Fake immigration calls asking for your passport details, visa information, bank details, or OTP are usually part of a phishing or “vishing” scam. The safest response is simple: do not give the code, do not send passport photos, do not click links, and do not pay. This guide explains how these scams work in the Philippines, what laws may apply, where to report them, what evidence to save, and what to do if you already shared your passport details or one-time password.
What fake immigration calls usually look like
Scammers often use fear. They may say:
- “Your passport is flagged by Immigration.”
- “You have a pending deportation case.”
- “Your visa will be cancelled unless you verify now.”
- “We need your OTP to validate your passport record.”
- “You have an airport hold order.”
- “You must pay a clearance fee through GCash, Maya, bank transfer, or remittance.”
Some calls sound professional. The caller may know your name, your travel date, or part of your email address. That does not prove the call is real. Personal data can be obtained from leaked databases, social media, fake booking pages, compromised accounts, or previous scam attempts.
An OTP, or one-time password, is a temporary security code used to access your own account. It is meant to be typed by you into the official app or website you are using. It is not meant to be dictated to a stranger on the phone.
A passport number, passport scan, ACR I-Card details, visa page, address, birth date, and selfie with ID can also be used for identity theft, fake accounts, SIM registration abuse, loan or e-wallet applications, and further social-engineering attacks.
Is the call really from the Bureau of Immigration?
The Bureau of Immigration has publicly warned the public about scammers claiming to be BI employees or officials. BI also warns foreigners and the public to verify the identity and authority of persons claiming to be immigration officers; legitimate immigration enforcement operations require authorized BI personnel and properly issued mission orders signed by the Commissioner. (Bureau of Immigration Philippines)
For ordinary calls, texts, and messages, treat the following as red flags:
- The caller asks for your OTP, password, MPIN, bank login, e-wallet PIN, or authentication code.
- The caller asks you to send a passport scan through Viber, WhatsApp, Telegram, Messenger, or an unknown email address.
- The caller threatens immediate arrest, deportation, blacklisting, or airport detention unless you act within minutes.
- The caller asks for payment to a personal bank account, GCash, Maya, remittance receiver, QR code, cryptocurrency wallet, or “agent.”
- The caller refuses to let you verify through official channels.
- The link is not on an official government domain, or the page looks like a copied immigration, eTravel, or passport website.
The BI’s official contact page lists its trunkline, official email addresses, office address, and social media accounts. Use those official details to verify suspicious immigration-related calls or messages instead of calling back the number used by the scammer. (Bureau of Immigration Philippines)
Legal basis: why this can be a crime in the Philippines
A fake immigration call can involve several Philippine laws depending on what the caller did, what information was obtained, and whether money or account access was affected.
RA 10175, Cybercrime Prevention Act of 2012
Republic Act No. 10175 covers several cybercrime offenses relevant to fake immigration calls and OTP scams. These include computer-related forgery, computer-related fraud, and computer-related identity theft. Computer-related identity theft includes the intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of another person’s identifying information without right. (Supreme Court E-Library)
RA 10175 also states that the National Bureau of Investigation and the Philippine National Police are responsible for law enforcement under the law, and they must organize cybercrime units or centers to handle cybercrime cases. (Supreme Court E-Library)
This matters because a scammer who gets your OTP may not merely be “asking questions.” If the OTP is used to access your bank, e-wallet, email, SIM account, eTravel account, or other online account, the incident may become a cybercrime complaint.
RA 10173, Data Privacy Act of 2012
Republic Act No. 10173 protects personal information and sensitive personal information. Unauthorized processing, unauthorized access, unauthorized disclosure, malicious disclosure, and other misuse of personal data may carry imprisonment and fines depending on the act and the information involved. (National Privacy Commission)
A passport number or passport scan should be treated as highly sensitive in practice because it is a government-issued identity document. Even when no money has been stolen yet, misuse of passport details can support complaints involving identity theft, unlawful processing, or attempted fraud.
