How to Report Phishing Scams to Philippine Authorities

I. Overview: What “Phishing” Is in Philippine Practice

Phishing is a form of online fraud where a scammer deceives a victim into revealing sensitive information (e.g., passwords, one-time PINs/OTPs, card numbers, online banking credentials) or induces the victim to send money by impersonating a trusted entity (bank, e-wallet, delivery company, government office, employer, or a known person). In the Philippines, phishing commonly appears as:

  • SMS “smishing” (e.g., fake delivery notices, SIM registration threats, bank “account locked” alerts)
  • Email phishing (fake invoices, account verification links, malicious attachments)
  • Social media or messaging app impersonation (Facebook, Messenger, Viber, Telegram, WhatsApp)
  • Voice phishing “vishing” (calls pretending to be bank staff, telco agents, or law enforcement)
  • Fake websites / cloned login pages (URLs that mimic banks/e-wallets)
  • QR phishing (malicious QR codes leading to credential-harvesting pages)
  • Remote-access tool scams (victim convinced to install “support” apps that give attacker control)

Reporting serves two functions: (1) consumer protection and incident response (to contain harm and recover funds where possible), and (2) criminal investigation and prosecution (to identify offenders and build cases).

II. Key Philippine Laws Typically Implicated

Phishing reports in the Philippines are commonly evaluated under these legal frameworks:

A. Republic Act No. 10175 — Cybercrime Prevention Act of 2012

Phishing often falls under computer-related offenses and cyber-enabled fraud, including:

  • Illegal Access (unauthorized access to accounts/systems)
  • Computer-related Identity Theft (using another’s identity or credentials)
  • Computer-related Fraud (deceit using computer systems to obtain money/data)
  • Computer-related Forgery (alteration/fabrication of electronic data with intent to deceive)
  • Attempt and aiding/abetting (where applicable)

Phishing may also be treated as the cybercrime version of certain crimes when committed through ICT, which can affect how cases are filed and investigated.

B. Revised Penal Code (as applicable)

Depending on facts, prosecutors may also consider:

  • Estafa (Swindling) (deceit leading to damage)
  • Falsification / use of fictitious name (in impersonation scenarios) Even when the act is online, some cases are charged as traditional offenses supported by electronic evidence.

C. Republic Act No. 8792 — Electronic Commerce Act (E-Commerce Act)

This supports recognition and admissibility of electronic data messages and electronic documents, and provides a policy framework for e-transactions and certain unlawful acts in e-commerce.

D. Republic Act No. 10173 — Data Privacy Act of 2012

If phishing led to unauthorized processing or exposure of personal information, it may raise issues related to personal data security incidents. It also frames obligations of personal information controllers/processors, and provides avenues for complaints depending on circumstances.

E. Consumer and financial regulatory frameworks (contextual)

Banks, e-money issuers, and payment platforms are subject to regulatory expectations on fraud controls and complaint handling. Regardless of ultimate liability, prompt reporting to the provider is crucial to preservation of records and possible fund holds.

III. Who to Report To: Correct Philippine Authorities and Why

Phishing cases can be reported to multiple bodies because each plays a different role (investigation, prosecution support, telecom action, consumer protection, data privacy oversight). In practice, parallel reporting improves chances of containment and investigation.

A. PNP Anti-Cybercrime Group (PNP-ACG)

Primary criminal investigative arm of the Philippine National Police for cybercrime complaints. PNP-ACG is commonly approached for:

  • phishing via SMS/social media/email
  • online banking/e-wallet credential theft and fraud
  • impersonation, account takeovers, online scams

Use when: you want police blotter/complaint, investigation, coordination with telcos/platforms, and case build-up for filing.

B. NBI Cybercrime Division (National Bureau of Investigation)

Another primary investigative agency with capabilities for digital forensics and cybercrime case build-up.

Use when: the case involves larger losses, complex schemes, cross-border angles, organized groups, or when you want NBI-led investigation.

C. Department of Information and Communications Technology — Cybersecurity / CICC (where operationally applicable)

The DICT ecosystem has roles in cybersecurity coordination and cyber incident response. Depending on current operational channels, DICT-linked reporting may help with advisories, coordination, and incident documentation.

Use when: you want the incident logged for cybersecurity coordination, especially if the campaign is widespread (mass smishing, large-scale phishing sites).

D. National Telecommunications Commission (NTC)

NTC can receive complaints involving SMS scams, spoofing concerns, and telco-related issues. While NTC is not the main criminal investigator, it can be relevant for telecom enforcement and coordination.

Use when: phishing is delivered through mobile networks (smishing) and you want a regulator complaint in addition to police/NBI.

E. Bangko Sentral ng Pilipinas (BSP) and relevant financial regulators (for banks/e-money)

BSP is a key channel for consumer assistance/escalation involving banks and BSP-supervised institutions. This is separate from criminal investigation and focuses on provider complaint handling and regulatory oversight.

Use when: a bank/e-wallet is involved and internal support is inadequate, delayed, or unresponsive—especially for documentation and escalation.

