How to Report Online Scams to NBI and PNP Cybercrime in the Philippines

How to Report Online Scams to the NBI and the PNP Cybercrime Group (Philippines)

Updated for the Philippine legal framework as of 2025.

1) Executive summary

If you’re scammed online in the Philippines, you can (and should) report it to either:

  • National Bureau of Investigation – Cybercrime Division (NBI-CCD), or
  • Philippine National Police – Anti-Cybercrime Group (PNP-ACG).

Both are national law-enforcement units empowered to investigate cybercrime and file cases with the Department of Justice (DOJ). Reporting is free. The strongest reports include a notarized complaint-affidavit and preserved electronic evidence (screenshots, chat logs, bank proofs, device/exported data with timestamps).

2) Legal framework you’ll rely on

  • Cybercrime Prevention Act of 2012 (Republic Act No. 10175) Defines core “cyber” offenses and computer-related offenses (e.g., computer-related fraud, identity theft, illegal access, data interference), provides jurisdiction, data preservation, and law-enforcement powers (e.g., search, seizure, disclosure of computer data under court-issued cyber warrants).

  • Revised Penal Code (RPC) Traditional crimes committed by, through, or with the use of a computer or network (e.g., estafa/swinding – Art. 315) remain punishable. Cyber means are aggravating in practice and often paired with RA 10175 offenses.

  • Access Devices Regulation Act (RA 8484) Covers use of stolen/skimmed cards or account access devices—common in phishing and card-not-present fraud.

  • E-Commerce Act (RA 8792) & Rules on Electronic Evidence (A.M. No. 01-7-01-SC) Recognize electronic documents and electronic signatures as admissible, and frame how to authenticate e-evidence.

  • Rule on Cybercrime Warrants (A.M. No. 17-11-03-SC) Courts may issue: • WDCD – Warrant to Disclose Computer Data • WICD – Warrant to Intercept Computer Data • WSC – Warrant to Search, Seize and Examine Computer Data • WECD – Warrant to Examine Computer Data These enable NBI/PNP to lawfully obtain logs, subscriber info, content, devices, etc.

  • Data Privacy Act (RA 10173) Complaints about personal-data misuse may also go to the NPC, but criminal investigation of scams belongs to NBI/PNP and prosecution to DOJ.

3) What counts as an “online scam”?

Typical criminal theories used by investigators and prosecutors include:

  • Estafa (RPC Art. 315) via deceit, false pretenses, or fraudulent transactions conducted through social media, marketplaces, messaging apps, or email.
  • Computer-related fraud (RA 10175, Sec. 4(b)(2)): input, alteration, or interference with data or programs causing illegal transfer of property/value.
  • Identity theft (RA 10175, Sec. 4(b)(3)): unauthorized acquisition and misuse of personal identifying information online.
  • Access device fraud (RA 8484): phishing, OTP theft, carding.
  • Other paired offenses depending on the scheme: qualified theft, falsification/forgery (including computer-related forgery), unfair/illegal trading schemes, child/sexual abuse materials (if relevant), and related special laws.

4) Jurisdiction & venue (where the case can be filed)

  • Cybercrime jurisdiction (RA 10175, Sec. 21): A Philippine court has jurisdiction if any element of the offense occurred in the Philippines, or if a Philippine computer system or data subject is affected.
  • Venue for estafa/cyber-fraud can be where the offender acted, where the victim was deceived (often the victim’s location when they read the message/made payment), or where funds were received.
  • Extraterritorial elements: NBI/PNP may coordinate through DOJ-Office of Cybercrime (OOC) and international channels when actors or infrastructure are abroad.

5) Choosing where to report: NBI vs. PNP

  • NBI-CCD Best for complex, multi-jurisdictional, or high-value cases; strong cyber-forensics; often coordinates closely with banks, platforms, and foreign counterparts.

  • PNP-ACG (and its regional/city cybercrime units) Readily accessible nationwide; quick response for active scams, harassment, or ongoing threats; can run entrapments and serve warrants with local stations.

You can report to either or both. If you already reported to one, tell the other to avoid duplicative dockets.

