How to Report Number Flooding Harassment From Online Gambling Apps

If your phone is suddenly receiving dozens or hundreds of OTPs, verification codes, calls, or gambling-related texts from different numbers, you may be experiencing number flooding harassment. In the Philippines, this can be more than “spam.” Depending on what is happening, it may involve misuse of your personal data, text scam activity, cyber harassment, threats, identity misuse, or an illegal online gambling operation. This guide explains what to save, where to report it, which Philippine laws may apply, and how to make your report strong enough for telcos, regulators, and cybercrime authorities to act.

What “Number Flooding” Usually Means

“Number flooding” is not the formal name of a specific crime under Philippine law. It is a practical term people use when a phone number is bombarded with:

  • OTPs or verification codes from apps you did not use
  • Repeated calls from unknown or rotating numbers
  • Casino, betting, or “panalo” promotional messages
  • Threatening or abusive messages from gambling agents, collectors, or scammers
  • Messages implying that your number was used to register, borrow, bet, or claim a gambling account
  • Links to online casino, sports betting, e-wallet, or “bonus” pages
  • Calls where the person pressures you to pay, deposit, verify, or continue playing

The most important question is: Is this merely spam, or is someone using your number or personal data to harass, scam, threaten, or impersonate you?

That distinction affects where you should report.

Why Online Gambling App Harassment Is Legally Serious

Online gambling in the Philippines is regulated. PAGCOR states that it regulates games of chance and issues licenses for gaming operations within Philippine territory, including electronic casino games, e-bingo, sports betting, specialty games, online poker, and numeric games. PAGCOR also warns that unauthorized online betting exposes the public to victimization by unscrupulous groups and advises the public to check authorized gaming entities through its official regulatory site. (PAGCOR) (PAGCOR)

Number flooding from an online gambling app can point to several possible abuses:

Situation What it may indicate Best first report
You receive gambling ads from many numbers Spam, scam, or illegal marketing Telco and NTC
You receive OTPs from gambling apps you never joined Possible identity misuse or attempted account creation Telco, CICC/PNP-ACG/NBI, NPC
Messages include threats or intimidation Possible threats, coercion, unjust vexation, cybercrime PNP-ACG or NBI
Your contacts are also being messaged Possible data scraping or privacy violation NPC and cybercrime authorities
The app or site is not PAGCOR-authorized Possible illegal online gambling operation PAGCOR, CICC, PNP-ACG/NBI
Money was taken from your e-wallet or bank Possible fraud, identity theft, cybercrime E-wallet/bank, CICC, PNP-ACG/NBI

Philippine Laws That May Apply

SIM Registration Act: RA 11934

The SIM Registration Act, Republic Act No. 11934, requires SIM registration before activation. It also defines spoofing as transmitting misleading or inaccurate information about the source of a call or text with intent to defraud, cause harm, or wrongfully obtain anything of value. (Supreme Court E-Library)

This matters because number flooding often uses:

  • Registered SIMs controlled by scammers
  • Spoofed sender names
  • Rotating prepaid numbers
  • Fake or fraudulently registered accounts
  • Automated bulk messaging systems

Under RA 11934, telcos may be required to act on fraudulent use of SIMs, and law enforcement may obtain subscriber information through proper legal process. The law allows disclosure of SIM registration information upon a subpoena by a competent authority in an investigation based on a sworn complaint involving a specific mobile number used for a crime or malicious, fraudulent, or unlawful act. (Supreme Court E-Library)

Cybercrime Prevention Act: RA 10175

The Cybercrime Prevention Act of 2012, Republic Act No. 10175, may apply when the harassment involves computer systems, apps, online accounts, phishing links, identity misuse, or online fraud.

