Online lending app harassment is frightening because it often happens fast: repeated calls, threats of public shaming, messages to your family or employer, fake “warrant” warnings, or collectors using your contact list to pressure you. In the Philippines, these acts may be reported not only as abusive debt collection, but also as cybercrime, data privacy violations, and other offenses depending on what the lender or collector actually did. This guide explains when to report to cybercrime authorities, what evidence to prepare, where to file, and how the PNP Anti-Cybercrime Group, NBI Cybercrime Division, SEC, and National Privacy Commission fit together.
What Counts as Online Lending App Harassment?
A lender may legally remind a borrower about a debt, send payment notices, and use lawful collection methods. What crosses the line is collection behavior that uses intimidation, humiliation, threats, deception, or misuse of personal data.
Common examples include:
- Threatening to post your photo, ID, or “scammer” label online
- Sending messages to your contacts, employer, relatives, church group, or school
- Calling repeatedly before 6:00 a.m. or after 10:00 p.m. without a valid basis
- Using obscene, insulting, or degrading language
- Claiming you will be arrested for unpaid debt
- Creating fake posts, fake police messages, or fake legal documents
- Accessing your contacts, gallery, camera, or other phone data beyond what is necessary
- Publishing or threatening to publish your name and personal details because you allegedly failed to pay
The SEC’s unfair debt collection rules prohibit threats of violence or criminal means, threats to take action that cannot legally be taken, abusive language, disclosure of borrower information, false representation, unreasonable collection hours, and contacting persons in the borrower’s contact list other than named guarantors or co-makers.
A 2026 joint advisory from the DICT, NPC, and SEC also specifically warned against online lending platforms engaging in harassment, intimidation, public shaming, and unlawful use of personal data. It states that contacting people in the borrower’s contact list other than named guarantors is prohibited for debt collection.
When Online Lending Harassment Becomes a Cybercrime Issue
You should consider reporting to cybercrime authorities when the harassment involves phones, apps, SMS, email, social media, messaging platforms, fake online accounts, digital documents, or unauthorized use of computer data.
Under Republic Act No. 10175, or the Cybercrime Prevention Act of 2012, the NBI and PNP are responsible for cybercrime law enforcement and must maintain cybercrime units or centers handled by special investigators. The law covers cyber offenses such as illegal access, data interference, computer-related fraud, computer-related identity theft, and online libel, and it also covers crimes under the Revised Penal Code or special laws when committed through information and communications technology. (Supreme Court E-Library)
This means an online lending app case may involve several overlapping legal issues:
| Conduct by lender or collector | Possible legal issue |
|---|---|
| Threatening harm to you, your family, reputation, or property | Grave threats or light threats under the Revised Penal Code, possibly treated as cyber-related if done through ICT |
| Posting “scammer,” “criminal,” or similar accusations online | Cyberlibel under RA 10175, depending on the facts |
| Using fake police, court, or barangay documents | Possible falsification, fraud, or computer-related forgery |
| Accessing or using your contact list for shaming | Data Privacy Act violations and unfair debt collection |
| Messaging your employer or relatives about your loan | Data privacy violation, unfair debt collection, possible civil damages |
| Calling at unreasonable hours or using obscene insults | SEC unfair collection violation; may also support harassment-related complaints |
| Pretending to be you or using your identity online | Computer-related identity theft under RA 10175 |
For threats, Article 282 of the Revised Penal Code penalizes grave threats involving threatened harm to a person, honor, or property. Article 285 covers certain light threats. (Supreme Court E-Library)
For privacy, humiliation, and civil damages, Civil Code Articles 19, 20, and 21 require people to act with justice, honesty, and good faith and to compensate others for willful or unlawful injury. Article 26 protects dignity, privacy, peace of mind, and private life, including acts that vex or humiliate another person. (Lawphil)
Important: Unpaid Debt Alone Is Not a Crime
Many collectors scare borrowers by saying, “May warrant ka na,” “Makukulong ka,” or “Ipapapulis ka namin today.” Under the 1987 Philippine Constitution, no person shall be imprisoned for debt. (Supreme Court E-Library)
That does not erase the loan. A lender may still file a civil collection case or use lawful collection channels. But a collector cannot lawfully use fake arrest threats just to force payment. If there is a real criminal allegation, such as fraud, falsified documents, or identity theft, that is different from mere inability to pay.
Which Government Office Should You Report To?