The National Privacy Commission also recognizes the right to file a complaint if personal information has been misused, maliciously disclosed, improperly disposed of, or if data privacy rights have been violated. (National Privacy Commission)
RA 11934, SIM Registration Act
Republic Act No. 11934 defines spoofing as transmitting misleading or inaccurate information about the source of a phone call or text message with intent to defraud, cause harm, or wrongfully obtain anything of value. It also requires SIM registration before activation and requires public telecommunications entities to provide user-friendly mechanisms for reporting potentially fraudulent texts or calls; after due investigation, the SIM used for the fraudulent call or text may be deactivated. (Supreme Court E-Library)
This is why reporting the scam number to your telco, the NTC, and cybercrime authorities matters even if you did not lose money. Your report can help establish a pattern and support deactivation or investigation.
RA 12010, Anti-Financial Account Scamming Act
Republic Act No. 12010, the Anti-Financial Account Scamming Act, is especially relevant if the fake immigration call was used to access your bank, credit card, or e-wallet. It covers social-engineering schemes where a person obtains sensitive identifying information through deception or fraud, resulting in unauthorized access and control over a financial account. The law refers to sensitive identifying information such as usernames, passwords, bank account details, credit card and e-wallet information, electronic credentials, and other confidential or personal information. (Lawphil)
RA 12010 also allows financial institutions to temporarily hold funds subject of a disputed transaction for a period prescribed by the BSP, not exceeding 30 calendar days unless extended by a court, and provides for coordinated verification of disputed transactions. (Lawphil)
Revised Penal Code offenses may also apply
If the caller pretends to be a government officer, uses false authority, forges documents, or deceives a person into giving money, the conduct may also involve offenses under the Revised Penal Code, such as estafa, usurpation of authority or official functions, or falsification, depending on the facts.
For example, Article 177 on usurpation of authority or official functions covers a person who knowingly and falsely represents himself or herself as an officer, agent, or representative of a government agency, or performs an act pertaining to a public officer without being lawfully entitled to do so. (Lawphil)
What to do immediately if you receive a fake immigration call
Do not give the OTP. No legitimate immigration officer needs your OTP to “verify” your passport, visa, eTravel, bank, or e-wallet record.
End the call. You do not need to argue, explain, or prove anything to the caller.
Do not click links sent during or after the call. Type official websites yourself. For passport appointments, the DFA states that appointments are free and should only be made through the official passport appointment system. (Passport Appointment System)
Take screenshots of call logs, messages, numbers, usernames, links, and payment instructions. Capture the date, time, phone number, sender ID, profile URL, and full message if possible.
Do not secretly record the call unless you understand the legal risk. The Anti-Wiretapping Law, Republic Act No. 4200, generally prohibits recording private communications without authorization from all parties. In Ramirez v. Court of Appeals, the Supreme Court applied the law even where the person recording was a participant in the conversation. (Lawphil)
Verify with the actual agency using official contact details. For BI-related claims, use BI’s official contact information. For DFA passport concerns, use official DFA passport channels. Do not rely on the number that called you.
Report the incident. Even an attempted scam should be reported, especially if the caller used a Philippine mobile number, a fake government link, or repeated threats.
