If you were scammed, hacked, threatened, impersonated, or harassed online, the most important first step is to preserve evidence before it disappears. In the Philippines, you can report cybercrime online through government cybercrime reporting channels, but a formal criminal complaint will usually still require a sworn statement, identity documents, and evidence that investigators can verify. This guide explains where to report, what to prepare, what laws may apply, and what usually happens after you submit an online cybercrime report.
What Counts as Cybercrime in the Philippines?
The main law is Republic Act No. 10175, or the Cybercrime Prevention Act of 2012. It covers crimes committed against computer systems, crimes committed using computer systems, and certain content-related offenses such as cybersex and online libel. The law also covers ordinary crimes under the Revised Penal Code or special laws when they are committed by, through, or with the use of information and communications technology. (Lawphil)
Common examples include:
| Situation | Possible legal classification |
|---|---|
| Someone hacked your Facebook, Gmail, banking, or work account | Illegal access, data interference, identity theft under RA 10175 |
| A fake seller took payment and blocked you | Computer-related fraud under RA 10175; possible estafa under Article 315 of the Revised Penal Code |
| Someone used your name, photos, or ID to scam people | Computer-related identity theft under RA 10175 |
| Someone posted false accusations about you online | Cyberlibel under RA 10175 in relation to Articles 353 and 355 of the Revised Penal Code |
| Someone threatens to release intimate photos or videos | Possible cybercrime, grave threats, unjust vexation, Anti-Photo and Video Voyeurism Act, or Safe Spaces Act violation |
| A minor is being groomed, sexually exploited, or exposed in explicit material online | RA 11930, the Anti-OSAEC and Anti-CSAEM Act |
| Your personal data was leaked or misused by a company, app, school, employer, or platform | Possible Data Privacy Act issue under RA 10173, aside from any cybercrime |
Cybercrime cases often overlap with other Philippine laws. For example, online sexual harassment may fall under the Safe Spaces Act, RA 11313, which expressly covers gender-based sexual harassment committed online. Non-consensual intimate images may also fall under RA 9995, the Anti-Photo and Video Voyeurism Act of 2009. Personal data misuse may involve RA 10173, the Data Privacy Act of 2012. (Lawphil)
Where to Report Cybercrime Online in the Philippines
There is no single “one-size-fits-all” office for every cybercrime. The best channel depends on whether you need urgent police help, technical investigation, scam assistance, child protection, or data privacy enforcement.
| Reporting channel | Best for | Practical notes |
|---|---|---|
| CICC / I-ARC Hotline 1326 | Online scams, phishing, impersonation, investment scams, romance scams, text scams, cyber fraud | The Inter-Agency Response Center Hotline 1326 is described by DICT/PIA as a 24/7 central number for reporting online selling scams, phishing, impersonation, investment fraud, cybercrimes, and similar incidents. Reports may also be made through the eGovPH app. (Philippine Information Agency) |
| PNP Anti-Cybercrime Group (PNP-ACG) | Cybercrime investigation, online threats, hacking, harassment, scams, identity theft | PNP’s e-Sumbong system allows complaints through official PNP channels, while PNP-ACG handles cybercrime-related enforcement. (DILG) |
| NBI Cybercrime Division (NBI-CCD) | More complex cybercrime, fraud, hacking, digital forensic investigation, cases needing NBI investigation | NBI lists a Cybercrime Division and an official online complaint page. Its Citizen’s Charter process for computer-crime victims includes a complaint sheet, preliminary interview, sworn statements, supporting documents, and device examination when relevant. (National Bureau of Investigation) |
| National Privacy Commission (NPC) | Data breach, unauthorized processing or sharing of personal information, privacy violations by organizations | NPC receives formal privacy complaints and manages data breach reporting mechanisms. (National Privacy Commission) |
| 911 emergency hotline | Immediate danger, stalking, extortion with imminent harm, threats to life or safety | For emergencies or urgent police assistance, the national emergency hotline is 911. (DILG) |
For many victims, the practical approach is:
- Call 911 first if there is immediate danger.
- Report to CICC / 1326 if the issue is an online scam or fraud and you need quick routing.
- File with PNP-ACG or NBI-CCD if you want a criminal investigation.
- Report to your bank, e-wallet, telecom provider, or platform immediately to freeze accounts, block SIMs, preserve logs, or take down harmful content.
- File with NPC if the heart of the issue is personal data misuse or a data breach by an organization.
Step-by-Step Guide to Reporting Cybercrime Online
1. Secure your accounts and money first
Before preparing a legal complaint, stop the continuing damage.
