Identity Theft and Scam Evidence Preservation in the Philippines

I. Introduction

Identity theft and online scams are among the most common digital crimes affecting Filipinos today. Victims may discover that their name, photograph, government ID, mobile number, e-wallet account, bank account, social media profile, or personal documents have been used without consent. Others become victims of investment scams, online lending scams, fake employment offers, romance scams, marketplace fraud, phishing, account takeovers, SIM-related fraud, or unauthorized financial transactions.

In many cases, the most important thing a victim can do immediately is not only to report the scam, but to preserve evidence properly. Poorly preserved evidence can weaken a complaint, delay investigation, or make it difficult to connect the scammer to the account, device, platform, wallet, phone number, bank account, or online profile used in the offense.

This article discusses identity theft and scam evidence preservation in the Philippine legal context, including applicable laws, types of evidence, immediate victim steps, complaint preparation, coordination with banks and platforms, and practical legal guidance.

II. What Is Identity Theft?

Identity theft occurs when another person uses someone’s personal information without authority, usually to deceive, obtain money, access accounts, create fake profiles, open financial accounts, apply for loans, receive scam proceeds, evade liability, or damage the victim’s reputation.

In the Philippines, identity theft may involve:

  • use of another person’s name;
  • use of stolen government IDs;
  • use of selfies with ID;
  • use of signatures;
  • use of mobile numbers;
  • use of email addresses;
  • use of bank or e-wallet accounts;
  • impersonation through social media;
  • unauthorized access to accounts;
  • fake loan applications;
  • SIM registration misuse;
  • creation of fake marketplace or investment accounts;
  • use of another person’s business name or corporate identity;
  • misuse of personal data obtained through phishing, job applications, lending apps, or fake verification forms.

Identity theft is often not a standalone event. It is usually connected with other offenses such as estafa, cybercrime, falsification, unauthorized access, data privacy violations, harassment, financial fraud, money laundering, or use of mule accounts.

III. Common Identity Theft Scenarios in the Philippines

A. Fake loan applications

A victim submits an ID, selfie, payslip, proof of billing, or employment details to a fake online lender. The scammer later uses those documents to apply for loans, open accounts, or impersonate the victim.

B. E-wallet or bank account takeover

A scammer obtains the victim’s OTP, PIN, password, SIM access, email access, or device access, then transfers money out of a bank or e-wallet account.

C. Social media impersonation

A scammer creates a fake Facebook, Instagram, TikTok, Telegram, Viber, WhatsApp, or Messenger account using the victim’s name and photo. The fake account may solicit money, sell fake products, borrow funds, or spread defamatory content.

D. Marketplace scams

A scammer uses another person’s identity to sell nonexistent items, collect deposits, or convince buyers to transfer money.

E. Employment or task scams

Victims are asked to submit resumes, IDs, bank details, and screenshots for fake work-from-home jobs. Their identity may later be used for mule accounts, fake registrations, or additional scams.

F. Romance and investment scams

Scammers persuade victims to submit documents or send funds to platforms that later disappear. Personal data may be reused to target the victim or impersonate them.

G. SIM-related identity misuse

A mobile number registered under one person’s name may be used by another to receive OTPs, commit fraud, or communicate with victims.

H. Corporate or business identity theft

A scammer uses a legitimate business name, SEC registration, DTI certificate, mayor’s permit, logo, or official-looking document to deceive the public.

IV. Legal Framework in the Philippines

Identity theft and scam evidence preservation may involve several laws.

A. Cybercrime Prevention Act of 2012

Republic Act No. 10175, or the Cybercrime Prevention Act of 2012, is one of the primary laws relevant to identity theft committed through information and communications technology.

Relevant offenses may include:

1. Computer-related identity theft

This involves intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another person, whether natural or juridical, without right.

This is directly relevant where a scammer uses a victim’s personal data, account details, photographs, IDs, or digital identity.

2. Computer-related fraud

This may apply where a scammer uses a computer system, online platform, mobile app, fake website, or digital communication to cause financial loss through deception.

3. Illegal access

This may apply where a person accesses a bank account, e-wallet, email, social media account, Binance account, mobile wallet, or other account without authority.

4. Data interference or system interference

These may apply in more technical cases involving alteration, deletion, suppression, or disruption of data or systems.

5. Cyber libel

Where fake accounts are used to publish defamatory statements against the victim, cyber libel may be considered.

6. Aiding or abetting cybercrime

Persons who assist in the commission of cybercrime may also face liability depending on their participation.

B. Revised Penal Code

The Revised Penal Code remains relevant even when the scam occurs online.

1. Estafa

Estafa is commonly charged in scam cases. It involves deceit, abuse of confidence, or fraudulent means resulting in damage.

Examples:

  • a scammer pretends to be the victim and borrows money from friends;
  • a fake seller collects payment for nonexistent goods;
  • a fake employer collects processing fees;
  • a fake lender collects advance fees;
  • a P2P trader uses fake proof of payment;
  • a person uses another’s identity to obtain money or property.

2. Falsification

Falsification may apply when fake documents are created, altered, or used. This includes fake IDs, fake authorizations, fake receipts, fake certificates, fake bank documents, fake proof of payment, fake employment records, and falsified contracts.

3. Use of falsified documents

Even if a person did not personally create the fake document, knowingly using it may create criminal exposure.

