How to Report Cybercrime in the Philippines

I. Introduction

Cybercrime has become one of the most common forms of criminal activity in the Philippines. It affects individuals, businesses, government agencies, schools, banks, online sellers, professionals, minors, and ordinary internet users. Because many Filipinos use social media, mobile banking, online shopping platforms, e-wallets, messaging apps, and digital payment systems daily, cybercrime now often appears in ordinary situations: a hacked Facebook account, a fake GCash transaction, an online scam, a defamatory post, identity theft, phishing, sextortion, unauthorized access to private photos, or the use of fake accounts to deceive or harass another person.

In the Philippine legal context, reporting cybercrime is not merely a technical matter. It involves criminal law, evidence law, data privacy, electronic evidence, jurisdiction, law enforcement procedure, and sometimes civil or administrative remedies. A victim must know where to report, what evidence to preserve, what laws may apply, and what government agencies may act on the complaint.

This article explains how cybercrime is reported in the Philippines, the relevant laws, the institutions involved, the evidence usually required, the legal procedure, and the practical considerations victims should know.

II. Main Laws Governing Cybercrime in the Philippines

A. Cybercrime Prevention Act of 2012

The principal law is Republic Act No. 10175, also known as the Cybercrime Prevention Act of 2012. This law punishes offenses committed through or involving computer systems, internet communications, and information and communications technology.

It covers both purely cyber offenses and ordinary crimes committed through digital means.

B. Revised Penal Code

The Revised Penal Code remains important because many cyber-related acts are traditional crimes committed online. For example, fraud, threats, libel, unjust vexation, grave coercion, and identity-related deception may involve acts punishable under the Revised Penal Code, with the internet or electronic communications serving as the medium.

C. Rules on Electronic Evidence

The Rules on Electronic Evidence govern the admissibility and authentication of electronic documents, screenshots, emails, messages, digital records, metadata, and other electronic materials in Philippine proceedings.

D. Data Privacy Act of 2012

The Data Privacy Act of 2012, or Republic Act No. 10173, may apply when personal information is unlawfully collected, processed, disclosed, sold, or used. Complaints involving unauthorized disclosure of personal data, misuse of identity documents, leaks of private information, and certain doxxing-related conduct may raise data privacy issues.

E. Anti-Photo and Video Voyeurism Act

Republic Act No. 9995, or the Anti-Photo and Video Voyeurism Act of 2009, applies when intimate images or videos are taken, copied, reproduced, shared, published, sold, or distributed without consent.

F. Safe Spaces Act

Republic Act No. 11313, or the Safe Spaces Act, may apply to gender-based online sexual harassment, including misogynistic, homophobic, transphobic, sexist, or sexually harassing online conduct.

G. Anti-Child Pornography Act and Special Protection Laws for Minors

When the victim is a minor, additional laws may apply, including the Anti-Child Pornography Act, child protection laws, trafficking laws, and special rules involving online sexual abuse or exploitation of children.

H. E-Commerce Act

The Electronic Commerce Act, or Republic Act No. 8792, recognizes the legal effect of electronic documents, electronic signatures, and electronic transactions. It is relevant in proving online communications, digital contracts, online sales, and electronic records.

III. What Acts May Constitute Cybercrime?

Under Philippine law, cybercrime may include a wide range of acts. Some are expressly listed in the Cybercrime Prevention Act, while others are traditional crimes committed using a computer system or the internet.

A. Offenses Against Confidentiality, Integrity, and Availability of Computer Data and Systems

These include:

  1. Illegal access Unauthorized access to a computer system, account, device, server, database, cloud storage, social media account, or email account.

  2. Illegal interception Unauthorized interception of computer data, communications, or transmissions.

  3. Data interference Unauthorized alteration, damaging, deletion, deterioration, or suppression of computer data.

  4. System interference Serious hindering or interference with the functioning of a computer or computer network.

  5. Misuse of devices Use, production, sale, procurement, importation, distribution, or possession of tools, programs, passwords, access codes, or similar data intended for committing cyber offenses.

  6. Cyber-squatting Registration or acquisition of a domain name in bad faith, usually to profit from another person’s trademark, name, business name, or reputation.

B. Computer-Related Offenses

These include:

  1. Computer-related forgery Inputting, altering, or deleting computer data resulting in inauthentic data with legal effect.

  2. Computer-related fraud Unauthorized input, alteration, deletion, or suppression of computer data, or interference with a computer system, causing damage or deception.

  3. Computer-related identity theft Unauthorized acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another person.

C. Content-Related Offenses

These include:

  1. Cybersex Wilful engagement, maintenance, control, or operation of sexual activity or exhibition through a computer system for favor or consideration.

  2. Child pornography and online sexual exploitation of children Production, distribution, transmission, possession, or facilitation of child sexual abuse materials or exploitative content involving minors.

  3. Unsolicited commercial communications Certain forms of spam or unsolicited commercial communications may be covered, subject to exceptions.

  4. Cyberlibel Libel committed through a computer system or similar means. This includes defamatory statements published online, such as through social media posts, blogs, comments, online articles, videos, or other digital publications.

D. Other Crimes Committed Through ICT

The Cybercrime Prevention Act also covers crimes already punishable under the Revised Penal Code or special laws when committed through or with the use of information and communications technology. This means ordinary crimes may carry cybercrime implications when done online.

Examples include:

  1. Online scams
  2. Investment fraud through social media
  3. Phishing
  4. Romance scams
  5. Sextortion
  6. Online threats
  7. Online harassment
  8. Fake account impersonation
  9. Online blackmail
  10. Unauthorized disclosure of private photos or messages
  11. Selling fake goods online
  12. Fake job recruitment scams
  13. Fake loan app harassment
  14. Unauthorized bank or e-wallet transactions
  15. Business email compromise
  16. Hacking of business accounts
  17. Ransomware attacks
  18. Doxxing
  19. Online stalking
  20. Digital extortion

IV. Where to Report Cybercrime in the Philippines

A victim may report cybercrime to several agencies, depending on the nature of the offense.

