How to Report Facebook Account Hacking and Cybercrime in the Philippines

How to Report Facebook Account Hacking and Cybercrime in the Philippines

This article explains, in Philippine context, the criminal and regulatory framework for Facebook account compromises and related cybercrimes, and gives a step-by-step playbook for preserving evidence, reporting to platforms and authorities, and pursuing remedies.

1) What conduct is a crime?

Several offenses under Philippine law can be implicated when a Facebook account is hacked, taken over, or used to defraud or harass:

  • Illegal access and interference. Unauthorized access to a computer system or account, alteration/deletion of data, and interference with system operations are core offenses under the Cybercrime Prevention Act of 2012 (Republic Act No. 10175).
  • Computer-related identity theft and forgery. Using another person’s credentials, profile, or digital signatures to impersonate, or altering electronic data to make it appear authentic.
  • Computer-related fraud. Deceit using information and communications technologies (ICT)—e.g., convincing contacts to send money via wallet transfers after takeover.
  • Libel/defamation via ICT. Malicious posts that injure reputation (note that penalties are typically higher when committed through ICT).
  • Child protection and sexual exploitation violations. If a compromised account is used to disseminate child sexual abuse/exploitation material, separate special laws apply and penalties are severe.
  • Data privacy violations. Processing personal data without lawful basis or implementing inadequate safeguards can trigger administrative liability under the Data Privacy Act of 2012 (RA 10173) for organizations that hold your data (e.g., businesses breached via a hijacked Page).
  • E-Commerce Act (RA 8792) and related statutes. Electronic documents and signatures have legal effect; tampering or misuse can engage other criminal/civil liabilities.
  • Revised Penal Code offenses via ICT (e.g., estafa, threats, unjust vexation) are generally penalized at a higher degree when accomplished through ICT.

Key idea: “Hacking” is not a single legal label; authorities map facts to one or more of the above offenses.

2) Who does what? (Enforcement and regulators)

  • NBI – Cybercrime Division (NBI-CCD) and PNP – Anti-Cybercrime Group (PNP-ACG) Primary law-enforcement units for investigation, digital forensics, and applying for court warrants specific to cybercrime (e.g., data preservation, disclosure, and search/seizure of electronic evidence). They coordinate with the Department of Justice – Office of Cybercrime (DOJ-OOC) and prosecutors.

  • Prosecution and courts Prosecutors evaluate complaints for probable cause. Certain trial courts are designated as Cybercrime Courts. The Supreme Court’s Rules on Cybercrime Warrants (A.M. No. 17-11-03-SC) govern preservation, disclosure, interception, and search/seizure of electronic data.

  • National Privacy Commission (NPC) Handles administrative complaints for violations of RA 10173 and oversees personal data breach notifications. It does not imprison offenders but can impose compliance orders and administrative sanctions on personal information controllers/processors.

  • Meta (Facebook) A private platform. You must still use its account-recovery and reporting channels for swift containment (password reset, 2-factor authentication, reporting impersonation, etc.). Platform actions are separate from criminal process.

3) Urgent first steps: contain the incident and preserve evidence

A. Contain

  1. Use Facebook’s compromised-account recovery tools to log out other sessions, reset your password, and turn on two-factor authentication (2FA) (prefer app-based or hardware key).
  2. Check “Active Sessions/Where You’re Logged In” and terminate unknown devices.
  3. Update your email account (new password + 2FA). If the attacker changed the Facebook login email/phone, use recovery options immediately.
  4. If a Page or Business Manager is affected, remove unknown admins and rotate ad account credentials and payment methods.

B. Preserve evidence (before anything disappears)

  • Screenshots of suspicious posts/messages, login alerts, password-change notices, and conversations asking for money. Include timestamps and visible URLs.
  • System/log details: device used, approximate time, IP notices, unusual locations.
  • Identifiers: profile URLs (yours and impostor’s), message links, post URLs, ad/account IDs.
  • Bank/e-wallet records showing transfers caused by the hack.
  • Witness statements: short narratives from contacts who received scam messages.
  • Export data: use Facebook’s “Download Your Information” to capture message threads/posts relevant to the incident.
  • Do not alter original devices more than needed—avoid “cleaners.” If possible, stop using the compromised device and keep it for potential forensic imaging.