Online lending harassment often needs parallel reporting because different agencies handle different parts of the problem.
| Office | Best for | How it helps |
|---|---|---|
| PNP Anti-Cybercrime Group (PNP-ACG) | Threats, fake accounts, online shaming, cyberlibel, identity theft, digital harassment | Cybercrime investigation, evidence preservation, possible referral for prosecution |
| NBI Cybercrime Division | Serious or complex cyber harassment, threats, fake documents, identity misuse, online extortion | Investigation, digital evidence handling, coordination with prosecutors |
| SEC Financing and Lending Companies Department / SEC iMessage | Abusive debt collection by lending or financing companies and online lending platforms | Administrative sanctions, fines, suspension, or revocation of authority |
| National Privacy Commission (NPC) | Unauthorized contact list use, data exposure, excessive app permissions, disclosure to third parties | Data privacy investigation, orders, penalties, damages where proper |
| Barangay / local police station | Immediate threats, personal safety, local documentation | Blotter entry, emergency response, referral to proper unit |
RA 9474 gives the SEC authority to regulate and supervise lending companies, require reports, exercise visitorial powers, and impose sanctions such as fines, suspension, or revocation of authority. (Supreme Court E-Library)
RA 11765, the Financial Products and Services Consumer Protection Act of 2022, also covers credit and digital financial products and gives financial regulators, including the SEC, consumer protection powers over financial service providers under their jurisdiction. (Supreme Court E-Library)
Step-by-Step Guide to Reporting Online Lending App Harassment to Cybercrime Authorities
1. Preserve evidence before deleting anything
Do not rely only on memory. Cybercrime complaints are evidence-driven.
Save:
- Screenshots of messages, including sender, number, username, date, and time
- Screen recordings showing the account profile and message thread
- Call logs showing repeated calls
- Voice recordings or voicemail, if available
- SMS, Viber, Messenger, Telegram, WhatsApp, email, or in-app messages
- Links to Facebook posts, TikTok posts, public comments, or fake profiles
- App name, developer name, website, app store link, and screenshots of permissions requested
- Loan agreement, disclosure statement, repayment schedule, and proof of payment
- Names and numbers of collectors, if visible
- Messages received by your contacts, with their screenshots and short statements
Electronic messages and documents may be used as evidence, but their authenticity and integrity may later need to be shown. The Rules on Electronic Evidence apply when electronic documents or data messages are offered or used in evidence. (Lawphil)
Practical tip: keep the original device, do not crop screenshots if avoidable, and save backup copies in cloud storage or a USB drive. Cropped screenshots can still help, but investigators usually prefer complete screenshots showing the source, timestamp, and context.
2. Make a clear incident timeline
Write a short timeline before filing. This helps investigators quickly understand the case.
Include:
- Date you downloaded or used the app
- Exact app name and company name, if known
- Loan amount, release date, due date, payments made, and remaining disputed amount
- Date harassment started
- What was said or done
- Which contacts were messaged
- Whether threats, public posts, fake documents, or identity misuse occurred
- Whether you already complained to the app, SEC, NPC, barangay, or police
Avoid exaggeration. Use exact words when possible. For example: “On 10 March 2026 at 8:42 p.m., the number 09xx sent me the message: ‘Ipapahiya ka namin sa office mo bukas.’”
3. Identify whether the app is registered or unregistered
Check the app name, lender name, and corporate name. Many apps use a brand name different from the actual lending company.
Look for:
- Company name in the loan agreement
- SEC registration number
- Certificate of Authority number
- Privacy notice
- Disclosure statement
- App store developer name
- Email addresses and payment recipient names
If the company is registered, report it to SEC for unfair collection. If it is unregistered or uses changing names, report that too. SEC iMessage allows users to open tickets and submit complaints online. (Securities and Exchange Commission)
4. Prepare your complaint-affidavit or written complaint
For PNP-ACG or NBI, prepare a concise written complaint. Some offices may assist you in putting it in affidavit form, but bringing a draft saves time.
Your complaint should include:
- Your full name, address, contact number, and valid ID
- Name of the app, company, collector, phone number, username, or account
- A short statement of facts in chronological order
- Specific threats or posts complained of
- List of evidence attached
- Names of witnesses or contacts who received messages
- Your requested action: investigation, preservation of digital evidence, and filing of appropriate charges if warranted
Bring printed copies and digital copies. For digital copies, organize files in folders such as “SMS,” “Messenger,” “Call Logs,” “Facebook Posts,” “Loan Documents,” and “Messages to Contacts.”
5. File with PNP-ACG or NBI Cybercrime Division
The 2026 DICT-NPC-SEC advisory lists the following channels for harassment, threats, fraud, and scams involving online lending platforms:
| Cybercrime authority | Contact details listed in the advisory |
|---|---|
| NBI Cybercrime Division | Email: ccd@nbi.gov.ph; telephone: (632) 8523-8231 to 38 |
| PNP Anti-Cybercrime Group | Email: acg@pnp.gov.ph and onlinecims.ocs@gmail.com; telephone: (632) 8723-0401 local 7491 |
| DICT Cyber Hotline | Email: 1326@dict.gov.ph |
The same advisory lists SEC FINLEND for unfair debt collection practices and SEC iMessage as the complaint portal.