Relevant cybercrime concepts include:

  • Computer-related fraud — using computer data or systems with fraudulent intent
  • Computer-related identity theft — intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another without right
  • Illegal access or data interference — if someone accesses or manipulates accounts or systems without authority
  • Cyber libel — if defamatory accusations are posted or sent online through computer systems

The Supreme Court discussed the Cybercrime Prevention Act in Disini v. Secretary of Justice, G.R. No. 203335, February 18, 2014, where it reviewed the constitutionality of several provisions and quoted RA 10175’s cybercrime offenses, including illegal access, data interference, computer-related offenses, unsolicited commercial communications, and cyber libel. (Supreme Court E-Library)

Data Privacy Act: RA 10173

The Data Privacy Act of 2012, Republic Act No. 10173, protects individual personal information in information and communications systems. It recognizes privacy of communication and requires personal information controllers to process personal data lawfully and securely. (National Privacy Commission)

This law may apply if the gambling app, agent, affiliate, or third-party marketer:

  • Collected your number without a lawful basis
  • Used your phone number for marketing without valid consent
  • Shared your number with agents, collectors, or affiliates
  • Used your contacts list after app installation
  • Sent your personal details to other people
  • Refused to delete or explain how it obtained your number

Under RA 10173, a data subject has rights to be informed, to access personal information, and to know the source, recipients, purpose, method, and controller of the personal data being processed. (National Privacy Commission)

Revised Penal Code: Threats, Coercion, and Unjust Vexation

When harassment becomes threatening, the Revised Penal Code may apply.

Possible provisions include:

  • Article 282, Grave Threats — when a person threatens another with harm to person, honor, property, or family amounting to a crime.
  • Article 285, Other Light Threats — for certain threats not amounting to grave threats.
  • Article 286, Grave Coercions — when someone, without authority of law, uses violence, threats, or intimidation to prevent another from doing something lawful or compel them to do something against their will.
  • Article 287, Unjust Vexation — often used for conduct that unjustifiably annoys, irritates, or disturbs another person when no more specific offense squarely applies. (Lawphil) (Lawphil)

In practice, if the messages say things like “bayaran mo o ipapahiya ka namin,” “pupuntahan ka namin,” “ikakalat namin information mo,” or “we will message your family,” save them immediately and report to cybercrime authorities.

Civil Code: Privacy, Peace of Mind, and Damages

The Civil Code of the Philippines also protects dignity, privacy, and peace of mind. Articles 19, 20, and 21 require people to act with justice, honesty, and good faith and provide liability for willful or negligent acts causing damage. Article 26 specifically says every person must respect the dignity, personality, privacy, and peace of mind of others, and lists acts such as meddling with private life, disturbing family relations, and vexing or humiliating another based on personal condition. (Lawphil)

This can matter if you later need to seek damages, a protection-type remedy, or civil relief because the harassment caused anxiety, reputational harm, disruption of work, or exposure of personal information.

What To Do Immediately

1. Do Not Click Gambling Links or Reply to Unknown Senders

Do not click links, download APK files, verify your identity, or send screenshots of your IDs to anyone claiming to be from a gambling app. Many scam messages try to make you panic by saying:

  • “Your withdrawal is pending”
  • “Your account will be blocked”
  • “Claim your bonus now”
  • “Verify your number”
  • “You owe money”
  • “Your account was used for betting”

Replying can confirm that your number is active.

2. Preserve Evidence Before Blocking

Blocking is useful, but evidence is more useful if you plan to report.

Save:

  • Screenshots showing the sender number or caller ID
  • Date and time of each message or call
  • Full message content
  • Links or domains shown in the message
  • App name, logo, Play Store/App Store link, APK source, or website
  • OTP messages from apps you did not use
  • Call logs showing repeated calls
  • Voice recordings, if legally and safely obtained
  • Proof that your contacts or relatives were messaged
  • Any e-wallet, bank, or gambling account transaction connected to the incident

For Globe’s spam reporting page, for example, screenshots must show the sender number or caller ID, timestamp, and full spam or scam message. (Globe Telecom)

3. Make an Incident Log

Create a simple timeline. This helps investigators see the pattern.

Date/time Sender/caller What happened Evidence file
July 6, 2026, 9:12 AM 09XX XXX XXXX OTP from gambling app I never used Screenshot 1
July 6, 2026, 9:20 AM Unknown caller 12 missed calls in 5 minutes Call log 1
July 6, 2026, 9:35 AM 09XX XXX XXXX Threatened to message my family Screenshot 2

Do not rely only on your phone’s notification screen. Open the message thread and capture the full details.

4. Secure Your Accounts

If the flooding includes OTPs, act as if someone may be trying to register or access accounts using your number.

