How to Report Online Scam Websites to Philippine Authorities

I. Overview and Legal Context

Online scam websites—fake stores, investment “platforms,” phishing pages, and impostor sites—are common vectors for fraud, identity theft, and unauthorized access. In the Philippines, reporting and enforcement typically involve a mix of criminal law, cybercrime law, consumer protection, banking/payment regulation, and evidence rules. The practical goal of reporting is twofold:

  1. Stop the harm quickly (takedown requests, blocking, freezing funds, preventing additional victims).
  2. Build a prosecutable case (preserving digital evidence and establishing identity, intent, and loss).

Because scam websites operate across borders, the best outcomes come from fast evidence preservation, correctly chosen reporting channels, and parallel actions (law enforcement + regulator + platform/registrar + bank/payment provider).

II. What Counts as an “Online Scam Website”

A scam website is any site designed to induce people to send money, disclose credentials, or provide personal data through deception. Common patterns include:

  • Phishing and credential harvesting: login pages imitating banks, e-wallets, courier companies, government portals, or social media.
  • Fake e-commerce sites: “too good to be true” prices, payment first, no delivery, non-existent merchant.
  • Investment and crypto scams: guaranteed returns, “AI trading,” fake dashboards showing profits, withdrawal blocked unless “fees” are paid.
  • Romance/impersonation sites: “verification” sites, fake charity pages, clone profiles leading to payment pages.
  • Tech-support or malware delivery: fake “security alerts,” forced downloads, remote access schemes.
  • Government-service impostors: fake DFA/NBI/SSS/PhilHealth/BI appointment or payment portals.

The fact that a site is hosted abroad, uses a privacy-protected domain, or accepts crypto does not prevent reporting; it only affects strategy.

III. Philippine Laws Commonly Involved

A. Cybercrime Prevention Act of 2012 (Republic Act No. 10175)

RA 10175 covers cybercrime offenses and provides procedures for investigation and evidence handling. Scam websites commonly implicate:

  • Computer-related fraud: use of computer systems to commit fraud or cause loss.
  • Illegal access / hacking: unauthorized access to accounts/systems.
  • Computer-related identity theft: misuse of identifying information.
  • Cyber-related offenses connected to traditional crimes (e.g., estafa) when committed via ICT.

RA 10175 also interacts with enforcement processes that may involve coordination with service providers and cross-border requests.

B. Revised Penal Code: Estafa (Swindling)

Many scam website cases ultimately involve estafa, where deceit causes a person to part with money or property. Even if the scheme is “online,” the underlying fraudulent inducement may still be charged as estafa, sometimes alongside cybercrime provisions.

C. Access Devices Regulation Act (Republic Act No. 8484)

Where scams involve misuse of credit cards, ATM/debit cards, or “access devices,” RA 8484 may apply, especially for card-not-present fraud and related schemes.

D. Anti-Money Laundering Act (AMLA), as amended

Scam proceeds often move through banks, e-wallets, remittance centers, or crypto off-ramps. AMLA matters because:

  • It provides a framework for suspicious transaction reporting by covered institutions.
  • It supports investigative pathways for tracing and potentially restraining assets (subject to legal process).

E. Data Privacy Act of 2012 (Republic Act No. 10173)

If the scam website collects personal data unlawfully (phishing, unauthorized processing, data breaches), reporting can be relevant to privacy enforcement and can strengthen a case by documenting data misuse.

F. Consumer Act and Trade/Consumer Regulations (as relevant)

For fake e-commerce sites, unfair and deceptive sales practices may be pursued through consumer protection channels, in addition to criminal remedies.

IV. Who to Report To: The Practical Routing Map

Because different agencies handle different aspects, reporting is best done in parallel.

1) Law Enforcement (Primary for criminal investigation)

Philippine National Police – Anti-Cybercrime Group (PNP-ACG) Handles cybercrime complaints, evidence evaluation, and case build-up.

