How to Report Online Impersonation and Identity Theft in the Philippines

Online impersonation can quickly become more than an embarrassing fake profile. An impostor may message your relatives for money, use your photos to open financial accounts, pose as your business, damage your reputation, or obtain personal information from people who trust you. The most effective response is to secure your accounts, preserve evidence before it disappears, report the account to the platform, and file the appropriate complaint with Philippine law-enforcement or privacy authorities.

What counts as online impersonation or identity theft?

Online impersonation happens when someone presents an account, message, advertisement, website, email address, phone number, image, voice recording, or other digital material as if it came from you or your organization.

Common examples include:

  • A cloned Facebook profile using your name, photographs, employment details, and friends list
  • A hacked social-media account from which the offender asks your contacts for money
  • A fake online shop using a legitimate business’s name, logo, address, or registration documents
  • An impostor pretending to be a company executive and directing an employee to transfer funds
  • Someone using your identification card to register a SIM, e-wallet, loan, merchant account, or bank account
  • A romance scammer using your photographs and biography
  • A deepfake video or voice recording made to deceive relatives, customers, or financial institutions

A cloned account is a new account made to resemble the real one. An account takeover occurs when the offender gains control of the victim’s actual account. An account takeover may involve illegal access in addition to identity theft.

Not every account with a similar name is automatically a crime. A clearly labeled parody, fan account, or commentary page may be different from a deceptive account. Investigators usually look for unauthorized use of identifying information, false representations, intent, messages sent to third parties, and resulting or intended harm.

Philippine laws that may apply

Computer-related identity theft under Republic Act No. 10175

Section 4(b)(3) of the Cybercrime Prevention Act of 2012, Republic Act No. 10175, defines computer-related identity theft as the intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another natural or juridical person without right.

This definition is broad enough to protect both individuals and entities such as corporations and partnerships. It may cover the unauthorized use of a person’s name, photographs, account details, identification documents, electronic credentials, or other information that identifies the victim.

Actual financial loss is not always required. RA 10175 expressly provides for a lower penalty when no damage has yet been caused, which means an offender may still be investigated even when the victim stopped the scheme before anyone transferred money. The Supreme Court upheld the validity of the computer-related identity-theft provision in Disini, Jr. v. Secretary of Justice. (Lawphil)

Other provisions of RA 10175 may apply when the impostor:

  • Illegally accessed the victim’s account or device
  • Altered electronic records or created false digital documents
  • Used deception to cause financial loss
  • Published defamatory statements through a computer system
  • Attempted, aided, or abetted certain cybercrime offenses

Data Privacy Act violations

The unauthorized collection, use, disclosure, or processing of personal information may also fall under the Data Privacy Act of 2012, Republic Act No. 10173.

Depending on the facts and any applicable exemption, possible violations may include:

  • Unauthorized processing under Section 25
  • Processing for unauthorized purposes under Section 28
  • Malicious disclosure under Section 31
  • Unauthorized disclosure under Section 32

A Data Privacy Act complaint is especially relevant when a company, lender, employer, online service, organized operator, or other personal information controller failed to protect your information or used it without a lawful basis. It is a separate remedy from a criminal complaint for computer-related identity theft. (National Privacy Commission)

Fraud involving bank accounts and e-wallets

The Anti-Financial Account Scamming Act, Republic Act No. 12010, applies when identity theft or impersonation is connected to financial accounts.

RA 12010 penalizes, among other conduct:

  • Opening a financial account under a fictitious name
  • Using another person’s identity or identification documents to open an account
  • Obtaining sensitive account information through deception or electronic communications
  • Pretending to represent a bank, e-wallet provider, or other financial institution
  • Using or supplying financial accounts for money-muling activities

The law allows a covered financial institution to temporarily hold funds involved in a disputed transaction, subject to Bangko Sentral ng Pilipinas rules. The statutory holding period may not exceed 30 calendar days unless extended by a court. A hold is not automatic, so speed is critical. (Lawphil) (Lawphil)

Estafa, falsification, threats, and cyber libel

The same incident may involve offenses under the Revised Penal Code, including:

  • Estafa under Article 315 when deceit causes another person to part with money or property
  • Falsification or use of falsified documents under Articles 171 and 172 when identification cards, receipts, contracts, certificates, or commercial documents are forged or altered
  • Grave threats under Article 282 when the impostor threatens harm
  • Libel under Articles 353 and 355, in relation to RA 10175, when the offender publishes a defamatory imputation online

Section 6 of RA 10175 generally provides a higher penalty when an offense already punishable under the Revised Penal Code or another special law is committed through information and communications technology. The exact charges depend on what the offender actually did; “identity theft” should not be used as a substitute for identifying the specific acts and evidence.