Where to report fake immigration calls in the Philippines
| Where to report | Best for | What to prepare |
|---|---|---|
| Bureau of Immigration | Verifying whether an immigration notice, call, name, or claim is real | Caller number, screenshots, alleged officer name, fake document, link, email, travel details involved |
| CICC / I-ARC Hotline 1326 | Online scams, phishing, caller ID spoofing, cyber fraud | Number used, screenshots, transaction proof, links, short narrative |
| PNP Anti-Cybercrime Group | Formal cybercrime complaint and investigation | Valid ID, screenshots, URLs, call logs, transaction records, affidavit if required |
| NBI Cybercrime Division / Regional Cybercrime Centers | Formal cybercrime complaint, especially identity theft or account takeover | Valid ID, complaint form, evidence, account records, witness details |
| NTC or your telco | Scam numbers, spam texts, fraudulent calls, SIM-related complaints | Phone number, screenshots, date/time, message content |
| Your bank, card issuer, GCash, Maya, or e-wallet provider | OTP was given, money moved, account compromised | Transaction reference number, account details, time of transfer, scam evidence |
| National Privacy Commission | Passport data, ID scans, or personal information misused or unlawfully processed | Notarized complaint form or verified complaint, supporting evidence, communications |
The I-ARC Hotline 1326 is described by the Philippine News Agency as a centralized cybercrime response collaboration involving CICC, DICT, NTC, NPC, PNP, and NBI; it may be used to report scams such as phishing, caller ID spoofing, email scams, text scams, romance scams, and other online scams. Alternative numbers listed include Smart 0947-714-7105, Globe 0966-976-5971, and DITO 0991-481-4225. (Philippine News Agency)
The NBI Citizen’s Charter page for computer-crime assistance states that complainants fill out a complaint form and submit it to the division or regional cybercrime center; the listed total processing time shown on the page is about 1 hour and 10 minutes, with no fee indicated for that service. (National Bureau of Investigation)
Step-by-step guide to reporting the scam
Step 1: Write a short incident timeline
Before reporting, prepare a simple timeline. Investigators appreciate clear facts.
Include:
- Date and time of the call
- Phone number or caller ID used
- Exact words or threats, as best as you remember
- Whether the caller claimed to be from BI, DFA, airport immigration, NBI, police, embassy, or “visa office”
- What the caller asked for
- Whether you shared any information
- Whether you clicked a link
- Whether any money moved
- What accounts may be affected
Example:
“On 12 June 2026 at around 3:15 PM, I received a call from 09XX-XXX-XXXX. The caller said he was from Immigration and that my passport was flagged. He asked me to read a six-digit OTP sent to my phone. I did not give the code. After the call, I received a text with a link to a supposed BI verification page.”
Step 2: Preserve digital evidence properly
Save:
- Call log screenshot
- SMS or chat screenshots
- Full URLs, not just screenshots of page names
- Sender email address, including domain
- Payment instructions or QR codes
- Bank or e-wallet transaction receipts
- OTP message screenshot, with the OTP blurred if you will share copies outside official reports
- Fake IDs, documents, or “mission orders” sent by the caller
- Social media profile link of the scammer, if any
Do not crop too much. Screenshots should show dates, timestamps, numbers, profile handles, and the surrounding conversation.
Step 3: Verify the immigration claim through official channels
If the caller says the issue is with the Bureau of Immigration, verify through the BI’s official contact channels, not through the caller’s number. BI’s contact page lists its trunkline, official email addresses, office address, and official social media accounts. (Bureau of Immigration Philippines)
If the issue involves passport appointments, use the official DFA passport appointment system. The DFA’s passport system states that passport appointments are free and should only be made through passport.gov.ph, and it warns against fixers and social media accounts. (Passport Appointment System)
If the caller talks about eTravel payment, be extra cautious. The official eTravel system states that eTravel is free, and the BI has warned the public against fake eTravel websites that charge fees. (eTravel)
Step 4: Report the number to CICC/I-ARC and your telco or NTC
Report the scam call even if you did not lose money. Under the SIM Registration Act, telcos are expected to provide reporting mechanisms for potentially fraudulent texts or calls and may deactivate the SIM used for fraud after due investigation. (Supreme Court E-Library)
When reporting, provide:
- The number that called
- The exact time and date
- Screenshots of related texts
- Any links or payment details
- A short description: “Caller pretended to be Immigration and asked for passport details/OTP.”
Step 5: File with PNP-ACG or NBI if there was identity theft, account takeover, threats, or financial loss
For serious cases, especially when you gave an OTP, lost money, or sent a passport scan, a formal complaint with PNP-ACG or NBI is important.
Prepare:
- One valid government ID
- Printed and digital copies of screenshots
- Transaction receipts
- Email headers if email was involved
- The phone number, URL, account name, or social media profile used
- A draft narrative or affidavit-complaint
In many cases, investigators will interview you and may ask you to execute or complete a sworn statement. Formal complaints are important because cybercrime records, subscriber information, and financial information usually require lawful processes such as warrants, subpoenas, preservation requests, or agency-to-agency coordination. RA 10175 provides for preservation of computer data and law-enforcement procedures for disclosure and examination of computer data. (Supreme Court E-Library)
Step 6: If you gave an OTP, contact the financial institution immediately
If the OTP was connected to a bank, credit card, e-wallet, online wallet, or payment account:
- Call the official hotline of the bank or e-wallet provider.
