freeze cards or accounts;
  • Preserve screenshots;
  • Disconnect compromised devices.

Within 24 Hours

  • File platform reports;
  • Prepare incident chronology;
  • File police, PNP ACG, or NBI report;
  • Submit bank or e-wallet dispute;
  • Notify affected contacts.

Within 3 to 7 Days

  • Execute affidavits;
  • Submit written disputes;
  • Notify relevant government agencies;
  • File data privacy request or complaint if appropriate;
  • Follow up with financial institutions.

Within 30 Days

  • Review responses;
  • Update identity theft records;
  • Request written confirmations;
  • Monitor accounts;
  • Escalate unresolved disputes;
  • Consult counsel for prosecutor filing or civil action.

XXXV. Sample Outline of an Affidavit of Identity Theft

Republic of the Philippines [City/Municipality]

AFFIDAVIT OF IDENTITY THEFT

I, [Name], of legal age, Filipino, residing at [address], after being duly sworn, state:

  1. I am the owner and lawful user of the following personal information, accounts, and identification documents: [list].
  2. On or about [date], I discovered that my personal information had been used without my knowledge, consent, or authority in connection with [describe account, transaction, profile, loan, SIM, or other misuse].
  3. I did not authorize any person to use my name, identification documents, photograph, signature, mobile number, email address, or other personal information for the above purpose.
  4. Upon discovery, I took the following steps: [list reports, account blocking, password changes, platform reports].
  5. Attached are copies of relevant screenshots, reports, messages, transaction records, and other documents.
  6. I execute this affidavit to attest to the unauthorized use of my identity, to support my reports and requests for correction or blocking of records, and for all lawful purposes.

[Signature] Affiant

Subscribed and sworn before me this [date] at [place].

XXXVI. Sample Outline of a Cybercrime Complaint-Affidavit

Complaint-Affidavit

  1. Personal circumstances of complainant;
  2. Ownership of affected account, number, ID, or data;
  3. Chronological narration of events;
  4. Description of unauthorized access, use, transaction, or publication;
  5. Identification of suspect, if known;
  6. Evidence gathered;
  7. Damage suffered;
  8. Reports already made;
  9. Request for investigation and prosecution;
  10. Annex list.

The annex list should be organized and labeled, for example:

  • Annex “A” – Copy of government ID;
  • Annex “B” – Screenshot of fake profile;
  • Annex “C” – Transaction receipt;
  • Annex “D” – Bank dispute acknowledgment;
  • Annex “E” – Screenshot of messages;
  • Annex “F” – Platform report confirmation.

XXXVII. Coordination Between Cybercrime and Privacy Remedies

A cybercrime complaint and a data privacy complaint are not necessarily substitutes. They may serve different purposes.

A cybercrime report focuses on criminal investigation and possible prosecution. A data privacy complaint focuses on unlawful processing, breach, failure to protect data, or failure to honor data subject rights.

For example:

  • If a scammer used stolen ID to obtain a loan, law enforcement may investigate identity theft and fraud.
  • If a lending app unlawfully accessed contacts and harassed third parties, the NPC may address privacy violations.
  • If a company leaked customer data, the NPC may investigate the data controller, while law enforcement may investigate criminals who exploited the leak.

Victims should choose remedies based on objectives: prosecution, takedown, correction, compensation, regulatory action, account recovery, or prevention of further misuse.

XXXVIII. Cybercrime Involving Artificial Intelligence and Deepfakes

Identity theft may involve AI-generated images, voice cloning, deepfake videos, or manipulated documents. While Philippine law may not always use the term “deepfake” in every statute, existing laws may still apply depending on the conduct.

Potential legal issues include:

  • Identity theft;
  • Fraud;
  • Defamation;
  • Threats or extortion;
  • Data privacy violations;
  • Unauthorized use of images or likeness;
  • Gender-based online sexual harassment;
  • Child protection violations, if minors are involved.

Victims should preserve the media file, URL, upload details, messages, and evidence showing why the content is fake or unauthorized.

XXXIX. Cybercrime Against Public Officials, Professionals, and Businesses

Public figures, lawyers, doctors, teachers, accountants, content creators, and business owners are common targets of impersonation. Fake accounts may solicit money, promote scams, or damage reputations.

Additional steps may include:

  • Public advisory through verified channels;
  • Notice to clients or patients;
  • Notice to professional regulator or association;
  • Trademark or business name enforcement;
  • Domain takedown request;
  • Coordination with PR, legal, and IT teams.

Care should be taken not to publish sensitive evidence or personal data while warning the public.

XL. Preventive Measures

Victims and the public should adopt preventive practices:

  1. Use unique passwords;
  2. Enable multi-factor authentication;
  3. Avoid sharing OTPs;
  4. Verify links before logging in;
  5. Use official apps and websites only;
  6. Limit uploading IDs;
  7. Watermark ID copies when submitted;
  8. Avoid public posting of personal documents;
  9. Keep SIM and email recovery details updated;
  10. Monitor bank and e-wallet transactions;
  11. Review privacy settings;
  12. Revoke unused app permissions;
  13. Secure devices with PINs or biometrics;
  14. Update software regularly;
  15. Be cautious with public Wi-Fi;
  16. Avoid installing unknown APKs or apps;
  17. Educate family members, employees, and household members;
  18. Keep copies of reports and case numbers.