Why this matters: The Cybercrime law provides for data preservation; investigators can lawfully compel service providers to preserve traffic/subscriber data for defined periods. Your early documentation makes those requests meaningful.

4) Report to Facebook (platform process)

  1. Compromised account: use Facebook’s “I think my account was hacked” flow to secure access.
  2. Impostor accounts: report “Pretending to be someone” and submit ID if required.
  3. Harassment/abuse: use in-app reporting on the post/message and block the offender.
  4. Payment/ads abuse: report unauthorized ad spends; request chargeback with your card issuer if applicable.

Platform action is faster for takedowns and lockouts than waiting for a criminal case. Do both.

5) File a criminal complaint (NBI-CCD or PNP-ACG)

A. Prepare your packet

  • Affidavit-Complaint (sworn) narrating:

    • your identity and contact details;
    • account ownership and security settings before the incident;
    • the compromise (when/how you noticed);
    • specific acts (e.g., password change, deleted posts, scam messages to contacts);
    • losses (money, data, reputational harm);
    • steps you took (platform report, bank actions);
    • evidence list.

  • Annexes: screenshots, file hashes (if any), bank/e-wallet statements, device details, witness affidavits, IDs.

  • Relief sought: request investigation, data preservation/disclosure orders, and filing of appropriate charges.

B. Where to go

  • NBI-Cybercrime Division or the nearest PNP-ACG regional office.
  • Some offices allow online intake or email pre-screening; in-person execution of affidavits may still be required.

C. What investigators may do

  • Lodge Preservation Orders with service providers to hold traffic/subscriber data.
  • Apply for Disclosure Orders and Warrants to Search, Seize, and Examine Computer Data (WSSECD) from Cybercrime Courts.
  • Coordinate with foreign counterparts (through DOJ-OOC, Mutual Legal Assistance) if actors or servers are offshore.
  • Conduct forensic acquisition of devices/accounts and trace flow of funds to wallets/banks for possible freezing via AMLC in fraud cases.

D. Venue and jurisdiction (practical view)

  • You may file where any essential element occurred (e.g., where you received the malicious access/where effects were felt) or where the computer system used is located. Cybercrime Courts have nationwide reach for data warrants; discuss with investigators which venue is most efficient.

6) Parallel administrative remedies (Data Privacy Act)

If a company (e.g., your employer, a school, or a merchant whose Page held your data) mishandled your personal data or suffered a breach affecting you:

  1. Complain first to the organization (the “personal information controller”), describe the incident, and request remediation.
  2. If unresolved, file a complaint with the NPC within the allowed window, attaching your initial notice and the organization’s response (or lack of it).
  3. NPC can order corrective actions, require breach notifications, and impose administrative penalties/compliance orders.

This does not replace criminal complaints against the hacker; it addresses accountability of entities that process your personal data.

7) Civil and ancillary remedies

  • Damages for pecuniary loss and moral/nominal damages (Civil Code).
  • Injunction (temporary restraining orders/preliminary injunction) to stop ongoing misuse of your likeness or business Page.
  • Writ of Habeas Data to compel deletion/correction of unlawfully obtained personal data when privacy is at stake.
  • Chargebacks/consumer protection for unauthorized card/ad charges (coordinate with issuing bank and DTI/Bank complaints units as needed).
  • Employer action if the incident affected corporate assets (internal investigation, policy enforcement).

8) Special scenarios and how to frame them legally

  • “I clicked a phishing link and they changed my password.” Focus on illegal access and computer-related identity theft. Include the phishing content (URL, sender, time) and immediate actions taken.

  • “They used my account to solicit money from my contacts.” Add computer-related fraud; annex your contacts’ affidavits and transfer receipts. Ask investigators to coordinate with AMLC for fund tracing.

  • “Someone made a fake account with my name/photos.” This is typically identity theft and may co-exist with unlawful processing of personal data. Preserve the profile URL and report it for takedown.