- Ask for immediate blocking, freezing, or account protection.
- Change your password and MPIN.
- Remove unknown devices.
- Disable saved cards if needed.
- Dispute unauthorized transactions.
- Ask whether a temporary hold or recovery process is available.
- Get a reference number.
RA 12010 recognizes social-engineering schemes involving sensitive identifying information and provides mechanisms for disputed transactions, temporary holding of funds, and coordinated verification. (Lawphil)
For BSP-supervised financial institutions, the BSP says the first step is to report the concern to the institution’s Financial Consumer Protection Assistance Mechanism or customer service channel; if unsatisfied, the complaint may be escalated to BSP through its consumer assistance channels. (Bureau of the Treasury)
Step 7: If passport details or ID scans were shared, monitor for misuse
If you sent a passport photo, visa page, ACR I-Card, selfie with passport, or personal information:
- Change passwords on email, eTravel, airline, banking, and e-wallet accounts.
- Enable multi-factor authentication.
- Watch for SIM replacement attempts or suspicious account notifications.
- Check bank and e-wallet activity daily for the next few weeks.
- Report suspicious loan, SIM, or account openings immediately.
- File a police, PNP-ACG, NBI, or NPC complaint if your data is actually used.
For foreigners, also check with your own embassy or consulate regarding passport-compromise procedures in your home country. The Philippine Bureau of Immigration can verify Philippine immigration-related claims, but your passport is issued by your own government.
What documents are usually needed
| Purpose | Documents or evidence |
|---|---|
| Initial scam report | Screenshot of call log, scam text, links, caller number, short written timeline |
| BI verification | Alleged BI notice, name of supposed officer, caller number, email, screenshots |
| PNP/NBI cybercrime complaint | Valid ID, complaint narrative, screenshots, URLs, transaction records, account records |
| Bank or e-wallet dispute | Account number or wallet number, transaction reference, amount, date/time, scam evidence |
| NPC complaint | Notarized complaint-assisted form or verified complaint, evidence, witness affidavits if any |
| Telco/NTC report | Scam number, date/time, screenshots, message content, link, call details |
For NPC complaints, the NPC says a formal complaint must follow a specific format, and its complaint page instructs complainants to download the form, print and fill it out, have it notarized, and submit it through the available filing options. (National Privacy Commission)
Practical timelines and bottlenecks
| Stage | Usual practical timeline | Common bottleneck |
|---|---|---|
| Calling bank/e-wallet to block account | Same day, often urgent | Long hotline queue; incomplete identity verification |
| Reporting to CICC/I-ARC 1326 | Same day | High volume of reports; limited immediate feedback |
| BI or DFA verification | Same day to several working days | Email queues; unclear screenshots; wrong office contacted |
| NTC/telco report | Several days or longer | Need for clear number, timestamps, and repeated reports |
| PNP/NBI complaint intake | Same day to several working days | Need for affidavit, printed evidence, or referral to proper unit |
| Cybercrime investigation | Weeks to months, sometimes longer | Subpoenas, warrants, telco/bank records, cross-border platforms |
| NPC formal complaint | Weeks to months | Notarization, exhaustion of remedies, incomplete evidence |
Do not wait for the investigation to finish before securing your accounts. Account protection should happen immediately.
Common mistakes to avoid
Sharing the OTP “just to check”
Scammers often say, “We only need the code to verify your identity.” That is false. The OTP may allow them to reset your password, approve a transaction, add a device, or take over your account.
Sending a passport scan to stop a supposed immigration case
A real immigration concern is not normally resolved by sending a passport scan to a random messaging app. If a caller claims there is a case, verify through BI’s official channels.
Paying a “clearance fee” to a personal account
Government fees are paid through official channels and should have proper references or receipts. A personal GCash, Maya, bank, remittance, or crypto payment demand is a major red flag.
