How to Report Smishing and Text Scams in the Philippines

A smishing message can look harmless—a parcel notice, bank security alert, unpaid traffic fine, job offer, e-wallet reward, or urgent request from someone you know. But clicking the link, entering an OTP, or sending money can give scammers access to your bank account, e-wallet, identity documents, or mobile number. In the Philippines, the correct reporting route depends on what happened: your telecommunications company and the National Telecommunications Commission for the text itself, your bank or e-wallet if money or account access is involved, and the CICC, PNP, or NBI when the message appears criminal. Acting quickly matters because stolen funds may be transferred through several “mule accounts” and withdrawn within minutes.

What Is Smishing?

Smishing means phishing carried out through SMS or text messages. The scammer impersonates a trusted person or organization to persuade the recipient to:

  • Click a malicious link
  • Enter a username, password, card number, PIN, or OTP
  • Download an application or file
  • Call a fraudulent hotline
  • Transfer money to a bank or e-wallet account
  • Provide identification documents or personal information
  • Allow remote access to a phone or computer

Common smishing messages in the Philippines include fake notices involving:

  • Banks, GCash, Maya, or other financial institutions
  • PhilPost, courier companies, and online shopping deliveries
  • SIM registration or mobile account suspension
  • Government benefits, tax refunds, traffic violations, or unpaid penalties
  • Loans, investments, cryptocurrency, or work-from-home offers
  • Online gambling rewards
  • “Wrong number” conversations that develop into investment or romance scams
  • Requests from a supposed relative, employer, or public official

Smishing should not be confused with an ordinary unwanted marketing text. Both may be reportable, but smishing normally involves deception, impersonation, credential theft, malware, or an attempt to obtain money.

Philippine Laws That May Apply to Text Scams

Several laws may apply to the same incident. The exact offense depends on what the scammer did, what information was obtained, and whether money was lost.

SIM Registration Act: Republic Act No. 11934

The SIM Registration Act, Republic Act No. 11934 of 2022, requires telecommunications companies to maintain mechanisms through which subscribers can report potentially fraudulent calls or text messages.

After due investigation, a telecommunications company may temporarily or permanently deactivate a SIM used for fraudulent activity. The law also penalizes spoofing, which generally involves falsifying or misleading the source of a communication with intent to defraud, cause harm, or wrongfully obtain something of value. Spoofing a registered SIM may be punished by imprisonment of at least six years, a fine of ₱200,000, or both, subject to the law’s exceptions for authorized law-enforcement activity. (Supreme Court E-Library)

A registered SIM does not mean that an ordinary complainant can demand the subscriber’s name from the telecommunications company. SIM-registration information is confidential. Under Section 10 of RA 11934, disclosure may be made upon a subpoena or order from a competent authority in an investigation based on a sworn complaint, including a complaint stating that a particular number was used for a fraudulent, malicious, or unlawful act and that the offender’s identity is unknown. (Supreme Court E-Library)

Anti-Financial Account Scamming Act: Republic Act No. 12010

The Anti-Financial Account Scamming Act, Republic Act No. 12010 of 2024, and its implementing rules are especially important when a smishing attack results in an unauthorized bank or e-wallet transaction.

RA 12010 covers prohibited activities involving financial accounts, including certain money-mule arrangements and social-engineering schemes. A social-engineering scheme involves deception or fraudulent representation used to obtain sensitive identifying information or gain unauthorized access to or control over a financial account. A person who knowingly aids, abets, or attempts a prohibited act may also be liable. (Bangko Sentral ng Pilipinas)

Financial institutions may temporarily hold disputed funds while investigating. Under the Bangko Sentral ng Pilipinas rules:

  • An initial hold may last up to five calendar days.
  • When justified, the hold may be extended by up to 25 additional calendar days.
  • The total temporary holding period is generally limited to 30 calendar days, unless extended by a court order.
  • The account holder may be required to submit supporting documents during the initial five-day period, such as a sworn complaint, affidavit, police report, or other evidence describing the transaction. (Bangko Sentral ng Pilipinas)

This is not an automatic refund or chargeback. A hold is most useful when the complaint is made before the recipient withdraws or transfers the funds.

