How to Trace and Report Scam Phone Numbers in the Philippines

A practical legal guide for consumers, corporate compliance teams, and investigators

Executive summary

Scam calls and texts are prosecuted in the Philippines under a web of statutes—primarily the Revised Penal Code (estafa and related frauds), the Cybercrime Prevention Act (RA 10175), the SIM Registration Act (RA 11934), the Data Privacy Act (RA 10173), and assorted regulatory rules of the NTC (National Telecommunications Commission) and BSP (for e-money/banking fallout). Tracing a number requires lawful process (police/NBI assistance, prosecutor or court orders) and timely evidence preservation from telecom providers and platforms. Private citizens cannot unmask subscriber identities on their own; instead, they should preserve evidence, escalate to law enforcement, and trigger statutory preservation of traffic data.

This article explains what counts as a scam, what you may lawfully do (and must not do), how data preservation and disclosure work, and the end-to-end steps to report and pursue cases—plus templates you can use today.

1) The legal foundations

1.1 Penal and special laws commonly invoked

  • Estafa (Art. 315, Revised Penal Code): Deceit causing damage (e.g., “investment,” “prize,” or “relative-in-distress” scams). Penalties scale with damage.
  • Cybercrime Prevention Act (RA 10175): If the fraud used a computer system, mobile phone, or online service, estafa and related offenses become cyber-enabled; venue and data-preservation rules are broadened, and penalties may be higher.
  • SIM Registration Act (RA 11934): Requires SIM owners to register; enables deactivation for fraudulent use and mandates telcos to keep certain registration data and cooperate with law enforcement upon proper process.
  • Data Privacy Act (RA 10173): Unlawful processing, unauthorized disclosure, and security breaches tied to mass spam, “lead lists,” and phishing campaigns can trigger civil, administrative, and criminal liability.
  • Access Devices Regulation Act (RA 8484): For scams involving credit/debit cards, e-wallet credentials, or cloned devices.
  • BSP’s Financial Consumer Protection framework (including RA 11765): Governs banks and e-money issuers; complaints may be escalated when scams involve transfers to bank/e-wallet accounts.

1.2 What “tracing” legally means

“Tracing” is not vigilante doxxing or real-time geolocation. In Philippine practice it means:

  • Getting a lawful preservation of relevant traffic/subscriber data;
  • Obtaining disclosure from telcos/over-the-top (OTT) platforms via subpoena, warrant, or court/prosecutor order;
  • Correlating telecom records with bank/e-wallet trails through BSP-regulated institutions;
  • Building a case file for PNP-Anti-Cybercrime Group (ACG) / NBI-Cybercrime Division (CCD) and, ultimately, the prosecutor.

Private complainants cannot compel disclosure; law enforcement or the prosecutor must do it.

2) Evidence: what to collect (and how to collect it)

2.1 Golden rules

  1. Do not engage beyond capturing proof; stop communicating after initial evidence is preserved.
  2. Do not secretly record voice calls without consent. The Anti-Wiretapping Act (RA 4200) generally prohibits recording private communications without all-party consent (save for narrow, court-authorized exceptions for law enforcement).
  3. Preserve before you report. Telecom and platform data are time-sensitive.

2.2 What to preserve

  • Screenshots of texts, call logs, and messaging app chats (include full screen with date/time and phone number visible).
  • Files/links the scammer sent; export chat histories if supported.
  • Call logs from your device (export where possible).
  • Bank/e-wallet records of any transfers (official statements, reference numbers, beneficiary account names/numbers).
  • Device details (phone model, OS version) and SIM serial/ICCID if relevant.
  • Witness statements (your own and others) captured as Affidavits (see template below).

2.3 Chain of custody practices (yes, even for civilians)

  • Keep original files; avoid re-saving with edits or filters.
  • Note who collected each item, when, and how.
  • For email or web content, save as PDF and keep the URL and timestamp.
  • Back up to two locations (local + cloud).
  • If corporate, use a ticket number and a read-only repository for evidence.

3) Lawful data preservation and disclosure

3.1 Preservation (time-critical)

Under cybercrime rules, service providers can be required to preserve traffic data and subscriber information for at least six (6) months, extendable upon order. Practically:

  • You (or counsel) file a complaint with PNP-ACG or NBI-CCD.
  • The agency issues a Preservation Order/Request to the telco/OTT.
  • Later, the investigator seeks a subpoena/warrant to obtain the content/disclosure.

