How to Report Fraudulent Websites to Cybercrime Authorities

Introduction

Fraudulent websites have become one of the most common tools used by scammers in the Philippines. These sites may impersonate banks, government agencies, online shops, delivery companies, investment platforms, job recruitment portals, cryptocurrency exchanges, lending companies, payment providers, or well-known brands. Their goal is usually to deceive victims into giving money, personal information, login credentials, identity documents, one-time passwords, bank details, or access to financial accounts.

In the Philippine legal context, reporting a fraudulent website is not merely a consumer complaint. Depending on the facts, it may involve cybercrime, fraud, identity theft, phishing, illegal access, data privacy violations, consumer protection issues, banking fraud, securities violations, or intellectual property infringement.

This article explains how victims, witnesses, businesses, and concerned citizens may report fraudulent websites to Philippine authorities, what laws may apply, what evidence should be preserved, where to file complaints, and what practical steps should be taken immediately.

I. What Is a Fraudulent Website?

A fraudulent website is a website created, used, or operated to deceive the public or specific individuals for unlawful gain. It may look legitimate, but its purpose is dishonest.

Common examples include:

  1. Phishing websites These imitate banks, e-wallets, government portals, social media platforms, or email providers to steal usernames, passwords, OTPs, credit card numbers, or account access.

  2. Fake online stores These advertise products, accept payment, and never deliver the items.

  3. Investment scam websites These promise unrealistic returns, referral bonuses, crypto profits, forex trading gains, or guaranteed passive income.

  4. Fake lending or financing websites These ask for advance fees, personal data, or access to contacts before granting a supposed loan.

  5. Impersonation websites These copy the name, logo, or layout of a legitimate company, bank, public office, or brand.

  6. Romance, job, or recruitment scam websites These lure victims into paying processing fees, visa fees, training fees, or placement charges.

  7. Donation scam websites These pretend to collect money for disasters, medical needs, charities, churches, or public causes.

  8. Fake government service portals These charge fees for documents, appointments, IDs, permits, or benefits while pretending to be an official public office.

  9. Malware distribution sites These trick users into downloading apps, files, browser extensions, or software that steal information or control devices.

A website may be fraudulent even if it uses professional design, secure-looking logos, fake reviews, customer service chat, social media pages, or a domain name similar to a legitimate business.

II. Philippine Laws That May Apply

Several Philippine laws may apply to fraudulent websites. The exact offense depends on how the website was used, what information was taken, whether money was lost, and whether other persons were impersonated.

A. Cybercrime Prevention Act of 2012

The main law is the Cybercrime Prevention Act of 2012, or Republic Act No. 10175. It penalizes crimes committed through or involving information and communications technology.

Fraudulent websites may involve the following cybercrime offenses:

1. Computer-related fraud

A fraudulent website may constitute computer-related fraud when a person uses computer systems, websites, or online platforms to cause damage, deception, or unlawful gain.

Examples include fake payment pages, fake online shops, scam investment portals, and websites designed to trick victims into transferring money.

2. Computer-related identity theft

If a website collects, uses, or misuses another person’s identifying information, it may involve identity theft. This may include the unauthorized use of names, photographs, government IDs, bank details, email accounts, business names, or personal profiles.

3. Illegal access

If the fraudulent website causes a victim to reveal login credentials and the scammer later accesses the account without authority, illegal access may be involved.

4. Misuse of devices

If the website distributes tools, malware, fake apps, or programs designed to compromise accounts or systems, this may fall under misuse of devices.

5. Cyber-squatting

If a domain name is registered in bad faith using a name identical or confusingly similar to an existing trademark, company name, public figure, or person’s name, cyber-squatting may be relevant.

6. Aiding or abetting and attempt

Persons who assist in operating, hosting, designing, promoting, or financially benefiting from a fraudulent website may also face liability, depending on their participation and intent.

B. Revised Penal Code: Estafa and Other Fraud Offenses

Fraudulent websites often involve estafa, a criminal offense under the Revised Penal Code. Estafa generally involves deceit and damage. When a person is induced by false representations to part with money, property, or rights, estafa may be committed.