Civil damages and injunctions

Articles 19, 20, and 21 of the Civil Code require people to act with justice, give everyone their due, and avoid willfully causing injury contrary to law, morals, good customs, or public policy. Article 26 protects personal dignity, privacy, and peace of mind.

Once the responsible person is identified, a victim may consider a civil action for actual, moral, or other legally recoverable damages. In an appropriate case, injunctive relief may also be sought to stop continuing misuse. Civil proceedings can be difficult when the offender remains anonymous, is abroad, or has no identifiable assets.

What to do immediately after discovering the impersonation

1. Secure the real accounts

Change the passwords of the affected account and the email account connected to it. Use a new, unique password rather than a variation of the old one.

Then:

  • Activate multi-factor authentication
  • Log out unknown devices and sessions
  • Remove unfamiliar recovery emails or phone numbers
  • Regenerate backup codes
  • Check whether messages, advertisements, payment methods, or administrator accounts were added
  • Contact your mobile provider if your SIM suddenly stopped working, which may indicate SIM replacement or takeover
  • Warn your bank or e-wallet provider if financial credentials may have been exposed

Do not rely only on changing the social-media password. An offender who controls the connected email account can often regain access.

2. Preserve evidence before requesting removal

Capture evidence before the fake account, message, or advertisement disappears.

For each item, save:

  • The full profile, post, advertisement, or website URL
  • The username, handle, page ID, account ID, email address, or phone number
  • Screenshots showing the browser address bar or profile handle
  • The date, time, and time zone when you viewed it
  • A screen recording showing how you reached the content
  • Copies of messages, chat exports, emails, and complete email headers
  • Images, videos, voice recordings, and documents sent by the offender
  • Names of recipients or witnesses
  • Transaction reference numbers, destination accounts, receipts, and bank statements
  • Platform report numbers and acknowledgment emails

Preserve an unedited copy. Cropped or annotated screenshots may be useful for explanation, but they should not replace the originals.

Electronic evidence must eventually be authenticated. The Rules on Electronic Evidence, A.M. No. 01-7-01-SC, recognize electronic documents and communications, but their reliability, integrity, source, and manner of preservation may have to be shown. (Lawphil)

Do not factory-reset the affected device unless necessary to prevent further loss. Export relevant records first. If an investigator takes custody of a device, ask for an inventory or acknowledgment receipt.

3. Warn likely targets without making unsupported accusations

A short public notice can reduce further harm:

A fake account is using my name and photographs. I am not requesting money, investments, passwords, or verification codes. Please do not transact with the account and report it through the platform.

Avoid publicly naming a suspected offender unless the identification is reliable and publication is necessary. An emotional accusation against the wrong person can create a separate defamation or harassment problem.

4. Report the exact account and content to the platform

Use the platform’s official impersonation, hacked-account, fraud, or trademark-reporting channel.

When reporting:

  • Report the profile and the specific fraudulent messages, posts, or advertisements
  • Ask recipients to report the messages they personally received
  • Attach proof that you are the person or authorized business being impersonated
  • Submit identification only through the platform’s official form
  • Keep the ticket or case number
  • Appeal through the official process if the first report is rejected

Be cautious of anyone messaging you as “platform support” and asking for your password, one-time PIN, recovery code, or payment. Legitimate support personnel should not need those credentials.

A platform report may remove content, but it does not automatically identify or prosecute the offender.

5. Notify banks, e-wallets, lenders, and payment providers

When money or a financial account is involved, report the incident immediately to:

  1. Your own bank, card issuer, or e-wallet provider
  2. The receiving institution, when identifiable
  3. Any lender or financial company that opened an account in your name
  4. Law enforcement

Use the institution’s fraud or consumer-assistance channel and request:

  • Immediate blocking or restriction of the affected account
  • A formal disputed-transaction case
  • A case or reference number
  • Preservation of account-opening, device, IP address, transaction, and know-your-customer records
  • Written confirmation of the report
  • Coordination with the receiving institution under applicable AFASA rules

The BSP advises consumers to report identity theft and suspicious transactions immediately to their bank or e-money issuer. (Bureau of the Treasury)

Where to report online impersonation in the Philippines

PNP Anti-Cybercrime Group

You may report to the Philippine National Police Anti-Cybercrime Group or its regional anti-cybercrime units. A nearby police station may also receive the complaint and refer or coordinate it with the appropriate cybercrime unit.

