How to Report Fraudulent Scam Text Messages to Authorities in the Philippines

A practical legal guide in Philippine context

Fraudulent scam text messages (“smishing”) are not only a nuisance; they are often part of larger cyber-enabled crimes such as identity theft, online banking fraud, estafa, and data privacy violations. Philippine law provides multiple routes to report these messages, and several agencies share responsibility depending on what the scam involves. This article explains the legal basis, who to report to, how to report effectively, and what outcomes to expect.

1. What Counts as a Fraudulent Scam Text?

A scam text is any SMS that intentionally deceives you to make you:

  • send money or load,
  • reveal personal, financial, or login information,
  • click a malicious link,
  • install an app or give remote access,
  • impersonate a legitimate entity (bank, delivery company, government office, e-wallet, etc.),
  • or participate in a fake investment, job offer, prize, or emergency.

Common patterns in the Philippines:

  • “Your bank account is locked—click here to verify.”
  • “You won a raffle—pay fees to claim.”
  • “GCash/PayMaya verification needed—send OTP.”
  • “Package delivery failed—update address via link.”
  • “Investment tip/crypto guaranteed returns.”
  • “Relative in emergency—send money to this number.”

Even if you did not lose money, reporting still matters because it helps authorities track numbers, networks, and money trails.

2. Key Philippine Laws That Apply

2.1 Cybercrime Prevention Act of 2012 (RA 10175)

Scam texts usually fall under cybercrime offenses when committed through ICT systems. Relevant acts include:

  • Computer-related fraud (using ICT to deceive and cause loss),
  • Computer-related identity theft (using another’s identity),
  • Illegal access / interception if links/phishing capture data.

RA 10175 also empowers specialized cybercrime units (PNP and NBI) to investigate.

2.2 Revised Penal Code – Estafa (Swindling)

If the scam causes you to part with money or property due to deceit:

  • classic estafa applies,
  • penalties depend on amount defrauded and method.

Cyber-enabled estafa is often charged together with RA 10175.

2.3 E-Commerce Act of 2000 (RA 8792)

Covers fraud or misuse of electronic data/messages in commerce, supporting prosecution where texts are part of electronic transactions.

2.4 SIM Registration Act (RA 11934)

Requires SIMs to be registered to verified identities. This supports investigation by making it harder for scammers to hide behind unregistered numbers and allows telcos to deactivate SIMs used for scams.

2.5 Data Privacy Act of 2012 (RA 10173)

If the scam uses or exposes your personal data without consent, or if a leak enabled targeting, you may also file a complaint with the National Privacy Commission (NPC).

2.6 Access Devices Regulation Act (RA 8484) and Other Financial Laws

If the scam involves credit cards, bank logins, or access devices, RA 8484 may apply. If money laundering or mule accounts are involved, AMLA processes can be triggered through banks/e-wallet providers.

3. Who You Can Report To (and When)

Because scam texts overlap multiple areas, you may report to more than one agency.

3.1 Your Telco / Mobile Provider (First Line)

When to report: Immediately upon receiving the scam SMS. Why: Telcos can block numbers, filter spam, and coordinate with regulators.

What to send:

  • the scammer’s number,
  • exact message content,
  • date/time received,
  • screenshots if possible.

Telcos typically have SMS spam/reporting channels or app-based reporting.

3.2 National Telecommunications Commission (NTC)

When to report: For spam/scam SMS trafficking, SIM misuse, or repeated harassment. Why: NTC regulates telcos and can order takedowns, SIM deactivation, and systemwide filtering.

Report with:

  • scam number(s),
  • content,
  • your telco,
  • time/date,
  • any pattern (multiple victims, repeated texts).

3.3 Philippine National Police – Anti-Cybercrime Group (PNP-ACG)

When to report: If you clicked a link, gave information, lost money, or the message is part of a broader cyber threat. Why: PNP-ACG handles criminal investigation and case build-up.

3.4 National Bureau of Investigation – Cybercrime Division (NBI-CCD)

When to report: Same as PNP-ACG, especially for organized schemes, big losses, or cross-border indicators. Why: NBI has cyber forensics capacity and can coordinate warrants/subpoenas.

3.5 Banks / E-Wallet Providers (and BSP, if needed)

When to report: If the scam involves bank/e-wallet impersonation, OTP theft, transfers, or suspicious accounts. Why: Providers can freeze funds, flag mule accounts, and preserve logs. Escalation to BSP consumer protection is appropriate if the provider fails to act.

3.6 National Privacy Commission (NPC)

When to report:

  • if personal data was harvested through the scam,
  • or if you suspect a data breach by a company enabled the targeting. Why: NPC can investigate data privacy violations separately from criminal fraud.

4. Step-by-Step: How to Report Correctly

Step 1: Don’t engage

  • Don’t reply, click links, or call back.
  • Don’t share OTPs or personal info, even if they “sound official.”

Step 2: Preserve evidence

Save:

  1. Screenshots of the SMS (make sure the number is visible).

  2. Full sender number (including any name shown).

  3. URL or link (copy/paste into notes; don’t open).

  4. If you were defrauded:

    • proof of transfer (receipts, transaction IDs),
    • bank/e-wallet statements,
    • chat logs or calls,
    • any names, account numbers, or QR codes used.

Tip: Keep files in a dated folder. Investigators rely heavily on a clean evidence chain.

