Identity Theft Case Filing in the Philippines

I. Overview

Identity theft in the Philippines is a criminal act involving the unauthorized acquisition, use, misuse, possession, transfer, or manipulation of another person’s identifying information, usually for fraud, deception, financial gain, harassment, concealment of another crime, or reputational damage.

In the Philippine legal context, identity theft is not limited to stealing a physical identification card. It may include using another person’s name, photograph, signature, government-issued ID number, bank credentials, online account, mobile number, email address, social media profile, biometric data, or other personal information without lawful authority.

Identity theft cases commonly arise from online scams, fake social media accounts, unauthorized use of IDs, fraudulent loan applications, SIM-related fraud, phishing, unauthorized bank transactions, impersonation, employment fraud, cyberlibel-related impersonation, and use of another person’s personal data to commit crimes.

The filing of an identity theft case in the Philippines usually involves both criminal remedies and, in proper cases, civil, administrative, and data privacy remedies.

II. Governing Laws

Several Philippine laws may apply depending on the facts of the case.

1. Cybercrime Prevention Act of 2012

The principal law often invoked in identity theft committed through computers, mobile phones, the internet, or electronic systems is Republic Act No. 10175, known as the Cybercrime Prevention Act of 2012.

Under this law, computer-related identity theft is punishable when a person intentionally acquires, uses, misuses, transfers, possesses, alters, or deletes identifying information belonging to another, whether natural or juridical, without right.

This law is especially relevant when the identity theft involves:

  • Fake social media accounts;
  • Unauthorized access to email or online accounts;
  • Phishing;
  • Use of another person’s photos or personal details online;
  • Online loan fraud;
  • Fraudulent online purchases;
  • Unauthorized digital transactions;
  • Account takeover;
  • Use of another person’s personal data in electronic platforms.

Identity theft under the Cybercrime Prevention Act is a distinct cybercrime offense. However, the same facts may also constitute other crimes, such as estafa, falsification, libel, unjust vexation, threats, or data privacy violations.

2. Data Privacy Act of 2012

Republic Act No. 10173, or the Data Privacy Act of 2012, protects personal information and sensitive personal information.

Identity theft may involve unlawful or unauthorized processing of personal data. A complaint may be filed with the National Privacy Commission when the identity theft involves misuse, unauthorized disclosure, unauthorized processing, improper sharing, or negligent handling of personal information by a person, company, online platform, lender, employer, school, association, or other personal information controller or processor.

The Data Privacy Act is especially relevant when:

  • A company leaked personal data;
  • A lender or app misused a borrower’s contacts or photos;
  • A person used another’s ID, photograph, address, phone number, or other personal details without consent;
  • An organization failed to protect stored personal data;
  • Personal data was collected for one purpose but used for another;
  • Personal data was posted online to shame, harass, threaten, or impersonate someone.

3. Revised Penal Code

The Revised Penal Code may apply when identity theft is connected with traditional crimes, including:

Estafa

Identity theft may support an estafa case when the offender uses another person’s identity to defraud someone or obtain money, goods, services, credit, loans, or other benefits.

Examples include:

  • Using another person’s name to borrow money;
  • Pretending to be someone else to solicit funds;
  • Using another person’s identity to sell fake goods;
  • Impersonating a person to induce payments;
  • Using stolen personal information to obtain loans.

Falsification of Documents

Falsification may arise when the offender creates, alters, signs, submits, or uses a false document involving another person’s identity.

Examples include:

  • Forging a signature;
  • Using a fake authorization letter;
  • Submitting a falsified government ID;
  • Altering documents to make it appear that another person consented;
  • Using another person’s identity in contracts, bank documents, employment forms, or loan applications.

Usurpation of Authority or Official Functions

If the offender falsely represents himself or herself as a public officer, or acts as one without authority, identity-related conduct may fall under provisions on usurpation.

Libel, Cyberlibel, Threats, or Unjust Vexation

When impersonation is used to malign, harass, threaten, embarrass, shame, or damage another person’s reputation, other criminal provisions may apply.

4. Access Devices Regulation Act

Republic Act No. 8484, as amended, may apply if identity theft involves credit cards, debit cards, bank account credentials, access devices, account numbers, or similar instruments used to obtain money, goods, services, or credit.