Bring printed and electronic copies of your evidence. Clearly state whether the case involves:

  • A cloned or hacked account
  • Threats or continuing harassment
  • Fraudulent requests for money
  • Unauthorized financial transactions
  • Use of an ID to open an account
  • A known or unknown suspect
  • A foreign platform, phone number, account, or suspect

Ask for the investigator’s name, office contact details, and complaint or reference number.

NBI Cybercrime Division

The National Bureau of Investigation Cybercrime Division accepts requests for investigation from the general public. The NBI’s published Citizen’s Charter for victims of computer crimes describes complaint intake, an initial interview, execution of sworn statements, submission of supporting documents, and possible examination of a relevant device. Its listed intake service has no agency fee, although notarization, copying, travel, or legal-document costs may still arise. (National Bureau of Investigation)

The NBI also maintains an online complaint page. An online submission may begin the process, but investigators may still require personal appearance, identification, an interview, original evidence, or a sworn complaint.

CICC hotline 1326

The Cybercrime Investigation and Coordinating Center’s 1326 hotline can assist with the initial reporting and referral of online scams, phishing, impersonation, and other cyber incidents. It is useful for urgent guidance, particularly when the victim is unsure which agency or institution should receive the report.

A hotline report should not be treated as a substitute for a sworn criminal complaint when investigation or prosecution is required. Obtain a reference number and follow any referral to the PNP, NBI, financial institution, or other agency. Government information campaigns continued to identify 1326 as the central hotline for online scam and impersonation reports through 2025 and 2026. (Facebook)

City or provincial prosecutor’s office

A victim may file a complaint-affidavit with the appropriate Office of the City Prosecutor or Office of the Provincial Prosecutor. Direct filing is more practical when the respondent is already identified and the essential evidence has been gathered.

When the offender is unknown, an investigation by the NBI or PNP is often necessary first because private individuals cannot compel platforms, telecommunications companies, banks, or internet service providers to disclose subscriber information.

RA 10175 permits law enforcement to obtain preservation and disclosure orders and apply for cybercrime warrants. Traffic data and subscriber information must generally be preserved by service providers for at least six months from the transaction, while content data may be preserved for six months from receipt of a lawful preservation order. A one-time extension may be ordered. Early reporting matters because provider records may otherwise be lost or become more difficult to obtain. (Lawphil)

National Privacy Commission

File with the National Privacy Commission when the incident involves unauthorized collection, use, processing, disclosure, or inadequate protection of personal information.

The NPC’s current process requires a complaint in the prescribed form, supporting evidence, a valid government-issued ID, and notarization. The complaint may be submitted in person, by courier, or as a scanned submission through the method stated on the NPC formal complaint page. (National Privacy Commission)

The NPC’s 2026 Complaint-Affidavit form asks whether the complainant contacted the respondent in writing. If you did not, explain why—for example, the offender was unknown, contact would create danger, or advance notice might cause deletion of evidence. The form warns that failure to attach supporting evidence may cause outright dismissal.

The currently published NPC schedule of fees lists a ₱500 complaint filing fee, a legal research fee, and additional fees when damages or special reliefs are requested. Qualified indigent litigants may seek exemption by submitting the required indigency documents.

How to prepare a strong complaint-affidavit

A complaint-affidavit is a sworn, chronological account of the incident. It should focus on verifiable facts rather than conclusions such as “this person is a scammer.”

Include:

  1. Your identity and contact information.
  2. Proof that the real account, name, photograph, business, or document belongs to you.
  3. The date you discovered the impersonation.
  4. Exactly what identifying information was copied or used.
  5. The URLs, handles, phone numbers, email addresses, and financial accounts involved.
  6. What the impostor represented to other people.
  7. Who received or relied on those representations.
  8. Any money transferred, account opened, reputation damaged, threat made, or other harm caused.
  9. The steps you took to secure accounts and report the incident.
  10. An indexed list of attachments.