Cybercrime Prevention Act: Republic Act No. 10175

Depending on the method used, a smishing operation may involve offenses under the Cybercrime Prevention Act, Republic Act No. 10175 of 2012, including:

  • Computer-related fraud
  • Computer-related identity theft
  • Illegal access to an online account or computer system
  • Misuse of devices or malicious software

Fraud punishable under the Revised Penal Code or another special law may also be prosecuted in relation to RA 10175 when committed through information and communications technology. (LawPhil)

Estafa Under Article 315 of the Revised Penal Code

A text scam may amount to estafa, or criminal fraud, under Article 315 of the Revised Penal Code when the offender uses deceit to cause another person to part with money or property.

In Spouses Dulay v. People, the Supreme Court reiterated that estafa by false pretenses involves fraudulent representation, reliance by the victim, and resulting damage. Whether estafa is established depends on the evidence showing what representation was made, when it was made, and how it caused the victim’s loss. (Supreme Court E-Library)

Other laws may apply when scammers misuse card information, steal personal data, impersonate another person, or operate an illegal investment or lending scheme.

What to Do Immediately After Receiving a Scam Text

If you have not clicked the link or provided information

  1. Do not reply. Replying can confirm that your number is active.

  2. Do not click the link, even to inspect the website or unsubscribe.

  3. Take screenshots showing:

    • The complete message
    • Sender’s number or sender ID
    • Date and time
    • Link, account number, or contact details
  4. Use your phone’s report-spam function, then block the sender.

  5. Report the message to your telecommunications company, the NTC, or the CICC.

Do not forward the message to relatives with the link still clickable. Send a screenshot instead.

If you clicked but did not enter information

  1. Close the website immediately.
  2. Do not download or open any file offered by the page.
  3. Disconnect the device from mobile data and Wi-Fi if an application was installed or the phone behaves unusually.
  4. Using a different, trusted device, change passwords for accounts that may be exposed.
  5. Review your bank, e-wallet, email, and social-media accounts for unfamiliar activity.
  6. Contact your bank or e-wallet if the page involved financial credentials.

Merely opening a link does not always mean that an account was compromised, but installing an application, granting accessibility permissions, or entering credentials creates a much greater risk.

If you entered a password, PIN, card number, or OTP

Contact the affected bank, e-wallet, email provider, or online platform immediately through its official application, website, or number printed on your card. Ask the institution to:

  • Lock or suspend the affected account
  • Disable online banking or the compromised card
  • Revoke active sessions and registered devices
  • Block pending transfers where possible
  • Record a formal fraud complaint
  • Provide a complaint or case reference number

Change the exposed password from a clean device. Change any other account that uses the same or a similar password.

If money has already been transferred

Do not wait for a police report before contacting the bank or e-wallet. The first practical objective is to locate and hold the funds before they are withdrawn.

Provide:

  • Transaction reference number
  • Date, time, and amount
  • Source and destination account details
  • Recipient’s displayed name
  • Screenshots of the text and conversation
  • A brief explanation that the transaction resulted from fraud or social engineering
  • Any police report or affidavit already available

Ask whether a temporary holding process under RA 12010 and BSP rules can be initiated. Submit any requested sworn complaint, affidavit, police report, or supporting document within the institution’s deadline. (Bangko Sentral ng Pilipinas)

Where to Report Smishing and Text Scams in the Philippines

Where to report When to use it Practical reporting channel
Your telecommunications company For the originating number, sender ID, spam text, or suspicious call Use the provider’s official app, hotline, website, or store
National Telecommunications Commission For fraudulent or spam texts, especially when telco action is insufficient NTC text spam and scam reporting page
Cybercrime Investigation and Coordinating Center For centralized anti-scam reporting and referral Call 1326, email 1326@dict.gov.ph, or use the scam-reporting feature in the eGovPH app
Bank or e-wallet When credentials, account access, or funds are involved Use the institution’s official 24-hour fraud-reporting channel
PNP Anti-Cybercrime Group For a formal criminal complaint or investigation PNP ACG eComplaint portal or the nearest Regional Anti-Cybercrime Unit
National Bureau of Investigation For cyber-enabled fraud, identity theft, account compromise, or organized scams NBI online complaint page or the NBI Cybercrime Division
Bangko Sentral ng Pilipinas When a BSP-supervised bank or e-wallet fails to resolve a complaint properly BSP Consumer Assistance Mechanism and BOB chatbot
National Privacy Commission When the incident involves unlawful collection, disclosure, sale, or misuse of personal data NPC complaint-filing page

