I. Introduction
Identity theft is one of the most common cybercrimes in the Philippines. It occurs when a person unlawfully obtains, uses, possesses, transfers, or exploits another person’s identifying information, usually for fraud, harassment, unauthorized access, financial gain, reputational harm, or concealment of another crime.
In the Philippine legal context, identity theft is not limited to stealing someone’s government ID or pretending to be another person online. It may involve the misuse of names, photographs, usernames, passwords, mobile numbers, e-mail accounts, social media accounts, bank details, digital wallets, signatures, biometric data, one-time passwords, or other personal information.
The principal law governing cyber-related identity theft is Republic Act No. 10175, or the Cybercrime Prevention Act of 2012. Other relevant laws include the Data Privacy Act of 2012, the Revised Penal Code, laws on access devices and electronic commerce, banking and financial regulations, and procedural rules on cybercrime warrants, evidence, and criminal complaints.
An identity theft cybercrime complaint in the Philippines is usually filed with law enforcement agencies such as the Philippine National Police Anti-Cybercrime Group, the National Bureau of Investigation Cybercrime Division, or directly with the Office of the City or Provincial Prosecutor for preliminary investigation.
II. Legal Definition of Cyber Identity Theft
Under the Cybercrime Prevention Act of 2012, identity theft is punished as a cybercrime when committed through or by means of information and communications technology.
The law defines computer-related identity theft as the intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another person, whether natural or juridical, without right.
This definition is broad. It covers both individuals and entities. A corporation, business, organization, or public institution may also be a victim if its identifying information is misused online.
The phrase “without right” means that the person had no legal authority, consent, or lawful justification to obtain or use the identifying information.
The phrase “identifying information” may include any data that can identify a person or entity, such as:
Name, address, birth date, photographs, government-issued identification numbers, usernames, passwords, e-mail addresses, mobile numbers, social media accounts, bank account details, credit card information, digital wallet details, signatures, biometric information, business names, corporate logos, official e-mail accounts, and other credentials.
III. Essential Elements of Computer-Related Identity Theft
To establish a cyber identity theft complaint, the complainant must generally show the following:
First, there is identifying information belonging to another person or entity.
Second, the respondent acquired, used, misused, transferred, possessed, altered, or deleted such identifying information.
Third, the act was done intentionally.
Fourth, the act was done without right, consent, authority, or lawful basis.
Fifth, the act involved or was committed through information and communications technology, such as the internet, computers, mobile phones, social media platforms, messaging applications, e-mail, cloud storage, online banking, digital wallets, or other electronic systems.
The complainant does not always need to prove actual financial loss to initiate a complaint. Unauthorized use of identifying information may be enough if the elements are present. However, proof of damage, fraud, attempted fraud, threats, harassment, or monetary loss strengthens the complaint and may support additional charges.
IV. Common Forms of Identity Theft in the Philippines
Cyber identity theft may take many forms. Common examples include:
A person creates a fake Facebook, Instagram, TikTok, X, LinkedIn, or dating-app profile using another person’s name and photos.
A scammer uses another person’s identity to solicit money, donations, loans, investments, or online payments.
A person hacks or takes over an e-mail, social media, gaming, work, or financial account.
A scammer uses a stolen SIM card, mobile number, or OTP to access online banking or e-wallet accounts.
A person uses another person’s valid ID, selfie, signature, or personal data to open accounts, register SIM cards, apply for loans, or create digital wallet accounts.
A former partner posts or uses another person’s images and personal details to humiliate, threaten, impersonate, or harass them.
A person pretends to be a company representative, government employee, bank officer, courier, school administrator, or law enforcement officer online.
A person changes the credentials, recovery e-mail, recovery mobile number, or profile information of an account belonging to another person.
A person possesses stolen databases, credentials, screenshots, ID photos, or personal information dumps.
A person uses another person’s identity to commit estafa, phishing, investment fraud, romance scams, employment scams, sextortion, online libel, or blackmail.
V. Related Cybercrimes and Other Offenses
Identity theft often appears together with other offenses. Depending on the facts, a complaint may include several charges.
1. Illegal Access
If the offender accessed a computer system, account, device, e-mail, social media account, bank account, or online platform without authority, the act may also constitute illegal access under the Cybercrime Prevention Act.
2. Computer-Related Fraud
If the stolen identity was used to obtain money, property, credit, services, or financial advantage, the act may also amount to computer-related fraud.
