How to Report SIM Registration Scam and Identity Theft in the Philippines

If someone used your name, ID, selfie, or mobile number in a SIM registration scam, treat it as both a security emergency and a legal evidence problem. The first goal is to stop further damage: secure your SIM, bank accounts, e-wallets, email, and government IDs. The second goal is to create a clear paper trail so the telco, NTC, NBI, PNP Anti-Cybercrime Group, bank, e-wallet, or National Privacy Commission can act on your complaint.

SIM registration scams in the Philippines usually happen in one of these ways:

  • You receive a fake “SIM registration,” “SIM reactivation,” “points redemption,” “parcel delivery,” or “account verification” text with a link.
  • A scammer asks for your OTP, ID photo, selfie, address, birthday, e-wallet details, or bank credentials.
  • Your lost or stolen phone/SIM is used to access GCash, Maya, online banking, Facebook, Gmail, or other accounts.
  • Someone uses your ID or personal information to register a SIM or open a financial account.
  • A number registered under another person’s identity is used to scam you.

The right response depends on what happened: a suspicious text, actual identity theft, unauthorized transactions, or a SIM registered or used fraudulently. The steps below explain where to report, what documents to prepare, and what Philippine laws may apply.

What counts as a SIM registration scam or identity theft?

A SIM registration scam is any fraudulent act connected with the registration, activation, transfer, sale, or misuse of a SIM card. It may involve fake registration links, fake telco messages, spoofed sender names, stolen IDs, pre-registered SIMs, or social engineering.

Identity theft happens when someone intentionally acquires, uses, misuses, transfers, possesses, alters, or deletes identifying information belonging to another person without right. Under the Cybercrime Prevention Act of 2012, this is called computer-related identity theft when done through a computer system or similar digital means. (Lawphil)

In real life, the same incident may fall under several laws at once. For example, a scammer who sends a fake SIM registration link, steals your ID and OTP, accesses your e-wallet, and transfers money may be investigated as:

  • a SIM Registration Act violation;
  • computer-related identity theft;
  • computer-related fraud;
  • estafa or swindling;
  • access device fraud;
  • financial account scamming;
  • data privacy violation; and
  • falsification or use of falsified documents if fake IDs or documents were used.

Legal basis in the Philippines

SIM Registration Act: RA 11934

Republic Act No. 11934, or the SIM Registration Act, requires SIM users to register using true and correct information and valid identification. The law requires telcos, legally called Public Telecommunications Entities or PTEs, to maintain SIM registers and to protect subscriber data. It also requires PTEs to provide user-friendly reporting mechanisms for potentially fraudulent texts or calls and, after due investigation, to deactivate the SIM used for the fraudulent message or call. (Supreme Court E-Library)

RA 11934 is important because it gives a legal route for tracing a number, but it does not mean a private person can simply demand the name of the SIM owner. Subscriber information is confidential. A telco may disclose registration information only under the circumstances allowed by law, including legal process or subpoena in an investigation based on a sworn complaint involving a specific number used in a crime, malicious act, fraudulent act, or unlawful act. (Supreme Court E-Library)

The law penalizes, among others:

Act Possible legal consequence under RA 11934
Using false or fictitious information or fraudulent ID documents to register a SIM Imprisonment of 6 months to 2 years, fine of ₱100,000 to ₱300,000, or both
Spoofing a registered SIM to transmit misleading source information with intent to defraud, cause harm, or wrongfully obtain value Imprisonment of not less than 6 years, fine of ₱200,000, or both
Selling or transferring a registered SIM without complying with registration requirements Imprisonment of 6 months to 6 years, fine of ₱100,000 to ₱300,000, or both
Aiding or abetting violations Liability as co-principal (Supreme Court E-Library)

For foreigners, RA 11934 requires different documents depending on immigration status. Tourists generally present a passport, proof of Philippine address, and return or onward ticket; their SIM registration is temporary for 30 days. Foreign nationals with other visas may need documents such as a passport, proof of Philippine address, Alien Employment Permit, ACR I-Card, school registration and ID, or other applicable documents. (Supreme Court E-Library)

Cybercrime Prevention Act: RA 10175

Republic Act No. 10175, the Cybercrime Prevention Act of 2012, is usually relevant when the scam involves phishing links, fake websites, account takeover, OTP theft, unauthorized access, online impersonation, or digital fraud.