The CICC’s National Anti-Scam Hotline 1326 serves as a centralized reporting and coordination channel. Scam reports may also be submitted through the eGovPH application’s reporting feature. (Dictionary)

Reporting to Globe, Smart, or another telecommunications company

Globe subscribers may use the Globe Stop Spam portal or the StopSpam function in the GlobeOne application. Smart advises subscribers to report suspicious messages through its verified support channels or by calling *888; its current safety guidance is available on the Smart scam-protection page. (Globe Telecom)

For DITO or another provider, use the official customer-support function in the provider’s application or website. Avoid numbers supplied in the suspicious text itself.

When filing a telco complaint, include the sender’s number or sender ID, the receiving number, date and time, complete message, and screenshots. Under an NTC memorandum governing unsolicited commercial communications, a public telecommunications entity was directed to act on a subscriber complaint within 30 days, after which an dissatisfied complainant could elevate the matter to the NTC. A scam investigation may nevertheless take longer when subscriber verification, spoofing, multiple networks, or law-enforcement requests are involved. (Region 7 NTC)

Reporting to the CICC through 1326 or eGovPH

Report to the CICC when the text appears to be part of a phishing, investment, impersonation, spoofing, online-shopping, romance, or financial scam.

Prepare:

  • Your name and contact information
  • Mobile number that received the text
  • Sender’s number or sender ID
  • Date and time received
  • Screenshots and complete message
  • Website address or application involved
  • Amount lost, if any
  • Bank or e-wallet transaction references
  • Reports already filed with other agencies

A CICC report helps with coordination and referral, but it does not replace an urgent fraud report to your bank or a sworn criminal complaint when formal investigative action is required.

Filing with the PNP Anti-Cybercrime Group or NBI

A formal law-enforcement complaint is appropriate when:

  • Money was lost
  • An online account was taken over
  • The scammer obtained identification documents
  • Malware or a remote-access application was installed
  • The scammer is threatening, blackmailing, or repeatedly targeting you
  • Bank or telecommunications records must be obtained through legal process
  • The scam appears organized or involves multiple victims

Bring the original phone and SIM when possible. You may be asked to execute a sworn statement describing the incident in chronological order.

For NBI Cybercrime Division assistance, the published intake process includes a complaint sheet, preliminary interview, sworn complaint, sworn statements from the complainant or witnesses, examination of the relevant device, and submission of supporting documents. The published frontline intake has no government fee, although the actual investigation may take considerably longer. (National Bureau of Investigation)

Evidence and Documents to Prepare

Evidence or document Why it matters
Government-issued ID Confirms the complainant’s identity
Original phone and SIM Preserves the message, metadata, applications, and account history
Full screenshots Shows the sender, date, time, wording, and link
Screen recording Useful when a fraudulent webpage or account is still accessible
Transaction receipt Identifies the amount, date, destination, and reference number
Bank or e-wallet statement Confirms the debit and account involved
Chat, email, or call records Shows the complete sequence of representations
Website address and profile links Helps identify infrastructure or online accounts
Complaint reference numbers Connects reports filed with the bank, telco, NTC, CICC, PNP, or NBI
Written chronology Helps the investigator understand what happened and in what order
Affidavit or sworn complaint May support subpoenas, formal investigation, or a temporary fund hold
Witness affidavit Supports facts personally seen or heard by another person

Screenshots are useful, but they are stronger when supported by the original device, transaction records, account statements, and a consistent written chronology. Do not edit, crop, annotate, or overwrite your only copy. Keep the original files and make separate working copies.

