Legal Steps After Online Scam Philippines

Legal Steps After an Online Scam in the Philippines

(Comprehensive practitioner-level guide – updated to 26 June 2025)

Disclaimer. This article is for general information only and does not create an attorney-client relationship. Laws and rules change; consult a Philippine lawyer or the proper government agency for advice on your specific case.

1. First 24 Hours – Damage Control & Evidence Preservation

Task Why It Matters How to Do It
Screen-grab & export everything Electronic evidence is easily deleted or altered. Philippine courts apply the Rule on Electronic Evidence (A.M. No. 01-7-01-SC) requiring authenticity. Capture full-screen images or video of the website, chat, e-mails, transaction IDs, phone numbers, dates/time-stamps, and your own ID. Save copies to two locations (e.g., cloud + USB).
Freeze or recall funds Banks/e-wallets may recover or hold the money if reported quickly. Call your bank’s fraud hotline immediately. Give transaction details; follow BSP Memorandum No. M-2023-024 on “Cooling-Off and Recuperation Periods.”
Change passwords / block cards / lock SIM Prevent further unauthorized access or identity theft. Use the bank app’s “card lock,” reset e-mail passwords, and request telco SIM blocking under the SIM Registration Act (RA 11934).
Notify the platform E-commerce and social media T&Cs require prompt reporting; they may suspend the scammer’s account and provide logs. Use the in-app “Report” feature and retain the acknowledgment reference number.

2. Core Statutes & Offences

Law Key Offence(s) & Penalties Notes on Enforcement
Revised Penal Code Art. 315 – Estafa Up to reclusión temporal (12–20 yrs) if ≥ ₱2,000,000. Still the “catch-all” fraud provision; RA 10951 adjusted value thresholds.
RA 10175 – Cybercrime Prevention Act (2012) Online estafa, phishing, computer-related identity theft; penalties one degree higher than RPC. Venue: any place where any element was committed or where the victim resides (Sec. 21).
RA 8484 – Access Devices Regulation Act (1998) Credit/debit-card fraud, unauthorized “access devices.” 6–20 yrs + ₱10,000 per access device.
RA 8792 – E-Commerce Act (2000) Hacking, unauthorized access (if no other specific law). Enables admissibility of electronic evidence.
RA 11765 – Financial Products and Services Consumer Protection Act (2022) Administrative fines vs. banks/e-wallets that fail to resolve fraud complaints. BSP, SEC or IC has enforcement power.
Data Privacy Act (RA 10173) Unauthorized processing or breach of personal data. File separate complaint with National Privacy Commission (NPC).
Securities Regulation Code (RA 8799) & RA 11232 Investment-type scams, Ponzi schemes, unregistered offerings. SEC Enforcement and Investor Protection Department (EIPD).

3. Which Agency Do I Go To?

Scenario Primary Agency Where / How to File
Phishing, online selling scam, romance scam, crypto swindle NBI-Cybercrime Division (NBI-CCD) Walk-in: Taft Avenue, Manila or any Regional NBI Office → fill out Complaint-Affidavit with evidence.
Same scenarios (alternative) PNP Anti-Cybercrime Group (PNP-ACG) Camp Crame, QC or regional ACG desks; hotline 8988-4042.
Investment/Fx/crypto offering without SEC license SEC EIPD E-mail docs to epd@sec.gov.ph; or file at SEC Main (Mandaluyong).
Bank/e-wallet refused to reverse an unauthorized transfer Bangko Sentral ng Pilipinas – Consumer Assistance Mechanism (CAM) File online at bsp.gov.ph via CH complaint form within 15 days after failed resolution.
Data leak or identity theft National Privacy Commission Lodge a complaint-affidavit and breach notification via email or portal.
Goods not delivered / deceptive sales ≤ ₱500k DTI – Fair Trade Enforcement Bureau For mediation/ arbitration; file Form DTI-CPD-2024-01.

4. Step-by-Step Criminal Complaint Flow

  1. Draft a sworn Complaint-Affidavit

    • Identify yourself, the scammer (if known), narration of facts, elements of the crime, list of evidence.
    • Attach annexes: screenshots, transaction records, notarized copies.

  2. Secure a Barangay Certification (optional but often required by prosecutors outside Metro Manila).

  3. File with NBI-CCD or PNP-ACG → they will docket and conduct digital forensic preservation (write-blocked imaging, hash computation) to satisfy Rule on Electronic Evidence.

  4. Referral to Department of Justice (OOC / Office of Cybercrime) – Prosecutor evaluates prima facie case; may issue subpoena under DOJ Circular 61 (2020).