Label evidence consistently:

  • Annex “A” — screenshot of fake profile
  • Annex “B” — URL and account details
  • Annex “C” — message requesting money
  • Annex “D” — affidavit of recipient
  • Annex “E” — transaction receipt
  • Annex “F” — platform acknowledgment
  • Annex “G” — bank fraud report

Witnesses who personally received messages should make their own sworn statements when possible. Their testimony can establish that the impostor represented themselves as you and attempted to obtain money, information, or another benefit.

Documents commonly required

Document or evidence Why it matters
Valid government-issued ID Confirms the complainant’s identity
Proof of ownership of the real account Distinguishes the authentic account from the fake one
Chronology of events Helps investigators understand the sequence quickly
Full URLs, handles, account IDs, emails, and phone numbers Allows tracing and preservation requests
Original screenshots, recordings, and chat exports Preserves the content and context
Bank statements and transaction references Establishes financial loss and destination accounts
Platform and bank ticket numbers Shows prior reports and enables follow-up
Witness affidavits Proves what third parties received or believed
Business registration and authority documents Establishes ownership and the representative’s authority
Notarized complaint-affidavit Required for formal criminal or administrative proceedings
Apostille, consular notarization, or authenticated authority documents May be required when executed abroad

For a corporation, investigators may request the SEC registration documents, a secretary’s certificate or board authority, the authorized representative’s ID, proof of the official website or account, and evidence that the impersonated name or logo belongs to the business.

What happens after filing?

There is no single timetable because an account may be hosted abroad, registered with false information, accessed through several devices, or connected to multiple financial institutions.

Stage Practical expectation
Account security and bank notification Should be done immediately
Platform review May take hours, days, or several weeks
NBI or PNP complaint intake Usually completed during the initial visit when documents are sufficient
Preservation and subscriber-data requests Depend on legal process and provider response
Identification of an anonymous account holder May take weeks or months; overseas providers can take longer
Prosecutor’s preliminary investigation Commonly takes several months, depending on submissions and caseload
NPC proceedings May take months or longer, especially when pleadings, mediation, or hearings are required
Recovery of transferred funds Depends heavily on how quickly the transfer was reported and whether funds remain traceable

A police blotter or hotline report documents the incident but is not, by itself, a criminal conviction, takedown order, or guarantee that money will be returned. Continue following up using the official docket or reference number.

Common mistakes that weaken an identity-theft report

Saving only a cropped screenshot

A screenshot showing only the offender’s display name may not identify the account. Include the URL, username, account ID, date, time, and surrounding conversation.

Reporting too late

Platforms and service providers do not retain every type of record forever. Early reporting gives investigators a better opportunity to request preservation.

Deleting the affected account or device data

Deleting messages, resetting the phone, or closing the real account may destroy evidence. Secure the account while preserving relevant records.

Contacting the offender before evidence is preserved

A demand to stop may be appropriate in some cases, but it can also cause the offender to delete the account, move funds, or destroy records. Preserve evidence first.

Paying a “hacker,” fixer, or fake support agent

A private person promising to reveal an IP address or recover an account for a fee may be committing another scam. Subscriber information generally requires lawful cooperation from the provider and, where applicable, a court warrant.

Publicly accusing an unverified suspect

Similar writing styles, profile photographs, or personal disputes do not conclusively establish who operated an account. Give suspicions and supporting facts to investigators rather than presenting them online as proven facts.

Going through barangay conciliation as the only remedy

Computer-related identity theft carries a penalty beyond the ordinary jurisdiction of the Katarungang Pambarangay. Section 408 of the Local Government Code excludes offenses punishable by imprisonment exceeding one year or a fine exceeding ₱5,000 from mandatory barangay conciliation. A barangay record may help document local threats or disturbances, but it should not delay reporting to cybercrime investigators. (Lawphil)

Reporting from abroad or when the offender is overseas

Philippine cybercrime protection is not limited to Filipino citizens. A foreign national, overseas Filipino, or foreign business may report when the Philippines has a legally relevant connection to the incident—for example, the victim or damage is in the Philippines, a Philippine financial account is used, or part of the relevant computer infrastructure or conduct falls within Philippine jurisdiction.