4. Unjust vexation, grave coercion, threats, or harassment-related offenses

Where scammers threaten to expose personal information, contact relatives, shame the victim, or force payment, other offenses may be considered depending on the acts committed.

C. Data Privacy Act of 2012

Republic Act No. 10173, or the Data Privacy Act of 2012, protects personal information, sensitive personal information, and privileged information.

It is relevant when:

  • personal data is collected without lawful basis;
  • IDs or selfies are misused;
  • personal information is shared without consent;
  • contact lists are harvested;
  • personal data is sold or transferred;
  • a lending app accesses phone contacts and uses them for harassment;
  • a fake platform collects information for fraud;
  • personal data is exposed in group chats or social media;
  • a company fails to secure customer data.

Possible issues under the Data Privacy Act include unauthorized processing, unauthorized access, improper disposal, malicious disclosure, unauthorized disclosure, and failure to implement reasonable security measures.

The National Privacy Commission may receive complaints involving misuse or mishandling of personal data.

D. SIM Registration Law

The SIM Registration Act is relevant where mobile numbers are used for scams, phishing, OTP interception, impersonation, or account takeover.

A victim may need to preserve the phone number used by the scammer, screenshots of messages, call logs, and any platform details. The registered identity behind a SIM may require lawful request or investigation by authorities; ordinary private individuals generally cannot compel disclosure directly.

E. Anti-Financial Account Scamming Act

The Anti-Financial Account Scamming Act is relevant where bank accounts, e-wallets, payment accounts, or other financial accounts are used in scams.

This law is especially important for cases involving:

  • mule accounts;
  • selling or renting financial accounts;
  • opening accounts using fake or stolen identities;
  • social engineering schemes;
  • unauthorized financial transfers;
  • financial account fraud;
  • scam proceeds passing through local bank or e-wallet accounts.

Where a scammer uses a victim’s identity to open or control accounts, or uses another person’s account to receive proceeds, this law may be implicated.

F. Anti-Money Laundering Law

If scam proceeds move through banks, e-wallets, remittance centers, crypto platforms, or financial accounts, money laundering concerns may arise.

Victims themselves may be asked by banks or platforms to explain transactions, source of funds, and counterparty details. A victim whose account is used as a mule account must act quickly to show lack of participation and preserve proof of compromise or deception.

G. Electronic Commerce Act

Electronic records, electronic documents, digital communications, and electronic signatures may be admissible in Philippine proceedings, subject to authentication and applicable evidentiary rules.

This is important because scam cases are often proven through screenshots, emails, chat logs, transaction histories, IP-related logs, digital receipts, and platform records.

V. Why Evidence Preservation Matters

Evidence preservation is the bridge between being scammed and proving the scam.

A victim may know what happened, but investigators, prosecutors, courts, banks, platforms, and regulators need proof. In digital scams, evidence may disappear quickly because scammers can:

  • delete accounts;
  • change usernames;
  • unsend messages;
  • block victims;
  • deactivate pages;
  • change phone numbers;
  • erase posts;
  • transfer funds rapidly;
  • move crypto across wallets;
  • use mule accounts;
  • use fake names;
  • spoof email addresses;
  • fabricate receipts.

Preserving evidence early helps establish:

  1. who communicated with the victim;
  2. what representations were made;
  3. what identity was used;
  4. what documents were submitted;
  5. where money was sent;
  6. when transactions occurred;
  7. how the scam was carried out;
  8. what personal data was compromised;
  9. what platform or institution was involved;
  10. what loss was suffered.

VI. Immediate Steps for Victims

1. Stop communicating unnecessarily

Do not continue negotiating with the scammer unless needed to preserve evidence. Further communication may expose the victim to manipulation, threats, or more losses.

2. Do not send more money

Scammers often invent additional fees: unlocking fee, tax, AML clearance, processing fee, refund fee, legal fee, insurance fee, or verification fee. These are usually part of the same scam.

3. Preserve evidence before blocking

Before blocking the scammer, save screenshots, profile links, phone numbers, account names, transaction receipts, and chat history.

4. Secure accounts

Immediately change passwords for:

  • email;
  • online banking;
  • e-wallets;
  • social media;
  • crypto accounts;
  • shopping accounts;
  • cloud storage;
  • mobile carrier accounts.

Enable two-factor authentication using an authenticator app where possible.

5. Report to financial institutions

If money was sent through a bank, e-wallet, remittance center, or payment app, report immediately. Ask for fraud handling, transaction review, account preservation, and possible freezing or recall if still available.

6. Report to the platform

Report fake profiles, fraudulent pages, fake stores, marketplace scams, phishing websites, or impersonation accounts through the platform’s official reporting channels.

7. File a police or cybercrime report

For serious cases, file with the appropriate cybercrime unit, police station, NBI Cybercrime Division, or prosecutor’s office.

8. Prepare an affidavit

A clear affidavit helps organize the facts and supports complaints to banks, platforms, regulators, and law enforcement.

9. Monitor for further identity misuse

If IDs or selfies were compromised, monitor for unauthorized loans, accounts, SIM registrations, and messages from strangers claiming they were scammed by the victim.