National Bureau of Investigation – Cybercrime Division (NBI) Also investigates cyber-enabled fraud and identity-related offenses.

Best for: victims who lost money; phishing victims; account takeovers; organized scam operations; cases needing subpoenas, coordination with ISPs/registrars, or prosecution.

2) Regulators and Sector Authorities (To stop harm and escalate specific types)

Bangko Sentral ng Pilipinas (BSP) If the scam used banks, e-wallets, payment institutions, or other BSP-supervised entities, report to the institution first and escalate to BSP as needed.

Securities and Exchange Commission (SEC) For investment solicitation, “guaranteed returns,” crypto investment offerings, and unregistered securities-like schemes.

Department of Trade and Industry (DTI) For deceptive online selling/fake e-commerce merchants, especially if operating as a seller/enterprise targeting consumers.

National Privacy Commission (NPC) For phishing sites collecting personal data, identity theft patterns, or any incident involving unauthorized processing of personal information.

3) Technical/Internet Ecosystem (To reduce reach: takedown/blocking)

Domain registrar / hosting provider / CDN / DNS provider Report the scam website to the companies enabling its operation; many have abuse desks.

Search engines and browsers (Safe Browsing reports) Flag to remove from search results and show warnings.

Social media platforms If victims are being driven to the site through ads/posts/messages.

These are not “Philippine authorities,” but they are often the fastest route to disruption while authorities build the case.

V. Before You Report: Evidence Preservation (Critical)

Scam websites disappear quickly. The quality of evidence determines whether a complaint becomes a prosecutable case.

A. Preserve the website and your interactions

  1. Screenshots (with URL bar visible) Capture:
  • Homepage and key pages (product pages, “about,” contact page).
  • Checkout/payment instructions.
  • Login prompts and data fields.
  • Chat support, popups, warnings, error messages.

  1. Screen recording (better than screenshots) Record navigation from landing page to payment page, including timestamps where possible.

  2. Save page source / HTML copies If feasible, save the web page as “Webpage, complete” or “PDF print” including the URL header/footer.

  3. Preserve messages and transaction instructions

  • Emails (include full headers if possible).
  • SMS texts.
  • Chat logs (Messenger/Telegram/Viber/WhatsApp).
  • Social media posts/ads.
  1. Preserve payment and transfer proof
  • Bank transfer receipts, deposit slips.
  • E-wallet transaction IDs.
  • Crypto transaction hashes and wallet addresses.
  • Remittance reference numbers.
  1. Preserve identity clues
  • Contact numbers, email addresses.
  • Claimed business name, permits shown, “DTI/SEC registration” claims.
  • Delivery tracking numbers (often fake, but still evidence).
  • Account names used for receiving funds.

B. Record technical indicators (helpful but not required)

  • Domain name, exact URL(s), subdomains.
  • Date/time accessed.
  • IP address if known (not essential).
  • Any redirection links.
  • QR codes used for payment.
  • Copies of digital certificates (browser padlock details).

C. Maintain chain of custody habits

  • Keep original files. Don’t overwrite screenshots.
  • Put evidence in a single folder with clear filenames: 2026-03-01_scam-site_checkout.png.
  • Note a simple timeline: first contact, first payment, follow-up, discovery.

These practices help investigators authenticate evidence later.

VI. Immediate Steps if You Already Paid or Entered Credentials

A. If money was sent

  1. Contact your bank/e-wallet immediately
  • Request a transaction trace, reversal/recall if possible, and flag the recipient account.
  • Ask for the institution’s fraud process and required documents.
  • Save the case/reference number.
  1. If paid by card
  • Request a chargeback where applicable and ask for merchant/acquirer details.
  • Report as fraudulent/unauthorized or misrepresented goods/services.
  1. If paid via remittance center
  • Provide reference number and recipient details; ask about hold/stop procedures.
  1. If crypto
  • Preserve the transaction hash, wallet address, exchange used, and chat instructions.
  • Report to the exchange (if any) used for purchase/off-ramp; exchanges may act on abuse reports.