This may be relevant in cases of:

  • Unauthorized credit card use;
  • Use of stolen bank credentials;
  • Fraudulent electronic fund transfers;
  • Use of another person’s account details;
  • Application for credit using another person’s identity.

5. SIM Registration Act

The SIM Registration Act may also become relevant when identity theft involves the use of another person’s identity to register a SIM card, commit fraud through a mobile number, or use telecommunications services under false identifying information.

A victim may need to coordinate with law enforcement, telecommunications providers, and relevant agencies when a SIM card was registered or used using another person’s identity.

III. What Counts as Identity Theft

Identity theft may involve any unauthorized use of information that identifies, or can reasonably identify, a person. This may include:

  • Full name;
  • Nickname or alias;
  • Photograph;
  • Signature;
  • Date of birth;
  • Address;
  • Email address;
  • Mobile number;
  • Government ID number;
  • Passport information;
  • Tax Identification Number;
  • SSS, GSIS, PhilHealth, Pag-IBIG, PRC, driver’s license, UMID, national ID, or voter information;
  • Bank account details;
  • Credit card or debit card details;
  • Passwords;
  • One-time passwords;
  • Biometric information;
  • Social media profile;
  • Online account credentials;
  • Employment, school, medical, or financial records;
  • Digital wallet information;
  • QR codes or account usernames;
  • Voice, likeness, or other identifying features.

The act may be criminal even if no money was ultimately obtained, especially under cybercrime or data privacy laws, depending on the conduct and available proof.

IV. Common Forms of Identity Theft in the Philippines

1. Fake Social Media Account

A person creates a Facebook, Instagram, TikTok, X, LinkedIn, or other account using another person’s name, photo, personal details, or likeness.

This may be done to:

  • Scam others;
  • Harass the victim;
  • Damage reputation;
  • Solicit money;
  • Spread false statements;
  • Pretend to be the victim;
  • Contact the victim’s friends or relatives.

Possible charges may include computer-related identity theft, cyberlibel, unjust vexation, threats, estafa, or data privacy violations.

2. Online Loan or Lending App Abuse

A person uses another individual’s identity to apply for loans, or a lending app misuses personal data, contacts, photos, or messages.

Possible remedies include criminal complaint, complaint before the National Privacy Commission, complaint before the Securities and Exchange Commission if the lender is regulated, and civil action for damages.

3. Bank, E-Wallet, or Credit Fraud

The offender uses another person’s personal data, bank details, OTPs, card number, or account access to transfer funds, make purchases, or obtain credit.

Relevant laws may include the Cybercrime Prevention Act, Access Devices Regulation Act, Revised Penal Code provisions on estafa and falsification, and applicable banking or financial regulations.

4. Use of Another Person’s Government ID

Identity theft may occur when a person uses a scanned, photocopied, photographed, altered, or stolen government ID to open accounts, register SIM cards, apply for loans, rent property, transact with agencies, or commit fraud.

This may involve falsification, use of falsified documents, cybercrime, estafa, and data privacy violations.

5. Employment or Business Impersonation

A person may use another’s name, credentials, professional license, employment history, or business details to obtain employment, contracts, clients, or money.

Possible charges may include falsification, estafa, illegal practice of profession if applicable, and cybercrime-related offenses if done online.

6. Romance, Investment, and Marketplace Scams

Scammers often impersonate real people to gain trust. They may steal photos and names from social media and use them to solicit money, offer fake investments, sell fake goods, or lure victims into fraudulent transactions.

The person whose identity was stolen may file a complaint, and the person defrauded may also file a complaint for estafa or cyber fraud.

V. Elements Generally Considered in Identity Theft Complaints

Although the exact legal elements depend on the offense charged, complainants generally need to show:

  1. The identifying information belongs to the complainant or another real person;
  2. The respondent acquired, used, possessed, transferred, altered, deleted, or misused that information;
  3. The respondent acted without lawful authority or consent;
  4. The act was intentional;
  5. The conduct caused, or was capable of causing, harm, deception, fraud, unauthorized access, reputational damage, privacy invasion, or other unlawful consequences.