VII. What Evidence to Preserve

A. Identity-related evidence

Preserve copies of what the scammer obtained or used:

  • government ID submitted;
  • selfie with ID;
  • signature specimen;
  • proof of billing;
  • payslip;
  • bank statement;
  • certificate of employment;
  • resume;
  • tax identification details;
  • passport;
  • driver’s license;
  • UMID, PhilID, SSS, GSIS, PRC, or other ID;
  • business registration;
  • company documents;
  • photographs;
  • social media profile information.

Also document when and how the information was submitted.

B. Communication evidence

Save:

  • full chat threads;
  • screenshots of messages;
  • exported chat logs;
  • emails with headers if possible;
  • SMS messages;
  • call logs;
  • voice messages;
  • video call records;
  • Telegram usernames;
  • Viber numbers;
  • WhatsApp numbers;
  • Messenger profile links;
  • Facebook page URLs;
  • TikTok usernames;
  • Instagram handles;
  • website links.

For screenshots, include:

  • date and time;
  • sender name;
  • sender username;
  • phone number or handle;
  • full message;
  • visible URL;
  • profile photo;
  • conversation context.

Avoid relying only on cropped screenshots.

C. Financial evidence

Preserve:

  • deposit slips;
  • bank transfer receipts;
  • e-wallet receipts;
  • reference numbers;
  • account numbers;
  • account names;
  • QR codes;
  • remittance receipts;
  • crypto transaction hashes;
  • wallet addresses;
  • screenshots of payment instructions;
  • bank statements;
  • chargeback or dispute records;
  • customer service ticket numbers;
  • account freezing notices.

For each payment, record:

  1. date and time;
  2. amount;
  3. sender account;
  4. recipient account;
  5. platform used;
  6. reference number;
  7. reason given by scammer;
  8. related chat instruction.

D. Online profile evidence

For fake profiles, preserve:

  • profile URL;
  • username;
  • display name;
  • profile picture;
  • bio;
  • posts;
  • comments;
  • followers or friends, if relevant;
  • page creation details, if visible;
  • screenshots of advertisements;
  • marketplace listings;
  • group posts;
  • sponsored ads;
  • public comments from other victims.

Take screenshots before reporting because the account may disappear after the report.

E. Website and phishing evidence

If a scam involved a website or fake login page, preserve:

  • full URL;
  • screenshots of each page;
  • domain name;
  • email or SMS link that led to the site;
  • payment page;
  • fake login page;
  • terms or promises;
  • contact details listed;
  • downloadable files;
  • certificates displayed;
  • source of advertisement.

Do not continue entering sensitive information after realizing it is suspicious.

F. Device and access evidence

In unauthorized access cases, preserve:

  • login alerts;
  • password reset emails;
  • device approval notices;
  • OTP messages;
  • SIM replacement notices;
  • account recovery emails;
  • IP address notices, if available;
  • list of recognized devices;
  • security logs;
  • app notification history;
  • email forwarding rules;
  • suspicious linked accounts.

Do not delete suspicious emails or alerts. They may show the timing of compromise.

G. Platform reports

Preserve records of reports made to:

  • banks;
  • e-wallet providers;
  • social media platforms;
  • online marketplaces;
  • crypto exchanges;
  • telecom companies;
  • law enforcement;
  • regulators;
  • National Privacy Commission;
  • SEC or BSP, where applicable.

Record ticket numbers, dates, and names of representatives.

VIII. How to Take Proper Screenshots

Screenshots are often the first evidence available, but they must be useful.

Best practices

  1. Capture the entire screen where possible.
  2. Include the sender’s name, number, or username.
  3. Include the date and time.
  4. Include URLs for websites and profiles.
  5. Capture messages before and after the key message for context.
  6. Do not edit, crop, annotate, or filter the original.
  7. Save originals in a separate folder.
  8. Create copies for annotation if needed.
  9. Use screen recording for disappearing content or long chats.
  10. Back up files to secure storage.

Mistakes to avoid

  • only taking one screenshot of the final message;
  • cropping out the username or URL;
  • deleting the conversation after taking screenshots;
  • editing the original file;
  • renaming files in a confusing way;
  • failing to preserve transaction receipts;
  • relying only on printed screenshots;
  • not recording the scammer’s profile link.

IX. Exporting Chat Logs

Where possible, export the full conversation. This is often better than screenshots alone.

Depending on the app, users may be able to export chats from:

  • WhatsApp;
  • Telegram;
  • Viber;
  • email;
  • Facebook data download;
  • Google account data tools;
  • platform-specific report tools.

Exported chat logs help show continuity, timestamps, attachments, and context. They can also reduce disputes over whether screenshots were selectively chosen.

X. Preserving Metadata

Metadata may include file creation dates, device data, sender information, timestamps, and technical details. While not always visible, it can support authenticity.

Practical guidance:

  • keep original image files;
  • do not repeatedly send screenshots through apps that compress files;
  • avoid editing originals;
  • save email files in original format where possible;
  • keep downloaded receipts;
  • preserve PDFs from banks or platforms;
  • keep device logs where available;
  • back up to a secure drive or cloud account.

If the case is serious, avoid resetting or replacing the device until important data is backed up or documented.

XI. Evidence Organization

A well-organized evidence file is easier for police, prosecutors, banks, platforms, and lawyers to review.