For SIM registration scams, the most relevant offense is often computer-related identity theft. Other possible offenses may include computer-related fraud, illegal access, misuse of devices, or cyber-enabled offenses under the Revised Penal Code or special laws. The Supreme Court in Disini v. Secretary of Justice reviewed RA 10175 and upheld many portions of the Cybercrime Prevention Act while striking down provisions that violated constitutional rights, making the case a key doctrine when discussing cybercrime enforcement in the Philippines. (Lawphil)

Data Privacy Act: RA 10173

Republic Act No. 10173, the Data Privacy Act of 2012, protects personal information and sensitive personal information. Government-issued ID numbers, account credentials, financial information, and similar identifiers can be sensitive personal information depending on context. The law gives data subjects rights such as access, correction, blocking, removal, and indemnity when personal data is inaccurate, unlawfully obtained, used for unauthorized purposes, or misused. (National Privacy Commission)

The National Privacy Commission says a person may file a complaint if personal information has been misused, maliciously disclosed, improperly disposed, or if data privacy rights have been violated. (National Privacy Commission)

Anti-Financial Account Scamming Act: RA 12010

Republic Act No. 12010, the Anti-Financial Account Scamming Act or AFASA, is especially important when a SIM scam leads to bank, e-wallet, or payment fraud. The law covers financial accounts such as bank accounts, credit card accounts, transaction accounts, and e-wallets. It defines sensitive identifying information as information that can be used to access financial accounts, including usernames, passwords, bank details, credit card data, e-wallet information, electronic credentials, and other confidential or personal information. (Lawphil)

AFASA penalizes money muling and social engineering schemes. A social engineering scheme includes obtaining another person’s sensitive identifying information through deception or fraud, resulting in unauthorized access or control over the person’s financial account. (Lawphil)

AFASA also allows institutions to temporarily hold funds subject of a disputed transaction within the period prescribed by the BSP, not exceeding 30 calendar days unless extended by court, and provides for coordinated verification of disputed transactions. (Lawphil)

Revised Penal Code, Civil Code, and other laws

The Revised Penal Code may apply if the scam involved deceit, false pretenses, forged documents, or swindling. Article 315 on estafa punishes defrauding another person through the means listed in the Code. (Lawphil)

If someone forged or used falsified documents, Article 172 on falsification by private individuals and use of falsified documents may also be relevant. (Lawphil)

The Civil Code may support a claim for damages. Articles 19, 20, and 21 require people to act with justice, obey the law, and compensate others for wrongful injury. Article 26 protects dignity, personality, privacy, and peace of mind. Article 33 allows a separate civil action for damages in cases of fraud. (Lawphil)

Republic Act No. 8484, the Access Devices Regulation Act of 1998, as amended by RA 11449, may also apply where the scam involves credit cards, account numbers, PINs, codes, or other access devices used to obtain money, goods, services, or fund transfers. (Lawphil)

First 30 minutes: what to do immediately

If you clicked a link, gave an OTP, uploaded an ID, lost your SIM, or saw unauthorized transactions, act fast.

  1. Stop communicating with the sender. Do not click more links, reply, or send another OTP.

  2. Take screenshots before deleting anything. Capture:

    • the sender’s number or sender ID;
    • full message content;
    • date and time received;
    • URL shown in the message;
    • conversation history;
    • transaction receipts;
    • reference numbers;
    • account names and numbers shown by the scammer.

  3. Change passwords and PINs from a clean device. Prioritize:

    • email account linked to your SIM;
    • e-wallets;
    • online banking;
    • social media;
    • telco app;
    • government accounts.