For cybercrime-related identity theft, it is important to show the involvement of a computer system, online account, internet platform, mobile device, electronic communication, or digital transaction.

VI. Evidence Needed to File an Identity Theft Case

Strong documentation is critical. The complainant should preserve evidence before reporting or requesting takedown, because online evidence may be deleted quickly.

Useful evidence includes:

  • Screenshots of fake profiles, posts, messages, transactions, or account pages;
  • URLs or links to fake accounts or posts;
  • Screen recordings showing the account, username, date, and content;
  • Copies of messages, emails, SMS, chat logs, or call logs;
  • Transaction receipts;
  • Bank statements or e-wallet transaction history;
  • Loan application notices;
  • Credit card alerts;
  • Emails confirming account creation or changes;
  • Copies of IDs used without consent;
  • Police blotter, if already made;
  • Affidavits of witnesses;
  • Demand letters or notices sent;
  • Platform reports or takedown confirmations;
  • Telecommunications records, if available;
  • Device logs or account login alerts;
  • IP logs or metadata, when obtainable through lawful process;
  • Certifications from banks, platforms, lenders, employers, agencies, or telecom providers.

Screenshots should ideally show:

  • The full page or interface;
  • The username or account name;
  • The URL;
  • Date and time;
  • The offending content;
  • The profile photo or identifying information used;
  • Messages or transactions connected to the impersonation.

Where possible, evidence should be printed and attached to a sworn complaint-affidavit. Digital copies should also be stored securely.

VII. Immediate Steps for Victims

A victim should act promptly.

1. Preserve Evidence

Before reporting the account or asking the offender to delete content, capture screenshots, links, messages, transaction details, and identifying information.

Deleting or reporting the account too early may cause evidence to disappear.

2. Secure Accounts

The victim should change passwords, enable two-factor authentication, review login activity, revoke unknown devices, update recovery emails and phone numbers, and check linked accounts.

This is especially important for email, banking, e-wallet, social media, cloud storage, and government service portals.

3. Notify Banks, E-Wallets, Lenders, and Platforms

If financial accounts are involved, immediately notify the bank, e-wallet provider, credit card issuer, online marketplace, payment provider, or lending company.

Request freezing, reversal investigation, fraud tagging, account recovery, or written certification where applicable.

4. Report Fake Accounts to Platforms

Reports to social media platforms may help remove fake accounts, but platform reporting should not replace legal filing where the conduct is serious.

5. Execute an Affidavit of Denial or Non-Participation

When the victim’s identity was used in a loan, contract, SIM registration, or transaction, an affidavit stating that the victim did not authorize, sign, apply for, or participate in the transaction may help.

6. File a Complaint with Proper Authorities

Depending on the facts, the complaint may be filed with law enforcement, the prosecutor’s office, the National Privacy Commission, or other relevant agencies.

VIII. Where to File an Identity Theft Complaint

1. Philippine National Police Anti-Cybercrime Group

For cyber-related identity theft, the victim may report to the PNP Anti-Cybercrime Group or cybercrime units.

This is common for:

  • Fake online profiles;
  • Hacked accounts;
  • Online scams;
  • Phishing;
  • Use of personal information online;
  • Cyber harassment;
  • Fraudulent digital transactions.

2. National Bureau of Investigation Cybercrime Division

The victim may also report to the NBI Cybercrime Division, especially when technical investigation, subpoenas, digital tracing, or coordination with online platforms may be necessary.

3. Office of the City or Provincial Prosecutor

A criminal complaint may be filed directly before the prosecutor’s office through a complaint-affidavit and supporting evidence.

This may be appropriate when the complainant already knows the respondent or has sufficient evidence identifying the offender.

4. National Privacy Commission

A complaint may be filed with the National Privacy Commission when the case involves unauthorized processing, misuse, disclosure, or negligent handling of personal data.

This is particularly relevant where the respondent is a company, lending app, employer, school, association, government office, service provider, or platform that collected or processed personal information.