Do these immediately:
- Change passwords for email, social media, bank, e-wallet, and cloud accounts.
- Enable two-factor authentication.
- Log out all active sessions from compromised accounts.
- Call your bank, credit card issuer, GCash, Maya, or other e-wallet provider to report unauthorized transactions.
- Ask the bank or e-wallet provider for a case number, transaction trace number, or dispute reference number.
- If your SIM was hijacked or used in a scam, report it to your telecom provider and ask for blocking or SIM replacement.
- If someone is threatening violence, stalking you offline, or demanding money under threat, treat it as urgent and call police emergency assistance.
Do not wait for the police report before contacting your financial institution. In fraud cases, delay can make tracing and freezing funds much harder.
2. Preserve evidence before reporting the account or deleting anything
Cybercrime evidence disappears quickly. Scammers delete accounts, change usernames, unsend messages, block victims, or move money through multiple wallets.
Prepare a folder containing:
- Screenshots of conversations, posts, comments, profiles, listings, payment instructions, and threats.
- Full URLs of the profile, post, marketplace listing, website, or phishing link.
- Date and time of each relevant message or transaction.
- Username, display name, account ID, phone number, email address, wallet number, bank account number, QR code, or crypto wallet address used.
- Proof of payment, receipts, reference numbers, bank statements, e-wallet transaction history, delivery tracking, and invoices.
- Screenshots showing that you were blocked, the post was deleted, or the account changed names.
- Email headers if the scam involved email.
- Device details if you were hacked, such as suspicious login notices, IP addresses shown by the platform, or security alerts.
- Names and contact details of witnesses.
For screenshots, capture the entire screen, not just cropped messages. Investigators need context: the account name, URL, date, time, profile photo, and message sequence. If possible, use screen recording to scroll through the conversation from the profile page to the messages and transaction details.
3. Write a simple incident timeline
A cybercrime report is easier to assess when the facts are chronological.
Use this format:
| Date and time | What happened | Evidence |
|---|---|---|
| March 3, 2026, 8:20 PM | Saw Facebook Marketplace listing for iPhone | Screenshot 1, listing URL |
| March 3, 2026, 8:45 PM | Seller sent GCash number and promised same-day delivery | Screenshot 2 |
| March 3, 2026, 9:00 PM | Sent ₱12,000 via GCash | Receipt 1 |
| March 4, 2026, 10:30 AM | Seller blocked me and deleted listing | Screenshot 3 |
Keep your timeline factual. Avoid insults, speculation, or long emotional explanations. Investigators need who, what, when, where, how, and how much.
4. Submit the online report to the correct channel
When submitting online, include:
- Your full name and contact details.
- Your location and whether you are in the Philippines or abroad.
- The suspect’s known details, even if incomplete.
- A short description of what happened.
- The amount lost, if any.
- The platforms used.
- The evidence file names.
- Any urgent safety concern.
- Any bank, e-wallet, platform, or telecom report number.
For scams and fraud, CICC / I-ARC Hotline 1326 may help route the report to the proper agencies. For criminal investigation, PNP-ACG or NBI-CCD are the usual law enforcement offices involved. DICT/PIA identifies CICC, DICT, NPC, and NTC as part of the I-ARC collaboration, with enforcement handled by PNP-ACG and NBI Cybercrime Division. (Philippine Information Agency)
5. Expect a follow-up, validation, or personal appearance
An online cybercrime report is usually an intake step. For a criminal case to move forward, investigators may ask you to appear, verify your identity, sign a complaint sheet, give a sworn statement, or submit your device for examination.
NBI’s Citizen’s Charter for victims of computer crimes describes a process where the complainant proceeds to the Cybercrime Division, fills out a complaint sheet, undergoes preliminary interview and initial investigation, executes sworn statements or submits affidavits, and provides supporting documents or devices relevant to the probe. The listed government fee is none for those steps. (National Bureau of Investigation)
In practice, you may still spend money on:
- Photocopying or printing evidence.
- Notarization of affidavits, if required.
- Transportation to the investigating office.
- Data recovery or device repair, if privately needed.
- Authentication or apostille of foreign documents, if the evidence or affidavit was executed abroad.
6. Ask about evidence preservation when logs may disappear
If the suspect used a phone number, social media account, IP address, email address, or payment account, investigators may need platform or service-provider records.
Under the Rule on Cybercrime Warrants, A.M. No. 17-11-03-SC, Philippine courts may issue cybercrime warrants involving preservation, disclosure, interception, search, seizure, examination, custody, and destruction of computer data.