Create folders such as:

  1. Timeline
  2. Chats
  3. Payments
  4. IDs and Personal Data Sent
  5. Fake Profiles and Websites
  6. Bank or E-wallet Reports
  7. Platform Reports
  8. Police or Government Complaints
  9. Witnesses
  10. Loss Computation

Prepare an evidence index with columns:

  • item number;
  • date;
  • description;
  • file name;
  • source;
  • relevance;
  • amount involved;
  • related person or account.

Example:

Item Date Evidence Relevance
1 Jan. 5 Screenshot of loan offer Shows false representation
2 Jan. 5 ID submission chat Shows personal data disclosed
3 Jan. 6 GCash receipt ₱5,000 Shows payment and recipient
4 Jan. 6 Demand for additional fee Shows continuing deceit
5 Jan. 7 Fake profile URL Identifies online account used

XII. Making a Timeline

A timeline is one of the most useful documents in a scam complaint. It should be factual and chronological.

Include:

  • when the victim first encountered the scammer;
  • what platform was used;
  • what identity the scammer used;
  • what promises were made;
  • what personal data was requested;
  • what payments were made;
  • when the victim realized it was a scam;
  • what accounts or profiles were involved;
  • what reports were filed;
  • what losses resulted.

Sample timeline format

January 10, 2026, 9:15 AM — I saw a Facebook post offering fast online loans. January 10, 2026, 9:30 AM — I messaged the page and was told to submit my ID and selfie. January 10, 2026, 10:00 AM — I submitted my driver’s license and selfie through Messenger. January 10, 2026, 1:00 PM — I was told my ₱50,000 loan was approved. January 10, 2026, 1:30 PM — I was instructed to pay ₱3,000 processing fee to GCash number ______. January 10, 2026, 1:40 PM — I sent ₱3,000. January 10, 2026, 2:30 PM — The person demanded another ₱5,000 for “AML clearance.” January 10, 2026, 3:00 PM — I refused and was blocked. January 11, 2026 — I reported the GCash account and preserved the chat.

XIII. Preparing an Affidavit of Complaint

An affidavit should be clear, complete, and supported by attachments.

Contents

  1. Full name, age, address, and contact details of complainant
  2. Statement that facts are based on personal knowledge
  3. Description of how the scam began
  4. Identity used by the scammer
  5. Personal data disclosed
  6. Amounts paid or assets lost
  7. Recipient accounts or wallets
  8. Harm suffered
  9. Evidence attached
  10. Request for investigation and appropriate action

Sample affidavit language

I am executing this affidavit to report identity theft and online fraud committed against me. The person who communicated with me used the name/account/profile ______ and represented that ______. Relying on these representations, I submitted personal documents and transferred money to the account provided. After receiving my payment and documents, the person failed to perform the promised act, demanded additional payments, and/or blocked me. I later discovered that my personal information may have been used without my consent. I respectfully request investigation and appropriate action.

XIV. Chain of Custody in Digital Evidence

Chain of custody refers to the handling and preservation of evidence from collection to presentation. In digital scam cases, strict forensic chain of custody may not always exist at the beginning, but victims should still maintain reliable records.

Practical steps:

  • keep original files;
  • record when and how evidence was collected;
  • avoid modifying evidence;
  • save copies in secure storage;
  • create a simple evidence log;
  • note who had access to files;
  • preserve devices where necessary;
  • do not delete original conversations;
  • submit copies, not originals, unless required;
  • ask authorities how they want digital files submitted.

Where the device itself contains crucial evidence, investigators may advise on forensic extraction.

XV. Notarization and Authentication

Screenshots are not automatically worthless, but their authenticity may be challenged. Depending on the case, a victim may strengthen evidence through:

  • affidavit identifying screenshots;
  • notarized affidavit;
  • certification from bank or e-wallet provider;
  • official transaction history;
  • platform response or ticket confirmation;
  • police blotter;
  • cybercrime complaint record;
  • screenshots with URL and timestamp;
  • forensic examination, in serious cases.

A notarized affidavit does not magically prove everything in the screenshot, but it helps establish that the complainant personally captured, preserved, and identifies the evidence.

XVI. Reporting to Banks and E-Wallet Providers

When money is transferred, report immediately to the financial institution.

Provide:

  • transaction reference number;
  • date and time;
  • amount;
  • sender account;
  • recipient account;
  • screenshots of scam instruction;
  • proof of transfer;
  • police report, if available;
  • statement that the transfer was induced by fraud;
  • request for account preservation or fraud investigation.

Ask for:

  • ticket number;
  • acknowledgment;
  • instructions for formal dispute;
  • whether recall or hold is possible;
  • required documents;
  • fraud affidavit template;
  • escalation process.

Act fast. Funds may be withdrawn or transferred within minutes.

XVII. Reporting to Telecom Providers

If a mobile number was used for scam messages, calls, OTP diversion, or impersonation, preserve:

  • SMS screenshots;
  • call logs;
  • phone number;
  • dates and times;
  • content of messages;
  • proof of scam;
  • reports submitted.

Telecom providers may not disclose subscriber information directly to private complainants without legal process, but reports can support investigation and account action.

XVIII. Reporting to Social Media and Online Platforms

When reporting fake accounts or posts:

  1. Take screenshots first.
  2. Save the profile URL.
  3. Save the post or listing URL.
  4. Report for impersonation, fraud, phishing, or harassment.
  5. Ask friends or affected persons to report as well where appropriate.
  6. Preserve platform acknowledgments.
  7. Do not rely on platform deletion alone as a remedy.