5. Banks, Telecoms, SEC, BSP, or Other Regulators

Depending on the facts, complaints may also be elevated to regulatory bodies or institutions, such as:

  • Banks or e-wallet providers for unauthorized transactions;
  • Telecommunications providers for SIM-related misuse;
  • Securities and Exchange Commission for lending or corporate misuse;
  • Bangko Sentral ng Pilipinas for regulated financial institutions;
  • Other professional or industry regulators when credentials or licenses are misused.

IX. Filing a Criminal Complaint: Practical Procedure

1. Prepare the Complaint-Affidavit

The complaint-affidavit is the core document. It should clearly state:

  • The complainant’s identity;
  • The respondent’s identity, if known;
  • How the complainant discovered the identity theft;
  • What personal information was used;
  • How it was used;
  • When and where the acts happened;
  • Whether the acts occurred online or through electronic means;
  • The harm caused;
  • The evidence attached;
  • The laws believed to have been violated.

The affidavit must be sworn before a notary public or authorized officer.

2. Attach Evidence

Attach screenshots, printed URLs, messages, transaction records, platform reports, affidavits, certifications, IDs, demand letters, and other documents.

Each attachment should be labeled clearly, such as Annex “A,” Annex “B,” and so on.

3. File with the Proper Office

The complaint may be filed with law enforcement for investigation, or directly with the prosecutor’s office.

For unknown offenders, law enforcement investigation is often necessary first.

For known offenders, direct filing with the prosecutor may be possible.

4. Preliminary Investigation

If the offense requires preliminary investigation, the prosecutor may require the respondent to submit a counter-affidavit.

The complainant may submit a reply-affidavit. The prosecutor then determines whether probable cause exists.

5. Filing in Court

If probable cause is found, the prosecutor files the appropriate information in court. The case then proceeds as a criminal case.

6. Civil Liability

In criminal cases, civil liability may be included unless waived, reserved, or separately instituted.

The complainant may seek restitution, actual damages, moral damages, exemplary damages, attorney’s fees, and costs, depending on the facts and proof.

X. Complaint-Affidavit Content

A well-prepared complaint-affidavit should include a clear narrative.

A basic structure may be:

  1. Personal circumstances of the complainant;
  2. Statement that the affidavit is being executed to file a complaint for identity theft and related offenses;
  3. Description of the personal information misused;
  4. Date and manner of discovery;
  5. Description of the unauthorized use;
  6. Identification of the respondent, if known;
  7. Explanation that the complainant did not consent;
  8. Description of harm suffered;
  9. Evidence attached;
  10. Request for investigation and prosecution;
  11. Verification and sworn signature.

The affidavit should be factual. It should avoid exaggeration and should not include statements that cannot be supported by evidence.

XI. Jurisdiction and Venue

Venue in cybercrime and identity theft cases may depend on where the crime was committed, where the complainant or offended party resides, where the computer system was accessed, where the effects were felt, or where any essential element occurred.

Because online offenses often cross city, provincial, or national boundaries, law enforcement agencies and prosecutors may consider several possible venues.

If the offender is unknown, technical investigation may be required to determine location, device, account ownership, phone number registration, IP address, platform records, bank destination account, or other identifying data.

XII. When the Offender Is Unknown

Many identity theft cases begin with an unknown offender.

The complaint may still be reported using available identifiers, such as:

  • Username;
  • Profile link;
  • Email address;
  • Mobile number;
  • Bank account;
  • E-wallet account;
  • Marketplace account;
  • IP address, if available;
  • Device ID or login alert;
  • Transaction reference number;
  • Delivery address;
  • SIM number;
  • Account name used.

Law enforcement may request preservation of data, coordinate with platforms, seek subscriber information through lawful process, or trace financial flows.

Victims should not attempt illegal hacking, unauthorized access, doxxing, or threats to identify the offender. Doing so may expose the victim to separate liability.

XIII. Identity Theft and Fake Social Media Accounts

Fake social media accounts are among the most common forms of identity theft.

The victim should gather:

  • Profile URL;
  • Username;
  • Screenshots of the profile;
  • Screenshots of posts or messages;
  • Date and time of screenshots;
  • Evidence that the profile uses the victim’s photo, name, or details;
  • Messages sent by the fake account;
  • Names of persons contacted or deceived;
  • Any money solicited or received;
  • Any defamatory statements made.