6) Evidence: what to preserve before you file

Golden rule: Preserve first, then escalate. Do not edit or overwrite data.

  1. Device & account data

    • Take full screenshots (showing URL bars, handles, timestamps, and message headers where possible).
    • Export chats (Messenger, Viber, WhatsApp, Telegram), download email .eml/.msg files, and export transaction histories from banks/wallets/marketplaces.
    • Save filenames with dates and context. Keep originals unaltered.

  2. Payment proofs

    • Receipts, bank statements, e-wallet reference numbers, remittance slips, GCash/PayMaya screenshots, crypto TXIDs.

  3. Attribution breadcrumbs

    • Phone numbers, SIM details, usernames, profile URLs, marketplace listings, IP notices, tracking numbers, courier receipts.

  4. Link integrity

    • Copy full URLs (including query strings), order numbers, platform case IDs.

  5. Chain of custody

    • Keep a simple log (date/time, what was collected, by whom).
    • If you create archives, compute and note a hash (e.g., SHA-256) for files to show integrity.

7) The complaint-affidavit (what investigators expect)

Prepare a notarized complaint-affidavit that:

  • Identifies you (name, address, government ID), the respondent(s) if known (aliases are okay), and the platform(s) used.
  • Narrates chronologically what happened, including dates/times, what was promised, what you paid, and how deceit occurred.
  • States the crimes you believe were committed (e.g., Estafa under Art. 315 RPC in relation to RA 10175; Computer-related Fraud; Identity Theft; RA 8484).
  • Attaches and labels Annexes (A, B, C…) with short descriptions.
  • Ends with a prayer for investigation/prosecution and a verification & certification (no forum shopping).
  • Is signed before a notary (bring a government ID).

Tip: Bring a USB drive or cloud link with your e-evidence folders matching the Annex labels, plus printed key screenshots.

8) How to report to NBI-CCD

A. Prepare

  • Complaint-affidavit (notarized).
  • Valid ID (photocopy).
  • Evidence (digital copies + printed highlights).
  • Contact details.

B. File the complaint

  • Walk-in at the NBI Cybercrime Division or the nearest NBI office with cyber desks; request assistance in docketing a cybercrime complaint.
  • Provide your affidavit, execute any supplemental sworn statements, and submit your evidence (they may forensically image devices, if needed).
  • Obtain your NBI reference number and investigator’s contact.

C. What happens next

  • The NBI evaluates the complaint, may conduct digital forensics, send letters or preservation requests to platforms/banks, and, where needed, apply for cyber warrants.
  • If evidence suffices, NBI prepares a referral to the DOJ for inquest (if suspect is caught) or preliminary investigation (regular filing).
  • You may be asked to execute a Judicial Affidavit and attend clarificatory hearings at the prosecutor’s office.

9) How to report to PNP-ACG

A. Prepare (same as above)

B. File the complaint

  • Walk-in at PNP-ACG Camp Crame or any Regional/City Anti-Cybercrime Unit.
  • Request blotter entry and initiation of cybercrime investigation; provide affidavit & evidence.
  • If the scam is ongoing (e.g., demands/harassment), request immediate police intervention or entrapment where feasible and lawful.

C. What happens next

  • Police open a case folder, secure preservation with service providers, and coordinate with banks/wallets.
  • When probable cause ripens, they file a complaint with the prosecutor, or pursue inquest if there’s an arrest.
  • Expect follow-up requests for additional logs, device submission, or witness statements.

10) Parallel, practical steps (do these in tandem with NBI/PNP)

  • Notify your bank/e-wallet immediately to flag or freeze suspicious transfers where possible. Provide the police/NBI reference number once available.
  • Report the account/profile/listing to the platform (marketplace, social media) using its fraud channel; ask for preservation of account data.
  • Coordinate with your telco if SIM numbers or SMS-based OTPs were compromised.
  • Consider civil remedies (damages, rescission) alongside criminal action; your counsel may file a civil case or reserve civil liability in the criminal case.

11) Timelines, costs, and outcomes

  • Filing cost: Reporting to NBI/PNP is free. You’ll pay only for notarization and any document copies.
  • Timeline: Evidence collection and service-provider responses can take weeks to months, especially when data is offshore and requires a court warrant.
  • Outcome range: Account takedowns, fund recovery (when timely), identification/arrest of suspects, and filing of Informations in court. Not all funds are recoverable—speed and complete evidence drastically improve chances.