A. Philippine National Police Anti-Cybercrime Group

The Philippine National Police Anti-Cybercrime Group, commonly known as PNP-ACG, is one of the primary law enforcement agencies handling cybercrime complaints.

Victims may report to the PNP-ACG for cases involving:

  1. Hacking
  2. Online scams
  3. Identity theft
  4. Cyberlibel
  5. Online threats
  6. Sextortion
  7. Phishing
  8. Unauthorized account access
  9. Online fraud
  10. Fake online sellers
  11. E-wallet or bank-related cyber incidents
  12. Harassment through digital platforms
  13. Computer-related offenses
  14. Illegal use of private images or videos
  15. Other offenses involving computer systems or online platforms

Reports may be made at the PNP-ACG headquarters, regional anti-cybercrime units, or police stations that can refer the matter to the cybercrime unit.

B. National Bureau of Investigation Cybercrime Division

The National Bureau of Investigation Cybercrime Division, or NBI-CCD, also investigates cybercrime. Many victims report to the NBI because it has specialized cybercrime investigators and digital forensic capability.

The NBI may handle cases involving:

  1. Online fraud
  2. Cyberlibel
  3. Identity theft
  4. Hacking
  5. Online extortion
  6. Online sexual exploitation
  7. Data breach complaints
  8. Business email compromise
  9. Digital financial fraud
  10. Large-scale online scams
  11. Cases requiring digital forensics

C. Local Police Station

A victim may also begin by reporting to a local police station, especially in urgent cases involving threats, extortion, stalking, harassment, violence, or risk to safety. The local police may prepare a blotter entry and refer the case to the proper cybercrime unit.

A police blotter is not, by itself, a criminal case. It is an official record of the incident. It may help establish that the victim promptly reported the matter.

D. Prosecutor’s Office

A victim may file a criminal complaint directly with the Office of the City Prosecutor or Office of the Provincial Prosecutor, depending on the place where the offense was committed, where the victim resides, where the offender may be found, or where jurisdiction may properly lie.

For cybercrime complaints, law enforcement investigation is often useful before filing with the prosecutor, especially when the suspect must still be identified. However, direct filing may be possible when the identity of the offender is known and evidence is already available.

E. National Privacy Commission

The National Privacy Commission, or NPC, is the proper agency for complaints involving violations of the Data Privacy Act.

A complaint to the NPC may be relevant where there is:

  1. Unauthorized disclosure of personal information
  2. Data breach involving personal data
  3. Unauthorized processing of sensitive personal information
  4. Misuse of identity documents
  5. Unauthorized sharing of private records
  6. Unlawful exposure of personal information by a company, school, employer, app, lender, online seller, or organization
  7. Failure of a personal information controller to protect personal data

Not every cybercrime is a data privacy case. For example, a hacked social media account may be a cybercrime complaint with the PNP or NBI, while a company’s negligent exposure of customer records may be a data privacy matter with the NPC. Some cases may involve both.

F. Department of Justice Office of Cybercrime

The Department of Justice Office of Cybercrime, or DOJ-OOC, has a coordinating and policy role under the Cybercrime Prevention Act. It is involved in cybercrime-related legal cooperation, preservation requests, cybercrime policy, and coordination with law enforcement and international counterparts.

Ordinary complainants often report first to the PNP-ACG or NBI-CCD, but the DOJ-OOC is part of the broader cybercrime enforcement framework.

G. Bangko Sentral ng Pilipinas and Financial Institutions

For cyber incidents involving banks, e-wallets, remittance platforms, credit cards, debit cards, online transfers, or unauthorized financial transactions, the victim should immediately notify the bank or financial institution.

Examples include:

  1. Unauthorized GCash, Maya, or online banking transfers
  2. Credit card fraud
  3. ATM-related account compromise
  4. Phishing leading to bank account loss
  5. SIM-related account takeover
  6. Unauthorized loans or financial accounts opened using stolen identity

The victim should ask the bank or e-wallet provider to freeze suspicious transactions, block compromised accounts, issue a formal incident report, and preserve transaction logs.

Regulatory complaints may also be brought to the appropriate financial regulator when the issue involves the conduct of a regulated financial institution.

H. Social Media Platforms and Online Marketplaces

A report to law enforcement should often be accompanied by a report to the platform involved.

For example:

  1. Facebook, Instagram, TikTok, X, YouTube, Telegram, or messaging apps for impersonation, harassment, hacked accounts, or harmful content
  2. Shopee, Lazada, Carousell, or other marketplaces for fake sellers or fraudulent transactions
  3. Banks, e-wallets, or payment platforms for fraudulent transfers
  4. Domain registrars or hosting providers for phishing websites
  5. Email providers for hacked accounts or phishing messages

Reporting to the platform may help preserve records, suspend fraudulent accounts, take down content, and prevent further harm. However, platform reporting does not replace reporting to Philippine law enforcement.

V. Immediate Steps Before Filing a Cybercrime Report

The first few hours after discovering a cybercrime matter can be crucial. Victims should preserve evidence carefully and avoid actions that may destroy digital traces.

A. Preserve Evidence Immediately

Evidence should be preserved before blocking, deleting, replying, or confronting the suspect.