3. Computer-Related Forgery
If the offender created, altered, or used electronic data to make it appear authentic when it was not, there may be computer-related forgery.
4. Cyber Libel
If the offender used another person’s identity to publish defamatory statements online, or created a fake account to malign someone, cyber libel may be involved.
5. Unjust Vexation, Grave Threats, Coercion, or Harassment
If the identity theft was accompanied by harassment, intimidation, threats, or abusive communications, offenses under the Revised Penal Code may apply.
6. Estafa or Swindling
If the stolen identity was used to deceive another person and cause financial loss, estafa may be charged.
7. Access Device Fraud
If credit cards, debit cards, account numbers, electronic payment credentials, or similar access devices were used, offenses relating to access devices may be relevant.
8. Data Privacy Violations
If personal information was processed, disclosed, shared, or used without lawful basis, the matter may also involve the Data Privacy Act of 2012.
9. SIM Registration-Related Misuse
If identity documents or personal data were used to fraudulently register a SIM card, additional violations may arise under laws and rules governing SIM registration.
10. Violence Against Women and Children or Safe Spaces Issues
If identity theft is used in the context of intimate partner abuse, sexual harassment, stalking, image-based abuse, or gender-based online harassment, other laws may be considered, depending on the facts.
VI. Who May File the Complaint
The complaint may be filed by:
The person whose identity was stolen or misused.
A parent or legal guardian, if the victim is a minor.
An authorized representative, if supported by a special power of attorney or proper authorization.
A corporation, partnership, school, government office, or organization whose identity, brand, account, official e-mail, or digital credentials were misused.
A person who suffered damage because another person’s identity was used to defraud them.
In some cases, law enforcement may initiate investigation based on reports, referrals, or intelligence, especially if there are multiple victims or organized cybercriminal activity.
VII. Where to File an Identity Theft Cybercrime Complaint
A complainant may file a report or complaint with any of the following:
1. Philippine National Police Anti-Cybercrime Group
The PNP Anti-Cybercrime Group receives cybercrime complaints, conducts digital investigation, assists in preservation requests, and may refer the case for prosecution.
2. National Bureau of Investigation Cybercrime Division
The NBI Cybercrime Division also receives complaints involving hacking, impersonation, online scams, phishing, account takeover, cyber libel, and identity theft.
3. Office of the City or Provincial Prosecutor
A criminal complaint may be filed directly with the prosecutor’s office through a complaint-affidavit and supporting evidence. The prosecutor determines probable cause through preliminary investigation or inquest, depending on the circumstances.
4. National Privacy Commission
If the issue involves unauthorized processing, disclosure, breach, misuse, or mishandling of personal data by a person, company, organization, or personal information controller, a complaint may also be brought before the National Privacy Commission.
5. Banks, E-Wallet Providers, Telcos, and Platforms
Victims should also report to the relevant bank, e-wallet, social media platform, telco, e-commerce site, or online service. These reports do not replace criminal complaints, but they may help preserve evidence, suspend fraudulent accounts, recover access, freeze suspicious transactions, or trace activity.
VIII. Initial Steps for a Victim
A victim should act quickly. Identity theft cases are evidence-sensitive because digital traces may disappear, accounts may be deleted, and logs may be retained only for a limited time.
Recommended immediate steps include:
Secure all affected accounts by changing passwords, enabling two-factor authentication, revoking unknown sessions, and updating recovery e-mail and mobile numbers.
Take screenshots of fake profiles, messages, posts, transaction records, account settings, URLs, timestamps, usernames, mobile numbers, e-mail addresses, and other identifiers.
Do not delete messages or posts before preserving evidence.
Save links, user IDs, transaction reference numbers, phone numbers, e-mail headers, IP-related notices, and platform notifications.
Report the fake account, scam account, or hacked account to the platform.
Notify banks, e-wallets, telcos, employers, schools, or contacts who may be affected.
File an incident report or complaint with PNP-ACG, NBI Cybercrime Division, or the prosecutor’s office.
Execute a complaint-affidavit narrating the facts in chronological order.
Preserve the device used to receive messages or access the compromised account, if relevant.
Avoid communicating further with the offender unless advised by law enforcement or counsel.
