How to Report Online Scams in the Philippines

How to Report Online Scams in the Philippines (A Practical Legal Guide)

This is general information for the Philippine context as of mid-2024 and isn’t a substitute for advice from your own counsel.

1) The 0–24 Hour Playbook (What to do first)

  1. Stop contact with the scammer. Do not send ID photos, OTPs, passwords, selfies, or “verification” videos.

  2. Secure your money:

    • Bank/e-wallet: Lock your app, change PINs, and call the bank/e-money issuer to request account freeze, card blocking, and fund recall/chargeback/dispute. Ask for a case/reference number.
    • Cards: Freeze/replace card; dispute unauthorized transactions (card networks run strict timelines).

  3. Preserve evidence immediately (see §7): screenshots, full chat logs, numbers, usernames/links, transaction receipts, reference numbers, emails, call records, images, audio, video, device info, and IPs if visible.

  4. Report to law enforcement (see §4): PNP Anti-Cybercrime Group (ACG) or NBI Cybercrime Division. If an arrest is possible, ask about inquest; otherwise file a regular complaint for preliminary investigation.

  5. Notify the relevant regulator depending on the scam type (banks/e-wallets → BSP; investments → SEC; online shopping/retail → DTI; data/privacy/“doxxing” → NPC; spam/SIM issues → NTC).

  6. Alert the platform/telco: report user/page on the site/app; request the telco to block the number and retain records.

  7. If minors/sexual extortion are involved, treat as an emergency: contact law enforcement immediately; do not pay.

2) What Counts as an “Online Scam” (Common Patterns)

  • Phishing/Smishing (fake bank/e-wallet pages, OTP theft)
  • Investment/Ponzi/payout apps (unregistered securities, “double your money,” “tasking” scams)
  • Marketplace fraud (no delivery, fake proof of payment, chargeback abuse)
  • Account takeovers (SIM swap, email/social hijack)
  • “Love/crypto” pig-butchering and job-offer scams
  • Sextortion (threatening to publish intimate images)
  • Identity theft/impersonation
  • Unauthorized card/access device use

These can trigger multiple laws at once (criminal, regulatory, and civil).

3) Key Laws & Offences

  • Revised Penal Code (RPC)

    • Estafa (Art. 315) for swindling/fraud (including through deceit online).
    • Theft/Qualified theft where credentials/funds are taken.

  • Cybercrime Prevention Act of 2012 (RA 10175)

    • Computer-related fraud and identity theft; illegal access/interception; content-related offences (e.g., cyber-libel) in other contexts.
    • Sec. 13 (Preservation of Computer Data): service providers must preserve traffic and subscriber data for at least 6 months, extendible upon lawful order.
    • Jurisdiction & extraterritoriality: courts may take cognizance if any element, system, or effect occurs in the Philippines.
    • Rules on Cybercrime Warrants (A.M. No. 17-11-03-SC): law enforcement may apply for WDCD/WICD/WSSECD/WECD to obtain or seize data.

  • Access Devices Regulation Act (RA 8484) — fraudulent/unauthorized use of cards or device identifiers.

  • Electronic Commerce Act (RA 8792) — electronic documents/signatures; limited liability of intermediaries when due care is shown.

  • Data Privacy Act (RA 10173) — unauthorized processing/disclosure; doxxing patterns may be actionable via NPC.

  • Securities Regulation Code (RA 8799) — illegal sale of unregistered securities, investment fraud, and Ponzi schemes (report to SEC).

  • Financial Consumer Protection Act (RA 11765) — standards for BSP/SEC/IC/CDA-supervised entities’ consumer protection and redress.

  • Anti-Photo and Video Voyeurism (RA 9995) and Anti-OSAEC Law (RA 11930) — relevant to sextortion/sexual exploitation.

  • Anti-Money Laundering Act (RA 9160, as amended) — enables AMLC to seek freeze/forfeiture orders over proceeds of unlawful activity (enforcement is through AMLC/courts, not private requests).

  • SIM Registration Act (RA 11934) — SIM registration; coordination with telcos/NTC for number tracing and blocking.

4) Where & How to Report (By Scenario)

A. If money moved through a bank or e-wallet (e.g., GCash, Maya, bank transfer)

  1. Call the institution: dispute, request fund recall/chargeback and blocking; get a ticket/reference number.
  2. Escalate under RA 11765: use the provider’s formal Consumer Assistance Mechanism; if unresolved, elevate to the BSP (for banks/e-money), SEC (for lending/investment platforms), or IC (for insurance).
  3. Simultaneously file with law enforcement (PNP-ACG or NBI), because banks often require a police/NBI report to advance recovery.

B. If it’s an investment, trading, or “tasking” app

  • File a complaint with SEC Enforcement & Investor Protection for unregistered securities/fraud and with PNP/NBI for criminal action. Keep proof of deposits, app screens, referrals, and chats.

C. If it’s an online retail/marketplace problem (non-delivery/fake seller)

  • Platform complaint for mediation/refund; also file with DTI (consumer protection) against the seller (and sometimes the platform, depending on facts). Attach order IDs, listings, and messages.

