How to Trace and Report a Scammer in the Philippines

If someone scammed you in the Philippines, the most urgent goal is not to “find the scammer’s name” by yourself. It is to preserve evidence, stop further loss, trigger bank or e-wallet tracing, and file a report with the right agency while the digital trail is still fresh. Online scams move quickly: money may pass through several bank accounts or e-wallets within minutes, fake SIMs may be discarded, and social media profiles may disappear. This guide explains how tracing actually works under Philippine law, where to report an online scam, what evidence to prepare, and what realistic recovery options you may have.

Can You Legally Trace a Scammer in the Philippines?

Yes, but there is a big difference between documenting clues and legally compelling disclosure of identity.

As a private person, you can gather and preserve:

  • Mobile numbers used by the scammer
  • GCash, Maya, bank account, QR code, or merchant details
  • Facebook, Instagram, Telegram, Viber, TikTok, Shopee, Lazada, or marketplace profile links
  • Usernames, display names, email addresses, websites, domain names, and IP-related information shown to you
  • Screenshots, receipts, transaction reference numbers, and chat logs

But you generally cannot force a telco, bank, e-wallet, or platform to reveal the registered owner just because you were scammed.

Under the SIM Registration Act, Republic Act No. 11934, SIM registration data is confidential. A public telecommunications entity may disclose information only in limited situations, including a subpoena by a competent authority based on an investigation involving a sworn complaint that a specific number was used in a crime or fraudulent act.

For online platforms, banks, and e-wallets, law enforcement may need subpoenas, cybercrime warrants, preservation requests, or coordinated verification procedures. This is why your report must be properly documented.

Legal Bases for Reporting Online Scams in the Philippines

Online scams may fall under several Philippine laws depending on how the scam was done.

Estafa under Article 315 of the Revised Penal Code

The most common criminal charge for scams is estafa, or swindling, under Article 315 of the Revised Penal Code. In simple terms, estafa usually involves:

  • Deceit or false pretenses;
  • The victim relying on that deceit; and
  • Damage or loss of money, property, or value.

Examples include fake sellers who never ship goods, fake recruiters collecting placement fees, fake investment agents, romance scammers asking for emergency funds, and people pretending to be someone else to obtain money.

If the scam was committed through Facebook, messaging apps, email, online banking, or e-wallets, the Cybercrime Prevention Act may also apply.

Cybercrime Prevention Act of 2012

The Cybercrime Prevention Act of 2012, Republic Act No. 10175, covers several cyber-related offenses that often appear in scam cases, including:

  • Computer-related fraud;
  • Computer-related identity theft;
  • Illegal access to accounts;
  • Use of ICT to commit crimes under the Revised Penal Code or special laws.

Section 6 of RA 10175 is important because crimes under the Revised Penal Code or special laws may be covered when committed “by, through and with the use of information and communications technologies,” with a higher penalty.

RA 10175 also identifies the National Bureau of Investigation (NBI) and the Philippine National Police (PNP) as law enforcement authorities for cybercrime cases. Cybercrime cases are generally handled by designated Regional Trial Courts or special cybercrime courts.

Anti-Financial Account Scamming Act

The Anti-Financial Account Scamming Act, Republic Act No. 12010, is especially important for scams involving bank accounts, e-wallets, payment accounts, and money mule networks.

RA 12010 penalizes acts such as:

  • Money muling — using, lending, selling, renting, or opening financial accounts to receive or move proceeds of crimes or social engineering schemes;
  • Social engineering schemes — using deception or fraud to obtain sensitive identifying information that gives unauthorized access or control over a financial account;
  • Buying or selling financial accounts;
  • Opening accounts under fictitious names or using another person’s identity.

The law also allows covered financial institutions, under BSP rules, to temporarily hold disputed funds in certain situations. The BSP Circular No. 1215, Series of 2025, provides rules on temporary holding of disputed funds and coordinated verification. The holding period is generally not more than 30 calendar days, unless extended by a competent court.

