Legal Steps to Trace and File a Criminal Case Against a Phone Scammer

Philippine Context

Phone scams in the Philippines range from fake prize claims, bogus package deliveries, impersonation of banks or e-wallets, online selling fraud done through calls or text, OTP theft, investment scams, loan app extortion, and “spoofed” calls pretending to be government or private institutions. When money is lost or personal data is used to deceive, the victim may pursue both immediate protective action and a criminal complaint.

This article explains the legal path, the practical tracing process, the evidence needed, the agencies involved, and the step-by-step procedure for building a criminal case in the Philippines.

I. What a “phone scam” usually is in legal terms

A phone scam is not usually a crime under one label alone. In Philippine law, it is often prosecuted through one or more of the following:

1. Estafa

If the scammer used false pretenses or deceit to get money, property, or a transfer of value, the act commonly falls under estafa under the Revised Penal Code.

Typical examples:

  • pretending to be a bank officer and inducing a transfer,
  • claiming a fake emergency involving a relative,
  • selling a non-existent product after negotiating by phone,
  • asking for “processing fees,” “release fees,” or “verification payments.”

2. Estafa through electronic means or computer-related fraud

If the scam involved mobile banking, e-wallets, online platforms, OTP capture, phishing links, or device/account intrusion, the conduct may also implicate the Cybercrime Prevention Act and related offenses such as computer-related fraud, depending on the method used.

3. Identity theft or unlawful use of personal information

If the scammer used another person’s name, account, SIM registration details, or personal data to deceive, data privacy and identity-related offenses may arise depending on the facts.

4. Unjust vexation, grave threats, coercion, or extortion-related conduct

Some phone scams involve threats, blackmail, or harassment, especially in fake loan collection schemes or sextortion cases.

5. Falsification or use of fictitious names/documents

Where fake IDs, receipts, confirmations, or forged bank/e-wallet messages were used, other criminal provisions may attach.

6. Violations connected with SIM or telecom misuse

Where a SIM card is fraudulently registered, sold under false identity, or used as part of criminal concealment, telecom and SIM-registration-related violations may become relevant to the investigation.

In practice, prosecutors and investigators look at the entire pattern of conduct, not just the call or text itself.

II. The first legal truth: tracing a scammer is possible, but usually indirect

Victims often assume that a phone number immediately reveals the scammer’s full identity. In reality, tracing in the Philippines is possible, but it usually happens through records, financial trails, device trails, account trails, and telecom data, not through a simple public lookup.

A phone number alone may lead nowhere if:

  • the SIM was registered using false identity,
  • the SIM was used only briefly,
  • the scammer used layered accounts or mules,
  • the call was made through internet-based systems,
  • the number was spoofed.

Still, a scammer often leaves traceable points:

  • the receiving bank account,
  • e-wallet destination,
  • remittance claim records,
  • delivery address,
  • courier information,
  • linked social media or messaging account,
  • device IMEI or IP logs,
  • telecom subscriber and traffic data,
  • CCTV at withdrawal or cash-out points,
  • account onboarding KYC documents,
  • registration records tied to the SIM or wallet,
  • transaction reference numbers.

The legal strategy is to build these links fast before data disappears.

III. What to do immediately after discovering the scam

Before filing a criminal case, the victim should act to preserve funds and evidence.

1. Stop further communication

Do not continue sending money, OTPs, PINs, or ID photos. Stop negotiating once the fraud is discovered.

2. Secure accounts immediately

Change passwords and PINs for:

  • bank accounts,
  • e-wallets,
  • email,
  • messaging apps,
  • cloud accounts,
  • social media,
  • phone lock screen and device security.

If the phone itself may be compromised, reset access credentials from a safer device.

3. Call the bank, e-wallet, or payment provider at once

Ask for:

  • immediate blocking or freezing if possible,
  • transaction tracing,
  • incident reference number,
  • copy of transaction details,
  • internal fraud report entry.

Time matters. The fastest chance of recovery is often before the funds are layered or withdrawn.