F. National Privacy Commission (NPC)

NPC is relevant when there is a personal data breach/security incident or suspected unauthorized processing of personal information, particularly by organizations that hold personal data.

Use when: phishing involves potential compromise of personal data, and especially if an organization’s systems or processes may have contributed to a data privacy incident or mishandling.

G. Local prosecution and courts (through investigative case build-up)

You do not normally file directly in court without case preparation. Typically, you first report to PNP-ACG or NBI, then the case is referred for inquest/prosecutor’s office as appropriate.

IV. Immediate Steps Before Reporting (Preserve Evidence, Limit Damage)

Authorities can only act effectively if evidence is preserved correctly. Do these immediately, ideally in this order:

1) Stop the bleeding (containment)

  • Do not click further links or continue chats with the scammer.
  • If you entered credentials, change passwords immediately (email first, then banking/e-wallets, then social media).
  • Enable multi-factor authentication (MFA) where possible.
  • Revoke device sessions in your email/social media/security settings.
  • If remote-access software was installed, disconnect from the internet, uninstall the app, run a reputable security scan, and consider a device reset if compromise is severe.

2) Notify the institution (for possible fund hold)

  • Call your bank/e-wallet hotline or use the official app help center.
  • Ask for: account freeze/temporary lock, charge dispute guidance, fund transfer tracing, and transaction reference documentation.
  • Time matters: the sooner a provider can flag a recipient account or transaction chain, the better.

3) Preserve electronic evidence properly

Capture and store:

  • Screenshots of SMS, chat threads, emails (including headers where possible), and social media profiles.

  • The phishing URL (copy the full link), including any redirect links.

  • Transaction records: reference numbers, timestamps, amounts, recipient account details, e-wallet IDs, QR codes used, and confirmation pages.

  • Any files received (do not open them; keep originals).

  • If a website is involved, take screenshots of the page and note:

    • exact URL
    • date/time accessed
    • what information was requested

Best practice: export conversations (where the app allows), and back up to a secure storage folder. Keep originals and avoid editing screenshots.

4) Create a clean timeline

Write a simple chronological log:

  • how contact started
  • what was claimed
  • what link/action occurred
  • what data you entered
  • what transactions occurred
  • what steps you took afterward (password changes, calls made)

V. What Information Philippine Authorities Typically Need

When you report to PNP-ACG or NBI, expect to provide:

A. Victim identity and contact

  • Full name, address, mobile number, email
  • Government ID (often needed for sworn statements/affidavits)

B. Incident details

  • Date/time of phishing attempt and subsequent transactions
  • Platform used (SMS/email/Facebook/etc.)
  • Method (fake login, OTP harvesting, remote access, impersonation)

C. Offender identifiers (even if partial)

  • Phone numbers used
  • Email addresses used
  • Social media account links, usernames, page IDs
  • Names used (even if fake)
  • Bank/e-wallet accounts receiving funds
  • URLs/domains, IP indicators if available (you usually won’t have IPs; that’s okay)

D. Evidence package

  • Screenshots, exported chat logs
  • Email headers (if email phishing)
  • Bank/e-wallet transaction proofs
  • Any advisory messages from the provider confirming compromise or transfers

E. Loss and damages

  • Exact amounts lost
  • Secondary effects (account takeover, identity misuse, SIM swap indicators)

VI. How to File a Report: Practical Paths

A. Reporting to PNP-ACG

Common approach:

  1. Go to the nearest PNP unit that can direct you to PNP-ACG or to a designated cybercrime desk.
  2. Submit your evidence and timeline.
  3. Execute a sworn statement or complaint-affidavit (requirements vary by office; often formal statements are required to proceed).
  4. Obtain documentation (blotter/acknowledgment) and keep a case reference.

Why it helps: PNP can initiate investigative steps, request records, coordinate with service providers, and prepare a case for prosecutors.

B. Reporting to NBI Cybercrime Division

Common approach:

  1. File a complaint with NBI Cybercrime.
  2. Provide evidence and identification.
  3. Execute statement/affidavit as required.
  4. Coordinate on follow-up requests (additional screenshots, device checks, account records).

Why it helps: NBI has strong investigative and forensic capability, helpful for sophisticated phishing networks.

C. Regulator escalation (BSP / NPC / NTC)

These are not substitutes for police/NBI reports but are useful in parallel.

  • BSP: If your bank/e-wallet response is inadequate, or you need escalation for complaint handling and documented resolution steps.
  • NPC: If personal data was exposed and an entity may have failed in data protection obligations, or you want to report a data privacy incident dimension.
  • NTC: If the core vector is SMS/telecom and you want regulatory attention to scam transmission patterns.

VII. Special Scenarios and the Correct Reporting Mix

1) Smishing (SMS phishing) with a suspicious link

Report to: PNP-ACG or NBI for criminal complaint; NTC as supplementary. Also do: send the SMS details and the sender number; preserve the full message and link.

2) Bank/e-wallet account drained after OTP capture

Report to: PNP-ACG or NBI; BSP for escalation if needed. Also do: request provider certification of transactions and recipient details; ask provider to preserve logs and freeze suspicious recipient accounts where possible.