Access Devices Regulation Act

If the scam involves credit cards, debit cards, account credentials, online banking access, OTPs, card numbers, or similar tools, the Access Devices Regulation Act of 1998, Republic Act No. 8484, as amended by Republic Act No. 11449, may apply.

This is relevant in phishing, unauthorized card transactions, account takeovers, and fraudulent use of access devices.

Electronic Evidence Rules

Screenshots and digital messages can matter, but they must be preserved properly.

The Electronic Commerce Act, Republic Act No. 8792, recognizes electronic documents and data messages. The Supreme Court’s Rules on Electronic Evidence guide how electronic evidence may be authenticated and evaluated.

In practice, this means you should not rely only on cropped screenshots. Keep original messages, URLs, account IDs, transaction records, and the device where possible.

What to Do Immediately After Being Scammed

1. Stop sending money and secure your accounts

Scammers often ask for more payments after the first loss: “release fee,” “tax clearance,” “refund processing fee,” “anti-money laundering clearance,” “customs fee,” or “account unlocking fee.”

Stop communicating except to preserve evidence. Then secure your accounts:

  1. Change passwords for email, banking, e-wallet, and social media.
  2. Remove unknown devices from account settings.
  3. Enable multi-factor authentication.
  4. Call your bank or e-wallet if you shared OTPs, PINs, card numbers, or login credentials.
  5. Freeze or replace compromised cards.

If the scammer has access to your email, they may reset passwords for other accounts. Secure your email first.

2. Report the transaction to your bank or e-wallet immediately

Do this before filing a full police complaint if money was transferred. Time matters.

Call the official fraud hotline or use the verified in-app support channel of your bank or e-wallet. Avoid random numbers found in comments, Facebook pages, or Google ads.

Tell the bank or e-wallet:

“I am reporting a disputed transaction due to an online scam. Please create a fraud case, give me a reference number, coordinate with the receiving institution, and evaluate the transaction for temporary holding of disputed funds under RA 12010 and BSP rules.”

Prepare these details:

Information Why it matters
Date and time of transfer Helps locate the transaction quickly
Amount Needed for the fraud report
Source account or wallet Identifies where the money came from
Receiving account, wallet, QR, or merchant ID Main tracing lead
Transaction reference number Critical for bank/e-wallet investigation
Screenshots of chat and payment instructions Shows fraud, not a voluntary ordinary payment
Police/NBI/CICC reference number, if already available Helps support coordinated verification

Ask for a case number or ticket number and take note of the date, time, and name or ID of the representative if provided.

3. Preserve evidence before the scammer deletes it

Do not delete the conversation out of anger or embarrassment. Preserve it first.

Collect:

  • Full screenshots showing the scammer’s profile, username, profile URL, and messages;
  • Screen recordings showing you opening the profile and scrolling through the conversation;
  • Payment receipts and transaction confirmations;
  • Bank or e-wallet statements;
  • QR codes, account numbers, mobile numbers, email addresses, and links;
  • Product listings, job posts, investment offers, or ads;
  • Delivery tracking numbers, if any;
  • Voice notes, call logs, emails, and SMS messages;
  • Names of witnesses or other victims;
  • Your own short timeline of events.

For screenshots, include the date, time, URL, account name, username, and full conversation context. Avoid editing, highlighting, cropping, or adding arrows to your only copy. You may create annotated copies later, but keep originals.

4. Report to the CICC or I-ARC hotline for fast routing

The Cybercrime Investigation and Coordinating Center (CICC), under the DICT, coordinates cybercrime response. For online scams, the public may use the government anti-scam hotline 1326 and related reporting channels. You can also check the official DICT CICC page and Scam Watch Pilipinas reporting page.

This is useful when:

  • The scam is ongoing;
  • The scammer is still contacting you;
  • Many victims are involved;
  • You need guidance on where to file;
  • You need the incident routed to the proper agency.

A hotline report is helpful, but for prosecution you will usually still need a sworn complaint, affidavit, and supporting evidence.

5. File a report with PNP ACG or NBI Cybercrime

For cyber-enabled scams, file with either:

  • PNP Anti-Cybercrime Group (PNP ACG) or its regional units; or
  • NBI Cybercrime Division or the appropriate NBI office.