4. Preserve all evidence

Save and back up:

  • screenshots of calls, texts, chats, emails,
  • transaction confirmations,
  • reference numbers,
  • bank notifications,
  • e-wallet receipts,
  • URLs, QR codes, account names,
  • audio recordings if lawfully obtained,
  • names used by the scammer,
  • time and date of every call or transfer,
  • caller ID screenshots,
  • social media profile links,
  • package receipts or courier records if relevant.

5. Write a chronology while memory is fresh

Make a dated narrative of:

  • first contact,
  • exact representations made,
  • amounts sent,
  • where money was sent,
  • follow-up calls,
  • threats or promises,
  • discovery of deceit,
  • steps you took afterward.

This chronology becomes useful for police affidavits and prosecutor evaluation.

IV. Evidence that matters most in a Philippine scam case

The strongest scam cases are built on documentary and digital evidence. The following are especially valuable:

A. Identity and communication evidence

  • screenshots showing the number used,
  • SMS threads,
  • call logs,
  • Viber/WhatsApp/Telegram/Messenger records,
  • usernames, profile URLs, display names,
  • email headers where relevant.

B. Transaction evidence

  • deposit slips,
  • bank transfer confirmations,
  • InstaPay/PESONet references,
  • e-wallet transaction numbers,
  • remittance records,
  • receipts from payment centers,
  • screenshots of beneficiary details,
  • proof of cash-out.

C. Deceit evidence

  • fake promises,
  • false job offers,
  • fake delivery notices,
  • fake bank messages,
  • forged IDs,
  • fake certificates, permits, invoices, screenshots, or chat representations.

D. Loss evidence

  • exact amount lost,
  • service fees,
  • withdrawals,
  • blocked account notices,
  • statements of account.

E. Corroboration evidence

  • witness statements,
  • similar complaints from other victims,
  • business certification that the caller was not affiliated with the bank/company,
  • official confirmation from courier, bank, or merchant that the transaction was fraudulent.

V. Where to report in the Philippines

Different offices serve different roles. Many victims lose time by reporting only to one office.

1. Local police station

This is the fastest place for a blotter entry and initial complaint documentation.

Use this for:

  • immediate recording,
  • referral,
  • sworn statements,
  • local coordination.

A police blotter is not the criminal case itself, but it helps establish prompt reporting.

2. PNP Anti-Cybercrime Group (ACG)

If the scam involved phones, internet messaging, e-wallets, online platforms, fake links, phishing, account takeover, or digital transactions, the PNP ACG is often the most relevant investigative unit.

They may assist in:

  • cyber complaint intake,
  • preservation of digital evidence,
  • requests to platforms,
  • tracing account and technical records,
  • case build-up for filing.

3. NBI Cybercrime Division

The NBI is commonly used for more technical fraud cases, complex tracing, and situations requiring broader document requests or coordinated investigation.

4. Bank or e-wallet fraud department

This is not a criminal filing venue, but it is essential. The financial institution may help:

  • flag the receiving account,
  • hold funds if still available,
  • identify recipient details subject to legal process,
  • generate transaction certificates.

5. National Telecommunications Commission or telecom provider

For scam numbers, spoofing concerns, abusive telecom use, or SIM-related questions, the telecom provider and relevant regulatory channels may matter. Still, subscriber data is usually not simply handed to the victim; it is commonly released only through lawful investigation or court process.

6. National Privacy Commission

If the case includes misuse, exposure, or theft of personal data, separate data privacy remedies may be relevant.

7. Office of the City or Provincial Prosecutor

This is where the criminal complaint is usually formally filed for preliminary investigation, unless the case is subject to inquest or another immediate procedure.

VI. How “tracing” works legally

Tracing is not vigilante identification. It should be done through lawful channels to avoid inadmissible or unreliable evidence.

A. SIM and subscriber records

Investigators may seek:

  • SIM registration data,
  • subscriber information,
  • activation details,
  • linked account information.

But registration data is not conclusive proof of the true user. A scammer may use:

  • fake identity,
  • another person’s name,
  • stolen credentials,
  • paid “mules.”

