Online investment scams and withdrawal fee fraud represent two of the most pervasive forms of financial crime in the Philippines today. These schemes typically begin with unsolicited offers—via social media, messaging apps, fake websites, or dating platforms—promising extraordinarily high returns on investments in cryptocurrencies, foreign exchange, stocks, or fictitious “trading platforms.” Victims are induced to deposit funds, often through banks, e-wallets, or cryptocurrency wallets. Once funds are received, perpetrators either vanish or, in the classic “withdrawal fee fraud” variant, demand additional payments labeled as “taxes,” “processing fees,” “verification charges,” or “insurance deposits” before any withdrawal can occur. These demands escalate indefinitely, constituting a continuing offense of deceit.

Such conduct is not merely unethical; it is criminal under multiple interlocking statutes. The core offense is estafa (swindling) under Article 315 of the Revised Penal Code (Act No. 3815, as amended). Paragraph 2(a) specifically penalizes fraud by inducing another, through false pretenses or fraudulent acts, to deliver money or property. The penalty is graduated according to the amount defrauded: prision correccional to prision mayor, plus a fine equivalent to the amount involved. When committed through the internet or any computer system, the offense is further qualified under Republic Act No. 10175, the Cybercrime Prevention Act of 2012. Section 4(a)(4) of RA 10175 expressly criminalizes “computer-related fraud,” imposing imprisonment of prision mayor to reclusion temporal and a fine of not less than Two Hundred Thousand Pesos (₱200,000.00) but not more than Five Hundred Thousand Pesos (₱500,000.00) for each count, in addition to the penalties under the Revised Penal Code.

Where the scheme involves the offering or sale of securities without registration, Republic Act No. 8799, the Securities Regulation Code, applies. Section 8 prohibits the sale of unregistered securities, while Section 26 empowers the Securities and Exchange Commission (SEC) to investigate and prosecute fraudulent investment schemes. Violations carry penalties of a fine of not less than Fifty Thousand Pesos (₱50,000.00) nor more than Five Million Pesos (₱5,000,000.00) and imprisonment of seven to twenty-one years. The Anti-Money Laundering Act of 2001 (Republic Act No. 9160, as amended by RA 9194, RA 10365, RA 11862, and RA 11521) further classifies proceeds of estafa and cyber-fraud as “unlawful activities,” allowing the freezing of bank accounts and assets upon petition by the Anti-Money Laundering Council (AMLC).

Step-by-Step Procedure for Reporting and Prosecution

1. Preserve and Organize All Evidence Immediately
   Victims must treat every digital trace as potential evidence. This includes:

   • Screenshots of investment platforms, chat conversations, promises of returns, and demands for withdrawal fees;
   • Bank transfer receipts, e-wallet transaction IDs, cryptocurrency wallet addresses and blockchain transaction hashes;
   • Email correspondences, SMS, and call logs;
   • Account statements showing deposits and attempted withdrawals;
   • Any contracts, certificates, or “guarantee” documents provided by the scammer.
     Evidence should be saved in its original digital format, time-stamped, and backed up on a separate device or cloud storage. Do not delete any messages or attempt to negotiate further with the perpetrator, as continued communication may complicate the chain of custody.

2. Report to the Platform or Intermediary (Initial Containment)
   If the scam originated on Facebook, Instagram, Telegram, WhatsApp, or a website, immediately report the account or page to the platform’s abuse team using their built-in reporting tools. Provide transaction details and request preservation of data. While platforms are not law-enforcement agencies, their cooperation can yield IP addresses, account registration data, and takedown orders that assist Philippine authorities.

3. Notify the Relevant Financial Regulator

   • Securities and Exchange Commission (SEC) – For any scheme offering “investment opportunities” in securities, forex, or virtual assets without a license. File a complaint via the SEC Investor Assistance and Complaints Desk (email: invest@sec.gov.ph or through the SEC eComplaint portal). The SEC can issue cease-and-desist orders, conduct investigations under Section 53 of the SRC, and refer the case for criminal prosecution.
   • Bangko Sentral ng Pilipinas (BSP) – For scams involving banks, e-money issuers, or remittance centers. Use the BSP Consumer Assistance Mechanism (email: consumeraffairs@bsp.gov.ph or hotline 02-8708-7087). The BSP can direct banks to freeze accounts if funds remain traceable and can initiate AMLC proceedings.
   • Insurance Commission (IC) – If the scam masquerades as an insurance or pre-need product.
     These regulators act swiftly on complaints that involve unlicensed entities and can provide official certifications of non-registration, which serve as prima facie evidence of fraud in criminal cases.