The rule provides that traffic data and subscriber information must be preserved by a service provider for at least six months from the date of the transaction, while content data is preserved for six months from receipt of a law enforcement preservation order. Law enforcement may also seek a warrant to disclose computer data, and service providers may be required to disclose relevant data within 72 hours from receipt of the order.
This is why early reporting matters. A screenshot may prove that something happened, but subscriber data, login logs, and transaction trails may be needed to identify the person behind the account.
Documents and Evidence Usually Needed
| Requirement | Why it matters |
|---|---|
| Valid government ID or passport | Proves the complainant’s identity |
| Complaint narrative or incident timeline | Helps investigators understand the sequence |
| Screenshots with URLs, usernames, dates, and times | Shows what was posted or sent |
| Payment receipts and bank/e-wallet records | Proves financial loss and traceable accounts |
| Device used in the incident | May be needed for forensic examination |
| Platform reports or ticket numbers | Shows that the incident was reported to the platform |
| Witness statements | Useful for harassment, threats, impersonation, or group scams |
| Sworn complaint-affidavit | Often needed for formal investigation or prosecutor referral |
| Foreign affidavit or foreign records | May need notarization, consular acknowledgment, or apostille depending on where executed and where used |
For documents executed outside the Philippines, authentication can matter. The DFA’s Apostille system is used for authentication of Philippine public documents for use abroad, and foreign public documents for use in the Philippines may require apostille or consular authentication depending on the issuing country and document type. (Apostille.gov.ph)
What Happens After You Report?
Initial assessment and docketing
The agency will check whether the report falls within cybercrime, ordinary crime, data privacy, consumer protection, banking, telecommunications, or another area. A report may be referred to a different office if the issue is better handled elsewhere.
For example:
- A hacked account used for fraud may go to PNP-ACG or NBI-CCD.
- A data leak by an employer, app, school, or business may also go to NPC.
- An investment scam may involve cybercrime investigators and possibly the SEC.
- Bank or e-wallet fraud must also be reported directly to the financial institution.
Investigation and evidence gathering
Investigators may interview you, request original files, inspect your device, coordinate with platforms, or apply for cybercrime warrants. The Rule on Cybercrime Warrants also governs where cybercrime warrant applications may be filed and identifies certain cybercrime courts with nationwide authority for specific warrants.
Prosecutor review
If investigators find enough basis, the complaint may be referred for preliminary investigation before the Office of the City or Provincial Prosecutor. A prosecutor determines whether there is probable cause, meaning enough basis to charge the respondent in court.
Court filing
Cybercrime criminal actions are generally filed in the proper Regional Trial Court, including designated cybercrime courts. Venue may be where the offense or any element was committed, where any part of the computer system used is located, or where the damage occurred. (Supreme Court E-Library)
Common Mistakes That Weaken Cybercrime Reports
Deleting the conversation after taking screenshots
Do not delete the chat, email, SMS, call log, or account activity unless you need to for safety reasons. Original data is stronger than screenshots alone.
Sending only cropped screenshots
Cropped screenshots may hide the URL, username, date, or context. Provide full-screen captures and, when possible, screen recordings.
Reporting only to Facebook, TikTok, Shopee, Lazada, or the bank
Platform reports are important, but they are not the same as a Philippine criminal complaint. Use platform reporting to stop harm, then report to the proper government or law enforcement channel.
Paying sextortionists or scammers repeatedly
Paying usually does not guarantee silence or recovery. It may encourage more demands. Preserve the threats, report the account, and seek urgent help if there is risk of physical harm.
Publicly posting accusations before filing
Publicly naming a suspect online may create separate legal risk, especially if the identity is uncertain. It can also alert the suspect to delete evidence.
Waiting too long
Delay can cause loss of logs, deleted accounts, unavailable CCTV, closed bank accounts, and weaker witness memory.
Special Notes for Foreigners and Filipinos Abroad
Philippine cybercrime jurisdiction can still apply even if part of the offense happened online from another country. The RA 10175 IRR provides RTC jurisdiction over violations of the Act, including violations committed by a Filipino national regardless of place of commission, and jurisdiction may also exist if any element occurred in the Philippines, a computer system used was wholly or partly in the Philippines, or the damage was caused to a person or entity in the Philippines. (Supreme Court E-Library)
If you are abroad:
- You can prepare a detailed report and send evidence digitally first.
- Keep your passport or foreign ID ready.
