How to Report Threats and Harassment to Police or Cybercrime Units in the Philippines

Scope and purpose

Threats and harassment can happen in person, by phone/SMS, or online (Facebook/Messenger, X, Instagram, email, Viber/Telegram, games, forums). In Philippine law, the same conduct can fall under the Revised Penal Code (RPC) and/or special laws, and if committed using information and communications technology (ICT), it may also be treated as a cybercrime-related offense (often affecting penalty, evidence-gathering, and venue).

This article explains (1) what commonly counts as “threats” and “harassment” under Philippine law, (2) how to preserve evidence, (3) where to report (PNP, PNP Anti-Cybercrime Group, NBI Cybercrime Division, prosecutors, barangay, National Privacy Commission), and (4) what usually happens after you report.

1) What “threats” and “harassment” mean in Philippine context

A. Threats (criminal)

Under the RPC, “threats” generally mean telling someone you will cause harm—to their person, family, honor/reputation, or property—sometimes with a condition (e.g., “Give me money or I’ll…”) and sometimes without.

Common RPC concepts:

  • Grave threats (RPC Art. 282) – threats to commit a wrong that amounts to a crime (e.g., kill, burn house), especially if with a condition/demand, or if the threat is serious and credible.
  • Light threats (RPC Art. 283) and other light threats (RPC Art. 285) – less severe variations, including threats to do a wrong not amounting to a crime or threats in particular circumstances.
  • Coercion (RPC Arts. 286–287) – forcing someone to do something against their will, or preventing them from doing something they have a right to do. Unjust vexation is commonly treated under light coercions (RPC Art. 287) and is often used for persistent, annoying, distressing conduct that doesn’t neatly fit other crimes but causes irritation, disturbance, or torment.

Extortion-like threats (e.g., “Pay/send more photos or I leak your nudes”) can implicate:

  • Grave threats and/or other crimes depending on facts,
  • plus special laws when intimate images are involved (see below).

B. Harassment (often criminal, sometimes administrative + criminal)

“Harassment” is not always a single label in criminal statutes; it is often prosecuted through threats/coercion, unjust vexation, libel/defamation, sexual harassment laws, VAWC, data privacy, or other specific offenses.

Common legal buckets:

  • Persistent unwanted contact (repeated calls/messages, following, intimidation): often unjust vexation/light coercion, sometimes grave coercion, and in certain relationships, VAWC.
  • Public humiliation/insults/false accusations: may be slander, libel, or cyberlibel depending on medium.
  • Sexual harassment (including online): may fall under RA 11313 (Safe Spaces Act) and/or RA 7877 (Sexual Harassment Act) in workplace/authority contexts.
  • Harassment by intimate partner/ex-partner: often covered by RA 9262 (Violence Against Women and Their Children) when the victim is a woman (or her child) and the offender is a husband, ex-husband, boyfriend/girlfriend, ex, or person with whom she had a dating/sexual relationship or common child. Psychological violence under RA 9262 can include threats, stalking, harassment, and other acts causing mental or emotional anguish.
  • Non-consensual sharing or threats to share intimate images: can fall under RA 9995 (Anti-Photo and Video Voyeurism Act), RA 11313, RA 9262 (in applicable relationships), and possibly other crimes depending on demands and conduct.
  • Doxxing / exposing personal data to cause harm: may implicate RA 10173 (Data Privacy Act) and sometimes coercion/threats.

C. “Cyber” angle: when conduct happens online or via devices

The Cybercrime Prevention Act of 2012 (RA 10175):

  • Defines certain offenses (illegal access, identity theft, cybersex, child pornography, libel, etc.).
  • Also provides that crimes under the RPC and special laws, if committed through and with the use of ICT, may carry a higher penalty (RA 10175, Sec. 6) and are handled with cybercrime procedures/evidence tools.

Practical takeaway: a threat sent by Messenger, an impersonation account, identity theft, cyberlibel, non-consensual sexual content, or harassment involving personal data can justify reporting to cybercrime units, because they can help preserve digital evidence and pursue appropriate legal processes.

2) First priority: safety and risk management

If there is imminent danger (credible threat of violence, stalking nearby, home break-in risk), treat it as an emergency:

  • Seek a safe location, contact trusted people, and call 911 or local emergency responders.
  • If possible, avoid meeting the harasser alone.
  • For stalking, vary routines and improve physical security (locks, lighting, CCTV, trusted neighbors).