D. If your personal data was misused/doxxed/harassed

  • File with NPC (privacy complaint) and law enforcement (if threats/extortion). Provide URLs, screenshots, and who accessed or disclosed the data.

E. If spam/SIM or caller ID spoofing is involved

  • Report the number and messages to your telco and NTC; ask for number blocking and data preservation.

F. Always consider law enforcement as a parallel track

  • PNP Anti-Cybercrime Group (ACG): for blotter, technical assistance, and criminal complaint filing.
  • NBI Cybercrime Division: for investigation, digital forensics, and assistance with prosecutor filings.
  • DOJ Office of Cybercrime: policy coordination and support with international requests/MLAT in cross-border cases.

Tip: Bring a government ID, your affidavit (see §9 template), and digital+printed annexes. Ask the desk to stamp-receive your set.

5) Civil, Criminal, and Administrative Tracks—How They Fit

  • Criminal (RPC/RA 10175/RA 8484/etc.): aims to punish. You file a complaint-affidavit; prosecutors determine probable cause for filing an Information in court. Restitution may be awarded in the criminal case.
  • Civil (damages/contract rescission/unjust enrichment): sue for recovery; small claims may be available if within the current Supreme Court monetary threshold (check latest Rules on Small Claims, A.M. No. 08-8-7-SC, as amended).
  • Administrative/regulatory (BSP/SEC/DTI/NPC/NTC): can pressure institutions to resolve disputes and penalize regulated entities.

You may pursue all three in parallel where applicable.

6) Venue & Jurisdiction (Where to File)

  • For cybercrimes, venue generally lies where any element occurred (e.g., where the victim resides/received the message, where funds were sent, where data was accessed) or where a relevant computer system is located.
  • Extraterritorial reach exists for RA 10175 if the act affects systems or persons in the Philippines or is committed by a Filipino national.
  • For civil actions, venue follows the Rules of Court (residence of either party, or where the cause of action arose).
  • Prescription: criminal prescription depends on the penalty; for civil, common periods include 10 years on written contracts (Civil Code art. 1144) and 4 years for fraud or quasi-delict (arts. 1146, 1147). File promptly.

7) Evidence: Collect, Preserve, and Package

Collect

  • Entire chat/email threads (export), screenshots, URLs, usernames, phone numbers, transaction receipts, reference numbers, audio/video, caller logs, and device identifiers (if visible).
  • Bank/e-wallet logs (PDF statements), SMS OTPs received, app notifications.

Preserve

  • Save original files and exports; avoid altering metadata.
  • Keep a clear timeline of events and a contact list (banks, platforms, case handlers).
  • Where feasible, compute a file hash (e.g., SHA-256) and note it in your affidavit to show integrity.

Package

  • Label annexes (Annex “A” – Screenshot of chat, Annex “B” – Proof of transfer, etc.).
  • Include reference numbers issued by banks/platforms/telcos and the dates you asked them to preserve data (see next).

Preservation requests (RA 10175, Sec. 13): Send the provider/telco/bank a written Data Preservation Request asking them to retain relevant traffic/subscriber/transaction data for at least six (6) months, noting that law enforcement will follow with proper process. (Template in §10.)

8) Money Recovery: What’s Realistic

  • Bank/e-wallet recall/chargeback: possible if funds remain; success drops quickly once cashed-out or hopped through multiple accounts. Act fast.
  • Card disputes: follow issuer’s process and deadlines (often strict); keep merchant descriptors and transaction times.
  • AMLC freeze/forfeiture: initiated by AMLC/law enforcement/prosecutors; victims don’t file directly but can provide evidence that funds are proceeds of unlawful activity.
  • Civil recovery: demand letters, settlement, or small claims (if within threshold).
  • Restitution in the criminal case is possible upon conviction or via compromise.

9) Filing the Criminal Complaint (Step-by-Step)

  1. Draft a Complaint-Affidavit stating facts in chronological order, identifying the offences (e.g., Estafa; Computer-related Fraud; Identity Theft), and attaching annexes.
  2. Notarize your affidavit (or swear before a prosecutor/law officer).
  3. File with PNP-ACG or NBI; get a blotter/acknowledgment and case number.
  4. Prosecutor: Law enforcement may endorse your case to the Office of the City/Provincial Prosecutor for preliminary investigation; or you may file directly.
  5. Attend clarificatory hearings; respond to counter-affidavits; track the Resolution and possible filing of an Information in court.

Elements to allege (examples):

  • Estafa (Art. 315) — deceit; reliance; damage.
  • RA 10175 computer-related fraud — input/alteration/suppression of computer data causing damage or illicit gain.
  • RA 8484 — use of an access device without authority or through fraud.

10) Useful Templates

A. Data Preservation Request (to bank/e-wallet/telco/platform)

[Date]

[Provider Name]
[Address/Email]

Re: REQUEST FOR DATA PRESERVATION – RA 10175 Sec. 13

I am [Name], victim in an online fraud incident on [date/time]. Kindly preserve, for at least six (6) months from receipt, all traffic/subscriber/transaction and relevant computer data related to:

• Account/Username/Number: [details]
• Transaction refs/amounts/timestamps: [details]
• IP/device logs associated with the above
• Linked accounts and recipients (names, numbers, account IDs)

Purpose: For investigation by [PNP-ACG/NBI] and possible issuance of lawful process. Please confirm receipt and provide a reference number.