Useful evidence may include:

  1. Screenshots of posts, messages, profiles, comments, emails, transaction confirmations, account names, usernames, URLs, and timestamps
  2. Screen recordings showing the account, conversation, or fraudulent page
  3. Full URLs of social media profiles, websites, marketplace listings, and posts
  4. Email headers, not merely screenshots of emails
  5. Chat logs and exported conversations
  6. Transaction receipts
  7. Bank or e-wallet reference numbers
  8. Contact numbers used by the suspect
  9. Names, aliases, usernames, and account handles
  10. Photos, videos, or documents sent by the suspect
  11. IP logs or login alerts, where available
  12. Device notifications of suspicious logins
  13. Courier details for online shopping scams
  14. Shipping labels, tracking numbers, and delivery records
  15. Proof of payment
  16. Links to fake websites or phishing pages
  17. Calls, if lawfully recorded or documented
  18. Copies of demand messages in extortion cases

Screenshots should show the date, time, username, profile link, and full context as much as possible. A screenshot of a single message may be less useful than a complete thread showing who sent it, when it was sent, and how it relates to the offense.

B. Do Not Delete the Conversation

Deleting the conversation can weaken the case. Law enforcement may need to examine the original thread, account, or device.

Victims should avoid:

  1. Deleting messages
  2. Deleting the app
  3. Formatting the phone
  4. Resetting accounts before preserving evidence
  5. Removing the suspect’s profile from view before capturing identifying details
  6. Editing screenshots
  7. Cropping out timestamps or URLs
  8. Sending altered files to investigators

C. Secure Accounts

After evidence is preserved, the victim should secure compromised accounts.

Steps may include:

  1. Change passwords
  2. Enable two-factor authentication
  3. Log out of all devices
  4. Check account recovery email and phone number
  5. Review linked devices
  6. Revoke suspicious third-party app access
  7. Check forwarding rules in email accounts
  8. Notify contacts not to transact with the compromised account
  9. Freeze bank or e-wallet accounts, if necessary
  10. Report the hacked account to the platform

D. Report Financial Loss Immediately

In financial cybercrime, speed matters. The victim should contact the bank, e-wallet, credit card issuer, remittance service, or payment platform as soon as possible.

The victim should request:

  1. Blocking or freezing of the account
  2. Reversal or hold of suspicious transactions, where possible
  3. Investigation of the recipient account
  4. Preservation of transaction logs
  5. Written confirmation of the report
  6. Case or ticket number
  7. Copy of transaction history
  8. Details needed for law enforcement reporting

E. Do Not Negotiate Recklessly with Extortionists

In sextortion, blackmail, ransomware, or online threats, victims often panic. They may be tempted to pay the offender. Payment does not guarantee that the offender will stop. It may encourage further demands.

Victims should preserve the demand messages, payment instructions, wallet addresses, bank details, phone numbers, and usernames, then report immediately.

VI. Documents Usually Needed to Report Cybercrime

Requirements may vary by agency and case type, but a complainant should generally prepare the following:

  1. Valid government-issued ID
  2. Written narrative or complaint-affidavit
  3. Screenshots and printed copies of evidence
  4. Soft copies of digital evidence in a USB drive or other storage device
  5. URLs, usernames, account links, email addresses, and contact numbers
  6. Proof of ownership of hacked accounts, where applicable
  7. Proof of payment or financial loss
  8. Bank statements, e-wallet transaction history, or payment receipts
  9. Demand messages, threats, or extortion communications
  10. Witness affidavits, where available
  11. Barangay blotter or police blotter, if previously made
  12. Platform reports or ticket numbers
  13. Device used in the incident, when forensic examination is needed
  14. Company authorization, board resolution, or secretary’s certificate, if the complainant is a corporation
  15. Special power of attorney, if someone reports on behalf of the victim

For minors, the report should generally be made by a parent, guardian, social worker, school authority, or authorized representative, depending on the circumstances and urgency.

VII. How to File a Cybercrime Report

Step 1: Identify the Nature of the Offense

The victim should identify the main problem:

  1. Was money taken?
  2. Was an account hacked?
  3. Was someone impersonated?
  4. Was private information disclosed?
  5. Was there defamation?
  6. Was there a threat?
  7. Was there sexual exploitation or sextortion?
  8. Was a child involved?
  9. Was a company system compromised?
  10. Was there unauthorized access to data or accounts?

The classification affects where to report and what evidence is needed.

Step 2: Preserve and Organize Evidence

Evidence should be organized chronologically. It is helpful to prepare a folder containing:

  1. Timeline of events
  2. Screenshots labeled by date and time
  3. Links and URLs
  4. Transaction records
  5. Names and contact details
  6. Platform ticket numbers
  7. Copies of IDs and relevant documents
  8. A brief explanation of each file

A clear timeline helps investigators and prosecutors understand the case quickly.

Step 3: Go to the Proper Agency

The victim may file with:

  1. PNP Anti-Cybercrime Group
  2. NBI Cybercrime Division
  3. Local police station for urgent matters
  4. Prosecutor’s office, when ready for preliminary investigation
  5. National Privacy Commission, for data privacy issues
  6. Financial institution or platform, for preservation and internal investigation

For serious cases involving immediate danger, threats, extortion, minors, or ongoing financial loss, the victim should report urgently to law enforcement.

Step 4: Execute a Complaint-Affidavit

A complaint-affidavit is usually required in criminal complaints. It contains the facts of the case under oath.

It should state:

  1. Full name and address of the complainant
  2. Identity of the respondent, if known
  3. Description of the incident
  4. Dates and times of relevant events
  5. The online platform or system used
  6. How the complainant discovered the offense
  7. Damage suffered
  8. Evidence attached
  9. Request for investigation or prosecution
  10. Verification under oath

The affidavit should be truthful, specific, and supported by evidence. False statements may expose the complainant to legal liability.

Step 5: Submit Evidence for Evaluation

Law enforcement may evaluate the evidence and determine whether further investigation, digital forensic examination, coordination with platforms, or identification of the suspect is needed.