4. File a Criminal Complaint with Law-Enforcement Agencies
   The two primary agencies with specialized cybercrime units are:

   • Philippine National Police Anti-Cybercrime Group (PNP-ACG) – Located at Camp Crame, Quezon City. Victims may file online via the PNP e-Report system or appear personally at any police station. The ACG investigates under RA 10175 and maintains a dedicated hotline (02-8723-0401 local 5234 or 0998-588-2263).
   • National Bureau of Investigation Cybercrime Division (NBI-CCD) – Taft Avenue, Manila. The NBI accepts complaints directly at its main office or through its website portal. The NBI-CCD has forensic capabilities for tracing cryptocurrency transactions and international cooperation channels.
     The complaint must be in the form of a sworn affidavit detailing the facts, supported by evidence, and naming the perpetrators (if known) or describing them as “John Does.” A police or NBI investigator will issue a blotter or case number. This official report is essential for subsequent bank freezes and AMLC inquiries.

5. Secure a Hold-Freeze Order and Initiate Asset Recovery
   Upon filing the criminal complaint, request the investigating agency to issue a request to the AMLC for a freeze order under the AMLA. Banks and financial institutions must freeze suspect accounts within 24 hours of AMLC notification. Simultaneously, file a separate application for a writ of preliminary attachment or garnishment in the Regional Trial Court where the case will be filed. Recovery is statistically low (less than 10% of cases), but early action within days of the fraud can preserve traceable funds.

6. Prosecution and Court Proceedings
   After preliminary investigation by the prosecutor’s office (usually the Department of Justice or city/provincial prosecutor), an information is filed in the Regional Trial Court. The case is treated as a public crime; the State prosecutes even if the victim later withdraws. Victims may intervene as private prosecutors to pursue civil liability (actual damages, moral damages, attorney’s fees, and interest). Trial typically takes 12–36 months, though cybercrime cases may be expedited under RA 10175’s procedural rules.

Special Considerations for Withdrawal Fee Fraud
Withdrawal fee demands constitute a separate or continuing act of estafa. Each additional payment extracted after the initial investment can be charged as a distinct count, increasing the total penalty. Courts have consistently ruled that the perpetrator’s knowledge that no legitimate investment exists and that withdrawal is impossible satisfies the element of intent to deceive. International dimensions (common in scams operated from call centers in Southeast Asia) trigger mutual legal assistance treaties (MLAT) and INTERPOL red notices, coordinated through the Department of Justice’s International Affairs Division.

Victim Support and Ancillary Remedies
Victims may seek psychosocial support through the Department of Social Welfare and Development (DSWD) crisis centers or the Philippine Mental Health Act programs. Tax deductions for losses may be claimed upon presentation of a final court decision or BIR-approved write-off. Credit bureaus (TransUnion, CIBI) should be notified to prevent identity misuse arising from stolen financial data.

Jurisdictional Reach and Extraterritorial Application
RA 10175 applies even if the perpetrator is outside the Philippines, provided the victim is in the country or the effect occurs here (Section 5). The Anti-Money Laundering Council and the Department of Justice routinely request assistance from foreign counterparts for cryptocurrency tracing via platforms such as Chainalysis or through bilateral agreements.

By following the foregoing steps promptly and comprehensively, victims transform from passive targets into active participants in the criminal justice process. The Philippine legal framework—anchored on the Revised Penal Code, the Cybercrime Prevention Act, the Securities Regulation Code, and the Anti-Money Laundering Act—provides robust mechanisms for investigation, prosecution, and, where feasible, restitution. Immediate reporting not only advances individual recovery but contributes to the broader disruption of transnational cyber-fraud networks operating against Filipino citizens.