IX. Evidence Needed for an Identity Theft Cybercrime Complaint
Evidence is crucial. The complaint should not merely allege that identity theft happened; it should show how the identity was misused and connect the respondent to the act where possible.
Useful evidence includes:
Screenshots of the fake account, profile, messages, posts, comments, advertisements, or transactions.
URLs of fake profiles, posts, listings, websites, or pages.
Account usernames, user IDs, page IDs, profile links, handles, e-mail addresses, and phone numbers.
Copies of messages from the offender.
Copies of messages from victims who were deceived by the offender.
Proof that the identifying information belongs to the complainant, such as government IDs, official documents, employment records, business registration documents, or account ownership records.
Proof of lack of consent, such as a statement that the complainant did not authorize the use.
Bank records, e-wallet transaction records, remittance receipts, payment confirmations, loan application records, or delivery records.
SIM card information, call logs, text messages, OTP alerts, and telco notices.
E-mail security alerts, login history, password reset notices, IP login notices, and account recovery records.
Police blotter, incident reports, demand letters, platform reports, and correspondence with banks or platforms.
Witness affidavits from persons who saw the fake account, communicated with the offender, or sent money because of the impersonation.
Notarized complaint-affidavit and supporting affidavits.
The strongest complaints usually contain a clear timeline, preserved electronic evidence, proof of identity ownership, proof of unauthorized use, and some traceable identifiers of the offender.
X. Screenshots and Digital Evidence
Screenshots are commonly used in cybercrime complaints, but they should be handled carefully.
A useful screenshot should show:
The full screen or enough context to identify the platform.
The profile name, username, handle, or account ID.
The URL or link, if available.
The date and time, if visible.
The content complained of.
The sender and recipient, for messages.
The transaction reference, for financial matters.
The complainant should save both screenshot images and original electronic copies where possible. For e-mails, the full e-mail with headers may be important. For websites, the URL should be copied. For social media posts, the direct post link should be preserved.
Screenshots may be supported by an affidavit explaining who took them, when they were taken, what device was used, what account was accessed, and how the screenshots accurately represent what appeared online.
XI. Complaint-Affidavit: Contents and Structure
A criminal complaint for identity theft is usually supported by a complaint-affidavit. It should be factual, chronological, and specific.
A typical complaint-affidavit includes:
The full name, age, citizenship, address, and contact details of the complainant.
The identity of the respondent, if known. If unknown, the respondent may initially be described by username, account name, phone number, e-mail address, digital wallet account, or other identifiers.
A statement that the complainant is the owner of the identifying information.
A narration of how the complainant discovered the identity theft.
A description of what information was used without consent.
A statement that the complainant did not authorize the respondent to use, acquire, possess, transfer, alter, delete, or misuse the identifying information.
A description of the platform, website, app, device, account, or system involved.
Details of any fraud, harassment, defamation, threats, account takeover, monetary loss, or other harm.
A list of attached evidence.
A request that the respondent be investigated and prosecuted for computer-related identity theft and other applicable offenses.
A jurat or notarization, since affidavits must generally be sworn.
XII. Sample Allegation Language
A complaint-affidavit may contain language similar to the following:
“I am the lawful owner and user of the name, photographs, mobile number, e-mail address, and social media account described in this complaint. I did not authorize the respondent, or any other person acting on the respondent’s behalf, to acquire, use, misuse, possess, transfer, alter, or delete my identifying information.”
“On or about [date], I discovered that a Facebook account using my name and photographs was created without my consent. The said account used my personal information to communicate with my relatives and friends and solicit money from them.”
“The respondent’s acts constitute computer-related identity theft under Republic Act No. 10175 because my identifying information was intentionally used through information and communications technology without right or authority.”
“Because of the respondent’s acts, I suffered anxiety, reputational damage, financial loss, and inconvenience. Some of my contacts believed that the fake account belonged to me.”
This sample language should be adapted to the facts of the case.
XIII. Identifying an Unknown Offender
Many identity theft complaints begin with an unknown offender. This does not automatically prevent filing.
The complainant may identify the offender through:
Username or handle.
Profile URL.
E-mail address.
Mobile number.
Digital wallet number.
Bank account number.
IP-related login notices.
Delivery address.
Remittance recipient details.
Device information.
Conversation records.
Recovery account information.
Platform records.
Law enforcement may request preservation of data, issue subpoenas, apply for cybercrime warrants, coordinate with service providers, or trace financial transactions, subject to legal requirements.