So the SIM record is only one link.

B. Call detail and traffic data

Telecom records may help show:

  • incoming and outgoing communications,
  • date and time,
  • cell site or routing data in some circumstances,
  • usage pattern.

Access usually requires lawful process and is typically handled by investigators, prosecutors, or courts, not by private demand alone.

C. Bank and e-wallet KYC records

This is often the most powerful tracing route. Financial institutions may possess:

  • registered name,
  • submitted ID,
  • selfie verification,
  • linked phone number,
  • linked email,
  • transaction history,
  • cash-in or cash-out points,
  • linked bank accounts.

Even if the account owner is a mule, this can identify a real person in the chain.

D. IP logs, device logs, and platform logs

Where the scam used digital channels, investigators may seek:

  • login IP addresses,
  • device identifiers,
  • email recovery data,
  • account creation metadata,
  • linked numbers,
  • timestamps.

E. CCTV and physical withdrawal trail

If funds were withdrawn through ATM, over-the-counter cash-out, remittance pickup, or a payment center, CCTV and branch records can become critical.

F. Delivery or meetup trail

Some scams involve shipping, pickup, or fake riders. Courier and address information can connect identities and locations.

VII. Can a private victim directly demand subscriber data or bank details?

Usually, no.

A victim can ask institutions to investigate or preserve records, but private parties generally do not get unrestricted access to:

  • subscriber data,
  • bank account records,
  • account onboarding files,
  • platform metadata,
  • detailed technical logs.

These are usually released through:

  • lawful requests by investigators,
  • subpoenas,
  • court orders,
  • prosecutor-directed processes,
  • procedures allowed by banking, privacy, and telecom rules.

This is why a formal complaint matters. Without a case track, many institutions will only acknowledge receipt of the complaint but will not disclose sensitive records.

VIII. Step-by-step: how to file the criminal case

Step 1: Prepare a complaint packet

Organize documents in one file, printed and digital:

  1. valid ID of complainant
  2. sworn complaint-affidavit
  3. chronology of events
  4. screenshots and printouts
  5. transaction receipts and account statements
  6. copy of police blotter or incident report, if any
  7. certifications from bank/e-wallet if already obtained
  8. names and addresses of witnesses, if any
  9. USB or digital copy of evidence, if requested

Label exhibits clearly:

  • Exhibit “A” – Screenshot of first text message
  • Exhibit “B” – Call log
  • Exhibit “C” – E-wallet transfer receipt
  • Exhibit “D” – Bank statement
  • Exhibit “E” – Conversation thread

Good exhibit handling makes a major difference.

Step 2: Execute a complaint-affidavit

Your affidavit should state:

  • who you are,
  • how the scammer contacted you,
  • what false statements were made,
  • why you believed them,
  • what money/property you gave,
  • how you discovered the deceit,
  • what proof you have,
  • the relief sought.

Avoid exaggeration. Precision is better than anger.

Step 3: Report to investigators

Go to the police, PNP ACG, or NBI with the affidavit and exhibits. Ask that your complaint be formally received and that the digital/financial tracing process begin.

Ask for:

  • complaint reference number,
  • receiving officer/unit,
  • list of additional evidence needed,
  • next steps.

Step 4: Request preservation of records

Time-sensitive data can disappear. Through investigators or counsel, seek preservation of:

  • bank/e-wallet records,
  • telecom logs,
  • platform/chat records,
  • CCTV,
  • remittance records.

Preservation is often as important as disclosure. If a victim waits too long, some logs may no longer be available.

Step 5: Identify the proper offense

The complaint should be framed under the correct legal theory:

  • estafa,
  • cybercrime-related fraud,
  • identity theft/data misuse,
  • threats/extortion,
  • other related offenses.

It is common for complainants to describe the facts and let investigators/prosecutors refine the exact charges. But the affidavit should still show the elements of deceit, reliance, damage, and traceable participation.