Step 3: Report to your telco

Send the details to your provider’s spam/scam reporting channel. Ask for a reference/ticket number.

Step 4: File with NTC

Provide the same evidence plus:

  • your telco ticket number,
  • the frequency and pattern of messages,
  • whether multiple numbers are involved.

Step 5: File a criminal complaint with PNP-ACG or NBI-CCD

Bring:

  • printed screenshots,
  • your written narrative (timeline),
  • IDs,
  • transaction proof if any.

You may be asked to execute:

  • a Sworn Statement / Affidavit of Complaint describing:

    • how you received the SMS,
    • what made it fraudulent,
    • what you did,
    • losses or risks incurred,
    • identities/accounts used by the scammer.

Step 6: Notify your bank/e-wallet immediately (if affected)

  • Request temporary freeze or investigation.
  • Provide transaction IDs and recipient details.
  • The faster you report, the higher the chance funds can be traced or held.

Step 7: Consider NPC reporting (if data/privacy issues)

Especially if:

  • you were asked for sensitive personal info,
  • you clicked a phishing page and entered data,
  • or you suspect your data source was leaked.

5. What Happens After You Report?

5.1 Administrative actions (Telco/NTC)

Possible outcomes:

  • number blocking,
  • SIM deactivation,
  • spam filtering improvements,
  • investigation of registration details under SIM Registration Act.

5.2 Criminal investigation (PNP/NBI)

Possible actions:

  • digital forensics on links and infrastructure,
  • subpoenas to telcos for subscriber data and location logs,
  • subpoenas to banks/e-wallets for account owners and fund movements,
  • filing of cases before the prosecutor.

5.3 Money recovery

Recovery is not guaranteed, but early reporting helps.

  • Providers may freeze suspect accounts.
  • Law enforcement may trace funds and seek court orders.
  • Restitution may be pursued through criminal proceedings.

6. Practical Legal Tips to Strengthen Your Case

  1. Report quickly. Delays reduce traceability.
  2. Be specific in your affidavit. Exact words, times, and actions matter.
  3. Don’t alter screenshots. Keep originals to avoid authentication issues.
  4. Identify the financial trail. Scammers often use mule accounts; listing these helps AML-style tracing.
  5. Look for co-victims. If others got the same text, pooled affidavits strengthen probable cause.
  6. Avoid public posting of links. Sharing scam URLs can spread harm.

7. If You Only Received the Text but Didn’t Lose Money

Still report. Your report helps:

  • deactivate fraudulent SIMs,
  • block malicious domains,
  • map scam clusters.

Your evidence set can be smaller:

  • number, message, date/time, and your telco.

8. If You Clicked a Link or Shared Info

Do damage control immediately:

  • change passwords for affected accounts,
  • enable 2FA where possible,
  • revoke app permissions/uninstall suspicious apps,
  • inform your bank/e-wallet even if no fraud yet,
  • monitor accounts and credit activity.

Then report with expanded detail:

  • what link you opened,
  • what information you entered,
  • what screens you saw,
  • any app installed.

9. Possible Charges Scammers May Face

Depending on facts, prosecutors may file:

  • Computer-related fraud (RA 10175)
  • Computer-related identity theft (RA 10175)
  • Estafa (Revised Penal Code)
  • Violations of RA 8792
  • Violations of RA 8484
  • Data Privacy Act offenses (RA 10173)

Penalties vary widely based on method and damage, and cybercrime penalties generally attach higher sanctions when ICT is used.

10. Sample Outline for an Affidavit of Complaint

You can use this structure when preparing your sworn statement:

  1. Personal details (name, address, age, occupation).

  2. Narrative of events

    • date/time you received the SMS,
    • number used,
    • full text content,
    • why it appeared fraudulent.

  3. Your actions

    • whether you replied/clicked/sent money,
    • steps you took afterward.

  4. Losses or risks

    • amount lost (if any),
    • accounts compromised,
    • emotional/financial impact.

  5. Attached evidence list

    • screenshots,
    • transaction slips,
    • telco/NTC ticket numbers,
    • bank case references.

  6. Prayer

    • request investigation/prosecution.

Sign before a notary or authorized officer as required.

11. Frequently Asked Questions

Q: Can authorities trace fake numbers? Yes, but success depends on SIM registration records, telco logs, and whether the scammer used spoofing or mule SIMs. Reporting early helps.

Q: I gave my OTP but no money was taken yet—should I report? Yes. Treat it as attempted fraud and potential identity theft. Notify your financial provider first.

Q: Is a single scam text enough for a criminal case? A single text may not be enough for prosecution by itself, but it can be part of building a larger case, especially with multiple reports.

Q: What if the sender uses a name like “BPI-Alerts” but no number shows? Take a screenshot of the sender ID and message. Telcos and NTC can still investigate sender-ID abuse.

Q: Do I need a lawyer to report? Not to report. A lawyer can help later if damages are significant or if you want to monitor the prosecution closely.

12. Bottom Line

Reporting scam texts in the Philippines works best when you:

  1. preserve evidence,
  2. report to your telco and NTC for blocking,
  3. report to PNP-ACG or NBI-CCD for criminal action,
  4. alert financial providers immediately if money or accounts are involved, and
  5. consider NPC complaints where personal data misuse is clear.

Even if you were not defrauded, your report helps dismantle scam networks and protect others.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login