B. If passwords or OTPs were entered

  • Change passwords immediately (email first, then financial accounts).
  • Enable MFA on email and banking accounts.
  • Check for forwarding rules in email (scammers often add these).
  • Review recent logins and revoke suspicious sessions.
  • Notify your bank/e-wallet and set alerts.

C. If personal data was provided

  • Monitor for identity misuse.
  • Consider documenting the incident for privacy reporting.
  • Be cautious of follow-on scams (“recovery agents” demanding fees).

VII. How to File a Report with Philippine Law Enforcement

A. Choose the nearest or most appropriate office

For speed, file with the nearest PNP-ACG office or NBI office with cybercrime capability. For major losses or organized schemes, NBI may be suitable; for local jurisdiction and quick intake, PNP-ACG is often accessible. Either can be appropriate.

B. Prepare a complaint packet

A strong packet typically includes:

  1. Affidavit/Sworn statement (or a narrative statement to be sworn later)
  • Your identity and contact details.
  • The platform/site involved and URLs.
  • How you encountered it.
  • Exact representations made (promised returns, goods, legitimacy claims).
  • Steps you took (registration, messages, payments).
  • Loss amount and dates.
  • Suspect identifiers (account numbers, names, phone numbers, emails).
  • Attachments list.
  1. Evidence attachments
  • Screenshots/screen recordings (printed and digital copies).
  • Chat logs.
  • Receipts/transaction IDs.
  • Copies of IDs you may have submitted (if any).
  • Any bank correspondence or case numbers.
  1. Device information (optional)
  • Device used, OS/browser, relevant apps used for communication.

C. What to say and how to frame it

Be factual and chronological. Avoid conclusions (“it’s definitely X group”). Focus on:

  • Deceit (false claims, impersonation, misrepresentation).
  • Reliance (you believed and acted on it).
  • Loss (money sent, data compromised).
  • Proof (attach the supporting records).

D. What happens after filing

Typically:

  • Intake and evaluation.
  • Possible referral for additional evidence.
  • Coordination with banks/payment providers for trace requests.
  • Preservation requests to platforms/service providers.
  • Case build-up for prosecution.

Expect that identity attribution may take time due to layered accounts and overseas infrastructure, but early reporting increases the chance of account freezes or disruption.

VIII. Reporting to Specific Philippine Regulators

A. SEC (Investment and solicitation scams)

Report when the site:

  • solicits investments from the public,
  • promises fixed/guaranteed returns,
  • uses referral pyramids or “membership tiers,”
  • claims to be registered or licensed for securities offerings.

Include marketing materials, “terms,” payout promises, and wallet/account details.

B. BSP and Financial Institutions

If a BSP-supervised entity is involved (bank/e-wallet/payment institution):

  • Report to the institution’s fraud channel first.
  • Escalate to BSP if the institution response is inadequate or for supervisory attention.

Provide transaction IDs and recipient details; ask that recipient accounts be flagged.

C. DTI (E-commerce scams)

For fake sellers or deceptive online stores:

  • Include product listing pages, order confirmation, payment proof, and delivery claims.
  • DTI may assist on consumer complaints; criminal aspects still go to PNP/NBI.

D. NPC (Phishing and personal data misuse)

Report when:

  • the site impersonates a legitimate service to harvest personal data,
  • your personal data was collected or used without authorization,
  • you suspect identity theft or broader data compromise.

Include what data was collected, how it was collected, and where it was sent or used.

IX. Reporting to Internet/Hosting and Domain Entities (Takedown Path)

Even when focusing on Philippine authorities, a parallel takedown track is often decisive.

A. Identify the domain registrar and host

  • Use a WHOIS lookup to find registrar.
  • Check for hosting provider/CDN clues (page headers, DNS records).
  • Many scam sites use CDNs; reporting to the CDN’s abuse desk can be effective.