Step 6: File before the prosecutor

A criminal complaint is usually filed before the Office of the Prosecutor where venue is proper.

Venue may be based on:

  • where deceit occurred,
  • where money was sent,
  • where damage was sustained,
  • where any essential element of the offense happened.

Because phone scams cross cities, venue analysis can matter. A wrong venue may delay the case.

Step 7: Preliminary investigation

Once filed, the prosecutor evaluates whether there is probable cause to charge the respondent in court.

This stage may involve:

  • counter-affidavits by respondents,
  • replies/rejoinders in some cases,
  • subpoenas,
  • clarificatory hearings in limited situations.

If the suspect is still unknown, the case may begin as a complaint against John Doe/Jane Doe while tracing continues, though practice varies depending on available identifying data and local procedure.

Step 8: Resolution and filing in court

If probable cause is found, the prosecutor files the Information in court. The case then becomes a criminal case before the appropriate trial court.

IX. What if the scammer is still unidentified?

This is common.

A victim does not always need a complete legal name on day one. A case may begin from:

  • a phone number,
  • account number,
  • e-wallet account,
  • remittance recipient,
  • chat profile,
  • device ID,
  • physical pickup point.

The key is whether there is enough basis for authorities to investigate and trace.

However, the more complete the evidence, the more likely the prosecutor will move efficiently. Filing a weak complaint with only “someone texted me” and no supporting records often stalls.

X. The role of subpoenas and court orders

Victims often hear that “you need a subpoena” or “you need a court order.” That is partly true, but timing matters.

Different records are obtained at different stages through different authorities:

  • investigators may request certain records,
  • prosecutors may issue subpoenas in the preliminary investigation context,
  • courts may issue orders for specific disclosures,
  • institutions may voluntarily preserve but not fully disclose.

Banking secrecy, privacy rules, telecom confidentiality, and digital platform policies often limit what can be released directly to a private complainant. Formal process is usually necessary.

XI. Common legal obstacles in phone scam cases

1. The account owner is only a “money mule”

The person receiving the funds may claim ignorance. That does not always end the case. Investigators then trace:

  • who recruited the account owner,
  • who controlled the account,
  • linked devices and withdrawals,
  • communication between the mule and the main actors.

2. Fake SIM registration

A registered name may be false, stolen, or borrowed. The fix is to combine telecom data with financial and device data.

3. Number spoofing or internet-based calling

A displayed number may not be the true originating source. Investigators then rely more heavily on payment trails and platform logs.

4. Delay in reporting

Late reporting can mean:

  • lost CCTV,
  • expired logs,
  • withdrawn funds,
  • deleted chats,
  • inaccessible platform records.

5. Incomplete screenshots

Screenshots without visible dates, account names, or full conversation context are much weaker than complete captures.

6. Informal settlement pressure

Some fraudsters return part of the money to avoid prosecution. Partial return does not automatically erase criminal liability.

XII. How to strengthen the criminal complaint

A strong complaint usually has these characteristics:

A. Exact dates and amounts

State:

  • when each call happened,
  • the exact number used,
  • the exact account or wallet used,
  • the exact amount transferred.

B. Clear deceit narrative

Show the false representation, your reliance on it, and the resulting loss.

C. Organized exhibits

Do not hand investigators a random folder of unlabeled screenshots.

D. Certified records when possible

Obtain bank statements, official transaction histories, incident acknowledgment, and fraud-case reference numbers.

E. Technical completeness

Include:

  • headers,
  • URLs,
  • handles,
  • account numbers,
  • device screenshots,
  • QR screenshots,
  • call detail screenshots.

F. Witness support

If someone was present during the call or saw the transaction occur, a witness affidavit can help.

XIII. Civil recovery versus criminal prosecution

A phone scam victim may have more than one legal track:

1. Criminal case

Purpose:

  • punish the offender,
  • establish criminal liability,
  • potentially support restitution.

2. Civil action for recovery of money

Purpose:

  • recover damages or the amount lost.