How to Escalate a Bank or E-Wallet Complaint to the BSP

The bank or e-wallet’s own Financial Consumer Protection Assistance Mechanism is ordinarily the first level of recourse. If the institution does not respond adequately or you disagree with the resolution, the complaint may be escalated to the BSP Consumer Assistance Mechanism through the BOB chatbot or other channels listed on the BSP website. (Bangko Sentral ng Pilipinas)

Include:

  • Your complaint to the institution
  • Its acknowledgment or reference number
  • Its final response, if one was issued
  • Transaction records
  • Screenshots and relevant communications
  • A clear statement of the resolution requested

The BSP complaint process is not a substitute for immediately reporting the fraudulent transaction to the institution. It is mainly an escalation mechanism when the supervised institution’s handling of the complaint remains unresolved or unsatisfactory.

When to File a Complaint with the National Privacy Commission

The National Privacy Commission is appropriate when the facts indicate a possible violation of the Data Privacy Act, such as:

  • A company’s customer database appears to have been leaked
  • A scammer possesses confidential information that should have been held by an organization
  • Personal data was disclosed or sold without authority
  • Identity documents were unlawfully collected or reused
  • An organization failed to respond properly to a personal-data breach or privacy request

The NPC has separately warned the public about smishing and the risks of disclosing personal information through fraudulent messages. Its formal complaint procedure generally requires a verified complaint or notarized complaint-assisted form, a valid ID, supporting evidence, and, where relevant, witness affidavits. (National Privacy Commission)

The NPC does not replace the police, NBI, CICC, bank, or telecommunications company. Use it when there is a genuine personal-data issue in addition to the scam.

Fees, Timelines, and Likely Outcomes

Process Typical practical timing Cost considerations
Bank or e-wallet fraud report Immediately; holding decision may begin during initial review Usually no reporting fee
Temporary hold under BSP rules Initial period up to 5 calendar days; possible extension up to a total of 30 days unless a court extends it Supporting affidavits or police reports may involve notarial or transport costs
Telco report Acknowledgment may be immediate; technical review can take days or weeks Usually no reporting fee
NTC or CICC report Online or telephone filing can be completed the same day Generally no reporting fee
PNP or NBI intake May be completed on the day of appearance if documents are sufficient NBI’s published frontline cybercrime intake has no government fee
Criminal investigation Weeks or months, sometimes longer Private notarization, printing, travel, or legal assistance may create expenses
NPC complaint Filing and evaluation can take months depending on complexity Notarization, courier, translation, or applicable administrative charges may arise

No agency can guarantee recovery. The chances usually decrease when:

  • Reporting is delayed
  • Funds have been withdrawn in cash
  • Money passed through several mule accounts
  • Cryptocurrency or foreign platforms were used
  • The victim cannot provide transaction references
  • Evidence was deleted or the device was reset
  • Requested sworn documents were not submitted on time

Even when money cannot be recovered, reporting may help link the number, account, website, device, or recipient to other complaints.

Common Mistakes That Make a Smishing Complaint Harder

Waiting for the scammer to reply

Do not negotiate or ask the scammer to return the money. The delay can give the recipient time to withdraw or transfer the funds.

Contacting the “hotline” in the text

A fraudulent message may contain a fake customer-service number. Obtain the correct number from the back of your bank card, the official application, or the institution’s verified website.

Deleting the message after blocking the sender

Preserve the complete message first. Blocking is useful, but deleting the only copy may remove important evidence.

Resetting the phone immediately

A factory reset may destroy evidence. When malware is suspected, disconnect the device and use another clean device to secure your accounts. Let the investigator or qualified technician know before wiping the phone.

Assuming a familiar sender ID proves the message is genuine

A fraudulent message may appear under a company name or inside an existing message thread because sender information can be spoofed. Verify the message independently through the organization’s official application or published number. RA 11934 expressly recognizes and penalizes fraudulent spoofing. (Supreme Court E-Library)

Expecting the telco to disclose the subscriber’s identity

Telcos cannot normally release SIM-registration data directly to a private complainant. Investigators or prosecutors may obtain relevant information through a subpoena or other lawful process. (Supreme Court E-Library)

Treating a barangay blotter as the complete complaint

A barangay blotter can help document that an incident was reported, particularly when the scammer is known locally. It does not freeze a bank account, compel a telco to release subscriber information, or replace a PNP, NBI, bank, CICC, or NTC complaint. Cyber scams involving unknown offenders are usually more effectively reported directly to the relevant financial institution and cybercrime authorities.

Reporting a Philippine Text Scam from Abroad

Filipinos overseas and foreign nationals can report a scam affecting a Philippine number, bank account, e-wallet, company, or victim.