Even if the threat feels “online only,” threats sometimes escalate offline—so documenting early matters.

3) Evidence: what to preserve (and what not to do)

A. Golden rule: preserve the original, not just screenshots

Authorities and prosecutors prefer evidence that can be authenticated and traced.

Keep and preserve:

  • Full message threads (not just single messages).

  • Screenshots showing:

    • sender profile name + unique handle/URL,
    • timestamps,
    • the threatening/harassing text,
    • context before and after.

  • Screen recordings scrolling through the conversation (helps show continuity).

  • Profile URLs, post URLs, message permalinks where available.

  • Call logs, SMS logs, voicemail (if any).

  • Email full headers (not just the body).

  • Payment requests / bank details if there is extortion.

  • Photos/videos/files received (keep in original format).

  • A written incident log: date/time, platform, what happened, witnesses, how it made you fear harm or caused distress.

  • Witness statements if others saw messages, posts, or in-person acts.

Preserve the device:

  • Do not factory reset or “clean” the phone/laptop used to receive messages.
  • Avoid uninstalling apps until you’ve preserved data.
  • Keep SIM cards and relevant accounts accessible.

B. Avoid altering evidence

  • Don’t edit screenshots.
  • Don’t crop out identifying info if possible.
  • Don’t reply with threats yourself (it can complicate the case and create counter-allegations).

C. Recording calls: be careful (Anti-Wiretapping)

The Philippines has the Anti-Wiretapping Act (RA 4200), which generally prohibits recording private communications without proper authority/consent. Secretly recording calls can create legal and evidentiary problems. If you need proof of verbal threats, safer approaches include:

  • getting the threat repeated in writing (“Please confirm what you just said…”),
  • having a witness hear it on speakerphone (without recording),
  • immediately documenting the call in an affidavit and incident log.

D. Authentication of electronic evidence

Cases often hinge on whether digital evidence is properly authenticated under the Rules on Electronic Evidence (A.M. No. 01-7-01-SC). In practice, this usually means:

  • the complainant/witness can testify how the screenshot/printout was obtained,
  • the device/account used is identified,
  • the material has not been tampered with,
  • relevant metadata and context are shown when possible.

4) Where to report in the Philippines (and what each one does)

A. Philippine National Police (PNP) — nearest station

Best for:

  • Immediate local incidents (in-person harassment, stalking, threats at your home/work),
  • Creating an official record (police blotter),
  • Starting a criminal complaint, especially where the suspect is known locally.

Most stations can:

  • take your statement,
  • make a blotter entry (an official incident record),
  • refer you to an investigator,
  • advise on filing before the prosecutor.

B. PNP Anti-Cybercrime Group (PNP-ACG)

Best for:

  • Online threats, harassment, impersonation, hacking, identity theft,
  • Cases where quick preservation of digital evidence is needed,
  • Coordinating with platforms/telcos through lawful processes.

PNP-ACG has units/regional presence and specialized investigators for cyber-related complaints. They can guide you on what evidence is needed and what legal process applies.

C. NBI Cybercrime Division (or NBI cyber units)

Best for:

  • Complex cyber investigations,
  • Cases involving organized activity, multiple victims, or cross-border elements,
  • Forensic handling of devices/data.

NBI can take complaints and investigate, often coordinating with prosecutors for filing.

D. Office of the City/Provincial Prosecutor (DOJ prosecutors)

Best for:

  • Filing the criminal complaint for preliminary investigation,
  • Moving the case toward court filing.

In many situations, you can file a complaint-affidavit directly with the prosecutor (often with supporting affidavits and evidence), even if you also reported to police.

E. Women and Children Protection Desk (WCPD) / VAW Desks

Best for:

  • Cases involving women/children, gender-based sexual harassment, domestic/dating violence,
  • Situations needing immediate protective measures or sensitive handling.

If the facts suggest RA 9262 or RA 11313, reporting through WCPD can be crucial.

F. Barangay (Lupon / Barangay VAW Desk)

Best for:

  • Immediate community intervention and documentation,
  • Some disputes that may require Katarungang Pambarangay conciliation (depending on the offense and circumstances),
  • Barangay Protection Orders (BPOs) under RA 9262 for qualifying VAWC cases.