Examples:

  • A fake seller accepts payment and disappears.
  • A scam website promises investment returns but never intends to pay.
  • A fake recruitment site collects placement fees.
  • A fraudulent loan site charges advance processing fees.
  • A fake donation page collects funds under false pretenses.

When estafa is committed through online means, it may also be prosecuted in connection with cybercrime laws, potentially affecting penalties.

C. Data Privacy Act of 2012

The Data Privacy Act of 2012, or Republic Act No. 10173, may apply when a fraudulent website collects, processes, stores, sells, shares, or misuses personal information.

Personal information may include:

  • Full name
  • Address
  • Contact number
  • Email address
  • Date of birth
  • Government ID numbers
  • Bank account details
  • Credit card information
  • Selfies or identity verification photos
  • Passwords or security answers
  • Biometric data
  • Employment details
  • Financial information

Sensitive personal information receives stronger protection. If the fraudulent website harvests personal data through deception, the matter may be reported to the National Privacy Commission.

D. Consumer Protection Laws

If the fraudulent website involves deceptive online selling, fake goods, unfair sales practices, or misleading advertisements, consumer protection laws may also apply.

The victim may file a complaint with the Department of Trade and Industry, especially if the issue involves online transactions, deceptive sales, undelivered goods, fake sellers, or misleading commercial practices.

However, if there is clear criminal fraud, the matter should also be reported to cybercrime authorities or law enforcement.

E. Securities Regulation and Investment Scams

If the website offers investment contracts, trading schemes, crypto investment packages, pooled funds, high-yield returns, or referral-based investment programs, the matter may fall under the jurisdiction of the Securities and Exchange Commission.

The SEC may be relevant when a website:

  • Solicits investments from the public
  • Promises guaranteed returns
  • Uses referral commissions
  • Claims to trade forex, crypto, stocks, or commodities
  • Operates without proper registration or authority
  • Uses a corporation or business name to lend legitimacy to a scam

Victims should report investment scam websites to law enforcement and the SEC.

F. Banking, E-Wallet, and Financial Fraud

If a fraudulent website impersonates a bank, payment provider, remittance company, or e-wallet, the victim should immediately report the incident to the concerned financial institution.

The Bangko Sentral ng Pilipinas may also be relevant for complaints involving BSP-supervised financial institutions. However, for criminal investigation, the matter should still be referred to cybercrime authorities.

G. Intellectual Property and Brand Impersonation

If the fraudulent website copies trademarks, logos, trade names, copyrighted materials, or brand assets, intellectual property issues may arise. The affected business may coordinate with the Intellectual Property Office of the Philippines and law enforcement.

Brand impersonation is common in phishing, fake online shops, fake promo pages, and counterfeit product scams.

III. Philippine Authorities That Receive Reports

A fraudulent website may be reported to several agencies, depending on the facts.

A. Philippine National Police Anti-Cybercrime Group

The PNP Anti-Cybercrime Group is one of the primary law enforcement bodies for cybercrime complaints. Victims of phishing, online scams, identity theft, website fraud, account compromise, and related cyber offenses may file a complaint with the PNP ACG.

The PNP ACG may receive complaints involving:

  • Fake websites
  • Online scams
  • Phishing
  • Identity theft
  • Fake online sellers
  • Hacking-related incidents
  • Social media fraud
  • Cyber-enabled estafa
  • Financial account compromise
  • Malware or malicious links

A complainant should bring identification, documentary evidence, screenshots, URLs, transaction records, and a clear narration of events.

B. National Bureau of Investigation Cybercrime Division

The NBI Cybercrime Division also investigates cybercrime complaints. Victims may report fraudulent websites, phishing, online fraud, impersonation, and other computer-related offenses to the NBI.

The NBI may require the complainant to submit evidence and execute a sworn statement or complaint-affidavit.

C. Cybercrime Investigation and Coordinating Center

The Cybercrime Investigation and Coordinating Center, or CICC, is involved in cybercrime coordination, public assistance, cyber incident reporting, and inter-agency response. It may receive reports or help refer cybercrime incidents to appropriate authorities.