Possible legal issues include:

  • Computer-related identity theft;
  • Cyberlibel if defamatory statements are posted;
  • Estafa if money was obtained;
  • Grave threats or unjust vexation if harassment occurred;
  • Data privacy violations if personal information was misused.

XIV. Identity Theft and Financial Fraud

When identity theft involves bank accounts, e-wallets, loans, or credit cards, the victim should act urgently.

Important steps include:

  • Notify the bank or provider immediately;
  • Request account freezing or fraud investigation;
  • Change passwords and security credentials;
  • Request written confirmation of the disputed transaction;
  • File a police or cybercrime report;
  • Submit an affidavit of denial;
  • Preserve SMS and email alerts;
  • Track transaction reference numbers;
  • Request copies of fraudulent application records where available.

Financial institutions may require formal dispute forms, affidavits, and proof of identity.

A criminal complaint may include cybercrime, estafa, access device fraud, falsification, or other offenses depending on the transaction.

XV. Identity Theft and Online Lending

Online lending-related identity theft may involve two different scenarios.

First, a person may use the victim’s identity to apply for a loan. Second, a lending company or collection agent may misuse the borrower’s data, contacts, photos, or personal information.

For unauthorized loans, the victim should prepare:

  • Loan notices;
  • Screenshots of messages from the lender;
  • Proof that the victim did not apply;
  • Affidavit of denial;
  • Copy of ID used, if available;
  • Communications with the lender;
  • Demand to correct or delete false records.

For abusive data use by lenders or collectors, possible remedies include complaints for unfair collection practices, data privacy violations, harassment, threats, or cyber-related offenses.

XVI. Identity Theft and SIM Registration

If a SIM card is registered or used under another person’s identity without consent, the victim should preserve evidence and coordinate with the telecommunications provider and law enforcement.

Evidence may include:

  • The mobile number involved;
  • Messages or calls from the number;
  • Proof that the victim did not register or use the number;
  • Reports from persons contacted by the number;
  • Scam messages;
  • Fraud transaction details;
  • Affidavit of denial.

SIM-related identity theft may be linked to fraud, phishing, text scams, account takeovers, and unauthorized financial transactions.

XVII. Data Privacy Remedies

A data privacy complaint may be appropriate when identity theft involves improper collection, use, disclosure, retention, sharing, or disposal of personal data.

Possible respondents include:

  • Individuals who misused personal data;
  • Companies that negligently exposed data;
  • Lending apps;
  • Employers;
  • Schools;
  • Associations;
  • Online sellers;
  • Service providers;
  • Government offices;
  • Other personal information controllers or processors.

The complaint should show:

  1. The personal data involved;
  2. How the respondent obtained or processed it;
  3. Why the processing was unauthorized or unlawful;
  4. The harm caused;
  5. The relief sought.

Relief may include investigation, compliance orders, deletion or correction of data, administrative sanctions, and possible referral for criminal prosecution.

XVIII. Civil Remedies

Aside from criminal prosecution, the victim may pursue civil remedies where appropriate.

Possible claims include:

  • Actual damages for financial loss;
  • Moral damages for mental anguish, embarrassment, reputational harm, or anxiety;
  • Exemplary damages in serious cases;
  • Attorney’s fees;
  • Injunction or takedown-related relief;
  • Correction or deletion of false records;
  • Restitution.

Civil remedies require proof of damage. Receipts, medical certificates, bank records, business losses, reputational harm, and witness statements may be relevant.

XIX. Defenses Commonly Raised

Respondents in identity theft cases may raise defenses such as:

  • Consent;
  • Mistaken identity;
  • Lack of intent;
  • Account was hacked;
  • Information was publicly available;
  • No use of personal information occurred;
  • No damage resulted;
  • The accused was not the person behind the account or transaction;
  • The evidence was fabricated or incomplete;
  • The complainant authorized the transaction;
  • The act was parody, commentary, or lawful use.

However, the fact that information is publicly visible does not automatically mean anyone may use it to impersonate, defraud, harass, or unlawfully process personal data.

XX. Importance of Digital Evidence Integrity

Digital evidence should be preserved carefully. Courts and investigators may consider authenticity, chain of custody, reliability, and relevance.