In some cases, investigators may request:

  1. Original device
  2. SIM card
  3. Email header
  4. Account login history
  5. Certification from bank or e-wallet provider
  6. Platform data preservation
  7. Additional witnesses
  8. Clarificatory affidavit

Step 6: Investigation

Law enforcement may conduct cyber investigation, which may include:

  1. Tracing accounts
  2. Requesting subscriber information through lawful means
  3. Coordinating with service providers
  4. Conducting digital forensic examination
  5. Preserving computer data
  6. Applying for warrants, when necessary
  7. Identifying suspects
  8. Preparing referral to the prosecutor

Step 7: Preliminary Investigation

For offenses requiring preliminary investigation, the complaint may be filed with the prosecutor. The respondent may be required to file a counter-affidavit. The prosecutor will determine whether probable cause exists.

If probable cause is found, an information may be filed in court.

Step 8: Court Proceedings

Once filed in court, the case proceeds under criminal procedure. Electronic evidence must be properly identified, authenticated, and presented.

The prosecution must prove guilt beyond reasonable doubt.

VIII. Cybercrime Evidence: What Makes It Strong?

Cybercrime cases often depend heavily on electronic evidence. The quality of evidence affects whether the case can proceed.

A. Screenshots Alone May Not Always Be Enough

Screenshots are useful, but they may be challenged because they can be edited or fabricated. Stronger evidence includes:

  1. Screenshots with full context
  2. Original device containing the messages
  3. URLs and timestamps
  4. Exported conversation files
  5. Email headers
  6. Platform account details
  7. Transaction records from official sources
  8. Certifications from banks, platforms, or service providers
  9. Witness testimony
  10. Digital forensic reports

B. Authentication Is Important

Electronic evidence must be authenticated. The person presenting it should be able to explain:

  1. How it was obtained
  2. When it was obtained
  3. From what device or account
  4. Whether it is a faithful reproduction
  5. Whether the account or communication belongs to the person alleged
  6. Whether there were changes, edits, or alterations

C. Chain of Custody May Matter

For devices, drives, phones, or forensic images, chain of custody may become important. This is especially true in hacking, malware, child exploitation, ransomware, and corporate data breach cases.

The device should be handled carefully. Unauthorized tampering may affect the evidentiary value.

D. Preserve Metadata When Possible

Metadata can show dates, times, file origins, sender details, and technical information. Cropping screenshots, converting files repeatedly, or forwarding images through messaging apps may strip metadata.

Whenever possible, preserve original files and not merely screenshots.

IX. Common Cybercrime Scenarios and How to Report Them

A. Online Scam or Fraud

Online scams include fake sellers, fake investment schemes, fake job offers, romance scams, fake loans, phishing, fake delivery notices, and fraudulent payment requests.

Evidence to gather:

  1. Conversation with the scammer
  2. Seller profile or account link
  3. Advertisement or listing
  4. Proof of payment
  5. Bank or e-wallet recipient details
  6. Shipping or courier information
  7. Contact numbers
  8. Receipts and reference numbers
  9. Screenshots of promises or representations
  10. Other victims, if known

Where to report:

  1. PNP-ACG
  2. NBI-CCD
  3. Bank or e-wallet provider
  4. Online marketplace or platform
  5. Prosecutor’s office, when the suspect is known

B. Hacked Social Media Account

A hacked account may involve illegal access, identity theft, fraud, or harassment.

Evidence to gather:

  1. Proof of ownership of the account
  2. Email alerts of suspicious login
  3. Screenshots of unauthorized posts or messages
  4. Messages sent by the hacker
  5. Reports from contacts who received scam messages
  6. Account URL
  7. Phone number or email linked to the account
  8. Date and time of loss of access

Where to report:

  1. Platform support
  2. PNP-ACG
  3. NBI-CCD
  4. Bank or e-wallet provider, if money was solicited using the hacked account

C. Cyberlibel

Cyberlibel involves defamatory statements made online. The statement must generally identify a person, be published to others, be defamatory, and be made with the required legal elements of libel.

Evidence to gather:

  1. Full screenshot of the post or comment
  2. URL of the post
  3. Name and profile link of the poster
  4. Date and time of publication
  5. Proof that others saw it
  6. Screenshots of reactions, shares, or comments
  7. Explanation of why the statement is false and defamatory
  8. Proof of damage, where available

Where to report:

  1. PNP-ACG
  2. NBI-CCD
  3. Prosecutor’s office

Cyberlibel cases require careful legal evaluation because issues of free speech, opinion, truth, privileged communication, public figures, and malice may arise.

D. Online Threats and Harassment

Threats made through messages, posts, emails, or calls may be punishable depending on the nature and seriousness of the threat.

Evidence to gather:

  1. Complete conversation
  2. Account profile of the sender
  3. Date and time of threats
  4. Any prior history of conflict
  5. Voice recordings or call logs, where lawfully obtained
  6. Witnesses who saw the threats
  7. Safety concerns or actual harm suffered

Where to report:

  1. Local police station, especially for urgent safety risks
  2. PNP-ACG
  3. NBI-CCD
  4. Barangay or court remedies, depending on the case
  5. Prosecutor’s office

E. Sextortion

Sextortion involves threats to publish intimate photos or videos unless the victim pays money, sends more images, performs acts, or obeys demands.

Evidence to gather:

  1. Threat messages
  2. Account profile of the offender
  3. Intimate image or video reference, without unnecessarily spreading it
  4. Payment demands
  5. Bank, e-wallet, crypto wallet, or remittance details
  6. Contact numbers
  7. Links where content was posted, if already uploaded
  8. Full timeline

Where to report:

  1. PNP-ACG
  2. NBI-CCD
  3. Local police if urgent
  4. Platform for takedown
  5. Women and Children Protection Desk, especially where minors or sexual abuse are involved

Victims should not be blamed for being targeted. The offender’s threats, coercion, and unauthorized use of intimate content may be criminal.

F. Unauthorized Posting of Intimate Images

This may violate the Anti-Photo and Video Voyeurism Act, the Cybercrime Prevention Act, Safe Spaces Act, or other laws depending on the facts.