For urgent cyber scam concerns, victims may seek help through official CICC channels, especially where rapid reporting or coordination is needed.

D. National Privacy Commission

The National Privacy Commission handles complaints involving personal data misuse, unauthorized processing, data breaches, identity theft involving personal information, and privacy violations.

A complaint to the NPC may be appropriate when:

  • A website collected personal information through deception.
  • Personal data was exposed, sold, leaked, or misused.
  • A victim’s ID, photo, or personal details were used without consent.
  • A company failed to protect customer data.
  • A fraudulent website harvested sensitive personal information.

NPC action is especially relevant where the main harm involves privacy, data misuse, or unlawful personal information processing.

E. Department of Trade and Industry

The DTI may receive consumer complaints involving online sellers, fake shops, misleading advertisements, non-delivery of goods, defective products, or deceptive commercial practices.

However, DTI consumer remedies do not replace criminal complaints. If the seller’s conduct appears fraudulent or criminal, the matter should also be reported to PNP ACG or NBI Cybercrime Division.

F. Securities and Exchange Commission

The SEC is the proper agency for investment scams involving websites offering securities, investment contracts, lending schemes, crypto-related investment packages, or public solicitation of funds without authority.

Reports to the SEC are particularly important when the website uses:

  • “Guaranteed profit”
  • “Double your money”
  • “Daily income”
  • “Passive income”
  • “Referral bonus”
  • “Trading bot”
  • “Crypto mining”
  • “Forex investment”
  • “Pooled funds”
  • “No-risk investment”

G. Banks, E-Wallets, Payment Processors, and Telcos

The victim should immediately report the incident to the bank, e-wallet, credit card provider, remittance company, or telco involved.

This is important because financial institutions may be able to:

  • Freeze suspicious accounts
  • Block cards
  • Reverse or dispute transactions, where available
  • Disable compromised access
  • Preserve transaction logs
  • Identify recipient accounts
  • Assist law enforcement upon proper request
  • Prevent further loss

Immediate reporting is critical because stolen funds can be transferred quickly.

H. Domain Registrars, Hosting Providers, and Platforms

A fraudulent website may also be reported to:

  • The domain registrar
  • Web hosting provider
  • Content delivery network
  • Search engines
  • Social media platforms promoting the link
  • Marketplace platforms
  • Browser safe browsing programs
  • Email providers used for phishing campaigns

These reports may lead to takedown, suspension, blocking, or warning labels. However, takedown reports should not replace formal complaints to law enforcement where a crime has occurred.

IV. What to Do Immediately After Discovering a Fraudulent Website

The first few hours after discovering fraud are important.

1. Do not engage further with the website

Stop entering personal information, passwords, OTPs, payment details, or documents. Do not download files, install apps, or click further links.

2. Preserve evidence before the website disappears

Fraudulent websites are often deleted, moved, or changed. Evidence should be preserved immediately.

Save:

  • Full URL
  • Screenshots of all pages
  • Date and time accessed
  • Chat conversations
  • Emails and SMS messages
  • Social media posts or ads linking to the site
  • Payment instructions
  • Bank account or e-wallet numbers used by scammers
  • Receipts and proof of transfer
  • Order confirmations
  • Tracking numbers, if any
  • Usernames, account names, phone numbers, and email addresses
  • Domain details, if available
  • Downloaded files or suspicious apps, without opening them further
  • Any names, photos, or company details used by the scammer

Screenshots should include the browser address bar when possible.

3. Disconnect and secure compromised accounts

If login credentials were entered on the fake website:

  • Change passwords immediately.
  • Use a different device if malware is suspected.
  • Enable two-factor authentication.
  • Log out of all active sessions.
  • Revoke suspicious app permissions.
  • Check recovery email and phone settings.
  • Monitor login history.
  • Notify the legitimate service provider.

4. Contact the bank or e-wallet immediately

Where money was transferred, report the transaction at once. Provide the recipient account, amount, date, reference number, screenshots, and police report when available.