If the platform removes the account, that may stop further harm, but it may also make later evidence collection harder if the victim did not preserve records first.

XIX. Reporting to Law Enforcement

Victims may report to:

  • local police station;
  • PNP Anti-Cybercrime Group;
  • NBI Cybercrime Division;
  • prosecutor’s office;
  • barangay, for limited preliminary documentation or local disputes;
  • other specialized units depending on the case.

Bring:

  • valid ID;
  • affidavit or written narrative;
  • evidence index;
  • screenshots;
  • transaction receipts;
  • account details;
  • URLs and usernames;
  • phone numbers;
  • device used, if needed;
  • list of witnesses;
  • bank or platform reports.

For cybercrime complaints, digital copies may be requested. Bring files in a USB drive or follow the authority’s submission procedure.

XX. Reporting to the National Privacy Commission

If personal data was misused or mishandled, a complaint with the National Privacy Commission may be appropriate.

Examples:

  • a company leaked personal data;
  • a lending app accessed and exposed contacts;
  • a scammer posted IDs publicly;
  • personal data was processed without consent;
  • private information was shared to shame or harass;
  • an entity failed to secure personal data.

The NPC route is especially relevant where the respondent is an identifiable personal information controller or processor. If the wrongdoer is an unknown scammer, law enforcement may be the more immediate route, though the privacy issue should still be documented.

XXI. Reporting to the SEC

If the scam involves:

  • fake investment solicitation;
  • fake corporation;
  • fake lending company;
  • fake SEC registration;
  • unauthorized online lending;
  • Ponzi scheme;
  • crypto investment scheme;
  • use of corporate documents to deceive;

then the Securities and Exchange Commission may be relevant.

Preserve:

  • investment pitch;
  • promised returns;
  • certificates shown;
  • corporate names;
  • registration numbers;
  • names of officers or agents;
  • payment instructions;
  • screenshots of social media pages;
  • group chats;
  • receipts.

XXII. Reporting to the BSP

If the dispute involves a bank, e-wallet, payment service provider, remittance platform, or other BSP-supervised financial institution, the victim should first complain to the institution. If unresolved, escalation may be possible through appropriate BSP consumer assistance channels.

Preserve:

  • complaint ticket;
  • institution response;
  • transaction records;
  • written explanation;
  • supporting documents.

XXIII. Identity Theft Involving Government IDs

If a government ID was compromised, the victim should document the compromise and consider reporting to the issuing agency where appropriate.

Examples:

  • passport;
  • driver’s license;
  • PhilID;
  • PRC ID;
  • UMID;
  • SSS;
  • GSIS;
  • voter’s ID;
  • senior citizen ID;
  • company ID.

Steps:

  1. Preserve proof of how the ID was obtained by the scammer.
  2. File a police or cybercrime report.
  3. Notify relevant financial institutions if the ID could be used for accounts.
  4. Keep copies of reports to prove future unauthorized use.
  5. Monitor messages from lenders, collectors, or unknown persons.
  6. Dispute unauthorized accounts immediately.

XXIV. Identity Theft Involving Social Media

If someone creates a fake account using the victim’s name or photo:

  1. Screenshot the profile.
  2. Copy the profile URL.
  3. Screenshot posts, messages, and friend requests.
  4. Ask recipients to preserve messages from the fake account.
  5. Report the account for impersonation.
  6. Post a warning from the real account if necessary.
  7. File a complaint if money was solicited or reputation was damaged.

If the fake account borrowed money from contacts, ask the contacts to preserve their own chats and receipts because they may be direct victims of estafa.

XXV. Identity Theft Involving Online Lending Apps

Some identity theft cases begin with lending apps or fake loan pages.

Preserve:

  • app name;
  • download link;
  • APK file source, if sideloaded;
  • permissions requested;
  • screenshots of loan offer;
  • submitted documents;
  • messages from collectors;
  • threats;
  • contact list harassment;
  • payment records;
  • loan agreement;
  • privacy policy;
  • company name and registration details.

If collectors contact friends, relatives, or employers, preserve their screenshots too.

XXVI. Identity Theft Involving Bank or E-Wallet Accounts

If an account is opened or used under the victim’s name without consent:

  1. Contact the financial institution immediately.
  2. Ask for account restriction or investigation.
  3. File a police or cybercrime report.
  4. Submit an affidavit of denial or non-ownership if required.
  5. Preserve proof that the victim did not create or authorize the account.
  6. Request written acknowledgment of the report.
  7. Monitor for collection notices or legal demands.

If the victim’s legitimate account was taken over, change credentials and ask the institution for transaction logs and dispute procedures.

XXVII. Identity Theft Involving SIM Cards

Where the victim’s mobile number is compromised or used for fraud:

  • report to the telecom provider;
  • request account security review;
  • preserve SIM replacement notices;
  • preserve OTP messages;
  • check linked bank and e-wallet accounts;
  • update recovery numbers;
  • change passwords;
  • file cybercrime complaint if fraud occurred.

If a scammer used a different SIM but registered or represented it under the victim’s identity, preserve all messages showing the misuse.