Posting the scam publicly with your passport details visible
Public warning posts can accidentally expose your own information. Blur your passport number, QR code, address, birth date, OTP, reference numbers, and account details before posting.
Assuming SIM registration means the scammer can be identified instantly
SIM registration helps investigation, but telcos do not simply release subscriber identities to private individuals. RA 11934 provides confidentiality rules and disclosure procedures, including disclosure through subpoena by a competent authority based on a sworn complaint involving a number used in a crime or unlawful act. (Supreme Court E-Library)
Secretly recording the caller without thinking about RA 4200
Screenshots, call logs, written notes, and transaction records are safer evidence. Secret call recordings may raise Anti-Wiretapping Law issues, especially if the conversation is treated as private. (Lawphil)
Frequently Asked Questions
Is a call from “Immigration” asking for my OTP automatically a scam?
In practice, yes. An OTP is for your own account authentication. A legitimate officer should not ask you to read out a code used to access your bank, e-wallet, email, eTravel, or other account.
Where do I report fake immigration calls in the Philippines?
Report to CICC/I-ARC 1326, your telco or the NTC for the scam number, BI for verification if the caller used BI’s name, and PNP-ACG or NBI Cybercrime if there was identity theft, account takeover, threats, or financial loss.
What if I already gave my OTP?
Immediately call the official hotline of the bank, e-wallet, email provider, or account involved. Freeze or secure the account, change passwords, remove unknown devices, dispute transactions, and get a reference number. Then report to CICC/I-ARC, PNP-ACG or NBI, and your financial institution.
What if I sent my passport photo but no money was taken?
Secure your accounts and monitor for misuse. Save evidence of the request. Report the incident as an attempted identity-theft or phishing incident. If your passport details are later used to open accounts, register SIMs, obtain loans, or impersonate you, file formal complaints with cybercrime authorities and, where appropriate, the NPC.
Can foreigners report fake Philippine immigration calls?
Yes. Foreigners in the Philippines can report scams to Philippine cybercrime authorities and verify BI-related claims with the Bureau of Immigration. If a foreign passport scan was compromised, the foreign national should also check the passport-compromise procedure of the embassy or consulate of the country that issued the passport.
Do I need a notarized affidavit to report?
For hotlines and initial reports, usually no. For a formal complaint with PNP, NBI, NPC, or a prosecutor, you may be asked for a sworn affidavit or notarized complaint form, especially if the case will proceed beyond initial assessment.
Can I ask the telco to give me the scammer’s registered name?
Not directly. Subscriber information is protected. Law enforcement and competent authorities may request or subpoena information through proper legal procedures when a sworn complaint supports that the number was used for a crime or fraudulent act. (Supreme Court E-Library)
Is eTravel registration paid?
No. The official Philippine eTravel system says eTravel is free, and BI has warned against fake eTravel websites collecting fees. (eTravel)
Are DFA passport appointments paid?
The DFA states that passport appointments are free and should only be made through passport.gov.ph. Passport processing fees are different from appointment-slot selling; paying a fixer or social media page for an appointment creates serious risk. (Passport Appointment System)
Should I delete the scam messages after reporting?
Do not delete them immediately. Keep screenshots and, if possible, keep the original message thread until the agency or investigator confirms that they no longer need it. Original messages may contain timestamps, sender details, links, or metadata useful for investigation.
Key Takeaways
- Never give an OTP, password, MPIN, or authentication code to anyone claiming to be from Immigration, DFA, a bank, an e-wallet, or an embassy.
- Verify BI-related claims only through official Bureau of Immigration contact channels.
- Report scam numbers and fake links to CICC/I-ARC 1326, your telco or NTC, and cybercrime authorities when appropriate.
- If money moved, contact your bank or e-wallet first, then pursue formal reporting.
- If passport details were shared, monitor for identity misuse and preserve all evidence.
- Fake immigration calls may involve cybercrime, data privacy violations, SIM-related offenses, financial-account scamming, and Revised Penal Code offenses depending on the facts.