5. File a report with cybercrime authorities

A formal complaint should be filed with PNP ACG or NBI Cybercrime Division. The complaint should include a clear statement of facts and supporting evidence.

6. Report to specialized agencies

Depending on the case, also report to DTI, NPC, SEC, the affected bank, the impersonated company, or the relevant platform.

V. Evidence Needed When Reporting

A cybercrime complaint is stronger when supported by organized evidence. The complainant should prepare both digital and printed copies where possible.

A. Identity documents of the complainant

Bring a valid government-issued ID. If representing a company, bring proof of authority, such as a secretary’s certificate, board authorization, special power of attorney, or company ID, depending on the situation.

B. Chronology of events

Prepare a written timeline:

  • When the website was discovered
  • How the victim found the website
  • What representations were made
  • What information was entered
  • What payment was made
  • When the victim realized the fraud
  • What steps were taken afterward

A clear timeline helps investigators understand the case quickly.

C. Website evidence

Include:

  • URLs
  • Screenshots
  • Domain name
  • Landing pages
  • Login pages
  • Payment pages
  • Fake credentials, if any were created
  • Product listings or investment offers
  • Terms and conditions, if relevant
  • Contact details posted on the website

D. Communication evidence

Include copies of:

  • Emails
  • SMS messages
  • Messenger chats
  • Telegram messages
  • Viber messages
  • WhatsApp messages
  • Social media comments
  • Call logs
  • Voice recordings, where lawfully obtained
  • Customer service conversations

The evidence should show the link between the fraudulent website and the scammer.

E. Payment evidence

Include:

  • Bank transfer receipts
  • E-wallet transaction confirmations
  • Credit card statements
  • Deposit slips
  • QR codes used
  • Account numbers
  • Account names
  • Transaction reference numbers
  • Amounts paid
  • Dates and times
  • Merchant names
  • Cryptocurrency wallet addresses, if any

F. Personal data evidence

If personal data was submitted, list what was given:

  • Name
  • Address
  • Phone number
  • Email
  • ID photos
  • Selfies
  • Bank information
  • Passwords
  • OTPs
  • Employment or financial documents

This helps determine whether a privacy complaint or identity theft complaint is appropriate.

G. Technical evidence

Where available, preserve:

  • Email headers
  • Domain registration information
  • IP addresses
  • Server details
  • Metadata
  • Downloaded files
  • App package names
  • Redirect links
  • QR code images
  • Browser history
  • Device logs

Victims should avoid altering evidence. Businesses should involve IT or digital forensic personnel when appropriate.

VI. How to Draft a Complaint-Affidavit

Cybercrime authorities may require a sworn complaint-affidavit. The affidavit should be factual, chronological, and supported by attachments.

A basic structure may include:

  1. Personal details of the complainant Name, age, address, contact details, and capacity to complain.

  2. Identification of the respondent, if known Name, alias, email, phone number, account name, business name, domain owner, or online profile.

  3. Narration of facts Explain how the fraudulent website was discovered and what happened.

  4. Misrepresentations made State what the website claimed and why those claims were false or deceptive.

  5. Damage suffered Identify money lost, data compromised, account access lost, reputational harm, business disruption, or other injury.

  6. Evidence attached List screenshots, receipts, chats, emails, bank records, IDs, and website pages.

  7. Relief requested Ask the authority to investigate, identify the perpetrators, preserve digital evidence, coordinate with relevant institutions, and file appropriate charges.

  8. Verification and oath The affidavit should be signed and sworn before an authorized officer or notary, depending on the filing procedure.

The complaint should avoid speculation. It should state what the complainant personally knows, what documents show, and what the complainant is requesting authorities to investigate.

VII. Sample Complaint Narrative

The following is a simple example of how the factual narration may be written:

On or about [date], I discovered the website [URL] through [Facebook advertisement / SMS link / email / search result / referral]. The website represented itself as [name of company, agency, store, or platform]. Believing it to be legitimate, I accessed the website and provided [information provided] and/or paid the amount of [amount] through [bank/e-wallet/payment method] to [recipient account details].