XXVIII. Identity Theft Involving Crypto

Crypto identity theft may involve:

  • fake exchange accounts;
  • stolen KYC documents;
  • wallet phishing;
  • fake recovery services;
  • impersonation of support;
  • unauthorized withdrawals;
  • SIM swap leading to account takeover;
  • P2P fraud;
  • mule wallet use.

Preserve:

  • wallet addresses;
  • transaction hashes;
  • exchange UID;
  • login alerts;
  • withdrawal emails;
  • KYC submissions;
  • support tickets;
  • blockchain explorer screenshots;
  • scam messages;
  • seed phrase exposure details, if any.

Never share seed phrases, private keys, OTPs, or remote access credentials. No legitimate support agent should ask for them.

XXIX. Scam Evidence in Court or Prosecutor Proceedings

For evidence to be useful, it should be:

  1. relevant;
  2. authentic;
  3. complete;
  4. understandable;
  5. connected to the alleged offender;
  6. connected to the loss;
  7. preserved in original or reliable form.

The complainant should be ready to explain:

  • who took the screenshot;
  • when it was taken;
  • what device was used;
  • what account was used;
  • how the complainant knows the screenshot is accurate;
  • how the transaction connects to the scammer’s instruction;
  • how the personal data was misused.

XXX. The Role of Witnesses

Witnesses may include:

  • persons who received messages from fake accounts;
  • family members contacted by scammers;
  • friends who lent money to an impersonator;
  • bank or e-wallet representatives;
  • platform administrators;
  • co-victims in group chats;
  • employees or employers contacted by scammers;
  • persons who saw the fraudulent post;
  • persons who paid the scammer.

Ask witnesses to preserve their own evidence and prepare statements if needed.

XXXI. Dealing With Threats and Harassment

Scammers may threaten victims with:

  • public shaming;
  • posting IDs;
  • contacting family;
  • contacting employer;
  • fake police action;
  • fake warrants;
  • lawsuits;
  • blacklisting;
  • physical harm;
  • sexualized threats;
  • edited photos;
  • exposure of private information.

Victims should preserve the threats and report them. Do not give in to extortion demands. Paying may encourage further threats.

If there is immediate danger, contact local law enforcement.

XXXII. If the Victim Is Accused Because Their Identity Was Used

Sometimes a victim becomes the apparent suspect because their name, ID, photo, phone number, or bank account was used.

Steps:

  1. Do not ignore notices or complaints.
  2. Prepare an affidavit explaining identity theft.
  3. Gather proof of compromise.
  4. Show that the victim did not benefit from the scam.
  5. Report the identity theft formally.
  6. Notify banks, platforms, and authorities.
  7. Preserve alibi, device, location, and account records if relevant.
  8. Avoid informal admissions or careless explanations.
  9. Seek legal assistance if summoned by police, NBI, prosecutor, bank, or court.

A victim should be careful when explaining. Statements such as “I allowed someone to use my account” may raise money mule or negligence issues. Accuracy matters.

XXXIII. Money Mule Risks

A person may become involved in a scam by allowing their account to receive or transfer money. Sometimes this is done knowingly for a fee. Sometimes the person is deceived by a fake job, fake investment, or fake romance partner.

Warning signs:

  • someone asks to borrow your bank or e-wallet account;
  • you are told to receive money and transfer it elsewhere;
  • you are paid commission for “processing” transactions;
  • you are asked to open accounts under your name;
  • you are told not to ask questions;
  • funds come from unknown persons;
  • the arrangement is called “cash-in/cash-out work.”

Allowing an account to be used can expose the person to investigation, account freezing, civil claims, and criminal liability.

XXXIV. Preserving Evidence Against Mule Accounts

If the scammer used a mule account, preserve:

  • account name;
  • account number;
  • bank or e-wallet;
  • QR code;
  • transfer receipt;
  • chat instruction to send money;
  • proof that the account was provided by the scammer;
  • timing of transfer;
  • any later withdrawal or response;
  • reports made to the financial institution.

The account holder may be traceable through lawful process. Even if the account holder claims to be uninvolved, the account is a key investigative lead.

XXXV. Preventing Further Identity Theft

After discovering identity theft:

  • change all passwords;
  • use unique passwords;
  • enable two-factor authentication;
  • secure email first because it controls account recovery;
  • check email forwarding rules;
  • remove unknown devices;
  • revoke suspicious app permissions;
  • update recovery numbers and emails;
  • check e-wallet and bank beneficiaries;
  • lock or replace compromised cards;
  • avoid sending IDs through unsecured channels;
  • watermark ID copies when appropriate;
  • avoid posting full birthdate, address, ID numbers, or signatures online;
  • be cautious with job and loan applications.

XXXVI. Watermarking ID Copies

When submitting ID copies to legitimate entities, consider adding a watermark such as:

“For [Company Name] verification only — [Date]”

This may reduce misuse, though it is not foolproof. Do not obscure legally required details if the receiving institution needs them for verification.

Avoid sending unwatermarked ID copies to unknown lenders, job recruiters, investment groups, or social media pages.

XXXVII. Dealing With Unauthorized Loans

If a loan was taken out using the victim’s identity:

  1. Request account details from the lender.
  2. Deny the unauthorized loan in writing.
  3. Ask for copies of application documents, IP logs, phone numbers, email addresses, and disbursement details, subject to lawful procedures.
  4. File a police or cybercrime report.
  5. Submit affidavit of identity theft.
  6. Ask lender to suspend collection while investigating.
  7. Report abusive collection or data misuse.
  8. Preserve all collection messages.
  9. Do not pay a loan you did not take without proper legal advice, as payment may be misconstrued.