Do these immediately:

  1. Change passwords for your email, e-wallets, banking apps, social media, and gambling-related accounts, if any.
  2. Enable app-based two-factor authentication where available.
  3. Check your GCash, Maya, bank, and card transaction history.
  4. Remove unknown linked devices from email and social accounts.
  5. Call your bank or e-wallet provider if there is any unauthorized transaction.
  6. Ask your telco about SIM replacement or additional protection if you suspect SIM swap or identity misuse.

Where To Report Number Flooding Harassment in the Philippines

Report to Your Telco First

Telcos can block numbers, identify traffic patterns, and escalate suspicious activity.

Telco Reporting channel What to include
Globe/TM/GOMO Globe #StopSPAM page or GlobeOne app Sender/caller ID, timestamp, full message, suspicious link, receiving number
Smart/TNT/Sun Smart HuliScam portal or official Smart support channels Sender number, message content, date received, recipient location
DITO DITO App live chat, 185 using a DITO number, or official DITO channels Sender number, screenshots, dates, links, call logs

Telco reports are especially useful for blocking and pattern detection, but they may not be enough if you want a criminal investigation. For threats, identity misuse, or financial loss, file with cybercrime authorities too.

Report to the National Telecommunications Commission

The National Telecommunications Commission (NTC) receives text scam, text spam, illegal message, and threatening message complaints and may endorse them to public telecommunications entities or other agencies for blocking or appropriate action. In a 2026 FOI response, NTC directed complainants to its text spam/scam report page and stated that reports should include a valid ID and an image of the text spam or scam showing the cellphone number. NTC also listed consumer channels such as consumer@ntc.gov.ph, regional offices, and Hotline 1682. (www.foi.gov.ph)

For an NTC report, prepare:

  • One valid government ID
  • Screenshot of each message
  • Sender number or caller ID
  • Date and time received
  • Your receiving number
  • Brief statement of what happened
  • Any link, app name, or gambling website involved

Use NTC when the main issue is text spam, scam SMS, illegal messages, threatening messages, or repeated telecommunications abuse.

Report to CICC / Hotline 1326

The Cybercrime Investigation and Coordinating Center (CICC) and Inter-Agency Response Center hotline 1326 are useful for online scams, phishing, cyber fraud, and cybercrime triage. The Philippine News Agency reported that victims of cyber fraud should call 1326, while those who received text scams may report numbers through the eGov app’s eReport feature; reports through eGov are sent to the NTC for blocking. (Philippine News Agency)

Use CICC/1326 when:

  • You are unsure which agency should handle it
  • There are suspicious gambling links
  • There is possible fraud
  • You need immediate guidance
  • You want the report routed to the proper agency

Report to PNP Anti-Cybercrime Group or NBI Cybercrime Division

For serious harassment, threats, identity misuse, financial loss, or organized scam activity, report to either:

  • PNP Anti-Cybercrime Group (PNP-ACG)
  • National Bureau of Investigation Cybercrime Division (NBI-CCD)

The NBI lists its Cybercrime Division among its divisions and services with the email ccd@nbi.gov.ph. (National Bureau of Investigation)

You will usually need:

  • Valid ID
  • Complaint narrative or complaint-affidavit
  • Screenshots and call logs
  • Links, usernames, app names, numbers, domains
  • Proof of financial loss, if any
  • E-wallet or bank reference numbers
  • Copies of previous telco, NTC, or CICC reports

For formal criminal complaints, expect to execute a sworn statement or complaint-affidavit. The DOJ’s preliminary investigation checklist generally requires an investigation data form and complaint-affidavit or sworn statement for filing complaints with prosecution offices. (Department of Justice)

Report to the National Privacy Commission

Report to the National Privacy Commission (NPC) if the harassment involves misuse, unauthorized processing, disclosure, sale, or sharing of your personal data.

Examples:

  • The gambling app got your number without your consent.
  • Your contacts were messaged after you installed an app.
  • Agents used your name, address, workplace, ID, or contact list.
  • The app refuses to tell you how it obtained your data.
  • Your personal information was exposed to shame or pressure you.

NPC’s formal complaint process requires a specific form, printing and filling it out, notarization, and submission in person, by courier, or by scanned email to the NPC complaints address. (National Privacy Commission)

Before filing with NPC, it is often helpful to first send the app or company a written request asking:

  1. What personal data of mine are you processing?
  2. Where did you obtain my number?
  3. What is your lawful basis for contacting me?
  4. Who received or accessed my data?
  5. Please stop processing my number for marketing or harassment.
  6. Please delete or block my number unless retention is legally required.