After making payment, I did not receive the promised product/service/investment return. I later discovered that the website was not connected with the legitimate [company/agency/person] it claimed to represent. I also observed that the website used the logo/name/photos of [entity/person] without authority.

Attached are screenshots of the website, proof of payment, communications with the persons involved, and other supporting documents. I respectfully request that this matter be investigated for possible violations of the Cybercrime Prevention Act, the Revised Penal Code provisions on estafa, and other applicable laws.

This should be adapted to the actual facts.

VIII. Special Situations

A. If the fraudulent website impersonates a bank

Immediately contact the bank’s official fraud hotline or branch. Ask for account blocking, card replacement, session termination, and transaction dispute where applicable.

Also file a cybercrime report if money was stolen, credentials were compromised, or the fake website remains active.

B. If the website stole OTPs or login credentials

Change passwords immediately and notify the affected service provider. OTPs should never be shared. If an OTP was entered into a fake site, the scammer may have used it in real time to access or authorize a transaction.

C. If the website used your business name or logo

The business should preserve evidence and report the impersonation to cybercrime authorities. It should also notify customers through official channels and request takedown from the domain registrar, hosting provider, search engines, and social media platforms.

A company may also consider trademark, unfair competition, data privacy, and consumer protection remedies.

D. If the website offers investments

Report to the SEC and law enforcement. Do not rely only on the website’s claimed registration. A company may be registered as a corporation but still lack authority to solicit investments from the public.

E. If the website is hosted abroad

A website may be hosted outside the Philippines, but Philippine authorities may still investigate if Filipino victims are affected, Philippine-based accounts were used, or the offense was committed against persons in the Philippines. Cross-border coordination may be needed.

F. If the scammer used a mule bank account

Many scammers use accounts under other persons’ names. These may be money mule accounts. Report the account details to the bank and cybercrime authorities. Do not assume that the account name is the mastermind, but it is important evidence.

G. If the fraudulent website is still active

Take screenshots and report immediately. Avoid warning the scammer directly before evidence is preserved, as the site may be deleted or altered.

H. If no money was lost

A report may still be appropriate if the website is phishing, harvesting data, impersonating a legitimate entity, spreading malware, or likely to victimize others.

IX. Practical Reporting Checklist

Before filing, prepare the following:

  • Valid ID
  • Printed and digital screenshots
  • Full URL of the fraudulent website
  • Date and time of access
  • Device used
  • Browser history, where relevant
  • Emails, SMS, or chat messages
  • Social media posts or ads linking to the site
  • Payment receipts
  • Bank or e-wallet reference numbers
  • Recipient account details
  • Amount lost
  • List of personal data submitted
  • Names, phone numbers, usernames, and email addresses used by the scammer
  • Written chronology
  • Sworn complaint-affidavit, if required
  • Copies of prior reports to banks, platforms, or companies
  • Any response from the legitimate company being impersonated

Organizing evidence in folders by date and type can help investigators.

X. Reporting Path Based on Type of Fraud

1. Phishing website pretending to be a bank or e-wallet

Report to:

  • PNP ACG or NBI Cybercrime Division
  • The affected bank or e-wallet
  • The impersonated company
  • Domain registrar or hosting provider
  • NPC, if personal data was collected or misused

2. Fake online store

Report to:

  • PNP ACG or NBI Cybercrime Division
  • DTI, for consumer complaint aspects
  • Payment provider or bank
  • Social media or marketplace platform, if used

3. Investment scam website

Report to:

  • PNP ACG or NBI Cybercrime Division
  • SEC
  • Bank, e-wallet, or crypto platform used for payment

4. Fake recruitment website

Report to:

  • PNP ACG or NBI Cybercrime Division
  • Appropriate labor or migrant worker authorities, depending on whether local or overseas employment is involved
  • Payment provider or bank

5. Website misusing personal data

Report to:

  • National Privacy Commission
  • PNP ACG or NBI Cybercrime Division, if identity theft or fraud is involved

6. Website impersonating a company or brand

Report to:

  • PNP ACG or NBI Cybercrime Division
  • Domain registrar and hosting provider
  • Search engines and platforms
  • IPOPHL or counsel, where intellectual property rights are involved
  • NPC, if customer data is affected

XI. Preservation of Digital Evidence

Digital evidence is fragile. It can be deleted, changed, or challenged. Proper preservation matters.