However, private complainants should not hack back, threaten the suspected offender, unlawfully access accounts, or publicly accuse someone without adequate basis. Doing so may create legal exposure.
XIV. Preservation of Computer Data
Cybercrime investigations often depend on timely preservation of electronic data. Service providers may retain logs only for limited periods. Once deleted, account data or transaction information may become difficult or impossible to recover.
A complainant should promptly request law enforcement assistance to preserve:
Account registration information.
Login logs.
IP logs.
Recovery e-mails and numbers.
Message metadata.
Uploaded content.
Transaction records.
Linked accounts.
Device identifiers.
Deletion or modification history.
Under the cybercrime framework, authorities may seek preservation and disclosure of computer data through lawful processes. The purpose is to prevent loss or alteration of evidence while investigation is ongoing.
XV. Cybercrime Warrants and Investigation Tools
In cybercrime cases, courts may issue warrants and orders relating to computer data, subject to procedural rules and constitutional safeguards.
Relevant investigative tools may include:
Warrant to disclose computer data.
Warrant to intercept computer data, where legally allowed and applicable.
Warrant to search, seize, and examine computer data.
Orders for preservation of computer data.
Subpoenas and requests for information.
Forensic examination of devices.
These tools are generally not available to private individuals acting alone. They require law enforcement participation, prosecutorial evaluation, and court authorization where required.
XVI. Jurisdiction and Venue
Cybercrime cases can raise questions of jurisdiction because online acts may involve multiple locations.
Philippine jurisdiction may exist where:
The complainant is in the Philippines.
The offender is in the Philippines.
The computer system, device, or data affected is in the Philippines.
The harmful effects occurred in the Philippines.
The fraudulent transaction involved Philippine banks, e-wallets, telcos, platforms, or victims.
The identity theft targeted a Filipino citizen, resident, business, or institution.
Venue may depend on where the offense was committed, where any of its elements occurred, where the complainant resides, where the offender acted, where the system was accessed, or where damage occurred, depending on the procedural rules and facts.
XVII. Penalties
Under the Cybercrime Prevention Act, computer-related identity theft is punishable by imprisonment and/or fine. Cybercrime offenses generally carry penalties that may be one degree higher than similar offenses under the Revised Penal Code when committed by means of information and communications technology.
The exact penalty depends on the offense charged, the relationship between identity theft and other crimes, aggravating circumstances, whether the offender is a natural person or juridical person, and the findings of the court.
If identity theft is committed together with estafa, cyber libel, illegal access, computer-related fraud, or data privacy violations, the offender may face multiple charges or penalties.
Corporate liability may also arise if a juridical entity knowingly allowed or benefited from the unlawful act, subject to the requirements of law.
XVIII. Identity Theft and the Data Privacy Act
The Data Privacy Act of 2012 protects personal information and sensitive personal information. Identity theft may involve data privacy issues when personal data is collected, processed, shared, disclosed, retained, or used without lawful basis.
The Data Privacy Act may be relevant where:
A company failed to protect personal data.
An employee misused customer or employee information.
A personal database was leaked or sold.
Personal information was used to open accounts without consent.
Sensitive personal information, such as government ID numbers, health information, financial data, or biometrics, was processed unlawfully.
A personal information controller failed to implement reasonable security measures.
The National Privacy Commission may handle complaints involving data privacy violations. However, a data privacy complaint is different from a criminal cybercrime complaint. In many cases, both may be pursued depending on the facts.
XIX. Identity Theft and Banks, E-Wallets, and Online Lending
Financial identity theft is especially common. It may involve unauthorized bank transfers, digital wallet cash-ins and cash-outs, fraudulent loans, account takeover, phishing, SIM swapping, fake customer support, or unauthorized use of IDs.
A victim should immediately notify the bank or e-wallet provider to:
Freeze the affected account.
Dispute unauthorized transactions.
Request investigation.
Change credentials.
Revoke linked devices.
Preserve transaction records.
Obtain reference numbers and written confirmation.
Victims should preserve all transaction notices, OTP messages, bank alerts, e-mails, chat logs, and support tickets. These records may establish the timeline and show that the transactions were unauthorized.
Online lending identity theft may involve the use of another person’s ID and selfie to obtain a loan. Victims should ask the lending company for details of the account allegedly opened, dispute the debt in writing, request preservation of documents, and report the unauthorized use to law enforcement and, where relevant, regulatory agencies.