- If a sworn affidavit is required, ask whether it must be notarized locally, acknowledged before a Philippine embassy or consulate, or apostilled.
- If the suspect, platform, bank, or payment processor is outside the Philippines, investigators may need international cooperation channels, mutual legal assistance, or platform cooperation.
- Expect longer timelines for cross-border evidence.
Frequently Asked Questions
Can I report cybercrime online in the Philippines?
Yes. You can begin through online or remote channels such as CICC / I-ARC Hotline 1326, the eGovPH app for certain reports, PNP e-Sumbong channels, PNP-ACG, NBI online complaint channels, or email/contact points of the relevant agency. However, a formal criminal investigation may still require a sworn statement, identity verification, and submission of evidence.
Should I report to PNP Cybercrime or NBI Cybercrime?
Both PNP-ACG and NBI-CCD handle cybercrime. For urgent police response, local threats, harassment, or cases needing immediate police coordination, PNP-ACG is commonly used. For complex fraud, hacking, forensic investigation, or cases that may require NBI resources, NBI-CCD is also appropriate. The important thing is to file with a competent cybercrime office and keep your report reference number.
Is there a fee to report cybercrime?
Government complaint intake with cybercrime law enforcement generally has no filing fee. NBI’s Citizen’s Charter for computer-crime victims lists no government fee for the complaint sheet, preliminary interview, sworn statements, and supporting-document collection steps. You may still pay outside costs such as printing, notarization, transportation, or document authentication. (National Bureau of Investigation)
What if I only know the scammer’s phone number or GCash number?
Report it anyway. Phone numbers, e-wallet numbers, QR codes, bank accounts, usernames, email addresses, links, and transaction reference numbers are all useful leads. Investigators may need warrants, preservation requests, or coordination with service providers to connect those details to a real person.
Can police trace a fake Facebook account?
Sometimes, but not from screenshots alone. Investigators may need subscriber information, login data, IP logs, device data, payment trails, or platform records. This usually requires lawful process and cooperation from platforms or service providers.
What should I do if someone is threatening to leak my private photos?
Preserve the threats, usernames, links, payment demands, and any intimate-image evidence without forwarding it unnecessarily. Report immediately to PNP-ACG, NBI-CCD, or 1326 if it is part of an online extortion scheme. If you are in immediate danger, use emergency police assistance. Depending on the facts, RA 9995, RA 11313, RA 10175, the Revised Penal Code, or other laws may apply.
Can I report cyberlibel online?
You may begin by reporting online, but cyberlibel complaints usually require careful documentation of the exact post, URL, author, publication date, identity of the complainant, defamatory meaning, and screenshots or certified copies where possible. Cyberlibel is based on RA 10175 in relation to Revised Penal Code libel provisions. The Supreme Court in Disini v. Secretary of Justice upheld the constitutionality of the cyberlibel provision, while striking down other parts of the Cybercrime Prevention Act. (Lawphil)
What if the scammer is outside the Philippines?
You can still report if you are in the Philippines, the victim is in the Philippines, the damage occurred in the Philippines, a Philippine account or system was used, or other jurisdictional links exist. Cross-border cases are usually slower because foreign platforms, banks, or law enforcement agencies may need to cooperate through lawful channels.
Can a barangay handle cybercrime?
A barangay can help with immediate local safety concerns, blotter records, or community-level intervention, but it cannot issue cybercrime warrants, compel platform records, or conduct digital forensic investigation. Serious cybercrime complaints should be brought to PNP-ACG, NBI-CCD, or the proper law enforcement office.
How long does a cybercrime investigation take?
Simple intake may happen within minutes or days, but full investigation can take weeks or months depending on the evidence, platform cooperation, service-provider records, suspect identification, prosecutor review, and whether the case is cross-border. Online scams with fast-moving funds may require urgent bank and e-wallet reporting within hours.
Key Takeaways
- Preserve evidence first: screenshots, URLs, usernames, receipts, phone numbers, emails, and transaction references.
- Use the right reporting channel: 911 for emergencies, 1326 for cyber fraud intake, PNP-ACG or NBI-CCD for investigation, and NPC for data privacy issues.
- Online reporting is usually only the start; formal cases often require sworn statements and supporting documents.
- Report financial fraud to your bank or e-wallet immediately, not only to law enforcement.
- Cybercrime evidence is time-sensitive because platform logs, subscriber records, and account data may disappear.
- Philippine cybercrime law can apply even when part of the incident happens online or abroad, depending on the offender, victim, system used, and place of damage.