Important: Barangay conciliation applies only to certain disputes and has exceptions (e.g., when parties live in different cities/municipalities, or when the offense/penalty falls outside coverage, or when urgent legal action is needed). For many threat and cyber-related cases, direct filing with police/prosecutor is appropriate.

G. National Privacy Commission (NPC)

Best for:

  • Doxxing, malicious disclosure of personal data, unauthorized processing,
  • Privacy-related harassment (posting your address, workplace, IDs, private info).

NPC handles complaints and can pursue administrative/criminal aspects under the Data Privacy Act (RA 10173).

5) Step-by-step: how reporting typically works

Step 1 — Decide the fastest entry point

Choose based on urgency and medium:

  • Imminent harm → emergency response + local police.
  • Online harassment/threats → PNP-ACG or NBI Cybercrime (and optionally local police).
  • Intimate partner/dating violence, threats, stalking, sexual harassment → WCPD/VAW Desk + consider protection orders.
  • Doxxing/privacy attacks → NPC + police/cybercrime unit if threats/coercion exist.

You can pursue more than one track (e.g., blotter + cybercrime investigation + prosecutor filing), but keep your statements consistent.

Step 2 — Prepare a clean evidence packet

Bring (or compile as a folder/USB where permitted):

  • Government ID and contact details,
  • Printed screenshots (with dates/times/URLs),
  • A written timeline (one page is helpful),
  • Any witness names and contact info,
  • Device(s) containing the original messages,
  • Any receipts/transaction details if extortion is involved.

Label attachments as “Annex A, Annex B…” matching references in your affidavit.

Step 3 — Make a police blotter entry (even if you plan to file elsewhere)

A blotter entry:

  • documents the incident date and your report,
  • can support future requests (work/school, protection orders, later filings),
  • can show a pattern over time.

Ask for the blotter reference details according to local practice.

Step 4 — Execute the formal complaint (affidavit-based)

Most criminal complaints are affidavit-driven. Typically required:

  • Complaint-affidavit: your sworn narrative of facts.
  • Supporting affidavits: witnesses (if any).
  • Attachments: screenshots, printouts, photos, logs.

Where it’s filed:

  • At the prosecutor’s office for preliminary investigation, or
  • Initially through police/cybercrime investigators who will assist and then refer for filing.

Step 5 — Investigation and lawful data preservation

For cyber cases, time matters because platforms may delete data or accounts vanish.

Investigators may:

  • advise you to preserve evidence,
  • request lawful preservation of data (under RA 10175 mechanisms),
  • apply for cybercrime warrants under the Rules on Cybercrime Warrants (A.M. No. 17-11-03-SC), which cover tools such as warrants to search/seize/examine computer data and to disclose relevant computer data (depending on the situation).

Step 6 — Prosecutor stage: preliminary investigation (common path)

For many offenses, a preliminary investigation occurs:

  1. Filing of complaint-affidavit and evidence,
  2. Subpoena to respondent,
  3. Counter-affidavit,
  4. Possible reply and clarificatory hearing,
  5. Resolution (probable cause or dismissal),
  6. If probable cause: filing of Information in court.

If there is an arrest without warrant in specific circumstances, an inquest process may apply instead.

Step 7 — Court and protection measures

Depending on the case:

  • Criminal prosecution proceeds in appropriate courts.
  • Protection orders may be pursued (see next section).
  • Bail, hearings, and trial timelines depend on the offense and court.

6) Protection orders and urgent remedies (often as important as prosecution)

A. RA 9262 (VAWC) — for women and their children

If the offender is a spouse/ex-spouse, boyfriend/ex-boyfriend, dating partner, or someone with whom the woman has had a sexual/dating relationship or common child, and the acts cause physical/sexual/psychological harm (including threats/harassment), RA 9262 can apply.

Key remedies:

  • Barangay Protection Order (BPO): issued by the barangay (often fastest).
  • Temporary Protection Order (TPO) and Permanent Protection Order (PPO): issued by courts.

Protection orders can include:

  • no-contact / stay-away directives,
  • removal from residence,
  • surrender of firearms/weapons (as allowed),
  • other measures to prevent further abuse.

B. RA 11313 (Safe Spaces Act) — gender-based sexual harassment, including online

Covers gender-based sexual harassment in streets/public spaces, workplaces, schools, and online (e.g., unwanted sexual remarks, sexual content, threats, humiliating sexual acts directed at someone).