Evidence to gather:

  1. Screenshot of the post
  2. URL or platform link
  3. Identity or account of uploader
  4. Date and time of posting
  5. Proof of lack of consent
  6. Prior conversations with the uploader
  7. Evidence of threats or coercion
  8. Takedown reports to platforms

Where to report:

  1. PNP-ACG
  2. NBI-CCD
  3. Platform for takedown
  4. Prosecutor’s office
  5. Local police for urgent protection

G. Identity Theft and Impersonation

Identity theft may involve fake accounts, use of another person’s name or photo, unauthorized use of IDs, fake loan applications, fake job applications, or fraudulent transactions.

Evidence to gather:

  1. Fake account link
  2. Screenshots of impersonation
  3. Use of photos, name, signature, or ID
  4. Fraudulent transactions
  5. Messages sent using the fake identity
  6. Witnesses who were deceived
  7. Proof of actual identity of victim
  8. Reports from third parties affected

Where to report:

  1. PNP-ACG
  2. NBI-CCD
  3. National Privacy Commission, if personal data was misused
  4. Financial institution, if accounts or loans were involved
  5. Platform for takedown

H. Data Breach or Unauthorized Disclosure of Personal Data

This may involve companies, schools, employers, apps, online lenders, hospitals, clinics, organizations, or government offices.

Evidence to gather:

  1. Copy or screenshot of the exposed personal information
  2. Source of exposure
  3. Notice from the organization, if any
  4. Harm suffered
  5. Communications with the organization
  6. Proof of identity
  7. Evidence of misuse of the data

Where to report:

  1. National Privacy Commission
  2. PNP-ACG or NBI-CCD, if criminal acts are involved
  3. The organization’s data protection officer
  4. Sector regulator, where applicable

I. Online Lending App Harassment

Some online lending apps may misuse contacts, shame borrowers, send threats, disclose debts, or harass third parties.

Evidence to gather:

  1. Threatening messages
  2. Screenshots sent to contacts
  3. Names of lending app and agents
  4. Loan documents
  5. Proof of disclosure to third parties
  6. Call logs
  7. Contact numbers used
  8. Privacy policy and app permissions, if available

Where to report:

  1. National Privacy Commission
  2. PNP-ACG or NBI-CCD for threats or cyber harassment
  3. Securities and Exchange Commission, where the lending company is involved
  4. Other financial regulators, depending on the entity

J. Business Email Compromise

Business email compromise involves fraud through compromised or spoofed business emails, often resulting in payment diversion.

Evidence to gather:

  1. Full email headers
  2. Original email files
  3. Invoices
  4. Bank instructions
  5. Payment records
  6. Internal approval trail
  7. Vendor communications
  8. Login records
  9. IT incident report
  10. Bank recall request

Where to report:

  1. NBI-CCD
  2. PNP-ACG
  3. Bank or financial institution
  4. Company counsel
  5. Cybersecurity provider
  6. Data protection officer, if personal data was affected

X. Cybercrime Involving Minors

Cybercrime involving minors must be treated with special urgency and care.

Cases may include:

  1. Online sexual exploitation
  2. Grooming
  3. Sextortion of minors
  4. Child sexual abuse materials
  5. Cyberbullying
  6. Impersonation
  7. Threats
  8. Exploitation through livestreaming
  9. Coercion to send intimate photos
  10. Trafficking-related online conduct

Reports may be made to:

  1. PNP Women and Children Protection Center
  2. PNP-ACG
  3. NBI-CCD
  4. Local police Women and Children Protection Desk
  5. Department of Social Welfare and Development
  6. School authorities, where applicable
  7. Platform or app for immediate takedown

Evidence involving minors must be handled carefully. Intimate or exploitative images of minors should not be forwarded, reposted, or unnecessarily copied. The safest course is to preserve the existence of the material, document where it appears, and report immediately to authorities.

XI. Jurisdiction in Philippine Cybercrime Cases

Cybercrime jurisdiction can be complex because the offender, victim, server, platform, and evidence may be in different places or countries.

Philippine authorities may have jurisdiction when:

  1. The offender is in the Philippines
  2. The victim is in the Philippines
  3. The harmful effects occurred in the Philippines
  4. A Philippine computer system or account was affected
  5. The criminal act was partly committed in the Philippines
  6. Philippine law otherwise applies

For example, a scammer abroad who targets a Filipino victim may still be investigated, though enforcement may require international cooperation. If the suspect is outside the Philippines, law enforcement may need to coordinate through formal legal assistance channels, platform requests, or foreign counterparts.

XII. Preservation of Computer Data

Cybercrime cases often require urgent preservation of data because online platforms may delete logs or content after a certain period. Philippine authorities may issue or request preservation of computer data in accordance with law.

Preservation may involve:

  1. Account records
  2. Subscriber information
  3. Login logs
  4. IP addresses
  5. Transaction records
  6. Communications data
  7. Uploaded files
  8. Metadata
  9. Server records

Victims cannot usually compel foreign platforms directly to disclose law enforcement data. However, victims can report the matter to the platform and to Philippine authorities, who may make lawful requests where appropriate.

XIII. Search, Seizure, and Warrants in Cybercrime Cases

Law enforcement must observe constitutional rights and procedural safeguards when searching devices, seizing computers, examining accounts, or obtaining private data.

Searches of devices, accounts, servers, or private communications may require appropriate legal authority. Evidence obtained unlawfully may be challenged.

Victims should cooperate with lawful requests, but they should also understand that handing over a personal device may expose private data unrelated to the case. In sensitive cases, it may be appropriate to ask how the device will be handled, whether forensic imaging will be done, and what data will be examined.

XIV. Cybercrime and Data Privacy

A cybercrime complaint may involve personal information. Victims should avoid committing further privacy violations while gathering evidence.