Recommended practices:

  1. Capture screenshots showing the full URL.
  2. Save webpages as PDF where possible.
  3. Record the date and time of capture.
  4. Preserve original emails, not just screenshots.
  5. Keep SMS and chat messages in the original app.
  6. Do not edit screenshots except to make separate redacted copies.
  7. Keep transaction receipts in original format.
  8. Avoid deleting browser history until evidence is copied.
  9. Do not attempt to hack, trace, or attack the fraudulent website.
  10. Keep a secure backup of all files.

For businesses, digital forensic preservation may be advisable, especially if large financial losses, customer data, or corporate systems are involved.

XII. Takedown Requests

A takedown request seeks removal or disabling of the fraudulent website. It may be sent to the domain registrar, hosting provider, platform, social media company, search engine, or brand protection channel.

A takedown request usually includes:

  • The fraudulent URL
  • Explanation of the fraud
  • Screenshots
  • Proof of trademark or business identity, if impersonation is involved
  • Police report or complaint reference, if available
  • Request to suspend the domain, remove content, block access, or preserve logs

However, takedown may also cause the scammer to move to a new domain. For serious cases, evidence should be preserved before takedown is requested.

XIII. Civil, Criminal, and Administrative Remedies

Fraudulent websites may lead to different kinds of action.

A. Criminal action

A criminal complaint seeks investigation and prosecution of offenders. Possible charges include cybercrime offenses, estafa, identity theft, falsification, or related crimes.

B. Civil action

A victim may seek recovery of money, damages, or other civil remedies. Civil action may be pursued separately or in connection with criminal proceedings, depending on the legal strategy.

C. Administrative complaints

Administrative agencies may impose sanctions, issue advisories, revoke registrations, order compliance, mediate consumer complaints, or coordinate enforcement.

Examples include complaints before DTI, NPC, SEC, or financial regulators.

XIV. Common Mistakes to Avoid

  1. Deleting messages after taking screenshots Keep the original messages.

  2. Only posting on social media instead of filing a report Public warnings may help others, but formal reports are necessary for investigation.

  3. Continuing to communicate with scammers This may expose the victim to further manipulation.

  4. Paying more money to recover previous losses Recovery scams often target prior victims.

  5. Sending IDs repeatedly to unknown “verification agents” This increases identity theft risk.

  6. Assuming a registered business is authorized to solicit investments Corporate registration is not the same as authority to sell securities or investment contracts.

  7. Waiting too long before calling the bank Delays reduce the chance of freezing funds or disputing transactions.

  8. Submitting incomplete evidence Investigators need URLs, timestamps, payment details, communications, and identification.

  9. Threatening the scammer before preserving evidence The website or accounts may disappear.

  10. Trying to retaliate online Hacking back, doxxing, or harassment may create legal exposure.

XV. Responsibilities of Businesses

Businesses whose names, logos, websites, products, or officers are impersonated should act quickly.

Recommended steps:

  1. Preserve screenshots and URLs.
  2. Notify customers through official channels.
  3. Report to PNP ACG or NBI Cybercrime Division.
  4. Request takedown from registrars, hosts, platforms, and search engines.
  5. Coordinate with banks or payment processors if accounts are identified.
  6. Notify the NPC if customer data may be involved.
  7. Monitor similar domains and social media pages.
  8. Consider trademark enforcement.
  9. Maintain an official fraud reporting channel.
  10. Publish guidance on how customers can verify legitimate websites.

A delayed response may expose more customers to harm and may create reputational damage.

XVI. Responsibilities of Victims

Victims should act promptly but carefully.