Remedies can involve:

  • criminal complaints (depending on the act/setting),
  • administrative proceedings in workplace/school (committees and policies),
  • reporting to law enforcement for online conduct.

C. RA 9995 — non-consensual intimate images

Prohibits creating, copying, distributing, publishing, or broadcasting certain intimate images/videos without consent. Threats to release intimate images are often intertwined with coercion/threats and can be reported urgently.

D. Data Privacy Act (RA 10173) — doxxing and malicious disclosure

If harassment includes publishing personal data (address, IDs, workplace, phone number) to cause harm, intimidation, or harassment, consider an NPC complaint alongside criminal reporting.

E. Platform and telco actions (non-criminal but practical)

While pursuing legal remedies:

  • report accounts/posts to platforms for takedown,
  • preserve proof before takedown,
  • tighten privacy settings, enable 2FA, and review account recovery options.

7) Common scenarios and the usual legal/reporting paths

1) “I will kill you / hurt you / burn your house” (online or offline)

  • Potentially grave threats (RPC Art. 282).
  • If delivered via ICT, often routed to PNP-ACG/NBI Cybercrime for evidence handling; also report to local police for immediate safety.

2) Repeated unwanted messages/calls, intimidation, “won’t leave you alone”

  • Often unjust vexation/light coercion (RPC Art. 287) or coercion-related theories; may escalate to threats if explicit harm is stated.
  • If gender-based/sexualized: consider RA 11313.
  • If in an intimate relationship context and victim is a woman: consider RA 9262 + protection orders.

3) “Send money or I post your nude photos” (sextortion)

  • Report urgently to PNP-ACG or NBI Cybercrime, and local police.
  • Possible overlap: threats/coercion, RA 9995, and if a minor is involved, child-protection laws (including RA 11930 and related statutes).

4) Public shaming posts, false accusations, defamatory statements

  • May be libel (traditional) or cyberlibel if posted online (RA 10175 content-related offense + Sec. 6 implications).
  • Evidence preservation is critical (URLs, timestamps, account identifiers).

5) Doxxing (posting address, workplace, IDs, family details)

  • Consider NPC complaint under RA 10173 plus criminal reporting if accompanied by threats or coercion.

6) Impersonation/fake accounts using your name/photos

  • May involve identity theft (RA 10175) and/or data privacy violations, depending on facts.
  • Report to cybercrime units; preserve profile URLs and evidence of impersonation.

8) Jurisdiction and venue: where you can file

Venue depends on the offense and where elements occurred. For cyber-related cases, laws and rules generally allow broader jurisdiction (e.g., where the victim accessed the content, where devices/accounts were used, or where the system involved is located). Practically:

  • Filing where the complainant resides or where the harmful access occurred is commonly workable,
  • Cybercrime units and prosecutors can guide venue if multiple places are involved.

9) Writing a strong complaint-affidavit (practical structure)

A clear affidavit often makes the difference between quick action and delays.

Suggested outline:

  1. Personal details (name, age, address, work) and how to contact you.
  2. Respondent details (name/alias, usernames, links, phone numbers, known addresses). If unknown, describe and use “John/Jane Doe.”
  3. Relationship/background (how you know them; history of conflict).
  4. Chronology of incidents (dates/times/places/platforms).
  5. Exact words of threats/harassment (quote verbatim; note language used).
  6. Why the threat is credible (weapons mentioned, prior violence, access to you).
  7. Impact (fear, inability to work, emotional distress, safety measures taken).
  8. Evidence list (Annex A: screenshots; Annex B: profile URL; Annex C: call logs; etc.).
  9. Witnesses (names and what they know).
  10. Prayer (request investigation, filing of appropriate charges, protective measures as applicable).
  11. Verification and jurat (sworn before authorized officer/notary/prosecutor as required).

10) Quick checklist before you report

  • Immediate safety plan if threat is urgent; contact emergency services if needed.
  • Preserve original evidence (threads, URLs, timestamps, device intact).
  • Prepare incident timeline and evidence packet (Annexes).
  • Choose reporting route: local police / WCPD / PNP-ACG / NBI Cybercrime / prosecutor / NPC (as fits).
  • Make a police blotter entry for documentation.
  • Execute complaint-affidavit and attach properly labeled evidence.
  • Avoid actions that compromise evidence (editing, deleting, secret call recordings).
  • Consider protective orders (especially under RA 9262) and other urgent remedies where applicable.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login