For example:

  1. Do not publicly post the suspect’s personal information without legal basis.
  2. Do not share private images, even to expose wrongdoing.
  3. Do not upload sensitive evidence to public social media.
  4. Do not circulate IDs, bank details, addresses, or phone numbers unnecessarily.
  5. Do not access someone else’s account to obtain evidence.
  6. Do not hack back.

The proper method is to preserve evidence and submit it to the proper agency.

XV. The Role of Barangay Proceedings

Not all cyber-related complaints are suitable for barangay conciliation. Many criminal offenses, especially those punishable by imprisonment beyond certain thresholds or involving parties from different cities or municipalities, may be outside the barangay conciliation process.

However, some minor disputes involving online insults, neighborhood conflicts, or personal disagreements may begin at the barangay level depending on the parties, residence, and offense. Cybercrime cases involving serious offenses, unknown offenders, minors, sexual exploitation, financial fraud, hacking, or threats are usually better reported directly to law enforcement.

XVI. Civil Remedies

Apart from criminal prosecution, victims may have civil remedies.

Possible civil claims include:

  1. Damages for injury to reputation
  2. Damages for emotional distress
  3. Recovery of money lost through fraud
  4. Injunction or takedown-related relief
  5. Damages for privacy violations
  6. Damages arising from breach of contract
  7. Corporate or commercial claims arising from cyber incidents

Civil remedies may be pursued together with or separately from criminal proceedings, depending on the circumstances.

XVII. Administrative and Regulatory Remedies

Some cyber incidents involve regulated entities or professional conduct. Administrative complaints may be available against:

  1. Banks
  2. E-wallet providers
  3. Lending companies
  4. Schools
  5. Employers
  6. Government offices
  7. Telecommunications providers
  8. Data controllers
  9. Licensed professionals
  10. Corporations and online platforms operating under Philippine regulation

The appropriate regulator depends on the industry and the nature of the violation.

XVIII. Reporting Cybercrime by Businesses

Businesses face special risks because cybercrime may affect customers, employees, intellectual property, bank accounts, confidential records, trade secrets, and regulatory compliance.

When a business suffers a cyber incident, it should:

  1. Activate incident response procedures
  2. Preserve logs and affected devices
  3. Isolate compromised systems
  4. Notify bank partners, if financial fraud is involved
  5. Determine whether personal data was affected
  6. Notify the data protection officer
  7. Assess whether breach notification to the National Privacy Commission and affected data subjects is required
  8. Report criminal activity to PNP-ACG or NBI-CCD
  9. Preserve internal communications and approvals
  10. Obtain forensic assistance
  11. Review contracts, insurance, and regulatory obligations
  12. Avoid public statements that are inaccurate or premature

Businesses should document all actions taken because later proceedings may examine whether the company acted promptly and reasonably.

XIX. Common Mistakes Victims Should Avoid

Victims often weaken their cases unintentionally. Common mistakes include:

  1. Deleting messages before taking screenshots
  2. Cropping screenshots too much
  3. Failing to capture URLs
  4. Blocking the suspect before preserving profile details
  5. Publicly accusing someone without enough evidence
  6. Posting private information online
  7. Forwarding intimate images as “proof”
  8. Paying extortionists repeatedly
  9. Waiting too long before reporting financial fraud
  10. Formatting devices
  11. Failing to request bank preservation
  12. Sending edited or altered evidence
  13. Using fake accounts to entrap or harass the suspect
  14. Hacking back
  15. Failing to make a clear timeline
  16. Assuming a platform report is enough
  17. Filing in the wrong agency without preserving evidence
  18. Ignoring data privacy implications

XX. Sample Structure of a Cybercrime Complaint-Affidavit

A complaint-affidavit may follow this structure:

1. Personal Circumstances

State the complainant’s full name, age, civil status, nationality, address, and identification details.

2. Identity of Respondent

State the name, alias, username, account link, phone number, email address, or other identifying details of the offender, if known.

3. Facts of the Case

Narrate the events in chronological order.

Include:

  1. When the incident started
  2. How the complainant encountered the suspect
  3. What platform was used
  4. What the suspect said or did
  5. What loss, damage, fear, or injury resulted
  6. How the evidence was preserved
  7. Whether the matter was reported to a bank, platform, barangay, or police

4. Evidence

List and attach evidence as annexes.

Example:

  1. Annex “A” — Screenshot of respondent’s profile
  2. Annex “B” — Conversation dated March 1, 2026
  3. Annex “C” — Proof of payment
  4. Annex “D” — Bank transaction record
  5. Annex “E” — Platform report confirmation
  6. Annex “F” — Demand message
  7. Annex “G” — URL of defamatory post

5. Legal Basis

State that the acts may constitute violations of applicable laws, such as the Cybercrime Prevention Act, Revised Penal Code, Data Privacy Act, Anti-Photo and Video Voyeurism Act, Safe Spaces Act, or other relevant laws.

6. Prayer or Request

Request the agency or prosecutor to investigate and prosecute the offender.

7. Verification and Oath

The affidavit must be signed and sworn before a prosecutor, notary public, or authorized officer.

XXI. Sample Incident Timeline Format

Date and Time Event Evidence
January 5, 2026, 8:00 PM Victim received message from account “ABC Seller” offering a phone for sale Screenshot, Annex A
January 5, 2026, 8:30 PM Victim sent ₱10,000 to e-wallet number Receipt, Annex B
January 6, 2026, 9:00 AM Seller stopped replying and blocked victim Screenshot, Annex C
January 6, 2026, 10:00 AM Victim reported to e-wallet provider Ticket confirmation, Annex D
January 7, 2026, 2:00 PM Victim filed report with cybercrime unit Complaint receipt, Annex E

A timeline helps show the sequence of events and connects each factual allegation to evidence.