Sincerely,
[Signature, Contact details]

B. Complaint-Affidavit (outline)

REPUBLIC OF THE PHILIPPINES )
[City]                          ) S.S.

COMPLAINT-AFFIDAVIT

I, [Name], Filipino, of legal age, [address], after having been duly sworn, depose and state:

1. Parties – I am the complainant; respondents are [aliases/links/numbers known].
2. Facts – (Chronology: initial contact; representations; transfers; loss.)
3. Elements – (Explain deceit, reliance, damages; acts using a computer system.)
4. Evidence – (Annex list: chats, receipts, screenshots, IDs, bank letters, preservation request.)
5. Offences – Estafa (Art. 315); Computer-related Fraud/Identity Theft (RA 10175); [others].
6. Prayer – For investigation, filing of appropriate charges, and restitution.

[Signature over printed name]
[ID details]

SUBSCRIBED AND SWORN to before me this [date] at [place].

C. Demand Letter to Seller/Scammer (for civil/DTI track)

[Date]

[Name/Handle/Address if known]

Re: DEMAND TO REFUND / CEASE AND DESIST

On [date], you represented [facts]. I paid [amount] via [channel] (ref. nos. [x]). You failed to deliver/refunded nothing. Demand is made for (1) refund of ₱[amount] within five (5) days, and (2) cessation of misleading activities. Absent compliance, I will file criminal, civil, and administrative actions.

[Signature]

11) Special Situations

  • Sextortion/Intimate image threats: Do not pay. Collect evidence; report immediately. RA 9995/RA 11930 may apply.
  • Corporate victims: Trigger incident-response, suspend compromised accounts, notify clients where required, consider NPC breach notification if personal data was exposed.
  • Cross-border schemes: Still file locally; DOJ OOC/PNP/NBI can route MLAT/INTERPOL requests.
  • SIM swap/number takeover: Alert your telco in writing, ask for incident documentation, and change recovery numbers/emails on all accounts.

12) Working with Platforms & Telcos

  • Use in-app Report tools and request takedown of fraudulent pages/accounts.
  • Ask for the platform’s Law Enforcement Guidelines (many have standard preservation channels).
  • Telcos can block numbers and, upon proper process, furnish subscriber/traffic data to law enforcement.

13) Timelines & Expectations

  • Bank/e-wallet review: days to weeks; faster if funds are still on platform.
  • Preliminary investigation: weeks to months depending on docket load.
  • Criminal trial/civil case: months to years.
  • Regulatory complaints: vary; some resolve within 30–60 days if documentation is complete.

Acting immediately and submitting a clean evidence package meaningfully improves outcomes.

14) Prevention & Hardening

  • Use unique passwords and app-based MFA (avoid SMS where possible).
  • Never share OTPs/QRs or “test deposits.”
  • Verify sellers/investments against official registries (SEC/BSP/IC) before paying.
  • Lock down account recovery: email, phone, trusted devices.
  • On social media, restrict audience; beware of romance/job pitches that move you off-platform.
  • Keep devices updated; install only from official app stores.

15) Quick Reference (Who to Contact)

  • PNP Anti-Cybercrime Group (ACG) — criminal complaint/investigation, arrests.
  • NBI Cybercrime Division — investigation/forensics.
  • DOJ Office of Cybercrime (OOC) — coordination, cross-border.
  • BSP Consumer Assistance — disputes with banks/e-money issuers.
  • SEC Enforcement & Investor Protection — investment and “tasking app” scams.
  • DTI Consumer Protection/FTFB — online retail/non-delivery/misrepresentation.
  • NPC — data privacy/doxxing/harassment involving personal data.
  • NTC & your Telco — spam/SIM issues, blocking, data retention.
  • AMLC — via law enforcement/prosecutors for freeze/forfeiture of proceeds.

(Use each agency’s official website or headquarters/field office directories to obtain the latest forms, emails, and hotlines.)

16) One-Page Checklist (Print/Save)

  • Secure accounts; change PINs/passwords; lock cards/e-wallets.
  • Call bank/e-wallet; request freeze + fund recall; note ticket #.
  • Collect chats, receipts, references, URLs, numbers; export threads; take screenshots.
  • Send Data Preservation Request letters/emails (RA 10175, Sec. 13).
  • File with PNP-ACG or NBI; get case #; prepare for prosecutor.
  • File with regulator (BSP/SEC/DTI/NPC/NTC) as applicable.
  • Platform/telco reports; request takedown/blocking.
  • Consider civil remedies (demand/small claims) alongside criminal and regulatory tracks.
  • Track every contact in a log (date, person, action, reference #).

Final Note

Online scam cases often hinge on speed and documentation. If you do only three things today: preserve the data, alert your bank/e-wallet, and file with PNP/NBI. The rest of the process largely builds on those first moves.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login