XXXVIII. Dealing With Unauthorized Bank or E-wallet Transactions

For unauthorized transfers:

  1. Report immediately through official hotlines.
  2. Freeze or lock account if possible.
  3. Change password and PIN.
  4. Revoke linked devices.
  5. Preserve OTP messages and login alerts.
  6. Ask for dispute form.
  7. File affidavit if required.
  8. Request transaction trace.
  9. File cybercrime report.
  10. Follow up in writing.

Speed is critical because fraud proceeds may be transferred quickly.

XXXIX. Dealing With Fake Proof of Payment

Fake proof of payment is common in marketplace and P2P scams.

Preserve:

  • fake receipt;
  • sender account details;
  • transaction reference;
  • chat where it was sent;
  • bank statement showing non-receipt;
  • item or crypto released;
  • delivery proof, if any;
  • counterparty profile.

Never rely solely on a screenshot of payment. Verify actual receipt in the bank or e-wallet account.

XL. Dealing With Phishing

If the victim entered credentials on a fake site:

  1. Change password immediately.
  2. Change password on any account using the same password.
  3. Enable two-factor authentication.
  4. Log out all devices.
  5. Check for unauthorized transactions.
  6. Notify bank/e-wallet/platform.
  7. Preserve the phishing link and messages.
  8. Scan device for malware if suspicious.
  9. Watch for follow-up scams.

Do not re-enter credentials to “test” the fake site.

XLI. Deepfakes, Edited Images, and AI Impersonation

Identity theft increasingly includes edited images, AI-generated voices, fake videos, and synthetic profiles.

Preserve:

  • original fake media;
  • URL where it appeared;
  • account that posted it;
  • date and time;
  • messages accompanying it;
  • witness screenshots;
  • metadata if available;
  • comparison with authentic materials;
  • threats or demands connected to the fake media.

These cases may involve identity theft, cyber libel, unjust vexation, threats, extortion, privacy violations, or other offenses depending on the facts.

XLII. Business Identity Theft

Businesses may be impersonated through fake pages, fake invoices, fake SEC/DTI documents, fake payment instructions, or fake customer support accounts.

A business should preserve:

  • fake page screenshots;
  • fake invoices;
  • fake receipts;
  • copied logos;
  • domain names;
  • customer complaints;
  • payment account details;
  • public posts;
  • fake email headers;
  • trademark or business registration documents;
  • official advisories issued.

Businesses should issue warnings through official channels and report fake accounts promptly.

XLIII. Evidence Preservation for Lawyers

A lawyer assisting a victim should request:

  • full narrative;
  • complete timeline;
  • original screenshots and exported logs;
  • transaction records;
  • platform reports;
  • official IDs compromised;
  • list of accounts affected;
  • list of witnesses;
  • financial loss computation;
  • device compromise indicators;
  • prior communications with institutions;
  • police blotter or complaint records.

The lawyer should distinguish between:

  • criminal complaint;
  • civil recovery;
  • regulatory complaint;
  • privacy complaint;
  • bank dispute;
  • platform appeal;
  • defamation response;
  • urgent protective measures.

XLIV. Evidence Preservation for Companies

Companies responding to identity theft or scam reports should preserve:

  • user registration records;
  • login logs;
  • IP records;
  • device fingerprints;
  • transaction logs;
  • KYC submissions;
  • customer support tickets;
  • payment records;
  • internal investigation notes;
  • suspension actions;
  • communications with affected users;
  • audit trails.

They should avoid deleting logs prematurely and should coordinate with legal, compliance, data protection, and security teams.

XLV. Common Mistakes Victims Make

Victims often weaken their own case by:

  • deleting chats out of anger or embarrassment;
  • blocking the scammer before saving evidence;
  • failing to copy profile URLs;
  • sending more money to recover previous losses;
  • relying only on screenshots of receipts;
  • not reporting to the financial institution quickly;
  • posting accusations without evidence;
  • confronting suspected account holders recklessly;
  • giving OTPs to fake support;
  • failing to secure email;
  • resetting the device before preserving data;
  • not documenting compromised IDs;
  • ignoring notices from lenders or banks;
  • delaying legal action until accounts disappear.

XLVI. Practical Legal Remedies

Depending on the facts, remedies may include:

Criminal remedies

  • complaint for estafa;
  • complaint for computer-related identity theft;
  • complaint for computer-related fraud;
  • complaint for illegal access;
  • complaint for falsification;
  • complaint for cyber libel;
  • complaint for threats or coercion;
  • complaint involving financial account scamming.

Civil remedies

  • recovery of money;
  • damages;
  • injunction, where appropriate;
  • small claims against identifiable local defendants;
  • action based on fraud, quasi-delict, or unjust enrichment.

Administrative remedies

  • complaint to banks or e-wallets;
  • complaint to BSP-supervised institution;
  • complaint to NPC;
  • complaint to SEC, if investment/lending/corporate misuse is involved;
  • report to telecom provider;
  • report to platform.