  5. Pre-Charge Investigation – Counter-affidavits, clarificatory hearing.

  6. Information filed in designated Cybercrime Regional Trial Court (each judicial region now has at least one, per A.M. No. 03-11-09-SC).

  7. Arrest warrant / Hold Departure Order (HDO) may issue; coordinate with Bureau of Immigration for lookout.

  8. Trial & Judgment – electronic evidence is presented through live testimony plus authentication via §2, Rule 5 of the Rule on Electronic Evidence (hash values, log reports).

5. Civil & Administrative Remedies

  1. Civil Action for Damages

    • Basis: Art. 19-21, 2176, 2180 of the Civil Code (abuse of rights, quasi-delict) or Art. 33 (independent civil action for fraud).
    • Small Claims up to ₱1,000,000 (as of A.M. No. 08-8-7-SC, 2022 update). No lawyer required.

  2. Restitution / Asset-Freezing

    • Prosecutor may seek asset preservation under the Anti-Money Laundering Act (AMLA, RA 9160 as amended) if proceeds pass through a covered institution.

  3. BSP-Mediated Reimbursement

    • BSP Circular 1164 (2023) compels banks/e-wallets to provisionally credit within 3 business days for unauthorised transfers < ₱100k, pending investigation.

  4. Platform-Internal Dispute

    • Lazada, Shopee, GCash, Maya, GrabPay all have buyer protection programs––file a ticket within 2–7 days; keep the ticket ID for evidence.

  5. Insurance / Cyber-Cover

    • Check if you hold a personal cyber-crime or credit-card purchase protection rider; insurers require police-spot report within 24–48 hours.

6. Timelines & Prescription

Offence Prescriptive Period Starting Point
Estafa (Art. 315, RPC) 15 years if ≥ ₱2 million; 12 yrs if < ₱2 million From discovery of the fraud.
RA 8484 violations 8 years From date of commission.
RA 10175 offenses Same as underlying crime plus suspension while accused is outside PH. From discovery.
Civil action for quasi-delict 4 years From date damage is known.

7. Handling Cross-Border & Crypto Scams

  • Mutual Legal Assistance Treaty (MLAT) requests are channelled through the DOJ – International Affairs Office.
  • The Philippines adopted the Budapest Convention on Cybercrime in 2018 (effective 2021) → enables expedited preservation of traffic data overseas.
  • For cryptocurrency, coordinate with the Cybercrime Investigation and Coordinating Center (CICC) & request blockchain forensics reports (Chainalysis, Elliptic) to trace wallets; courts now recognize such tracing as admissible expert testimony.

8. Practical Tips to Strengthen Your Case

  1. Hash every file (SHA-256) and note the hash in your affidavit.
  2. **Request a Certificate of Authenticity from the platform (Facebook Law Enforcement Portal, etc.).
  3. Two-step filing: Submit soft-copies on USB plus printed copies in a sealed evidence bag.
  4. Bring two valid IDs and notarize on the same day to avoid challenges to affiant competence.
  5. Ask for NBI/PNP “Progress Updates” every 30 days (they are obliged under the Ease of Doing Business Act, RA 11032).

9. Preventive & Long-Term Measures

Measure Statutory Basis / Best Practice
Use Know-Your-Sender (KYS) SMS filtering DICT Memorandum 2023-01 (SIM-spoof blocking).
Enable transaction limits on e-wallets BSP Circular 1138 – risk management controls.
Periodic Data Privacy Impact Assessment (for businesses) NPC Advisory No. 2017-03.
Public awareness: report scam pages to e-gov.ph “Scam Watch” portal (launched 2025). Joint DICT-PNP-NBI project.

10. Free & Low-Cost Help

  • Public Attorney’s Office (PAO) – Criminal complaints for indigent victims.

  • Integrated Bar of the Philippines (IBP) Legal Aid – Cybercrime desks in major chapters.

  • Consumer Care Hotlines

    • BSP: (02) 8708-7087
    • DTI: 1-384 (hotline)
    • NPC: (02) 8234-2228
    • SEC EIPD: (02) 8818-6337

Checklist Summary

  1. Collect & hash evidence
  2. Freeze funds / notify bank & platform
  3. File complaint with NBI-CCD or PNP-ACG (attach notarized affidavit) ➜
  4. (If investment) Report to SEC EIPD
  5. Pursue BSP/DTI reimbursement routes
  6. Optional civil or small-claims suit
  7. Monitor case and follow up every 30 days
  8. Implement preventive cyber-hygiene.

Bottom line: Philippine law offers layered criminal, civil, and administrative avenues to recover money and punish cyber-fraudsters. Success hinges on speed, complete documentation, and choosing the right venue—start acting within hours, not days, of discovering the scam.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login