You may also refer to the DOJ’s official page on reporting cybercrime incidents.

Bring or prepare:

Requirement Notes
Valid government ID Passport, driver’s license, UMID, PhilID, etc.
Complaint-affidavit or written narrative Some offices help you reduce your statement into affidavit form
Screenshots and screen recordings Save both printed and digital copies
Payment proof Receipts, bank statement, wallet transaction history
Account numbers and mobile numbers Include exact spelling and digits
Platform profile links URLs are better than display names
Device used Bring the phone/laptop if possible
Timeline of events Helps investigators understand the scam quickly
Bank/e-wallet ticket numbers Shows you reported promptly

Your affidavit should answer:

  1. Who contacted you?
  2. When and how did the communication start?
  3. What exactly was promised or represented?
  4. Why did you believe it?
  5. How much did you send, when, and to what account?
  6. What happened after payment?
  7. What evidence supports each fact?
  8. What identities, numbers, accounts, URLs, and transaction references are known?

If you are abroad, you may need to execute documents before a Philippine Embassy or Consulate, or have foreign documents notarized/apostilled depending on where they were executed and how they will be used. Philippine embassies and consulates commonly provide consular notarization for affidavits and special powers of attorney intended for use in the Philippines.

Where to Report Different Types of Scams

Type of scam Where to report Practical reason
Bank transfer or e-wallet scam Your bank/e-wallet first, then PNP ACG/NBI/CICC Fastest chance to trace and hold funds
Facebook Marketplace or online seller scam Bank/e-wallet, platform, PNP ACG/NBI; DTI if consumer transaction Criminal fraud and consumer remedy may overlap
Fake investment, crypto, Ponzi, “guaranteed returns” SEC, PNP ACG/NBI, bank/e-wallet SEC handles unauthorized investment-taking
Phishing or account takeover Bank/e-wallet, platform, PNP ACG/NBI, CICC Needs urgent account protection and technical tracing
Fake recruiter or job placement scam PNP/NBI; possibly DMW/POEA-related channels if overseas work Recruitment scams may involve special labor/migration laws
SIM/text scam Telco fraud report, CICC 1326, PNP/NBI SIM data requires lawful process
Data leak, misuse of ID, doxxing NPC plus PNP/NBI if criminal conduct exists Data privacy and cybercrime issues may overlap
Defective product or refund dispute without clear fraud DTI Consumer CARe System Better for ordinary consumer complaints

For investment scams, also check and report through the SEC iMessage complaint portal. Investment offers may fall under the Securities Regulation Code, Republic Act No. 8799, especially when money is solicited from the public with promises of profit.

For data privacy violations, identity misuse, or unlawful disclosure of personal information, use the National Privacy Commission’s file a complaint page.

For unresolved complaints against BSP-supervised banks, e-wallets, remittance companies, and other financial institutions, you may escalate through the BSP Consumer Assistance channels, but report the fraud first to the financial institution’s fraud or consumer assistance mechanism.

How Authorities Trace Scammers in Practice

Scam tracing usually follows several trails at once.

Financial trail

This is often the most useful trail. Investigators and financial institutions look at:

  • Receiving bank or e-wallet account;
  • Account owner and KYC records;
  • Linked mobile number or email;
  • Withdrawal location or cash-out partner;
  • Transfers to other accounts;
  • Merchant or QR details;
  • ATM, branch, or app activity;
  • Possible money mule accounts.

Under RA 12010 and BSP rules, financial institutions are expected to participate in coordinated verification of disputed transactions and may temporarily hold disputed funds when legal requirements are met.

Telco and SIM trail

A mobile number can be a lead, but the registered subscriber is not automatically disclosed to the victim. Under RA 11934, disclosure generally requires proper legal process, such as a subpoena in an investigation based on a sworn complaint.

Also remember: the registered SIM user may be a mule, fake registrant, identity theft victim, or someone whose documents were misused. A number is a lead, not final proof.