They should:

  • Preserve evidence.
  • Report to the bank or payment provider.
  • File with cybercrime authorities.
  • Secure accounts and devices.
  • Monitor credit cards, bank accounts, e-wallets, and email accounts.
  • Replace compromised cards or credentials.
  • Consider privacy complaints if personal information was misused.
  • Avoid sending more money.
  • Warn close contacts if identity theft is possible.
  • Keep copies of all complaint reference numbers.

Victims should also be cautious of people claiming they can recover funds for a fee. Many “fund recovery” services are themselves scams.

XVII. Legal Issues in Proving the Case

To establish a case, authorities may look for evidence of:

  1. Deceit or false representation The website claimed something false or misleading.

  2. Reliance by the victim The victim believed the representation and acted on it.

  3. Damage The victim lost money, data, account access, reputation, or other rights.

  4. Use of computer systems The fraud involved a website, online platform, electronic communication, or digital payment channel.

  5. Identity of perpetrators Investigators must connect the website, communications, payment accounts, devices, IP logs, domain registration, or financial transactions to individuals or groups.

  6. Intent The circumstances must show fraudulent or criminal intent.

Evidence from banks, telecoms, platforms, registrars, and hosting providers may be crucial. These entities usually require proper legal process before releasing detailed subscriber or transaction information to investigators.

XVIII. Jurisdiction and Venue

Cybercrime can involve multiple locations: the victim’s location, the scammer’s location, the server location, the bank account location, and the place where the damage occurred.

For practical purposes, victims in the Philippines may report to Philippine cybercrime authorities where they reside or where the offense affected them. The appropriate prosecutor or court venue may depend on the facts and applicable procedural rules.

Because fraudulent websites often operate across borders, early preservation of evidence and official reporting are important.

XIX. Data Privacy Concerns After Reporting

When submitting evidence, victims may need to provide personal information to authorities. They should provide complete information necessary for the complaint but keep copies secure.

If sharing warnings publicly, victims should avoid posting:

  • Full ID numbers
  • Full bank account numbers
  • Home addresses
  • Unredacted receipts containing sensitive details
  • Private conversations containing unrelated personal information
  • Personal data of innocent third parties

Public warnings should be balanced with privacy and defamation concerns. Accusations should be factual and supported by evidence.

XX. Preventive Measures

To avoid fraudulent websites:

  1. Type official website addresses directly instead of clicking random links.
  2. Check domain spelling carefully.
  3. Be wary of shortened links.
  4. Do not enter OTPs on unfamiliar pages.
  5. Verify investment offers with regulators.
  6. Avoid deals that are too good to be true.
  7. Use official apps from trusted app stores.
  8. Enable two-factor authentication.
  9. Use different passwords for different accounts.
  10. Check for official advisories from banks, agencies, or brands.
  11. Avoid making payments to personal accounts for supposed official transactions.
  12. Confirm customer service numbers through official sources.
  13. Do not trust a website merely because it has HTTPS or a padlock icon.
  14. Be cautious with QR codes from unknown sources.
  15. Keep devices and browsers updated.

The presence of a padlock icon only means the connection may be encrypted; it does not prove the website is legitimate.

XXI. Conclusion

Reporting fraudulent websites in the Philippines requires both speed and organization. The victim should immediately preserve evidence, secure compromised accounts, notify banks or payment providers, and file a report with cybercrime authorities such as the PNP Anti-Cybercrime Group or the NBI Cybercrime Division. Depending on the nature of the fraud, reports may also be filed with the National Privacy Commission, Department of Trade and Industry, Securities and Exchange Commission, financial institutions, hosting providers, domain registrars, and affected platforms.

The strongest complaints are supported by clear evidence: URLs, screenshots, payment records, communications, personal data submitted, and a chronological account of events. Fraudulent websites often disappear quickly, so evidence preservation should come before takedown requests whenever possible.

In the Philippine context, fraudulent websites may trigger liability under cybercrime law, estafa provisions, data privacy law, consumer protection rules, securities regulation, banking rules, and intellectual property law. Prompt reporting protects not only the individual victim but also the wider public from continuing online fraud.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login