XXII. Special Considerations for Cyberlibel

Cyberlibel is one of the most legally sensitive cybercrime complaints. Not every offensive, insulting, or negative online statement is automatically cyberlibel.

The following issues may arise:

  1. Whether the statement identifies the complainant
  2. Whether the statement is defamatory
  3. Whether it is a statement of fact or opinion
  4. Whether the statement is true or false
  5. Whether malice is presumed or must be proven
  6. Whether the complainant is a public figure
  7. Whether the communication is privileged
  8. Whether the post was actually published
  9. Whether the accused authored, shared, reposted, or merely reacted to the content
  10. Whether the case was filed within the applicable prescriptive period

Victims considering cyberlibel complaints should preserve the post, URL, comments, shares, reactions, and evidence that third persons saw or understood the defamatory statement.

XXIII. Special Considerations for Online Scams

In online scam cases, the identity of the scammer is often hidden. The visible account may be fake, stolen, or operated by a mule. Bank accounts and e-wallets used to receive money may belong to another person, may be fraudulently opened, or may be controlled by a syndicate.

Victims should report quickly because:

  1. Funds may still be frozen or traced
  2. Recipient accounts may still contain balances
  3. Transaction logs may be preserved
  4. Similar complaints may be linked
  5. The same account may be used against other victims
  6. Law enforcement may identify patterns

Victims should also report fake sellers or accounts to the platform to prevent further victimization.

XXIV. Special Considerations for Hacking Cases

A hacking complaint should distinguish between:

  1. Loss of access due to forgotten password
  2. Unauthorized login by another person
  3. Malware infection
  4. Phishing compromise
  5. SIM swap or account recovery attack
  6. Insider access
  7. Device theft
  8. Cloud account compromise
  9. Business server compromise

The victim should preserve login alerts, IP information, suspicious email rules, account recovery changes, device history, and system logs.

In corporate cases, forensic preservation is especially important. Turning devices on and off, reinstalling systems, or deleting malware without imaging may destroy evidence.

XXV. Special Considerations for Sextortion and Intimate Images

Victims of sextortion often experience fear, shame, and urgency. Legally, the important points are:

  1. The victim’s consent to create an image does not necessarily mean consent to distribute it.
  2. Threatening to distribute intimate images may be criminal.
  3. Demanding money, sexual acts, or more images may constitute extortion or coercion.
  4. Distribution of intimate content without consent may violate special laws.
  5. If a minor is involved, the case becomes more serious and must be handled with child protection safeguards.
  6. The victim should avoid further circulating the image.
  7. Reports to platforms should be made for takedown.
  8. Reports to law enforcement should be made immediately.

XXVI. Can Anonymous Reports Be Made?

Some agencies or platforms may receive tips or reports even if the reporting person does not immediately disclose full details. However, a formal criminal complaint usually requires an identified complainant or witness willing to execute an affidavit.

Anonymous reporting may help alert authorities, especially in cases involving child exploitation, large-scale scams, or public threats, but prosecution generally requires admissible evidence and witnesses.

XXVII. Can a Representative File the Report?

A representative may assist the victim, especially when the victim is a minor, elderly, abroad, incapacitated, or otherwise unable to appear personally. However, the victim’s own affidavit may still be required if the victim has personal knowledge of the facts.

For corporations, the complaint should be filed by an authorized officer or representative, usually supported by proof of authority.

XXVIII. Reporting When the Victim Is Overseas

A Filipino victim abroad, or a foreign victim affected by a person in the Philippines, may still report to Philippine authorities when there is a sufficient Philippine connection.

The victim may prepare:

  1. Affidavit executed before a Philippine consulate, notary, or authorized officer
  2. Electronic evidence
  3. Proof of identity
  4. Proof of loss
  5. Authorization for a Philippine representative
  6. Contact details for follow-up

The case may involve jurisdictional and evidentiary issues, especially where the suspect, platform, bank, or server is in another country.

XXIX. Reporting When the Suspect Is Unknown

Many cybercrime complaints begin with an unknown suspect. The complaint may identify the suspect by username, account link, email address, phone number, bank account, e-wallet number, IP address, or other digital identifier.

The complainant may state that the true name and personal circumstances of the offender are unknown and request investigation to identify the person responsible.

XXX. What Happens After Reporting?

After a report is filed, possible outcomes include:

  1. Case evaluation
  2. Request for more evidence
  3. Digital forensic examination
  4. Issuance of preservation requests
  5. Coordination with platforms, banks, or telcos
  6. Identification of suspects
  7. Referral to prosecutor
  8. Filing of criminal complaint
  9. Preliminary investigation
  10. Dismissal for insufficient evidence
  11. Filing of information in court
  12. Arrest, where legally authorized
  13. Settlement in civil aspects, where lawful and appropriate
  14. Trial

Not every report immediately becomes a criminal case in court. Law enforcement and prosecutors must determine whether evidence supports the filing of charges.

XXXI. Time Limits and Prescription

Cybercrime complaints may be subject to prescriptive periods depending on the offense charged. The applicable period can vary based on the law violated and penalty imposed.

Victims should report promptly because:

  1. Evidence may disappear
  2. Accounts may be deleted
  3. Logs may expire
  4. Witnesses may become unavailable
  5. Financial recovery becomes harder
  6. Delay may affect credibility
  7. prescription may become an issue

Prompt reporting is particularly important in cyberlibel, online fraud, threats, hacking, and intimate image cases.

XXXII. Legal Risks in Making a Cybercrime Report

A complainant must act in good faith. False, malicious, or reckless accusations may expose the complainant to possible liability.

Risks include:

  1. Perjury, for false sworn statements
  2. Malicious prosecution, in appropriate cases
  3. Civil liability for damages
  4. Counterclaims for defamation
  5. Data privacy violations from public exposure of personal data
  6. Liability for unauthorized access if the complainant hacks or intrudes into accounts
  7. Evidence exclusion if evidence was obtained unlawfully

Victims should report facts accurately and avoid exaggeration.