Tip: When you report, explicitly request that investigators send immediate preservation notices to:

  • The telco controlling the number that contacted you;
  • Any messaging platforms used;
  • Any banks/e-wallets where money was sent.

3.2 Disclosure (identifying the user)

  • Subscriber identity and call detail records (CDRs) are confidential; telcos disclose only upon proper legal process (subpoena duces tecum, court order, or as provided by law).
  • Caller-ID spoofing and VoIP relays are common; investigators may need preservation from multiple providers to pierce the chain.
  • Expect that a single phone number may lead to front identities or drop accounts (money mules). Bank KYC and e-wallet logs often provide the decisive link.

4) What you can do immediately (civilian steps)

  1. Stop contact. Do not click links or send OTPs.
  2. Block the number on your device and messaging apps.
  3. Report to your telco (and help train their spam filters). Most networks accept reports via short code “7726” (SPAM) or carrier reporting channels; include the scam message and number.
  4. If money moved, activate your bank/e-wallet’s fraud freeze procedures at once; give reference numbers and ask them to trigger inter-bank/e-wallet recalls and report to BSP mechanisms if needed.
  5. File with law enforcement (see Section 6): PNP-ACG or NBI-CCD.
  6. If personal data was misused, notify the NPC (National Privacy Commission) and your organization’s DPO (if corporate).
  7. Document everything in an affidavit and create a simple evidence index.

5) What organizations should set up (compliance playbook)

  • Standard Operating Procedure (SOP): One-page checklist for frontliners (HR/IT/Finance) to capture screenshots, isolate devices if malware is suspected, and escalate to the DPO/Legal.
  • Preservation Letter templates for ACG/NBI and a 24/7 contact list for banks/e-wallets/telcos.
  • Bring-your-own-device policy: Clarify ownership of logs and consent for forensic acquisition.
  • Vendor addenda: Require data-incident cooperation within 24 hours and provide a named security contact.
  • Training & tabletop exercises simulating OTP phishing and vishing.

6) Where and how to report

6.1 Law enforcement

  • PNP – Anti-Cybercrime Group (ACG): File a complaint (walk-in or online) with your affidavit and evidence. Ask them to:

    • Issue Preservation Requests to telcos/OTT;
    • Coordinate with banks/e-wallets for fund tracing;
    • Prepare a Referral to the Prosecutor for estafa/cybercrime charges.

  • NBI – Cybercrime Division (CCD): Similar powers and workflow; sometimes preferable for complex multi-jurisdictional traces.

6.2 Regulators and sector contacts

  • NTC: For SIM deactivation/number blocking and carrier-level anti-spam actions.
  • NPC (Data Privacy): For spam using unlawfully obtained personal data, or data breaches at a company.
  • BSP / Financial Consumer Protection desks: When funds moved through banks or e-money issuers.
  • Your telco and the “7726/SPAM” short code: To feed carrier blacklists and analytics.

7) Building a prosecutable case

7.1 Elements to allege (typical estafa/cyber-estafa)

  1. Deceit (false pretenses, phishing, impersonation);
  2. Reliance (you acted based on the deceit);
  3. Damage (or potential damage);
  4. Use of a computer system (for cybercrime qualifying circumstance, where applicable).

7.2 Venue and jurisdiction

  • Under cybercrime rules, cases may be filed where any element occurred, where the complainant resides, or where the computer system is located—flexibility that helps victims pursue local complaints even if scammers are remote.

7.3 Affidavit essentials

  • Identity and contact details of the complainant;
  • Narrative with dates, times (Philippine Time), numbers used, channels (SMS/OTT/voice), and step-by-step events;
  • Description of evidence attached (Annex “A,” “B,” etc., with hash values if available);
  • Statement requesting issuance of Preservation Orders and Subpoenas;
  • Prayer for filing the appropriate charges.

8) Limitations and realistic expectations

  • Caller-ID spoofing may mask origin; tracing can require multiple providers and take time.
  • Cross-border actors complicate service of process and arrest.
  • Recovery of funds is uncertain once money hops through mules or is cashed out; early reporting materially improves odds.
  • Private tracing services that promise instant identity lookups typically cannot lawfully access telco subscriber data in the Philippines.