In some cases, civil liability may be deemed instituted with the criminal action, subject to procedural rules and strategy. In others, a separate civil action may be considered. The best route depends on the amount involved, identity of defendants, and proof of collectibility.

Criminal prosecution is not always the fastest way to recover money, but it is often the strongest pressure mechanism where fraud is clear.

XIV. Can the bank or e-wallet be made liable?

Sometimes victims ask whether they can sue the bank, e-wallet, or telecom instead of or alongside the scammer.

That depends on the facts.

Potential issues include:

  • failure of security protocols,
  • unauthorized transaction handling,
  • negligence in account controls,
  • delayed fraud response,
  • account opening deficiencies,
  • platform-side security weaknesses.

But institutions are not automatically criminally liable just because a scam happened through their systems. Their role must be assessed separately from the scammer’s liability.

XV. Are recorded calls admissible?

Call recordings can be useful, but admissibility depends on how they were obtained and authenticated.

As a practical rule:

  • preserve the original file,
  • note the device used,
  • avoid edited versions,
  • be ready to identify the voice or surrounding circumstances,
  • keep metadata where possible.

Edited clips with no foundation are much weaker than full recordings preserved in original form.

XVI. What about screenshots—are they enough?

Screenshots help, but alone they may not always be enough.

Better practice:

  • preserve the original device,
  • export full conversation history when possible,
  • retain transaction emails or official app receipts,
  • obtain certifications from the platform or institution when feasible.

The goal is not just to show that messages existed, but to connect them reliably to the accused and to the fraudulent transfer.

XVII. The usual elements prosecutors look for in scam complaints

To support a fraud-based charge, prosecutors usually want to see:

  1. deceit or false pretenses
  2. reliance by the victim
  3. transfer of money, property, or value
  4. damage or prejudice
  5. participation of the respondent

If any one of these is weak, the complaint becomes harder.

Example:

  • If there was money loss but no proof of deceit, the matter may be treated as civil or as a different offense.
  • If there was deceit but no proof that the named respondent controlled the receiving account or communication channel, the identification part is weak.

XVIII. Special scenario: scam through e-wallet or online bank after a phone call

This is among the most common patterns. The call creates panic or trust; the transfer happens electronically.

In such cases, the best evidence chain is often:

  1. call or text proof,
  2. full conversation thread,
  3. transaction receipt,
  4. destination account data,
  5. financial institution incident report,
  6. recipient account onboarding/KYC obtained by legal process,
  7. cash-out or transfer trail,
  8. CCTV or device/IP linkage.

This is why immediate reporting to the wallet/bank matters as much as police reporting.

XIX. Special scenario: OTP or account takeover scam

If the scammer tricked the victim into revealing an OTP, PIN, password, or verification code, the case may still be prosecutable even though the victim technically entered the code.

Why? Because consent obtained through fraud is not genuine consent in the ordinary sense. The key is to prove:

  • the false pretense,
  • the purpose of the OTP request,
  • the resulting unauthorized transfer.

The defense often argues victim negligence. That does not automatically erase criminal liability of the scammer.

XX. Special scenario: threats, blackmail, or loan app harassment

Where the scammer uses the phone to threaten exposure, violence, false criminal accusation, or contact-shaming, the complaint may also involve:

  • grave threats,
  • unjust vexation,
  • coercion,
  • extortion-related conduct,
  • privacy-related violations,
  • unauthorized processing or publication of personal data.

The strategy shifts from pure fraud proof to harassment and unlawful disclosure proof.

XXI. Can barangay conciliation apply?

Serious fraud or cyber-enabled scam complaints are generally not the kind of matter that victims should reduce to informal neighborhood settlement, especially when:

  • the accused is unknown,
  • the parties do not reside in the same barangay,
  • the act is criminal and technically complex,
  • digital tracing and formal records are needed.

For most real phone scam cases, formal law-enforcement and prosecutor channels are more appropriate.

XXII. Prescription and delay

Victims should not delay. Different offenses have different prescriptive periods, but waiting is risky for a more immediate reason: digital and financial evidence can vanish or become harder to retrieve.