3) Social media account takeover and impersonation

Report to: PNP-ACG or NBI. Also do: use platform reporting tools, recover the account, preserve impersonation pages/posts, capture profile URLs and usernames.

4) Business email compromise (fake supplier invoice)

Report to: NBI or PNP-ACG (often higher stakes). Also do: secure corporate email (reset passwords, revoke sessions), preserve full email headers, coordinate with bank for recall/trace of transfers.

5) SIM-related indicators (sudden loss of signal, OTP interception)

Report to: PNP-ACG or NBI; telco complaint; NTC if warranted. Also do: visit telco to secure the SIM, request account activity logs, re-issue SIM where appropriate.

VIII. Evidence Handling: What Strengthens a Case

Philippine cybercrime enforcement relies heavily on electronic evidence. Strong reports usually include:

  • Original message artifacts (not only screenshots, but exported chat files when possible)
  • Unaltered images with metadata preserved (avoid editing/cropping when possible; keep originals)
  • Complete URLs and domain details
  • Proof of money trail (reference numbers, recipient accounts, timestamps)
  • Provider correspondence (emails, ticket numbers, hotline call logs)
  • Device context (what phone/PC, what browser/app, what actions taken)

Avoid:

  • Deleting conversations (even if embarrassing)
  • Confronting the scammer aggressively (may cause them to delete traces)
  • Posting the scammer’s personal details publicly if unverified (risk of misidentification and legal complications)

IX. Affidavits, Case Build-Up, and What to Expect

A. Sworn statements and affidavits

For criminal complaints, you will often be asked to execute a sworn statement detailing facts. Your documentation should be factual, chronological, and specific.

Include:

  • how you encountered the scam
  • the exact representations made by the scammer
  • what you relied on (why you believed it)
  • what information you disclosed or what transactions you made
  • the resulting damage (loss amount, compromised accounts)

B. Investigation timeline realities

Cyber investigations may involve:

  • subpoenas/requests to banks/e-wallets for KYC details of recipient accounts
  • requests to telcos for subscriber and transmission records
  • coordination with platforms for account logs
  • domain/hosting takedown coordination (depending on jurisdiction)

Cross-border elements may slow progress, but reporting remains essential for pattern detection and future enforcement.

X. Remedies: Recovery, Disputes, and Civil Options

A. Provider-based remedies

Victims may pursue:

  • internal dispute/complaint mechanisms
  • reversal/trace efforts (fact-dependent and time-sensitive)
  • account restoration support

Outcomes depend on:

  • how the transaction was authorized (e.g., voluntary transfer vs unauthorized access)
  • timing of the report
  • whether funds remain in the recipient account
  • contractual terms and security factors

B. Criminal case outcomes

A successful criminal case may result in:

  • prosecution and penalties under cybercrime laws
  • possible restitution orders (case-dependent and not guaranteed)

C. Civil actions (case-dependent)

In some circumstances, victims may explore civil claims, but most phishing incidents are primarily pursued through criminal complaint and provider dispute processes first.

XI. Preventive Reporting: When You Didn’t Lose Money Yet

Even without financial loss, reporting is still valuable if:

  • your credentials were entered into a phishing page
  • your account was accessed or attempted
  • you received mass-targeted phishing campaigns (especially with new spoofing patterns)

File a report with:

  • PNP-ACG or NBI (to log the campaign and preserve evidence)
  • your provider/platform (to lock accounts and block pages)
  • optionally, telecom/regulator channels if the vector is widespread SMS

XII. Practical Checklist for a Strong Philippine Phishing Report

A. Minimum evidence set

  • screenshots of message/email/chat
  • phishing link (full URL)
  • scammer identifiers (numbers, usernames, account links)
  • transaction records (if any)
  • short timeline document

B. Security actions recorded

  • password changes
  • provider hotlines contacted (date/time, ticket numbers)
  • account freezes/locks requested

C. Where you reported

  • PNP-ACG or NBI reference (acknowledgment, blotter details if given)
  • any regulator escalation reference numbers (if used)

XIII. Common Mistakes That Weaken Reports

  • Reporting only to the platform and not to law enforcement
  • Waiting days before notifying the bank/e-wallet
  • Providing only partial URLs or paraphrased messages
  • Not saving transaction reference numbers
  • Resetting or wiping devices before preserving basic evidence (unless immediate safety requires it)

XIV. Summary of Best Practice Reporting Strategy

  1. Contain and secure accounts immediately (email first, then financial, then social).

  2. Notify the bank/e-wallet right away for holds, tracing, and documentation.

  3. Preserve evidence (screenshots, exports, URLs, transaction proofs, timeline).

  4. File a criminal complaint with PNP-ACG or NBI Cybercrime (or both for serious cases).

  5. Escalate to regulators as needed:

    • BSP for bank/e-money complaint escalation
    • NPC for personal data/privacy incident dimensions
    • NTC for SMS/telecom vectors

Phishing scams are engineered to exploit urgency and trust. The most effective reports are fast, evidence-rich, and filed through both service-provider containment channels and formal law enforcement channels to enable investigation and prosecution.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login