XX. Identity Theft and Social Media Impersonation
Social media impersonation is one of the most visible forms of identity theft. It may be criminal when a person intentionally uses another person’s identifying information without right.
The following facts strengthen a social media identity theft complaint:
The fake account uses the complainant’s real name or nickname.
The fake account uses the complainant’s photographs.
The fake account contacts the complainant’s friends, family, customers, classmates, or co-workers.
The fake account solicits money or personal information.
The fake account posts defamatory, sexual, threatening, or humiliating content.
The fake account uses private information not publicly available.
The fake account causes confusion, reputational harm, financial damage, or distress.
The complainant should capture the profile link, account ID, screenshots of posts and messages, and reports from people contacted by the fake account.
XXI. Identity Theft and Hacked Accounts
A hacked account may involve both identity theft and illegal access. Once an offender gains control of an account, they may use the victim’s identity to deceive others, change credentials, erase data, demand ransom, or commit scams.
Relevant evidence includes:
Login alerts.
Password reset notices.
Changed recovery information.
Unknown devices.
Unknown IP locations.
Messages sent by the hacker.
Posts made during the compromise.
Recovery attempts.
Platform support communications.
Proof of prior ownership of the account.
Account takeover cases should be reported immediately to both the platform and cybercrime authorities.
XXII. Identity Theft and Phishing
Phishing is a common method of obtaining identifying information. The offender may send fake links, fake bank alerts, fake delivery notices, fake job offers, fake government aid forms, or fake customer support pages to collect credentials.
Phishing may lead to charges for identity theft, computer-related fraud, illegal access, and other offenses.
Evidence may include:
The phishing link.
The sender’s number or e-mail.
Screenshots of the fake page.
The exact message received.
Time and date of the message.
Credentials or data requested.
Subsequent unauthorized transactions.
Platform or bank alerts.
Victims should avoid clicking suspicious links again. Instead, they should preserve screenshots and report the incident.
XXIII. Defenses Commonly Raised by Respondents
A respondent may raise several defenses, including:
Consent or authority to use the information.
Lack of intent.
Mistaken identity.
Account was hacked by someone else.
Information was publicly available.
No identifying information was used.
No actual damage occurred.
The respondent did not own or control the account.
The screenshots are fabricated or incomplete.
The use was parody, commentary, or legitimate expression.
The complaint is retaliatory or malicious.
These defenses do not automatically defeat a complaint. For example, the fact that a photograph is publicly visible online does not necessarily authorize another person to use it for impersonation, fraud, harassment, or account creation. Likewise, lack of financial damage does not always eliminate criminal liability if the law punishes unauthorized use itself.
XXIV. Publicly Available Information Is Not Always Free to Misuse
A common misconception is that information posted online may be freely used by anyone. This is not correct.
Even if a name or photograph is publicly visible, another person may still be liable if they intentionally use that identifying information without right, especially for impersonation, deception, fraud, harassment, or reputational harm.
Public availability may be relevant to the facts, but it is not a complete defense in every case.
XXV. Minors as Victims or Offenders
If the victim is a minor, the complaint may be filed by a parent, guardian, or authorized representative. The case may also involve child protection laws if the identity theft includes sexual exploitation, bullying, harassment, grooming, or coercion.
If the offender is a minor, special rules on juvenile justice may apply. The child’s age, discernment, intervention programs, diversion, and custody issues may become relevant. The focus may shift depending on whether the child acted with discernment and whether adults were involved.
XXVI. Civil Liability
A criminal complaint may also involve civil liability. The victim may claim:
Actual damages, such as money lost, costs of recovery, legal expenses, and expenses caused by the fraud.
Moral damages for anxiety, humiliation, reputational injury, emotional distress, or mental suffering.
Exemplary damages in appropriate cases.
Attorney’s fees and litigation expenses, where legally justified.
Restitution or return of money.
In criminal cases, civil liability may be deemed instituted with the criminal action unless reserved, waived, or separately filed, subject to procedural rules.
XXVII. Administrative and Workplace Issues
Identity theft may also create administrative consequences. If the offender is an employee, student, public officer, licensed professional, or regulated person, the conduct may violate internal rules or professional standards.
Possible administrative proceedings include:
Workplace disciplinary action.
School disciplinary action.
Professional license complaints.