Delay weakens:

  • record preservation,
  • fund recovery chances,
  • witness memory,
  • platform traceability.

Fast reporting is both a practical and legal advantage.

XXIII. What a complaint-affidavit should sound like

A good affidavit is factual, chronological, and specific. It should answer:

  • Who contacted you?
  • Through what number or account?
  • What exactly was said?
  • Why was it false?
  • What did you do because of it?
  • How much did you lose?
  • Where did the money go?
  • What records prove this?
  • When did you realize it was a scam?
  • What relief do you seek?

Avoid:

  • insults,
  • speculation,
  • unsupported accusations,
  • claims you cannot prove.

XXIV. Practical checklist for victims

Before filing

  • preserve phone and screenshots,
  • save chats in full,
  • secure accounts,
  • notify bank/e-wallet,
  • request incident reference,
  • list amounts and dates,
  • collect IDs and transaction proofs,
  • write chronology.

During reporting

  • obtain blotter or complaint reference,
  • submit affidavit and exhibits,
  • ask for digital preservation steps,
  • ask what additional proof is needed.

During prosecutor filing

  • verify proper venue,
  • identify proper offenses,
  • attach certified records if available,
  • ensure exhibits are legible and labeled.

XXV. What results can realistically be expected

A victim should be realistic.

Possible outcomes

  • identification of mule or primary offender,
  • freezing of residual funds,
  • criminal complaint acceptance,
  • filing of Information in court,
  • arrest upon warrant where appropriate,
  • restitution or settlement pressure,
  • conviction and civil liability.

Hard realities

  • some scammers use layered identities,
  • some funds are moved quickly,
  • some recipient accounts are disposable,
  • foreign-based or VoIP-driven scammers are harder to trace,
  • recovery is never guaranteed.

Even so, many scammers are caught through careless financial movement rather than through the phone number alone.

XXVI. Mistakes victims should avoid

  • deleting chats after taking partial screenshots,
  • formatting or replacing the phone too early,
  • confronting the scammer with threats that alert them,
  • posting accusations online before formal filing,
  • relying only on a police blotter,
  • waiting for the bank to solve everything,
  • failing to preserve transaction reference numbers,
  • submitting a vague affidavit.

XXVII. Model theory of a strong Philippine criminal case against a phone scammer

A strong case usually unfolds like this:

  1. Victim receives call/text with false representation.
  2. Victim acts in reliance and sends money or gives access.
  3. Victim preserves full communications and transaction records.
  4. Bank/e-wallet is notified immediately; records are preserved.
  5. Police/ACG/NBI receives sworn complaint and opens investigation.
  6. Investigators trace recipient account, KYC data, cash-out, linked devices, and telecom records.
  7. Prosecutor finds probable cause for estafa and/or cybercrime-related offenses.
  8. Criminal case is filed in court against the identified participant or participants.

This is the practical legal roadmap.

XXVIII. Bottom line

In the Philippines, tracing and filing a criminal case against a phone scammer is legally possible, but success depends less on the phone number by itself and more on how quickly the victim preserves evidence, alerts financial institutions, and activates formal investigative channels.

The most effective legal path is usually:

preserve evidence → report immediately to bank/e-wallet → file with police/PNP ACG/NBI → secure record preservation → file complaint-affidavit before the prosecutor → pursue telecom, financial, and platform tracing through lawful process.

A phone scam case becomes winnable when the victim proves three things clearly: the deceit, the money trail, and the respondent’s connection to the fraudulent acts.

Suggested affidavit structure

For actual filing, a complainant would typically attach:

  • personal details and ID,
  • full narrative,
  • list of all phone numbers and accounts involved,
  • full transaction summary,
  • exhibit list,
  • request for investigation and prosecution.

Important caution

This article is general legal information, not a substitute for case-specific legal advice. In actual practice, the exact charges, venue, evidence requirements, and tracing tools depend on the facts, amount involved, and whether the scam touched telecom records, bank secrecy issues, cybercrime procedure, or data privacy concerns.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login