Platform and account trail

Facebook, Telegram, Viber, Instagram, email providers, marketplaces, and hosting providers may hold information such as:

  • Account registration email or phone;
  • Login activity;
  • IP-related logs;
  • Device information;
  • Linked accounts;
  • Content and message records.

Preservation is urgent because logs may be retained only for limited periods depending on the platform and the type of data. Law enforcement may request preservation or disclosure through proper channels.

Device and digital evidence trail

If you still have the phone or computer used in the transaction, do not factory reset it. Investigators may need to see original messages, app notifications, login sessions, downloaded files, or malware indicators.

Common Mistakes That Hurt Scam Cases

Waiting too long before reporting to the bank

If the money has already been withdrawn or passed through several accounts, recovery becomes harder. Report to the bank or e-wallet immediately, even if your police affidavit is not yet complete.

Relying only on a barangay blotter

A barangay blotter may document that you complained, but it does not replace a cybercrime complaint with PNP ACG, NBI, or the prosecutor. Barangay conciliation is usually not the right tool for anonymous or cyber-enabled scams, especially where criminal investigation and subpoenas are needed.

Posting the alleged scammer’s personal details online

Public warning posts may feel satisfying, but they can create problems if you post unverified names, IDs, addresses, or accusations. You may expose yourself to claims involving cyberlibel, harassment, or data privacy violations. Report to platforms and authorities first.

Paying “recovery agents” or hackers

Many victims are scammed twice. A “recovery expert” who promises to hack a wallet, trace a SIM owner, or retrieve funds for an advance fee is often another scammer. Paying someone to hack accounts or obtain confidential data illegally can also damage your own case.

Submitting messy evidence

Investigators handle many complaints. A clear folder with a timeline, transaction table, screenshots, URLs, and receipts is far more useful than hundreds of random images.

Sample Evidence Folder Organization

Use this structure when saving files:

Folder Contents
01-Timeline One-page summary of events
02-Identity-Clues Profile links, usernames, phone numbers, email addresses
03-Chats Screenshots and exported conversations
04-Payments Receipts, reference numbers, statements
05-Platform-Posts Product listing, investment ad, job post, website screenshots
06-Bank-Reports Fraud ticket, email confirmations, replies
07-Agency-Reports CICC, PNP, NBI, SEC, DTI, NPC reference numbers
08-Witnesses Names and statements of other victims, if any

Prepare a transaction table like this:

Date/time Amount Source account Receiving account Reference no. Evidence file
Jan. 10, 2026, 2:15 PM ₱8,500 GCash ending 1234 Maya 09xx… 123456789 Payment_01.png
Jan. 11, 2026, 9:20 AM ₱3,000 BPI ending 5678 BDO acct no. … FT987654 Payment_02.pdf

This helps the bank, investigator, and prosecutor quickly see the movement of funds.

Can You Recover the Money?

Recovery depends on speed, available evidence, and whether funds can still be located or held.

Possible routes include:

  1. Temporary holding and coordinated verification If reported quickly, the source and receiving financial institutions may trace and temporarily hold disputed funds under RA 12010 and BSP rules.

  2. Bank or e-wallet dispute process This is especially relevant if there was unauthorized access, phishing, account takeover, or failure of security controls.

  3. Restitution in criminal proceedings If a person is prosecuted and convicted, the court may impose civil liability or restitution depending on the offense and evidence.

  4. Civil action or small claims If you know the scammer’s real identity and address, a civil money claim may be possible. Under the Supreme Court’s Rules on Expedited Procedures in First Level Courts, small claims may cover money claims not exceeding ₱1,000,000, exclusive of interest and costs. This is practical only when the defendant can be identified and served.

  5. Settlement during investigation Some cases settle when the account holder or mule is identified. Be careful: any settlement should be documented in writing, and payment should be made through traceable channels.

Recovery is less likely when the money was converted to cash, cryptocurrency, gambling credits, prepaid cards, or passed through multiple mule accounts before reporting.