XXXIII. Practical Checklist Before Going to PNP-ACG or NBI-CCD

Prepare the following:

  1. Valid ID
  2. Printed screenshots
  3. Soft copies of screenshots and files
  4. Full URLs
  5. Username and account profile links
  6. Contact numbers and email addresses used by suspect
  7. Proof of payment or financial loss
  8. Bank or e-wallet reference numbers
  9. Device used in the incident
  10. Timeline of events
  11. Draft narrative of what happened
  12. Platform report ticket number
  13. Bank report ticket number
  14. Witness names and contact details
  15. Copies of threats, demands, or defamatory posts
  16. Proof of ownership of hacked account
  17. Company authorization, for business complainants
  18. Parent or guardian documents, for minors

XXXIV. Practical Checklist for Financial Cybercrime

For unauthorized transfers, phishing, fake sellers, or online banking fraud:

  1. Call the bank or e-wallet provider immediately
  2. Request account freeze or transaction hold
  3. Ask for a case number
  4. Preserve SMS and email alerts
  5. Screenshot transaction history
  6. Save reference numbers
  7. Preserve the scammer’s messages
  8. Save recipient account details
  9. File a report with cybercrime authorities
  10. Follow up with written documentation
  11. Avoid sending more money
  12. Warn contacts if impersonation was involved

XXXV. Practical Checklist for Hacked Accounts

For hacked social media, email, or cloud accounts:

  1. Screenshot login alerts
  2. Preserve unauthorized posts or messages
  3. Recover the account through official channels
  4. Change password
  5. Enable two-factor authentication
  6. Remove unknown devices
  7. Check recovery email and phone number
  8. Notify contacts
  9. Report fraudulent messages sent through the account
  10. Report to platform
  11. Report to PNP-ACG or NBI-CCD if damage occurred
  12. Check linked financial accounts

XXXVI. Practical Checklist for Sextortion

For sextortion or intimate image threats:

  1. Do not panic-delete the conversation
  2. Screenshot threats and demands
  3. Save account links and usernames
  4. Preserve payment details demanded by offender
  5. Do not send more intimate material
  6. Report the account to the platform
  7. Report to PNP-ACG or NBI-CCD
  8. Report urgently if the victim is a minor
  9. Ask trusted persons for support
  10. Avoid reposting the intimate content as evidence
  11. Preserve links if content was uploaded
  12. Seek takedown through platform mechanisms

XXXVII. Practical Checklist for Cyberlibel

For defamatory online posts:

  1. Screenshot the full post
  2. Capture URL
  3. Capture date and time
  4. Preserve comments, shares, and reactions
  5. Identify the author or account
  6. Preserve context before the post is deleted
  7. Document how the statement refers to the complainant
  8. Document falsity and damage
  9. Avoid retaliatory defamatory posts
  10. Consult legal counsel before filing where facts are complex

XXXVIII. Important Distinctions

A. Reporting Is Not the Same as Filing a Case

A report to PNP, NBI, or a platform starts documentation or investigation. A criminal case generally proceeds through a complaint, prosecutor evaluation, and court filing.

B. A Blotter Is Not a Conviction

A blotter records an incident. It does not prove guilt.

C. A Screenshot Is Not Automatically Conclusive

Screenshots must be authenticated and supported by context.

D. A Fake Account Does Not Always Identify the Real Offender

The person shown in the profile photo may not be the person operating the account.

E. Platform Takedown Is Different from Criminal Liability

A platform may remove content for violating its rules even before a court determines criminal liability.

F. Civil Settlement Does Not Always End Criminal Liability

Some offenses may involve public interest, and settlement may not automatically terminate criminal proceedings.

XXXIX. Rights of the Complainant

A complainant generally has the right to:

  1. Report a crime
  2. Be treated with dignity
  3. Submit evidence
  4. Request investigation
  5. Receive complaint or case reference information
  6. Be informed of procedural requirements
  7. Seek protection in urgent cases
  8. Obtain counsel
  9. Pursue civil remedies
  10. Protect personal data and privacy
  11. Request lawful takedown or preservation assistance
  12. Participate in preliminary investigation when required

XL. Rights of the Accused or Respondent

The accused or respondent also has rights, including:

  1. Presumption of innocence
  2. Due process
  3. Right against unreasonable searches and seizures
  4. Right to counsel
  5. Right to be informed of accusations
  6. Right to respond in preliminary investigation
  7. Right against self-incrimination
  8. Right to challenge electronic evidence
  9. Right to confront witnesses in court
  10. Right to fair trial

Cybercrime enforcement must balance victim protection with constitutional rights.

XLI. Conclusion

Reporting cybercrime in the Philippines requires prompt action, careful preservation of evidence, and filing with the proper agency. The main agencies are the PNP Anti-Cybercrime Group and the NBI Cybercrime Division, while the National Privacy Commission handles data privacy concerns and financial institutions must be notified immediately in bank or e-wallet fraud cases.

The most important practical step is evidence preservation. Victims should save screenshots, URLs, timestamps, transaction records, account links, email headers, and full conversations before deleting, blocking, or confronting the offender. For financial fraud, banks and e-wallet providers should be notified immediately. For sextortion, child exploitation, serious threats, hacking, or ongoing harm, urgent law enforcement reporting is necessary.

Philippine cybercrime law covers hacking, identity theft, cyber fraud, cyberlibel, cybersex, child exploitation, data interference, system interference, online scams, unauthorized access, and traditional crimes committed through digital means. Depending on the facts, other laws may apply, including the Revised Penal Code, Data Privacy Act, Anti-Photo and Video Voyeurism Act, Safe Spaces Act, and child protection laws.

A cybercrime report is strongest when it is factual, organized, supported by reliable electronic evidence, and filed promptly with the correct authority.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login