  • “They posted sexual images without consent.” Consider anti-voyeurism and other special laws besides cybercrime provisions. Prioritize takedown and immediate law-enforcement referral.

  • Compromised Business Page/Ads. Treat as illegal access with economic loss; preserve Ad Account IDs, billing statements, invoices, and Business Manager logs.

9) Evidence checklist (practitioner’s cut)

  • Your government ID (and if applicable, corporate authorization for a Business Page).
  • Affidavit-Complaint (notarized) + annexes.
  • Screenshots with visible URL bars, dates/times, and full screen (avoid cropped context).
  • Raw files (images/videos/HTML emails) saved in original formats; if possible, compute hash values (MD5/SHA-256).
  • Complete list of profile URLs, Message/Comment permalinks, and Ad/Business IDs.
  • Bank/e-wallet transaction histories and dispute/chargeback filings.
  • List of contacts who received scam messages, with their brief statements.
  • Device details: make/model, OS version, antivirus logs, and whether device is retained for forensics.

10) Timelines, prescription, and expectations

  • Speed matters: Data on platforms and telecoms is retained for finite periods. Early reporting increases the chance of identifying actors through IP/subscriber traces and getting fast platform takedowns.
  • Prescription/limitations: Cybercrime-related offenses generally follow the underlying felony’s prescriptive periods; some privacy/administrative filings have short windows. When in doubt, file now and let prosecutors assess.
  • International dimension: Attackers or infrastructure abroad do not bar prosecution; law enforcement can seek assistance, but cross-border steps add time.
  • Restitution: Criminal cases can include civil liability; parallel bank/chargeback processes are often the fastest path for monetary recovery.

11) How to write your Affidavit-Complaint (outline)

  1. Title/Heading: Affidavit-Complaint for Violations of RA 10175 and Related Offenses

  2. Affiant’s Identity: Name, age, citizenship, address, ID details.

  3. Jurisdiction & Venue: Brief basis (where access occurred/effects felt/where device located).

  4. Facts:

    • Ownership and regular use of the Facebook account/Page;
    • Timeline of compromise (discovery, actions observed);
    • Specific acts of the offender (password change, posts, messages, fund solicitations);
    • Damages incurred (money, reputation, disruption);
    • Immediate mitigation steps (platform reports, password resets, bank reports).

  5. Legal basis: Identify suspected offenses (illegal access, identity theft, fraud, etc.).

  6. Evidence: Enumerate and mark annexes (A, B, C…).

  7. Prayer: Investigation, preservation/disclosure orders, filing of charges, and other just reliefs.

  8. Verification/Jurat: Signed and notarized (or administered by authorized officer).

12) Practical tips that improve outcomes

  • Name things precisely. Provide exact profile URLs and permalinks, not just screenshots.
  • Keep a log. A simple incident diary (date/time/action/result) helps investigators and counsel.
  • Secure the rest of your digital life. Update passwords and 2FA across email, cloud storage, and financial apps; review recovery emails/phones.
  • Watch for secondary fraud. Attackers reuse stolen data; place alerts with your bank and watch your credit/e-wallet activity.
  • Be cautious with “DIY tracing.” Do not dox, hack back, or publicly accuse—this endangers you and can compromise evidence.

13) When to get a lawyer

Engage counsel if there is significant financial loss, ongoing harassment, sensitive content, involvement of minors, or the case touches employment/corporate issues. Counsel can calibrate charges, craft affidavits, interface with law enforcement, and pursue civil remedies in parallel.

14) Quick reference: where to go and what to bring

  • Where: Nearest NBI-CCD or PNP-ACG office; for privacy complaints, the National Privacy Commission.
  • Bring: Government ID; printed affidavit; USB drive with e-evidence; device(s) if requested; list of URLs and transaction records.
  • Also do: Complete Facebook’s hacked/impostor reporting, reset passwords, and enable 2FA before you travel to report.

Final word

Handling a Facebook hack is a two-track job: (1) platform containment and takedown; and (2) legal action via cybercrime units (and, if applicable, NPC). Move fast on evidence, be precise in your narrative, and coordinate closely with investigators or counsel.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login