  4. Call your telco if your SIM or phone was lost, stolen, or hijacked. Ask for SIM blocking, SIM replacement, or account protection.

  5. Report unauthorized bank or e-wallet transactions immediately. For GCash, its help center states that unauthorized transactions should be reported within 15 days from the transaction date, and that investigation may take 48 hours to 7 days depending on the case. (GCash Help Center)

  6. Ask your bank or e-wallet to freeze, hold, or investigate the transaction. Under AFASA, financial institutions may temporarily hold funds involved in a disputed transaction under BSP rules. (Lawphil)

  7. Preserve your device. Do not factory reset your phone unless needed for safety. If law enforcement will examine it, screenshots and original message data are helpful.

Where to report SIM registration scams in the Philippines

1. Report to your telco first

Under RA 11934, telcos must provide reporting mechanisms for potentially fraudulent texts or calls and may deactivate SIMs used for fraud after due investigation. (Supreme Court E-Library)

Report to the telco that received the scam message and, if known, the telco of the number used by the scammer.

For Globe users, Globe’s official #StopSPAM page says scam or spam calls and messages may be reported through the Globe Stop Spam page or through the GlobeOne app. Globe also warns that it does not send text messages with links and advises users to secure financial accounts and verify uncertain calls or messages directly with banks and telcos. (Globe Telecom)

For Smart users, Smart advises subscribers not to reply to unverified messages asking for personal information, not to give OTPs or bank details, not to click suspicious links, and to report suspicious SMS or calls through verified Smart social media channels or hotline *888. (Smart Help)

When reporting to a telco, include:

  • your mobile number;
  • scammer’s number or sender ID;
  • screenshots;
  • exact message text;
  • date and time;
  • link or website involved;
  • whether you clicked the link;
  • whether you gave OTP, ID, selfie, or money;
  • whether your SIM was lost, stolen, or replaced without authority;
  • request for blocking, investigation, deactivation, or SIM protection.

2. Report text scams to the NTC

The National Telecommunications Commission handles telecommunications complaints and can route scam or spam reports to telcos for blocking or appropriate action. In an NTC FOI response, the agency explained that it does not have the capability to identify, track, or ascertain cellphone number owners, and that its role is confined to reporting incidents or complaints to relevant telcos for blocking or appropriate action. (www.foi.gov.ph)

This is an important practical point: NTC reporting helps with blocking and regulatory action, but identifying the person behind the number usually requires a criminal investigation, subpoena, cybercrime warrant, or other lawful process.

The NTC has directed the public to its text scam/spam reporting page and says concerns related to SIM registration may be raised through the NTC consumer hotline 1682 or DICT complaint center hotline 1326. (www.foi.gov.ph)

Prepare:

  • screenshot of the text or call log;
  • sender number or sender ID;
  • your number;
  • date and time;
  • scam link;
  • brief description of what happened;
  • proof of loss, if any;
  • copy of valid ID if required by the form.

3. File a cybercrime complaint with the NBI or PNP Anti-Cybercrime Group

If you lost money, your identity was used, your account was taken over, or you need the scammer identified, file with a law enforcement agency.

The NBI Cybercrime Division handles investigative assistance for victims of computer crimes. Its Citizen’s Charter describes the process: the complainant proceeds to the Cybercrime Division to file a complaint or request investigation, undergoes a preliminary interview, executes sworn statements or submits affidavits, and may submit supporting documents or devices relevant to the probe. The listed frontline processing time is about 1 hour and 10 minutes, excluding later investigation work. (National Bureau of Investigation)

The PNP Anti-Cybercrime Group also receives cybercrime complaints, including through its e-Complaint route. (www.foi.gov.ph)

For either NBI or PNP, bring or prepare:

Requirement Why it matters
Valid government ID Confirms complainant identity
Screenshots and original messages Shows the scam content, sender, date, and link
Transaction receipts and reference numbers Proves financial loss or attempted fraud
Bank or e-wallet tickets Shows you reported promptly to the institution
Affidavit or sworn statement Often needed for investigation and subpoena requests
Device used May preserve digital evidence, especially for malware or account takeover
Timeline of events Helps investigators connect the scam text, OTP, login, and transaction

A sworn complaint is particularly important because RA 11934 allows telco subscriber information to be disclosed through subpoena by a competent authority in an investigation based on a sworn complaint involving a specific mobile number used in a crime or fraudulent, malicious, or unlawful act. (Supreme Court E-Library)

4. Report data misuse to the National Privacy Commission

File with the National Privacy Commission if your issue is not only the scam itself but the misuse, unauthorized processing, leak, or improper handling of your personal data.

Examples:

  • A company, lending app, employer, agent, reseller, or online seller collected your ID and used it without permission.
  • Your ID photo or selfie was reused to register a SIM or account.
  • A telco, platform, or business mishandled your personal information.
  • Your personal data was leaked and then used for SIM or financial account fraud.

The NPC requires formal complaints to be in a specific format. Its complaint page says the complainant should download the form, print and fill it out, have it notarized, and submit it in person, by courier, or by scanned email. (National Privacy Commission)

The NPC’s mechanics also state that a complaint should be a filled-out and notarized complaint-assisted form or verified complaint, together with copies of evidence and witness affidavits, filed personally, by registered mail, by courier, or by authorized electronic mail. (National Privacy Commission)

5. Report financial loss to the bank, e-wallet, and BSP if unresolved

When money was taken, report first to the bank, e-wallet, or financial institution. Give them the transaction reference number, destination account if visible, amount, date, time, and proof that the transfer was unauthorized or scam-induced.

For GCash scam transactions, GCash says users should report the scammer to authorities such as PNP or NBI, report to GCash immediately with details and screenshots, and block the scammer. It also says its support team will review the case and reach out within 24 hours, but warns that funds may no longer be returned in scam situations. (GCash Help Center)

If your complaint against a BSP-supervised financial institution is unresolved, the BSP says you may file through BSP Online Buddy (BOB) or submit a complaints, inquiries, and requests form to BSP consumer channels. (Bangko Sentral ng Pilipinas)

Step-by-step guide to filing a strong complaint

Step 1: Write a simple incident timeline

Use this format:

Date and time What happened Evidence
June 1, 9:12 AM Received fake SIM registration text from 09xx xxx xxxx Screenshot 1
June 1, 9:14 AM Clicked link and entered name, birthday, ID photo Screenshot 2
June 1, 9:20 AM Received OTP and entered it SMS screenshot
June 1, 9:30 AM GCash transfer of ₱15,000 appeared Receipt/reference no.
June 1, 10:05 AM Reported to GCash Ticket no.
June 1, 11:30 AM Reported to telco Case no.

A clean timeline helps agencies understand the sequence quickly.

Step 2: Keep evidence in both screenshot and original form

Screenshots are useful, but original messages, emails, transaction logs, and device data are better. Do not rely only on cropped screenshots. Save:

  • full-screen screenshots with date and time;
  • screen recordings, if needed;
  • PDF copies of transaction history;
  • emails from the bank or e-wallet;
  • telco case numbers;
  • NTC or NPC acknowledgment;
  • police blotter or complaint receipt;
  • notarized affidavits.

Step 3: File reports in the correct order

For most serious cases, use this order:

  1. Telco — for SIM blocking, deactivation, SIM replacement, or scam number reporting.
  2. Bank/e-wallet — for freezing, investigation, disputed transaction, or refund review.
  3. NBI or PNP-ACG — for criminal investigation and possible subpoena/cybercrime warrants.
  4. NTC — for telecom complaint and scam/spam reporting.
  5. NPC — for misuse, leak, unauthorized processing, or improper handling of personal data.
  6. BSP — if the bank/e-wallet response remains unresolved or unsatisfactory.