If they ignore you, continue harassing you, or cannot explain their lawful basis, include that in the NPC complaint.

Report to PAGCOR if the Gambling Platform Appears Unauthorized

If the app or website claims to be an online casino, betting app, e-games provider, or sports betting platform, check whether it appears on PAGCOR’s official regulatory lists. PAGCOR warns the public against unauthorized online betting and points users to its regulatory site and accredited service providers for authorized entities. (PAGCOR)

Report to PAGCOR when:

  • The app is not listed as authorized
  • The domain looks suspicious or cloned
  • Agents use gambling ads to lure deposits
  • The platform refuses withdrawals
  • The platform has no visible license details
  • The app uses harassment or threats

Prepare:

  • Website or app URL
  • Screenshots of the app, ads, or messages
  • Sender numbers and agent usernames
  • Payment channels used
  • Deposit or withdrawal proof
  • Your incident timeline

PAGCOR’s regulatory contact page lists the Electronic Gaming Licensing Department and other regulatory departments, with PAGCOR trunkline numbers and regulatory email contacts. (PAGCOR)

How To Write a Strong Complaint Narrative

Keep it factual. Avoid long emotional statements, but clearly describe the harm.

Use this structure:

  1. Who you are State your name, contact number, address or city, and whether you are the registered user of the phone number.

  2. What happened “On July 6, 2026, I began receiving repeated OTP messages and gambling-related texts from different numbers connected to an online betting app I did not register for.”

  3. Why it is suspicious or harmful “I never created an account with this app. The messages continued despite blocking numbers. Some messages contained threats and links.”

  4. Evidence attached List screenshots, call logs, links, transaction records, and prior reports.

  5. What action you are requesting Ask for blocking, investigation, preservation of records, identification through lawful process, takedown/referral, or data privacy action.

Sample Complaint Narrative

“I respectfully report repeated number flooding, OTP bombing, and harassment connected to an online gambling app. Beginning on July 6, 2026, my mobile number received multiple OTP messages, promotional gambling texts, and calls from unknown numbers. I did not register with the app and did not authorize the use of my number. Some messages contained links and statements pressuring me to verify or continue using the alleged account. I am attaching screenshots showing sender numbers, timestamps, message contents, and call logs. I request assistance in blocking the numbers, preserving relevant records, and investigating possible scam, identity misuse, telecommunications abuse, and unauthorized processing of my personal data.”

Special Situations

If You Are a Foreigner in the Philippines

Foreign nationals are covered by Philippine cybercrime, data privacy, consumer, and criminal laws when the incident occurs in the Philippines or involves Philippine-based systems, numbers, or actors.

When reporting, bring or attach:

  • Passport bio page
  • ACR I-Card, visa page, or proof of stay, if applicable
  • Philippine mobile number details
  • Local address or hotel address
  • Screenshots and call logs
  • Police blotter, if threats are involved

If you are outside the Philippines, you can start with email or online reporting channels, but some agencies may later require a sworn complaint-affidavit. If executed abroad, documents may need notarization before a Philippine Embassy or Consulate, or apostille depending on the country and the document’s intended use.

If You Are an OFW or Filipino Abroad

You can still report if your Philippine SIM, e-wallet, bank account, or Philippine contacts are affected.

Practical steps:

  • Keep your Philippine SIM active if needed for evidence and OTPs.
  • Ask a trusted family member to help secure a barangay blotter or police report if harassment reaches relatives.
  • Contact your telco online.
  • Report to CICC/1326 if accessible, or through available online channels.
  • For sworn documents, check the nearest Philippine Embassy or Consulate.

If Your Contacts Are Being Harassed

If an app or agent messages your contacts, the issue becomes more serious because it may indicate contact list scraping, disclosure of personal information, or harassment by association.

Save:

  • Screenshots from your relatives or friends
  • Their affidavits or written statements, if willing
  • Proof that you installed or interacted with the app
  • App permissions showing access to contacts
  • Messages naming you or shaming you

This is often relevant to both NPC and cybercrime authorities.