12) Common pitfalls that weaken cases

  • Edited or cropped screenshots without context (no URL, header, timestamp).
  • Deleting chats or resetting devices before extraction.
  • Paying via anonymous channels (gift cards/crypto P2P) without retaining TXIDs or counterparty info.
  • Delays that allow offenders to wipe logs or move funds.
  • Mislabelled evidence that breaks the chain of custody.

13) Model checklist for your report

  • Government ID (photocopy)
  • Notarized complaint-affidavit (with elements of the crime)
  • Evidence bundle: – Screenshots (with timestamps & URLs) – Chat exports (raw files) – Email files (.eml/.msg) with headers – Bank/e-wallet receipts & reference numbers – Platform report ticket IDs – Device details (if seized or examined)
  • Contact info and preferred notice method
  • Short incident timeline (1 page)

14) Sample complaint-affidavit template (short form)

Republic of the Philippines City/Municipality of _________ ) Province of _____________ ) S.S.

COMPLAINT-AFFIDAVIT

I, [Full Name], of legal age, Filipino, with address at [Address], after having been duly sworn, depose and state:

  1. On [date & time], I saw/responded to [link/username/number] offering [item/service] at [platform].
  2. The respondent represented [specific deceitful statements] and instructed me to pay [amount] via [bank/e-wallet details & reference no.].
  3. Relying on such representations, I paid [amount] on [date/time]. The respondent then [failed to deliver/blocked me/sent fake proof/etc.].
  4. Attached as Annexes A–__ are true copies of our chats, profile/URLs, transaction receipts, and related records.
  5. I believe the foregoing constitutes Estafa (Art. 315, RPC) in relation to RA 10175 (Computer-Related Fraud/Identity Theft) and [any other applicable law].
  6. I respectfully pray that an investigation be conducted and criminal charges be filed.

[Signature over Printed Name] Affiant

VERIFICATION & CERTIFICATION I certify the truthfulness of the foregoing and that I have not commenced any other action involving the same issues in any forum.

SUBSCRIBED AND SWORN to before me this [date] at [place]. Notary Public

15) Special scenarios & how to handle them

  • Phishing / account takeover: Change passwords, enable MFA, obtain login alerts and access logs from the platform; include header/raw email and redirection chain.
  • Card-not-present fraud: Reference RA 8484 in your affidavit; request your bank’s chargeback process and fraud investigation memo; attach to the NBI/PNP report.
  • Courier/marketplace scams: Secure the order page, tracking history, seller profile and any dispute tickets.
  • Romance/investment scams: Highlight the pattern of inducements, screenshots of dashboards showing fake profits, crypto TXIDs, and exchange account identifiers.
  • Ongoing threats/harassment/extortion: Go directly to PNP-ACG for immediate intervention, keep communications open (do not pay), and preserve contemporaneous logs.

16) Your rights as a complainant

  • To file and be heard without paying fees.
  • To be assisted in drafting supplemental statements.
  • To privacy of sensitive personal information consistent with law-enforcement needs.
  • To updates on case status upon reasonable request.
  • To recover property/funds when legally feasible (through bank coordination, asset preservation, or restitution ordered by the court).

17) Quick action plan (TL;DR)

  1. Freeze the damage: Call your bank/e-wallet; change passwords; enable MFA.
  2. Preserve evidence: Full screenshots, raw exports, receipts, URLs, TXIDs.
  3. Draft & notarize a complaint-affidavit with annexes.
  4. Report to NBI-CCD or PNP-ACG (or both). Get your case reference.
  5. Cooperate with investigators; be ready for clarificatory statements and prosecutor hearings.
  6. Follow through on bank/platform processes and consider civil remedies.

Final notes

  • Reporting early preserves logs and increases chances of asset recovery.
  • Even when the offender is anonymous, platform and bank trails plus cyber warrants often unmask identities.
  • Well-organized, authentic e-evidence is the single biggest factor in advancing your case.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login