Public officer administrative cases.
Banking, insurance, lending, or financial regulatory complaints.
Data protection compliance proceedings.
Administrative cases are separate from criminal cases and have different standards and procedures.
XXVIII. Role of Barangay Proceedings
Cybercrime complaints are generally criminal matters involving special laws. Barangay conciliation may not always be required, especially for offenses punishable beyond the jurisdiction of barangay conciliation or involving parties outside the same locality.
However, some related minor disputes, threats, harassment, or personal conflicts may pass through barangay processes depending on the parties, location, and offense involved.
For serious cybercrime identity theft, especially involving fraud, hacking, account takeover, or unknown offenders, direct reporting to cybercrime authorities or the prosecutor is usually more appropriate.
XXIX. Prescription Period
Criminal offenses have prescription periods, meaning the State must prosecute within a legally specified time. The period depends on the offense and penalty. Identity theft cases should be filed promptly because delay can affect both prescription and availability of digital evidence.
Even before prescription becomes an issue, delay may make it harder to obtain platform logs, bank records, deleted messages, or account information.
XXX. Practical Checklist for Filing
A complainant preparing an identity theft cybercrime complaint should gather:
Valid government ID of the complainant.
Complaint-affidavit.
Screenshots and links.
Proof of ownership of the stolen identity or account.
Proof of unauthorized use.
Proof of damage or attempted fraud, if any.
Witness affidavits.
Bank, e-wallet, telco, or platform reports.
Transaction records.
Messages and e-mails.
Device and account security alerts.
Police blotter or incident report, if available.
Printed copies and electronic copies of evidence.
Chronology of events.
The complaint should be organized by date and labeled attachments. Clear presentation helps investigators and prosecutors evaluate probable cause.
XXXI. Draft Outline of a Complaint-Affidavit
A practical outline may look like this:
Republic of the Philippines [City/Province]
Affidavit-Complaint
I, [Name], Filipino, of legal age, residing at [address], after being sworn, state:
I am the complainant in this case.
I am the owner of the identifying information used without authority, including my [name/photos/mobile number/e-mail/social media account/ID details].
On [date], I discovered that [describe fake account, unauthorized use, hacked account, fraudulent transaction, or impersonation].
The account, page, number, e-mail, or profile involved is [identify account, URL, number, e-mail, username, or other identifier].
The respondent, known to me as [name/username/unknown person], used my identifying information without my consent.
I did not authorize the respondent to acquire, use, misuse, possess, transfer, alter, delete, or otherwise exploit my identifying information.
The unauthorized use was done through information and communications technology, specifically [platform/app/device/system].
Because of these acts, I suffered [financial loss/reputational damage/anxiety/account loss/harassment/other harm].
Attached are copies of screenshots, links, messages, transaction records, and other evidence marked as Annexes.
I am executing this affidavit to charge the respondent with computer-related identity theft under Republic Act No. 10175 and other applicable offenses.
Affiant further sayeth naught.
[Signature] [Name]
Subscribed and sworn to before me this ___ day of ______ at ______.
XXXII. Burden of Proof and Probable Cause
At the complaint stage, the prosecutor determines whether there is probable cause. Probable cause does not require proof beyond reasonable doubt. It requires sufficient facts to believe that a crime was committed and that the respondent is probably guilty.
At trial, however, the prosecution must prove guilt beyond reasonable doubt.
This difference matters. A complaint may proceed if the evidence supports probable cause, but conviction requires stronger proof, authentication of evidence, credible testimony, and compliance with procedural rules.
XXXIII. Authentication of Electronic Evidence
Electronic evidence must be authenticated. The party presenting it should show that it is what it claims to be.
Authentication may be done through:
Testimony of the person who took the screenshots.
Testimony of the account owner.
Platform records.
Device examination.
E-mail headers.
Metadata.
Business records from banks, telcos, or platforms.
Witnesses who received the messages.
Admissions by the respondent.
The rules on electronic evidence allow electronic documents and data messages to be admitted, provided their authenticity and integrity are shown.
XXXIV. Avoiding Weak Complaints
An identity theft complaint may be weakened by:
Screenshots without links or context.
Failure to show that the information belongs to the complainant.
Failure to state lack of consent.
No clear timeline.
No explanation of how the respondent is connected to the account.
Speculation without supporting facts.
Deleted original messages.