When submitting ID copies, a watermark may state: “Submitted to [institution] for [purpose] on [date].” This may discourage reuse.

XLI. Frequently Asked Legal Questions

1. Can I report cybercrime even if I do not know the suspect?

Yes. Many cybercrime reports begin with an unknown suspect. Investigators may attempt to identify the offender through accounts, phone numbers, financial trails, IP logs, device identifiers, and platform records.

2. Is a screenshot enough?

A screenshot is helpful but may not be enough by itself. Preserve original emails, links, transaction records, account data, and device logs. Written confirmations from banks, telcos, or platforms can strengthen the case.

3. Should I delete the fake account or messages?

A victim usually cannot delete a fake account unless they control it. For messages or posts within the victim’s control, evidence should be preserved before deletion. Deleting too early may weaken proof.

4. Should I post about the scammer online?

Victims may warn others, but public accusations should be made carefully. Posting unverified accusations can create legal risks, including defamation issues. A factual advisory is safer than speculative accusations.

5. Can I refuse to pay a loan made using my identity?

A victim may dispute a loan they did not authorize. The dispute should be made in writing with supporting evidence. The victim should ask the lender to suspend collection and provide proof of application, verification, and disbursement.

6. What if collectors keep harassing me?

Preserve all messages and call logs. Send a written dispute. Report threats, harassment, or misuse of contacts to the proper authorities or regulators. If personal data is misused, consider a data privacy complaint.

7. Can I recover stolen money?

Recovery depends on speed of reporting, destination of funds, provider rules, available evidence, and whether funds can be frozen or reversed. Immediate reporting increases the chance of recovery.

8. Do I need a lawyer?

A lawyer is not always required to make an initial report, but legal assistance is useful for affidavits, prosecutor filings, complex evidence, large losses, cyberlibel, business compromise, or privacy complaints.

9. Can I file both with PNP/NBI and the NPC?

Yes, if the facts justify both. Cybercrime investigation and data privacy remedies address different legal concerns.

10. What if my ID was used to register a SIM?

Report to the telco, request investigation and correction, preserve any notices or evidence, and consider filing a cybercrime report if the SIM was used for fraud or other unlawful acts.

XLII. Model Incident Chronology

A victim may prepare a chronology like this:

Date and Time Event Evidence
May 1, 2026, 9:00 AM Received login alert from unknown device Screenshot Annex A
May 1, 2026, 9:15 AM Could not access email account Screenshot Annex B
May 1, 2026, 10:00 AM Bank notified of unauthorized transfer Bank case no. Annex C
May 1, 2026, 11:30 AM Friends received messages from fake account Screenshots Annex D
May 2, 2026 Reported to platform Platform report Annex E
May 3, 2026 Filed cybercrime report Report Annex F

A precise chronology helps investigators and institutions understand the incident.

XLIII. Model Written Dispute to a Bank, E-Wallet, or Lender

Subject: Unauthorized Transaction / Identity Theft Dispute

I am writing to formally dispute the transaction/account/loan described below, which I did not authorize.

Name: [Name] Account / Reference No.: [Number] Date of Incident: [Date] Amount: [Amount] Transaction / Account Details: [Details]

I discovered the unauthorized activity on [date]. I did not initiate, approve, benefit from, or authorize the transaction/account/loan. I believe my personal information and/or account credentials may have been compromised.

I request that your office:

  1. Immediately block or secure the affected account;
  2. Investigate the unauthorized activity;
  3. Preserve all relevant records, including device, IP, account, verification, and transaction logs;
  4. Suspend collection or adverse action while the dispute is pending;
  5. Correct or annotate your records to reflect that this matter is disputed as identity theft;
  6. Provide written acknowledgment and a case/reference number.

Attached are copies of my identification, screenshots, transaction records, and reports.

Respectfully, [Name] [Date]

XLIV. Model Notice to Contacts After Impersonation

A victim may send a factual warning:

Please be informed that a fake account or unauthorized person may be using my name, photo, or contact details. Do not send money, codes, documents, or personal information to any account claiming to be me unless verified through my official number or email. I have already reported the matter to the relevant platform and authorities.

This avoids unnecessary accusations while protecting others.

XLV. Conclusion

Reporting cybercrime and updating identity theft records in the Philippines requires both legal action and practical record correction. The victim should secure accounts, preserve evidence, report quickly to banks, telcos, platforms, and cybercrime authorities, and create a consistent paper trail. Where personal data is misused, data privacy remedies may supplement criminal complaints. Where financial accounts, SIM registrations, loans, or government IDs are affected, the victim should request written correction, blocking, annotation, or investigation from each institution involved.

The most important principles are speed, documentation, accuracy, and consistency. A victim who acts promptly, preserves evidence carefully, and updates records across affected institutions is in a stronger position to prevent further misuse, dispute false liabilities, support investigation, and restore the integrity of their identity records.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login