Practical remedies

  • takedown of fake account;
  • account freezing or restriction;
  • password reset;
  • SIM replacement or protection;
  • fraud monitoring;
  • public advisory;
  • internal platform appeal.

XLVII. Sample Evidence Preservation Checklist

Personal data compromised

  • IDs submitted
  • Selfie submitted
  • Signature submitted
  • Bank details submitted
  • Employment details submitted
  • Address submitted
  • Contact list exposed
  • Social media profile copied

Scam communication

  • Full chat screenshots
  • Exported chat logs
  • Phone numbers
  • Usernames
  • Profile URLs
  • Email addresses
  • Call logs
  • Voice messages

Financial transactions

  • Receipts
  • Reference numbers
  • Recipient accounts
  • QR codes
  • Bank/e-wallet statements
  • Crypto transaction hashes
  • Wallet addresses

Reports

  • Bank or e-wallet complaint
  • Platform complaint
  • Telecom complaint
  • Police or cybercrime report
  • NPC complaint, if privacy issue
  • SEC complaint, if investment/lending/corporate issue
  • BSP escalation, if applicable

XLVIII. Sample Demand for Preservation of Records

A victim or counsel may send a preservation request to a platform, bank, e-wallet, or service provider:

I respectfully request the preservation of all records related to the account, transaction, profile, device, login, payment, and communication details associated with this incident. The matter involves suspected identity theft and online fraud. Please preserve relevant logs, KYC records, transaction records, account activity, IP/device information, communications, and related internal records pending investigation by appropriate authorities.

This does not guarantee disclosure to the victim, but it helps put the institution on notice.

XLIX. Sample Notice to Contacts After Impersonation

When a fake account is using the victim’s identity:

Please disregard messages from any account pretending to be me and asking for money, codes, loans, investments, or personal information. My identity has been misused. Do not send money or share information. Please screenshot any messages you received and send them to me for reporting.

This helps prevent further victimization and preserves witness evidence.

L. Special Considerations for Minors

If the victim is a minor, parents or guardians should preserve evidence and report promptly. Identity theft involving minors may include fake accounts, sexual exploitation, cyberbullying, extortion, or misuse of school records.

Do not publicly repost sensitive images of minors. Preserve evidence privately and report to proper authorities.

LI. Special Considerations for Employees and Professionals

Professionals may suffer reputational harm if scammers use their identity to solicit money or promote fake investments. Doctors, lawyers, accountants, teachers, influencers, and business owners should act quickly.

Steps:

  • issue official warning;
  • report fake page;
  • preserve evidence;
  • inform employer or professional organization if needed;
  • file complaints where money was solicited;
  • monitor for defamatory content.

LII. Special Considerations for OFWs

OFWs are frequent targets because they often transact remotely and may send documents online. If an OFW is a victim:

  • preserve messages and receipts;
  • ask relatives in the Philippines to assist with local reports;
  • execute consularized or notarized documents if required;
  • report to banks, e-wallets, and platforms immediately;
  • monitor Philippine mobile numbers and accounts;
  • beware of fake agencies and remittance scams.

LIII. Special Considerations for Victims of Sextortion

If identity theft includes intimate images, edited sexual content, or threats to expose private materials:

  1. Do not pay.
  2. Preserve threats.
  3. Preserve account links.
  4. Report to platform.
  5. File cybercrime report.
  6. Inform trusted contacts if necessary.
  7. Avoid engaging further.
  8. Seek immediate help if there is self-harm risk.

Sextortion may involve multiple offenses beyond identity theft, including threats, coercion, privacy violations, and cybercrime.

LIV. Preservation of Evidence Versus Privacy

Victims should preserve evidence carefully without unnecessarily spreading private data. For example, if a fake account posted an ID, preserve it, but do not repost the ID publicly. Share evidence only with authorities, counsel, banks, platforms, or trusted persons who need it.

LV. Final Practical Roadmap

A victim of identity theft or scam in the Philippines should follow this sequence:

  1. Stop further payments or disclosures.
  2. Preserve chats, URLs, receipts, and account details.
  3. Secure email, phone, bank, e-wallet, and social media accounts.
  4. Report financial transactions immediately.
  5. Report fake profiles and phishing pages after preserving evidence.
  6. Prepare a timeline and evidence index.
  7. Execute an affidavit if filing a complaint.
  8. File with law enforcement or cybercrime authorities.
  9. Report privacy violations to the NPC where applicable.
  10. Report investment, lending, or corporate scams to the SEC where applicable.
  11. Escalate financial institution issues through proper channels.
  12. Monitor for future misuse of identity.
  13. Keep all reports and acknowledgments.
  14. Seek legal advice for serious financial loss, criminal summons, or reputational harm.

LVI. Conclusion

Identity theft and online scams in the Philippines require fast, organized, and evidence-driven action. The legal remedies may involve cybercrime law, estafa, falsification, data privacy law, financial account fraud rules, bank and e-wallet procedures, regulatory complaints, and civil recovery. But the success of any remedy often depends on the quality of the evidence preserved in the first hours and days after discovery.

The most important rule is simple: preserve before reporting, secure before engaging, and document before deleting. Screenshots, transaction records, profile URLs, chat exports, affidavits, bank reports, and platform tickets may determine whether investigators can trace the scammer, whether institutions can act quickly, and whether the victim can prove identity theft, financial loss, and misuse of personal data.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login