Failure to preserve URLs, account IDs, or transaction records.
Public accusations before evidence is secured.
Confusing identity theft with mere criticism, parody, or opinion.
A strong complaint is specific, evidence-based, chronological, and supported by attachments.
XXXV. Identity Theft Versus Catfishing, Parody, and Fan Accounts
Not every online account using a name or image automatically becomes a criminal identity theft case. Context matters.
A parody account may raise free expression issues if it is clearly satirical and does not deceive others into believing it is the real person.
A fan account may not be criminal if it does not pretend to be the person, does not misuse private information, and does not engage in fraud or harassment.
Catfishing may become identity theft when the offender uses another real person’s identity without consent to deceive, obtain money, solicit intimate images, harass, or cause harm.
The key question is whether identifying information was intentionally used without right and whether the circumstances show impersonation, misuse, fraud, or unlawful purpose.
XXXVI. Identity Theft Involving Businesses
Businesses can also be victims. Examples include:
Fake business pages.
Fake customer support accounts.
Unauthorized use of company logos.
Impersonation of officers or employees.
Fake invoices.
Business e-mail compromise.
Fraudulent supplier instructions.
Fake job postings.
Fake investment solicitations.
Misuse of corporate registration documents.
A company should file through an authorized representative and attach proof of authority, such as a board resolution, secretary’s certificate, special power of attorney, or corporate authorization.
Evidence should include business registration documents, official account ownership records, screenshots of fake pages, customer complaints, fraudulent invoices, transaction records, and proof that the company did not authorize the account or communication.
XXXVII. Identity Theft and Online Sellers
Online sellers are frequently affected by identity theft. Scammers may use a seller’s shop name, photos, customer reviews, business permits, or product listings to deceive buyers.
Victims should report the fraudulent shop or page to the marketplace, preserve product listing screenshots, obtain buyer complaints, and file a cybercrime complaint if the facts show unauthorized use of identifying information.
Buyers who were defrauded may also file complaints for estafa, computer-related fraud, and related offenses.
XXXVIII. Identity Theft and Employment Scams
A scammer may impersonate a company, recruiter, HR officer, or job applicant. The scammer may collect application fees, identity documents, bank details, or personal information.
Victims should preserve:
Job posts.
E-mails.
Chat messages.
Payment requests.
Fake employment contracts.
Company names and logos used.
Names of supposed recruiters.
Bank or e-wallet accounts used.
Companies whose identities are misused should issue public warnings, report fake pages, and file complaints where appropriate.
XXXIX. Identity Theft and Romance Scams
In romance scams, offenders often use stolen photos and names to build trust, request money, or obtain intimate images. The person whose photos were stolen may be a victim of identity theft, while the person deceived into sending money may be a victim of fraud.
Both may have legal remedies. The stolen identity victim may complain about unauthorized use of identifying information. The defrauded person may complain about estafa, computer-related fraud, or related offenses.
XL. Identity Theft and Sextortion
Identity theft may be combined with sextortion when an offender uses a fake identity to obtain intimate images or videos and later threatens to distribute them.
Possible offenses may include identity theft, computer-related fraud, threats, coercion, unjust vexation, anti-photo and video voyeurism violations, child protection offenses if a minor is involved, and gender-based online sexual harassment depending on the facts.
Victims should not pay without seeking help, should preserve all threats and payment demands, and should report promptly.
XLI. Remedies Against Fake Accounts
Victims may pursue both platform remedies and legal remedies.
Platform remedies include:
Reporting impersonation.
Requesting takedown.
Recovering hacked accounts.
Disabling fake pages.
Removing unauthorized images.
Flagging scams.
Legal remedies include:
Cybercrime complaint.
Data privacy complaint.
Civil action for damages.
Demand letter.
Protection orders or other remedies in abuse-related situations.
Administrative complaint, where applicable.
Platform takedown may stop the immediate harm, but it may also remove visible evidence. Therefore, evidence should be preserved before requesting removal whenever possible.
XLII. Mistaken Identity and Due Process
A complainant should be careful in naming a respondent. A username, number, or account does not always conclusively identify the real offender. Accounts can be hacked, numbers can be spoofed, and documents can be forged.
Due process requires that the respondent be given an opportunity to answer the complaint. Prosecutors evaluate both the complaint and counter-affidavits before deciding whether to file an information in court.