9) Templates you can use

9.1 Short Affidavit of Complaint (sample)

AFFIDAVIT OF COMPLAINT I, [Name], Filipino, of legal age, with address at [Address], after being duly sworn, depose and state:

  1. On [Date] at around [Time, Philippine Time], I received a [call/SMS/chat] from mobile no. [+63…] identifying as [Name/Entity claimed]. Screenshots are attached as Annex “A”.
  2. The caller/text stated [exact words or summary], inducing me to [send money/provide OTP/click link].
  3. Relying on said misrepresentations, I [describe act] resulting in [amount lost or risk] evidenced by [bank/e-wallet receipt Annex “B”].
  4. I request that investigators issue Preservation Orders to [Telco/OTT/Bank] for subscriber information, traffic data, and transaction logs relating to the number [+63…] and the accounts referenced in Annexes “B–C”.
  5. I pray that charges for [Estafa under Art. 315 of the RPC and, if applicable, RA 10175] be filed and the SIM/number be blocked pursuant to RA 11934. IN WITNESS WHEREOF, I sign this [Date] in [City]. [Signature over Printed Name] SUBSCRIBED AND SWORN before me this [Date] at [City].

9.2 Evidence Index (attach to affidavit)

Annex Description Source Date/Time (PHT) Notes / Hash
A Screenshots of SMS from +63… iPhone Messages 30 Oct 2025, 09:15 SHA-256: …
B GCash transaction receipt GCash PDF 30 Oct 2025, 09:22 Ref. No. …
C Call log export Android 30 Oct 2025, 09:35

9.3 Preservation Request (for ACG/NBI submission cover letter)

Re: Request for Immediate Preservation – Number +63[xxx] and Related Accounts Dear [Unit/Officer], We respectfully request issuance of Preservation Orders to:

  1. [Telco] – for subscriber info, CDRs, SMS logs, and cell-site/tower logs for +63[xxx] on [Date/Time range];
  2. [Platform, e.g., WhatsApp/Telegram] – for account data tied to +63[xxx];
  3. [Bank/e-wallet] – for full transaction logs re Ref Nos. [ ]. This follows a complaint for [Estafa/Cybercrime] filed today. Evidence list attached. Sincerely, [Name/Contact]

10) Special scenarios & tips

  • Impersonation of a bank/telco/agency (phishing/vishing): Notify the real institution’s fraud team; they can push takedowns and broadcast advisories.
  • Deep-fake voice/AI voicemail: Treat as cyber-enabled; mention synthetic content in the affidavit and preserve the audio only with consent or where law enforcement records under proper authority.
  • Work devices compromised: Involve your IT to image devices and contain malware; note this in the affidavit to validate why forensic acquisition was necessary.
  • Multiple victims: Encourage a joint complaint; consolidated evidence helps prosecutors establish a pattern.
  • Civil remedies: Consider a civil action for damages in parallel with criminal proceedings, particularly to freeze assets where identifiable.

11) Quick checklist (tear-off)

  • Screenshot scam message/call log with timestamps and number visible
  • Stop contact; block number; do not share OTPs
  • If money moved: call bank/e-wallet; request freeze/recall
  • Compile evidence + draft affidavit
  • File complaint with PNP-ACG or NBI-CCD; request Preservation Orders
  • Report number to telco (e.g., 7726/SPAM) and NTC for blocking
  • If personal data involved: notify NPC
  • Track your case number; follow up on prosecutor filing

12) FAQs

Can I trace the owner myself? No. Telco subscriber and traffic data are confidential; disclosure requires lawful process. Use law enforcement channels.

Is recording the scam call legal? Generally no, without all-party consent (RA 4200). Use screenshots and written notes instead, unless police obtain authority.

How fast must I act? Immediately. Preservation windows exist; the sooner you file, the higher the chance logs and funds can be frozen.

What if the number is spoofed? Investigators can still trace through network and platform logs and the money trail. Report anyway.

13) Final notes

  • Speed and completeness of your first report dramatically improve outcomes.
  • Keep communications factual and neutral. Avoid speculation in affidavits.
  • For corporate victims, align with your DPO and Legal to ensure privacy-law compliance and privilege.

This guide provides general information on Philippine law and procedure. For specific cases, consult counsel or coordinate directly with PNP-ACG or NBI-CCD.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login