You do not always need to wait for one agency before reporting to another. If money was lost or your identity was used, report to the financial institution and law enforcement as soon as possible.

Step 4: Ask for acknowledgment and reference numbers

Every report should produce some proof:

  • complaint reference number;
  • ticket number;
  • email acknowledgment;
  • police blotter entry;
  • affidavit receiving copy;
  • NBI/PNP complaint receipt;
  • NPC receiving copy;
  • BSP reference number.

These reference numbers are useful when following up or proving that you acted promptly.

Step 5: Execute an affidavit when needed

For NBI, PNP, NPC, banks, and sometimes telcos, an affidavit may be required. The affidavit should state:

  • your full name, address, and contact details;
  • your mobile number;
  • how you received the scam;
  • what information you gave, if any;
  • whether you lost money;
  • transaction details;
  • why you believe identity theft occurred;
  • list of attached screenshots and documents;
  • request for investigation.

Notarization is commonly required for formal complaints and affidavits. For Filipinos abroad, documents may need notarization before a Philippine consulate or notarization followed by apostille, depending on where the document will be used and what the receiving agency requires.

Common mistakes that weaken a SIM scam report

Deleting the message too early

Many victims delete the scam text out of panic. This removes useful evidence. Screenshot first. If possible, preserve the original SMS.

Reporting only to Facebook or messaging apps

Reporting a scammer’s profile may help remove the account, but it does not create a Philippine law enforcement complaint. If money or identity theft is involved, file with NBI or PNP.

Expecting NTC or telcos to reveal the SIM owner directly

SIM registration does not give private individuals automatic access to subscriber data. RA 11934 protects confidentiality, and disclosure usually requires lawful process, such as subpoena in an investigation based on a sworn complaint. (Supreme Court E-Library)

Giving another OTP during “recovery”

Scammers often pretend to be telco, bank, or e-wallet support after the first scam. Real support should not ask you to disclose OTPs, MPINs, passwords, or full card details.

Waiting too long to report financial transactions

Banks and e-wallets review timelines closely. Delay may make fund recovery harder, especially when funds have already moved through mule accounts or cash-out channels.

Filing a false or exaggerated report

Be accurate. AFASA recognizes malicious reporting issues in disputed financial transactions, and GCash warns that malicious or bad-faith reports that result in temporary holding of funds may lead to criminal liability under AFASA. (GCash Help Center)

Special situations

Someone used my ID to register a SIM

Report to:

  1. your telco, if you know where the SIM was registered;
  2. NTC, for SIM registration-related complaint;
  3. NBI or PNP-ACG, because the person may have used false information or fraudulent ID documents;
  4. NPC, if your ID was collected or leaked by a company, platform, employer, lending app, or other personal information controller.

Ask for written confirmation of any action taken, but understand that telcos may not disclose the registered user’s information directly to you without lawful process.

My phone or SIM was stolen

Immediately request SIM blocking or replacement from your telco. RA 11934 states that in case of loss of SIM or request for deactivation, the end-user should immediately inform the PTE through its facility for that purpose. (Supreme Court E-Library)

Also secure your email, e-wallet, banking apps, and social media. Many account takeovers happen because the thief controls SMS OTPs.

A foreigner’s passport was used in a SIM scam

Foreigners should report to the telco, NTC, and law enforcement the same way. If the complaint documents are executed abroad, the receiving Philippine office may require consular notarization or apostille. Keep copies of your passport bio page, visa page, entry stamp, ACR I-Card if any, and proof of Philippine address or hotel stay.

The scammer used a “GLOBE,” “SMART,” bank, or government sender name

This may involve spoofing or sender ID abuse. RA 11934 penalizes spoofing a registered SIM when misleading or inaccurate source information is transmitted with intent to defraud, cause harm, or wrongfully obtain anything of value. (Supreme Court E-Library)

Report this both to the telco and law enforcement. Include screenshots showing the sender name and the suspicious link.

Frequently Asked Questions

How do I report a SIM registration scam in the Philippines?