False or reckless accusations may expose the complainant to counterclaims or complaints. Therefore, allegations should be factual, restrained, and supported by evidence.
XLIII. Coordination With Counsel
While victims may file complaints themselves, legal counsel can help in:
Determining proper charges.
Drafting the complaint-affidavit.
Organizing evidence.
Avoiding defective allegations.
Requesting preservation of evidence.
Coordinating with banks, platforms, and authorities.
Preparing for preliminary investigation.
Assessing civil and administrative remedies.
Cases involving large financial loss, corporate impersonation, multiple victims, intimate images, minors, or unknown foreign offenders especially benefit from legal assistance.
XLIV. Common Mistakes by Victims
Victims often make mistakes that weaken their cases, such as:
Deleting the fake account messages.
Failing to save URLs.
Only taking cropped screenshots.
Posting accusations online before filing.
Negotiating with scammers.
Paying extortion demands repeatedly.
Using unofficial “hack recovery” services.
Giving more personal information to supposed helpers.
Failing to report immediately to banks or e-wallets.
Failing to execute affidavits from witnesses.
Not following up with law enforcement or prosecutors.
Preservation and documentation should come first.
XLV. Common Questions
Is using someone’s photo online automatically identity theft?
Not always. It depends on intent, context, and whether identifying information was used without right. A fake account pretending to be the person, soliciting money, or harming reputation is much stronger than a mere repost, though unauthorized use of images may still raise other issues.
Can I file a complaint if I do not know the offender’s real name?
Yes. A complaint may begin with usernames, URLs, numbers, e-mails, or other identifiers. Law enforcement may assist in identifying the offender through lawful processes.
Can identity theft exist even without monetary loss?
Yes. Financial loss strengthens a case, but unauthorized use of identifying information may itself be actionable if the elements of the offense are present.
What if the offender deleted the fake account?
Screenshots, links, witness affidavits, platform reports, cached data, and preservation requests may still help. Prompt reporting is important.
Can I sue the platform?
That depends on the facts. Platforms generally have reporting mechanisms. Liability may be difficult unless there is a specific legal basis, failure to act despite notice, data privacy issue, contractual obligation, or other actionable conduct.
Can a company file an identity theft complaint?
Yes. The law covers identifying information of natural and juridical persons.
Is a police blotter enough?
No. A blotter records the incident but does not by itself prosecute the offender. A formal complaint-affidavit and supporting evidence are usually needed.
Should I report to both PNP and NBI?
A victim may choose one primary law enforcement agency to avoid duplication. For urgent matters, financial fraud, account takeover, or serious threats, immediate reporting to any competent cybercrime unit is advisable.
XLVI. Practical Legal Analysis
The core of a Philippine cyber identity theft case is unauthorized use of identifying information through ICT. The prosecution does not merely ask whether the complainant was upset or embarrassed. It asks whether the respondent intentionally used or dealt with identifying information belonging to another person without right.
A strong case usually answers five questions clearly:
What identifying information was used?
Who owns that identifying information?
How was it used?
Why was the use unauthorized?
What evidence connects the act to the respondent?
If fraud occurred, the complaint should also show who was deceived, how they were deceived, what representation was made, what money or benefit was obtained, and where the transaction went.
If account takeover occurred, the complaint should show prior ownership, unauthorized access, credential changes, suspicious logins, and acts done after takeover.
If social media impersonation occurred, the complaint should show that the account would likely cause others to believe it belonged to the complainant or was authorized by the complainant.
XLVII. Conclusion
Identity theft in the Philippines is a serious cybercrime when identifying information is intentionally acquired, used, misused, possessed, transferred, altered, or deleted without right through information and communications technology. It may occur through fake social media accounts, hacked accounts, phishing, financial fraud, SIM misuse, online lending fraud, business impersonation, romance scams, or harassment.
A successful complaint depends on immediate preservation of digital evidence, clear proof of unauthorized use, proper documentation, and a well-prepared complaint-affidavit. The victim should act quickly, secure affected accounts, notify relevant institutions, preserve screenshots and links, obtain witness statements, and file with the appropriate cybercrime authority or prosecutor.
Identity theft cases are often connected with other offenses such as illegal access, computer-related fraud, computer-related forgery, estafa, cyber libel, threats, data privacy violations, and financial fraud. Because of this, each case must be assessed based on its facts, evidence, parties, and harm caused.