B. What to include in an abuse report

  • Exact URLs.
  • Short description: phishing/fraud, impersonation, evidence summary.
  • Screenshots.
  • If impersonating a brand, include the legitimate brand link and how it’s being copied.
  • If you are a victim, include the transaction details and the deceptive claim.

C. Blocking and warnings

  • Report to browser safe-browsing systems and search engines for delisting/warnings.
  • Report the ads to the ad platform if paid ads are involved.

X. Common Obstacles and How to Address Them

1) “The website is gone”

Preserved evidence still matters. Provide:

  • saved pages/PDFs,
  • screenshots with URL and date,
  • message logs and payment proof.

2) “The receiver used a mule account”

This is common. Provide:

  • recipient account name/number,
  • transaction IDs,
  • remittance pickup details (if any),
  • any ID images the scammer used.

Mule account trails are often how investigators reach organizers.

3) “The site is hosted overseas”

Report anyway. Cross-border cooperation exists through formal and informal channels. The key is evidence plus financial trail.

4) “They offered to ‘refund’ if I pay fees”

This is a classic secondary scam. Do not send additional money. Preserve the demand as evidence.

5) “Recovery agents” and fake investigators

Scammers often target victims again, offering “recovery services” for a fee. Treat as suspicious unless independently verified through official channels.

XI. Draft Structure for a Sworn Complaint (Template-Style)

1. Personal details Name, address, contact, valid ID details.

2. Statement of facts (chronological)

  • Date/time of first contact and how discovered.
  • URL(s) and site name.
  • Representations made (quotes paraphrased).
  • Steps taken: registration, communication channels used.
  • Payment events: date/time, amount, method, recipient account details.
  • What happened after payment (non-delivery, blocked withdrawals, demands for fees).
  • Total loss.

3. Evidence list Enumerate attachments: screenshots, receipts, chats, emails, links, recordings.

4. Harm and request Request investigation, identification of perpetrators, and appropriate charges.

5. Verification and signature To be subscribed and sworn before an authorized officer.

XII. Practical Checklist

A. Minimum set for any report

  • URLs and domain.
  • Screenshots with URL bar.
  • Chat logs/messages.
  • Proof of payment with transaction IDs.
  • Timeline summary.

B. Strong additions

  • Screen recording of the scam flow.
  • Saved webpage/PDF copies.
  • Email headers.
  • Recipient account details and any KYC-like identifiers.
  • Names/handles used by scammers across platforms.

C. Parallel actions (recommended)

  • Bank/e-wallet fraud report and trace request.
  • Law enforcement report (PNP-ACG or NBI).
  • SEC report for investment schemes.
  • NPC report for phishing/data capture.
  • Takedown reports to registrar/host/CDN and platform.

XIII. Legal and Safety Notes for Victims

  • Do not engage in “sting” operations on your own or attempt hacking/retaliation; it risks legal exposure and evidence contamination.
  • Avoid sending additional personal documents to “verify” withdrawals.
  • Use official channels for reporting and preserve all communications.
  • If threats or extortion occur, include them in the complaint; they may constitute separate offenses.

XIV. Expected Outcomes and Remedies

  • Disruption: website takedown, warnings, account closures, content removal.
  • Financial mitigation: potential reversal/chargeback depending on payment method and speed.
  • Investigation and prosecution: identification through financial trails, platform logs, and coordination with service providers.
  • Civil remedies: may be possible in some contexts, but most victims prioritize criminal complaint plus financial recovery channels.

XV. Summary

Reporting online scam websites in the Philippines is most effective when approached as a coordinated response: preserve evidence immediately, report to law enforcement for prosecution, notify sector regulators where applicable, and pursue rapid disruption through financial institutions and internet service providers. Speed and documentation quality are the main factors that determine whether the scam is stopped quickly and whether perpetrators can be traced and charged.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login