Good practices include:

  • Keeping original files;
  • Saving screenshots with date and time;
  • Recording URLs;
  • Avoiding alteration of images;
  • Backing up evidence;
  • Keeping devices used to capture evidence;
  • Saving full email headers where relevant;
  • Printing copies for filing;
  • Having witnesses execute affidavits;
  • Requesting certifications from platforms, banks, or providers when possible.

Notarized screenshots are not always required, but sworn statements explaining how screenshots were obtained may help.

XXI. Demand Letters and Takedown Requests

A demand letter may be useful when the offender is known and the complainant wants removal, correction, apology, payment, or cessation of conduct.

However, demand letters should be used carefully. In urgent cybercrime cases, immediate law enforcement reporting may be better than warning the offender, especially if evidence may be deleted.

Takedown requests may be sent to platforms, but evidence should be preserved first.

XXII. Prescription Periods

Prescription periods vary depending on the offense charged and the penalty provided by law. Cybercrime, falsification, estafa, access device fraud, and data privacy offenses may have different prescriptive periods.

Victims should not delay filing because evidence may disappear, accounts may be deleted, financial records may become harder to obtain, and technical logs may no longer be available.

XXIII. Penalties

Penalties depend on the specific offense charged.

Computer-related identity theft under the Cybercrime Prevention Act carries criminal penalties. If identity theft is combined with estafa, falsification, cyberlibel, access device fraud, threats, or other offenses, the respondent may face separate or additional liability.

Cybercrime offenses may also involve higher penalties when traditional crimes are committed through information and communications technology.

Data Privacy Act violations may involve imprisonment, fines, or administrative consequences depending on the nature of the violation.

XXIV. Identity Theft Involving Minors

When the victim is a minor, additional protections may apply. The case may involve child protection laws, online sexual abuse or exploitation laws, anti-bullying policies, school disciplinary procedures, data privacy rules, and cybercrime provisions.

Parents or legal guardians may file complaints on behalf of the minor.

Special care should be taken not to further circulate screenshots involving minors, especially if the content is sensitive, sexual, humiliating, or abusive.

XXV. Identity Theft by Family Members, Partners, or Acquaintances

Identity theft is often committed by someone known to the victim.

Examples include:

  • A former partner accessing accounts;
  • A family member using another’s ID for loans;
  • A friend creating a fake account;
  • A co-worker using someone’s credentials;
  • A relative signing documents without authority;
  • A partner accessing private messages or financial accounts.

Prior relationship does not automatically create consent. Authority to use another person’s personal information must be lawful and specific.

XXVI. Identity Theft and Employers

Employers may face issues involving identity theft when employee data is misused, leaked, improperly shared, or used in fake employment documents.

Employees may complain if:

  • Their IDs or signatures were used without consent;
  • Their employment records were disclosed unlawfully;
  • Their identity was used in payroll, benefits, loans, or HR documents;
  • Their personal data was exposed due to poor security;
  • Someone used their credentials to access company systems.

Employers should have data protection policies, access controls, incident response procedures, and secure document handling.

XXVII. Corporate Identity Theft

Identity theft may also affect companies, partnerships, associations, and organizations.

Examples include:

  • Fake business pages;
  • Use of company name to scam customers;
  • Fake invoices;
  • Impersonation of officers;
  • Fraudulent email domains;
  • Fake authorization letters;
  • Use of corporate documents without authority;
  • Business email compromise.

A juridical entity may complain through authorized representatives, supported by board resolutions, secretary’s certificates, or proof of authority.

XXVIII. Drafting the Complaint: Key Points

A strong complaint should answer the following questions clearly:

  1. Who is the victim?
  2. What identity information was stolen or misused?
  3. Who used it?
  4. How was it used?
  5. When was it used?
  6. Where did the victim discover it?
  7. Was it online, offline, or both?
  8. Was there consent?
  9. What harm resulted?
  10. What evidence proves the claim?
  11. What laws may have been violated?

The complaint should avoid vague conclusions such as “the respondent committed identity theft” without factual details. It should narrate the specific acts.

XXIX. Sample Allegation Language

A complaint-affidavit may include language similar to the following, adjusted to the facts:

I discovered that my name, photograph, and personal details were used without my knowledge and consent in an online account using the username ________. The account displayed my photograph and represented itself to be me. I never created, authorized, or controlled the said account.