If You Actually Used the Gambling App but the Harassment Is Excessive

Even if you registered or played before, the app or its agents do not have unlimited permission to harass you, threaten you, expose your information, or flood your number.

Consent to receive account-related messages is not the same as consent to:

  • Threats
  • Public shaming
  • Contacting your family
  • Using your contacts list
  • Illegal debt collection-style pressure
  • Sending endless promotional messages after opt-out
  • Sharing your data with unauthorized affiliates

Common Mistakes That Weaken Reports

Avoid these mistakes:

  • Deleting the messages before screenshotting them
  • Sending only one screenshot when the issue is repeated flooding
  • Cropping out timestamps or sender numbers
  • Failing to show the suspicious link
  • Filing only with Facebook pages instead of official channels
  • Using vague wording like “scammer po ito” without a timeline
  • Not mentioning that you never registered with the gambling app
  • Ignoring OTP bombing because “wala namang nawala”
  • Clicking the link to “investigate” the app yourself
  • Posting the alleged scammer’s number publicly with threats or insults

Publicly posting personal data can create legal risk for you, especially if the information turns out to be wrong or belongs to another victim whose SIM was misused.

Frequently Asked Questions

Is number flooding a crime in the Philippines?

There is no single offense called “number flooding,” but the conduct may fall under several laws depending on the facts. It may involve text scam activity, cybercrime, data privacy violations, threats, coercion, unjust vexation, fraud, or illegal online gambling.

Can I report OTP bombing from a gambling app even if I lost no money?

Yes. OTP bombing may indicate attempted account creation, identity misuse, phishing, or harassment. Report it to your telco, NTC, and CICC. If your personal data appears to have been used, consider reporting to NPC as well.

Should I report to NTC or PNP first?

For spam texts and repeated scam messages, start with your telco and NTC. For threats, identity misuse, financial loss, hacking, or organized harassment, report to PNP-ACG or NBI Cybercrime Division. You can do both.

What evidence is most important?

The strongest evidence shows the sender number or caller ID, timestamp, full message, suspicious link, app name or website, and a timeline proving repetition. For financial loss, include transaction receipts and account statements.

Can NTC identify the owner of the number?

NTC’s practical role is usually receiving complaints and endorsing them to telcos or concerned agencies for blocking or appropriate action. Subscriber identity generally requires proper legal process, such as a subpoena from a competent authority in an investigation.

Can I sue the gambling app for using my number without consent?

Possibly, especially if there is proof of unauthorized personal data processing, disclosure, harassment, or damage. The Data Privacy Act, Civil Code, and other laws may be relevant. Start by preserving evidence and filing the appropriate agency reports.

What if the messages come from different numbers every time?

That is common in spam and scam operations. Still report them. Telcos and regulators look for patterns, links, domains, sender IDs, and traffic behavior, not just one number.

What if the gambling app is PAGCOR-licensed?

A licensed platform can still be reported if its agents, affiliates, marketers, or systems are harassing users, misusing data, or allowing abusive conduct. Report to the platform, PAGCOR, NPC, and cybercrime authorities depending on the facts.

What if the app is not in the Google Play Store or Apple App Store?

Be extra cautious. APK-only gambling apps, cloned websites, and links sent through Telegram, Messenger, Viber, or SMS are common red flags. Do not install the app to investigate. Preserve the link and report it.

Do I need a lawyer to file a report?

For initial telco, NTC, CICC, PAGCOR, and NPC reporting, you can usually start on your own. For criminal complaints, civil damages, or complex cases involving money loss, threats, or overseas documents, legal help may be useful in preparing affidavits and organizing evidence.

Key Takeaways

  • Do not click links, reply, or verify your identity through gambling messages or unknown callers.
  • Preserve screenshots showing the sender, timestamp, full message, and link.
  • Report spam and scam messages to your telco and NTC.
  • Report cyber fraud, identity misuse, threats, or financial loss to CICC, PNP-ACG, or NBI Cybercrime Division.
  • Report unauthorized use, sharing, or exposure of your personal data to the National Privacy Commission.
  • Report suspicious or unauthorized gambling platforms to PAGCOR.
  • A strong report includes a clear timeline, complete evidence, and a specific request for blocking, investigation, preservation of records, or privacy action.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.