When filing, ask for:
- The complaint or reference number
- Name or unit handling the report
- Whether you need to submit additional copies
- Whether your phone needs to be examined
- Whether the agency will request data preservation from service providers
- Whether the complaint will be referred to the prosecutor’s office
Cybercrime authorities may need time to assess the evidence, identify account holders, coordinate with platforms or telcos, and determine whether a warrant, subpoena, preservation request, or prosecutor referral is appropriate. RA 10175 allows preservation of certain computer data and disclosure of computer data through proper legal processes. (Supreme Court E-Library)
6. File a parallel SEC complaint for unfair debt collection
A cybercrime report focuses on criminal or cyber-related conduct. An SEC complaint focuses on the lender’s authority to operate and compliance with lending rules.
Report to SEC when the app or collector:
- Uses threats, obscene language, or intimidation
- Contacts people not named as guarantors or co-makers
- Publishes your personal information
- Misrepresents legal consequences
- Calls at unreasonable hours
- Fails to identify the collector
- Uses a third-party collection agency abusively
SEC Memorandum Circular No. 18, Series of 2019 states that lending and financing companies remain responsible for outsourced collectors, and violations may result in fines, suspension, or revocation depending on the offense.
7. File a parallel NPC complaint for contact-list abuse or privacy violations
If the app accessed your contacts, messaged your relatives or employer, exposed your data, or required excessive permissions, file with the NPC.
The NPC has emphasized that online lending apps must not conduct unnecessary processing, must not require unnecessary permissions, and must not use contact information in an excessive or disproportionate way. NPC Circular No. 2022-02 protects character references and guarantors, and prohibits contacting people in the borrower’s contact list other than declared guarantors for debt collection. (National Privacy Commission)
For formal NPC complaints, the NPC states that a complaint must be filed in a specific format, printed and filled out, notarized, then submitted in person, by courier, or scanned and emailed to the NPC. (National Privacy Commission)
NPC Circular No. 2023-01 lists a ₱500 filing fee for complaints, with additional fees for claims of damages and exemptions for qualified indigent litigants. (National Privacy Commission)
Documents and Evidence Checklist
| Document or evidence | Why it matters |
|---|---|
| Valid government ID | Confirms complainant identity |
| Complaint-affidavit or written narrative | Gives investigators a sworn or organized factual basis |
| Screenshots with timestamps | Shows exact threats, insults, or disclosures |
| Screen recordings | Shows account identity and prevents claims that screenshots were edited |
| Call logs | Proves frequency, time, and numbers used |
| Messages sent to contacts | Proves third-party harassment |
| Statements from contacts | Supports that they actually received the messages |
| Loan agreement and disclosure statement | Identifies lender, amount, fees, and due dates |
| Proof of payment | Shows disputed balance or abusive conduct despite payment |
| App details and permissions | Supports privacy and cyber investigation |
| Links to posts or fake accounts | Helps investigators trace online activity |
Practical Timelines and Bottlenecks
The first report can often be received quickly, especially by email or in person. The slower part is investigation.
Common bottlenecks include:
- Incomplete screenshots with no timestamp or account identifier
- App names that differ from registered company names
- Collectors using prepaid SIMs, fake profiles, or overseas-based platforms
- Contacts refusing to provide screenshots or statements
- Borrowers deleting messages before filing
- Multiple agencies needing separate formats
- Need for notarized NPC forms or additional copies
- Waiting for telco, platform, or app data through proper legal channels
A realistic expectation is that administrative complaints with SEC or NPC and criminal cybercrime investigations may move on different timelines. Filing with one agency does not automatically create a case in the others.
Special Notes for OFWs, Foreigners, and Complainants Abroad
You can still report if you are outside the Philippines, especially if:
- The borrower is in the Philippines
- The lender or collector operates in the Philippines
- The harassment targets people in the Philippines
- The computer system, account, app, or harmful effect is connected to the Philippines
RA 10175 provides Philippine jurisdiction when elements are committed in the Philippines, when a computer system wholly or partly situated in the Philippines is used, or when damage is caused to a person who was in the Philippines at the time. It also covers Filipino nationals in certain circumstances. (Supreme Court E-Library)
Practical options if you are abroad:
- Email the initial report to PNP-ACG, NBI Cybercrime Division, SEC, or NPC
- Attach scanned IDs and evidence
- Ask whether they require an in-person appearance or a notarized affidavit
- If signing documents abroad, check whether the receiving office requires notarization before a Philippine embassy or consulate, or apostille/authentication for foreign-notarized documents
- Have a trusted representative in the Philippines assist with printing, filing, or follow-ups if allowed
DFA guidance explains that Apostille is generally for Philippine public documents used abroad, while foreign documents for use in the Philippines follow the authentication process applicable to the country where the document was issued. (Apostille Philippines)
Common Mistakes to Avoid
Deleting the app and all messages too early
You may need the app details, loan documents, account records, and messages. Revoke unnecessary permissions if needed, but preserve evidence first.