The said account sent messages to my relatives and friends asking for money. Several recipients believed that the messages came from me because the account used my name and photograph.

I did not consent to the collection, use, posting, or processing of my personal information for the said purpose. The unauthorized use caused embarrassment, anxiety, reputational harm, and financial risk to me and to persons who were contacted by the fake account.

Attached as Annexes are screenshots of the fake account, messages sent by the account, and statements of persons who received the messages.

This is only a drafting illustration and should be revised to match the actual facts and evidence.

XXX. Common Mistakes in Filing Identity Theft Complaints

Victims often weaken their cases by:

  • Failing to preserve evidence before takedown;
  • Submitting unclear screenshots;
  • Not showing the URL or username;
  • Not proving lack of consent;
  • Not identifying the personal information misused;
  • Filing only a blotter but not a formal complaint;
  • Waiting too long;
  • Deleting messages;
  • Altering screenshots;
  • Posting accusations online without sufficient proof;
  • Threatening the suspected offender;
  • Failing to coordinate with banks or platforms;
  • Not securing compromised accounts.

A police blotter is useful but is usually not the same as a full criminal complaint.

XXXI. Remedies Available to the Victim

Depending on the case, the victim may seek:

  • Criminal investigation;
  • Prosecution;
  • Takedown of fake accounts;
  • Account recovery;
  • Freezing or reversal investigation of fraudulent transactions;
  • Correction of false records;
  • Deletion of unlawfully processed data;
  • Data privacy investigation;
  • Damages;
  • Restitution;
  • Injunction;
  • Cease-and-desist relief;
  • Administrative sanctions against regulated entities.

XXXII. Practical Checklist Before Filing

Before filing, the complainant should prepare:

  • Valid government ID;
  • Complaint-affidavit;
  • Screenshots and printouts;
  • Links and usernames;
  • Copies of messages;
  • Transaction records;
  • Bank or e-wallet reports;
  • Platform reports;
  • Witness affidavits;
  • Affidavit of denial, if applicable;
  • Proof of ownership of the misused identity;
  • Proof of account ownership, if relevant;
  • Timeline of events;
  • Contact details of witnesses;
  • Copies of correspondence with the respondent, platform, bank, lender, or provider.

XXXIII. Legal Strategy Considerations

The best legal route depends on the facts.

A case involving a fake Facebook profile may focus on computer-related identity theft and cyberlibel.

A case involving unauthorized bank transactions may focus on cybercrime, access device fraud, estafa, and bank fraud investigation.

A case involving unauthorized use of IDs in a loan application may involve falsification, estafa, data privacy violations, and complaints against the lender if it failed to verify identity.

A case involving a company’s leak of personal data may focus on the Data Privacy Act and regulatory compliance.

A case involving impersonation to scam others may involve both the identity theft victim and the defrauded persons as complainants.

XXXIV. Role of Lawyers

A lawyer can assist in:

  • Assessing the proper charges;
  • Drafting complaint-affidavits;
  • Organizing evidence;
  • Filing complaints;
  • Coordinating with investigators;
  • Preparing reply-affidavits;
  • Seeking civil damages;
  • Handling data privacy complaints;
  • Responding to counter-allegations;
  • Protecting the complainant from defamation or privacy risks.

While victims may report identity theft without a lawyer, legal assistance is valuable in complex cases involving financial fraud, multiple respondents, companies, cyber evidence, or substantial damages.

XXXV. Conclusion

Identity theft in the Philippines is a serious legal matter that may involve cybercrime, fraud, falsification, privacy violations, financial offenses, harassment, or reputational harm. The proper filing of a case depends on identifying the exact acts committed, the personal information misused, the technology or documents involved, the harm caused, and the evidence available.

A victim should preserve evidence immediately, secure personal and financial accounts, notify relevant institutions, and file the appropriate complaint with law enforcement, the prosecutor’s office, the National Privacy Commission, or other regulators depending on the circumstances.

The strongest identity theft complaints are factual, well-documented, timely filed, and supported by clear proof of unauthorized use of personal information.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login