Because the 1326 short code may not work through a foreign mobile network, use:

  • The eGovPH application’s scam-reporting feature
  • 1326@dict.gov.ph
  • The institution’s official online fraud channel
  • The NBI or PNP ACG online complaint facility
  • The NTC’s online reporting page
  • BSP consumer assistance, when applicable

A Philippine agency may later require a sworn affidavit. A person abroad may generally execute the document before a Philippine embassy or consulate, or before a local notary followed by an apostille when the issuing country participates in the Apostille Convention. Documents from countries outside the Apostille Convention may require consular authentication. Confirm the receiving agency’s format before paying for notarization, apostille, translation, or courier services. (Philippine Embassy in New Delhi)

Foreign nationals should ordinarily prepare a passport or another government-issued identification document. Evidence in another language may need an English or Filipino translation. An authorized representative in the Philippines may be able to submit documents, but investigators can still require the complainant’s personal sworn statement or interview.

Frequently Asked Questions

Where should I report a scam text in the Philippines?

Report the number or sender ID to your telecommunications company and the NTC. You may also report through CICC Hotline 1326 or the eGovPH app. When money, credentials, or account access is involved, contact the bank or e-wallet immediately and consider filing with the PNP Anti-Cybercrime Group or NBI.

Can I report a text scam even if I did not lose money?

Yes. An attempted scam can still be reported. Early reports help telecommunications companies and authorities identify active numbers, links, sender IDs, websites, and recurring scam patterns.

Can I find out who registered the scammer’s SIM?

Not directly. SIM-registration information is confidential. A competent authority may obtain it through a subpoena or other lawful process during an investigation supported by a sworn complaint.

What if the message appears under my bank’s real sender name?

Do not rely on the sender name alone. Spoofed messages can appear under a familiar sender ID or within an existing conversation thread. Open the bank’s official application or call the number printed on your card to verify the notice.

Can the bank recover money sent because of smishing?

Recovery is possible but not guaranteed. Report immediately and provide complete transaction details. A temporary hold may be available if the funds can still be traced and the requirements under RA 12010 and BSP rules are met.

Is a screenshot enough to file a complaint?

A screenshot is enough to begin many reports, but it may not be enough for a full investigation. Preserve the original phone, complete message thread, transaction records, account statements, links, complaint references, and a written chronology.

Should I go to the barangay first?

Not usually when the offender is unknown, the transaction occurred online, or the funds moved through a bank or e-wallet. Contact the financial institution and cybercrime authorities first. A barangay report may be supplementary, especially when the offender is known and lives locally.

What should I do if I installed an application from the scam link?

Disconnect the phone from the internet, do not grant additional permissions, and use a separate clean device to change important passwords and contact your bank. Preserve the suspicious application and phone for examination instead of immediately resetting the device.

What if my bank or e-wallet ignores my complaint?

Keep the complaint reference and written communications. Follow the institution’s internal escalation process. If it remains unresolved or the response is unsatisfactory, file a consumer complaint through the BSP Consumer Assistance Mechanism.

Can I report anonymously?

Some hotlines or spam-reporting tools may accept initial information without a full sworn complaint. Formal investigative steps, subpoenas, recovery claims, or criminal proceedings will normally require the victim’s identity, evidence, and sworn statement.

Key Takeaways

  • Report an active financial loss to the bank or e-wallet immediately; do not wait for a police report.
  • Preserve the complete message, original device, sender details, links, transaction references, and account records.
  • Report the text to your telecommunications company, the NTC, or CICC Hotline 1326.
  • File with the PNP Anti-Cybercrime Group or NBI when money, identity theft, account compromise, malware, threats, or organized fraud is involved.
  • A SIM-registration record is confidential and normally obtained by investigators through lawful process, not released directly to the victim.
  • BSP rules allow temporary holding of disputed funds in qualifying cases, but reporting quickly and submitting supporting documents are critical.
  • Escalate unresolved bank or e-wallet complaints to the BSP, and use the NPC process when the incident includes a genuine personal-data violation.
  • Do not delete the message, reset the device, contact numbers supplied by the scammer, or assume that a familiar sender ID is genuine.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.