Special Notes for OFWs, Foreigners, and Victims Outside the Philippines

You can still report a scam connected to the Philippines, especially if:

  • The receiving bank, e-wallet, or financial institution is in the Philippines;
  • The scammer used a Philippine SIM, account, platform listing, or address;
  • You were in the Philippines when the scam happened;
  • The damage involved a Philippine account or Philippine-based victim.

Practical steps:

  1. Report immediately to the Philippine bank/e-wallet or remittance channel used.
  2. File an online or hotline report with CICC if available.
  3. Ask a trusted person in the Philippines to help coordinate, if necessary.
  4. Execute a special power of attorney if someone will file or follow up for you.
  5. Have affidavits notarized through the Philippine Embassy/Consulate or properly apostilled/legalized when required.
  6. Keep time zone details in your timeline so transaction times are clear.

Foreigners should also preserve passport pages, local address information, visa details, and proof of their connection to the Philippine transaction if relevant.

Frequently Asked Questions

Can I trace a scammer using a GCash or Maya number?

You can document the number, transaction reference, account name shown, QR code, and wallet details, but you cannot simply demand the owner’s full identity. The e-wallet provider may disclose information only through proper legal and regulatory processes. Report to the e-wallet immediately and file with PNP ACG, NBI, or CICC so lawful tracing can begin.

Can the police find the owner of a SIM card?

They may be able to request subscriber information through proper legal process. Under RA 11934, SIM registration data is confidential and disclosure generally requires a subpoena or legal process connected to an investigation based on a sworn complaint.

Is an online scam considered estafa?

Often, yes. If the scammer used deceit to make you send money or property, it may be estafa under Article 315 of the Revised Penal Code. If ICT was used, RA 10175 may also apply. Depending on the facts, RA 12010, RA 8484, RA 8799, or other special laws may also be relevant.

Should I report first to the police or to the bank?

If money was transferred, report to the bank or e-wallet first because funds can move fast. Then file with CICC, PNP ACG, NBI, or the proper agency. You do not need to wait for a complete police report before alerting your financial institution.

What if I only have screenshots?

Screenshots are useful, but strengthen them with original messages, profile URLs, screen recordings, transaction receipts, bank statements, email headers if available, and the device used. Keep unedited originals. Philippine rules recognize electronic evidence, but authentication still matters.

Can I file a case if the scammer used a fake name?

Yes. Many cybercrime complaints start with incomplete identity information. Provide all available identifiers: mobile number, wallet account, bank account, profile link, username, email, QR code, website, and transaction references. Law enforcement may use those leads to identify the person or account holder.

How long does a scam investigation take in the Philippines?

Bank or e-wallet fraud intake may begin immediately, but tracing and coordinated verification can take days or weeks. A police or NBI investigation may take weeks to months depending on subpoenas, platform cooperation, and evidence. Prosecutor preliminary investigation and court proceedings may take longer. The most time-sensitive part is the first 24 to 72 hours after payment.

Can I get the scammer jailed and get my money back?

A criminal case may lead to penalties and civil liability if the evidence proves the offense and the person responsible is identified. Getting money back is separate from arrest. Recovery is most realistic when funds are quickly held, the account holder is identified, or assets remain traceable.

Should I post the scammer’s face, ID, or address online?

Be careful. Posting personal details or accusations can create legal risks, especially if the identity is unverified or the person turns out to be an identity theft victim or mule. Preserve the evidence and report it to the platform and authorities instead.

Key Takeaways

  • Report the scam to your bank or e-wallet immediately; minutes can matter.
  • Preserve original digital evidence, not just cropped screenshots.
  • A mobile number, wallet, or bank account is a lead, not automatic proof of identity.
  • PNP ACG, NBI, CICC, SEC, DTI, NPC, and BSP each handle different parts of scam-related complaints.
  • RA 10175 covers cybercrime; Article 315 of the Revised Penal Code covers estafa; RA 12010 targets financial account scamming and money mule activity.
  • Do not pay hackers or “fund recovery agents.”
  • If you are abroad, you may still report Philippine-linked scams, but affidavits and authorizations may need consular notarization or apostille/legalization.
  • The best-prepared complaint has a timeline, transaction table, evidence folders, and complete account/profile details.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.