Report first to your telco through its official scam or spam reporting channel. Then report to the NTC for text scam/spam handling. If you lost money, gave an OTP, or your identity was used, file a cybercrime complaint with the NBI Cybercrime Division or PNP Anti-Cybercrime Group.

Can the NTC tell me who owns the scammer’s number?

Usually, no. The NTC has stated that it does not have the capability to identify, track, or ascertain cellphone number owners and that its role is generally to route complaints to telcos for blocking or appropriate action. Identification normally requires law enforcement investigation and lawful process. (www.foi.gov.ph)

Can I force the telco to reveal the SIM registrant’s name?

Not directly as a private complainant. SIM registration data is confidential. Under RA 11934, disclosure may be made through legal process, including subpoena by a competent authority in an investigation based on a sworn complaint involving a specific number used in a crime or fraudulent, malicious, or unlawful act. (Supreme Court E-Library)

What if I clicked a fake SIM registration link but did not lose money?

Change your passwords and PINs, enable stronger authentication, monitor accounts, and report the link and sender to your telco and NTC. If you uploaded an ID, selfie, or sensitive personal information, consider filing with law enforcement and the NPC, especially if the data may be reused for identity theft.

What if someone used my ID to register a SIM?

File reports with the telco, NTC, and NBI or PNP-ACG. If your ID was collected by a business or platform and later misused or leaked, file a complaint with the NPC. Attach copies of the ID involved, screenshots, messages, and any proof showing unauthorized use.

Is a police blotter enough?

A police blotter is useful, but it is usually not enough for cybercrime tracing. For SIM registration identity theft, you generally need a proper complaint, sworn statement, and supporting evidence filed with NBI Cybercrime Division or PNP Anti-Cybercrime Group.

Can I recover money sent to a scammer?

Possibly, but recovery is not guaranteed. Report immediately to the bank or e-wallet and ask for investigation or temporary holding if the funds are still traceable. AFASA allows temporary holding and coordinated verification of disputed transactions under BSP rules, but funds may be difficult to recover once withdrawn or transferred through multiple accounts. (Lawphil)

Should I report to the National Privacy Commission or to the police?

Use both when appropriate. Report to the police, NBI, or PNP-ACG for criminal investigation. Report to the NPC when the issue involves misuse, unauthorized processing, leak, or improper handling of your personal data by an organization or person covered by the Data Privacy Act.

Do foreigners have the same right to report SIM registration scams?

Yes. Foreigners in the Philippines can report to telcos, NTC, NBI, PNP, NPC, banks, and e-wallets when affected. RA 11934 also provides specific SIM registration requirements for foreign nationals, so misuse of a foreigner’s passport or Philippine address can be relevant evidence. (Supreme Court E-Library)

What is the most important evidence to preserve?

The most important evidence is the original scam message or call log, screenshots showing the sender and date, the suspicious link, transaction receipts, OTP timing, account alerts, telco or bank tickets, and a written timeline. For serious cases, preserve the phone or device used.

Key Takeaways

  • Report SIM registration scams first to your telco, then to NTC, and to NBI or PNP-ACG if there is identity theft, account takeover, or financial loss.
  • SIM registration does not allow private persons to directly obtain a SIM owner’s identity; subscriber data is confidential and usually requires lawful process.
  • RA 11934 penalizes false SIM registration, spoofing, sale or transfer of registered SIMs without proper registration, and related acts.
  • RA 10175 may apply to phishing, account takeover, computer-related identity theft, and cyber-enabled fraud.
  • RA 10173 gives you privacy rights when your personal data is misused, leaked, or processed without authority.
  • RA 12010 is important when a SIM scam leads to bank, e-wallet, or payment fraud.
  • Preserve screenshots, original messages, transaction receipts, and timelines before deleting anything.
  • Fast reporting improves the chance of blocking the SIM, freezing disputed funds, preserving evidence, and tracing the offender through proper legal channels.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login