Reporting only to SEC when there are serious threats
SEC can address unfair collection and lending violations, but threats, fake accounts, identity theft, and online shaming may need PNP-ACG or NBI action.
Reporting only to PNP or NBI when the main issue is contact-list abuse
Cybercrime authorities can investigate cyber offenses, but the NPC is the proper specialist agency for personal data misuse and privacy rights.
Posting accusations online without care
It is understandable to warn others, but avoid posting private information, unverified accusations, or screenshots containing sensitive personal data. Online defamation can create separate legal issues.
Believing every “legal notice” sent by chat
Real subpoenas, court notices, and warrants follow formal legal processes. A collector’s message saying “warrant issued today” is not the same as a court-issued warrant.
Paying only because of public-shaming threats
Payment may reduce collection pressure, but it does not erase harassment already committed. Keep proof of payment and preserve threatening messages.
Frequently Asked Questions
Can I report online lending app harassment to cybercrime police in the Philippines?
Yes. Report to PNP-ACG or the NBI Cybercrime Division if the harassment involves online threats, fake accounts, cyberlibel, identity theft, fake legal documents, unauthorized access, or digital extortion. RA 10175 gives the PNP and NBI responsibility for cybercrime law enforcement. (Supreme Court E-Library)
Is it illegal for an online lending app to message my contacts?
For debt collection, lending and financing companies may only contact proper guarantors, not everyone in your contact list. The 2026 DICT-NPC-SEC advisory and NPC rules prohibit excessive contact-list processing and contacting persons other than named guarantors for collection.
Can an online lender post my face or name on Facebook?
Posting your name, photo, ID, or accusations online to shame you may violate SEC unfair collection rules, the Data Privacy Act, Civil Code privacy protections, and possibly cyberlibel rules depending on the content. Preserve the post link, screenshots, comments, profile URL, date, and time.
Can I be jailed for not paying an online loan?
You cannot be jailed merely for debt. The Constitution prohibits imprisonment for debt. But separate criminal conduct, such as fraud, falsification, or identity theft, is different from simply being unable to pay. (Supreme Court E-Library)
Should I file with PNP-ACG or NBI?
Either may receive cybercrime complaints. Choose based on accessibility, urgency, and the nature of the case. If there are immediate threats, go to the nearest police station or PNP-ACG office. If the case involves complex online identities, fake documents, or broader cyber activity, the NBI Cybercrime Division is also appropriate.
Do I still need to file with SEC if I already filed with cybercrime authorities?
Yes, if the offender is a lending company, financing company, or online lending platform. PNP/NBI handles criminal or cyber investigation; SEC handles regulatory violations such as unfair debt collection and authority to operate.
Do I need a notarized complaint?
For NPC formal complaints, the NPC requires the complaint form to be notarized. For PNP or NBI, requirements may vary by office and stage; bring a signed written complaint and be ready to execute a sworn affidavit if asked. (National Privacy Commission)
What if the app is not SEC-registered?
Still report it. An unregistered app may create additional regulatory and enforcement issues. Include the app store link, developer name, payment accounts, phone numbers, and any company names used.
How long does a cybercrime complaint take?
Receiving the report may be quick, but investigation can take weeks or months depending on the evidence, number of accounts involved, platform cooperation, need for warrants, and prosecutor review. Cases with complete screenshots, preserved links, identifiable numbers, and cooperative witnesses usually move more efficiently.
Key Takeaways
- Online lending app harassment may be reported to PNP-ACG or NBI Cybercrime Division when it involves digital threats, shaming, fake accounts, identity theft, or other cyber-related acts.
- File a separate SEC complaint for unfair debt collection by lending or financing companies.
- File a separate NPC complaint when the app misuses your contacts, personal data, photos, IDs, or phone permissions.
- Preserve screenshots, links, call logs, app details, loan documents, payment proof, and messages sent to your contacts before deleting anything.
- Unpaid debt alone is not a crime, and collectors cannot lawfully use fake arrest threats or public humiliation to force payment.
- A strong complaint is specific, chronological, evidence-based, and filed with the agency that has authority over the exact misconduct.