A complainant abroad may be asked to:

  • Execute the complaint-affidavit before a Philippine Embassy or Consulate
  • Have a locally notarized document apostilled when issued in a country covered by the Apostille Convention
  • Obtain consular legalization when the apostille process is unavailable
  • Execute a Special Power of Attorney for a representative in the Philippines
  • Submit certified translations of documents not written in English or Filipino
  • Attend an online or in-person interview and later testify if the case proceeds

A consular officer may notarize private documents such as affidavits for use in the Philippines. Alternatively, a document notarized abroad may be apostilled by the competent authority of an Apostille Convention country. Requirements vary by country and by the receiving Philippine agency. (Philippine Embassy)

When a platform, service provider, or suspect is outside the Philippines, law enforcement may need assistance through the DOJ Office of Cybercrime, which serves as the central authority for international cooperation on cybercrime and electronic evidence. Cross-border requests usually take longer than purely domestic investigations. (Cybercrime Division)

Frequently Asked Questions

Is creating a fake Facebook account in someone else’s name illegal in the Philippines?

It can be. A deceptive account that intentionally uses another person’s identifying information without right may constitute computer-related identity theft under RA 10175. Fraud, threats, falsification, cyber libel, or Data Privacy Act violations may also apply depending on what the account does.

Can I report an impostor even if nobody lost money?

Yes. Financial loss is not an absolute requirement for computer-related identity theft. Preserve evidence showing the unauthorized use and any attempted deception, reputational damage, distress, or risk created.

Where should I report a fake social-media account?

Report it to the platform and to the PNP Anti-Cybercrime Group or NBI Cybercrime Division. Use CICC hotline 1326 for initial assistance and referral. Report separately to the NPC when personal-information misuse or a data-protection failure is involved.

Do I need to know the real name of the offender?

No, but an unknown suspect makes investigation more important. Provide every available digital identifier, including URLs, account IDs, usernames, phone numbers, email addresses, payment accounts, transaction references, and dates.

Is a screenshot enough to file a case?

A screenshot can support a complaint, but it is stronger when accompanied by the full URL, account identifier, original message or file, date and time, witness testimony, and proof of how the screenshot was obtained. Preserve the original electronic evidence.

Do I need to file at the barangay first?

Generally, no for computer-related identity theft because the applicable penalty exceeds the Katarungang Pambarangay threshold. Go directly to the appropriate law-enforcement agency or prosecutor. A barangay report may still document a related local incident.

Can I have the fake account removed immediately?

Platforms may remove clear impersonation accounts quickly, but there is no guaranteed timetable. Submit proof through the official impersonation process, report the specific fraudulent content, and ask affected contacts to report what they personally received.

Can the police obtain the account holder’s IP address?

Law enforcement may seek subscriber information, traffic data, or other relevant computer data through the procedures and cybercrime warrants authorized by RA 10175. A private complainant usually cannot compel the platform to disclose this information directly.

What should I do if my ID was used to open an e-wallet or loan account?

Notify the institution immediately, dispute the account in writing, request restriction or closure, and ask it to preserve the application, know-your-customer documents, device records, IP information, and transaction history. Report the incident to the NBI or PNP and consider an NPC complaint. RA 12010 may apply when another person’s identity documents were used to open a financial account.

Can a foreigner file an identity-theft complaint in the Philippines?

Yes. Citizenship is not the controlling issue. The relevant questions include where the conduct, computer system, financial account, victim, and damage are located. A foreign complainant may need notarized, apostilled, or consularized documents and may appoint a Philippine representative for limited procedural steps.

Key Takeaways

  • Preserve URLs, account identifiers, original messages, transaction records, and unedited screenshots before the content disappears.
  • Secure the real email, social-media, mobile, banking, and e-wallet accounts immediately.
  • Report the exact account and fraudulent content through the platform’s official channels.
  • File with the PNP Anti-Cybercrime Group or NBI Cybercrime Division when investigation or prosecution is needed.
  • Notify financial institutions immediately when money, loans, bank accounts, or e-wallets are involved.
  • Use the National Privacy Commission process when personal information was unlawfully processed, disclosed, or inadequately protected.
  • Ask law enforcement about prompt preservation of provider records, particularly when the offender is anonymous.
  • Keep receiving copies, ticket numbers, investigator details, and a complete evidence index for every report.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.