I. Overview
Scam and fraud cases involving the use of another person’s personal information have become common in the Philippines, especially through online selling platforms, social media, messaging apps, e-wallets, bank transfers, fake investment schemes, phishing links, loan apps, romance scams, impersonation, SIM-based fraud, and unauthorized use of identity documents.
When a scammer uses a person’s name, photograph, government ID, contact number, address, bank account details, e-wallet account, business name, or other identifying information to deceive victims, the case may involve not only ordinary fraud but also cybercrime, identity theft, data privacy violations, falsification, illegal access, and other related offenses.
A complaint may be filed with the National Bureau of Investigation, particularly through its cybercrime-related units, when the fraud involves electronic communications, online accounts, digital transfers, fake profiles, phishing, hacked accounts, or misuse of personal information.
This article discusses the Philippine legal context, possible criminal offenses, how to prepare an NBI complaint, what evidence to gather, what remedies are available, and what complainants should expect.
II. Common Situations Covered
An NBI complaint may be appropriate when any of the following occur:
A person uses your name, photo, ID, or personal details to scam others.
Someone creates a fake Facebook, Instagram, TikTok, Telegram, Viber, WhatsApp, or email account pretending to be you.
A scammer uses your personal information to open an e-wallet, bank account, SIM card, online lending account, or marketplace profile.
Your valid ID is used in fraudulent transactions.
A person tricks you into sending money through bank transfer, GCash, Maya, crypto wallet, remittance center, or payment platform.
A scammer uses phishing links to obtain your password, OTP, account credentials, or financial details.
Your hacked account is used to ask money from friends, family, customers, or contacts.
Your business identity is copied to solicit payments from customers.
Your name is placed on fake loan, investment, employment, travel, or visa processing documents.
Your contact number is used for spam, threats, blackmail, or fraudulent collection.
You are wrongly blamed because your identity was used by the real scammer.
These situations may give rise to both criminal liability against the offender and protective remedies for the victim whose personal information was misused.
III. Relevant Philippine Laws
Several Philippine laws may apply depending on the facts.
1. Revised Penal Code: Estafa or Swindling
The most common criminal offense in scam cases is estafa under Article 315 of the Revised Penal Code.
Estafa generally involves fraud or deceit that causes damage to another. In scam cases, the offender usually misrepresents identity, authority, ownership, investment opportunity, product availability, business legitimacy, employment opportunity, romantic intention, or payment capacity.
Examples include:
A person pretends to sell an item online, receives payment, then disappears.
A scammer pretends to be a legitimate agent and collects processing fees.
A person misrepresents that an investment is guaranteed and uses victims’ money for another purpose.
Someone impersonates a friend or relative and asks for emergency money.
A fake seller uses another person’s identity documents to appear trustworthy.
Estafa may exist even if the transaction happened online. If the fraudulent act was committed using computer systems or electronic communications, cybercrime laws may also apply.
2. Cybercrime Prevention Act: Computer-Related Fraud
The Cybercrime Prevention Act of 2012, Republic Act No. 10175, penalizes computer-related offenses.
A scam committed through computers, phones, internet platforms, social media, email, online banking, or e-wallet systems may fall under computer-related fraud when information and communications technology is used to commit fraudulent acts.
Examples:
Fake online seller receives payment through digital channels.
Phishing website steals login credentials.
Scammer manipulates digital communications to obtain money.
Fraudulent QR codes or payment links are used.
Online investment scam is promoted and operated through social media.
Computer-related fraud may carry higher penalties than ordinary fraud because of the use of technology.
3. Cybercrime Prevention Act: Computer-Related Identity Theft
The same law also penalizes computer-related identity theft.
This may apply when a person knowingly and without authority acquires, uses, misuses, transfers, possesses, alters, or deletes identifying information belonging to another person through or involving computer systems.
Personal information may include:
Full name Photograph Date of birth Address Email address Mobile number Username Password Government ID details Bank or e-wallet details Biometric or account verification data Digital signature or account credentials
Examples:
Using another person’s name and photo to scam buyers.
Creating a fake profile using another person’s identity.
Using a stolen ID to verify an e-wallet account.
Using another person’s personal details to apply for online loans.
Pretending to be a real person to solicit money.
When identity misuse is part of an online scam, the complaint may allege both computer-related fraud and computer-related identity theft.
4. Data Privacy Act
The Data Privacy Act of 2012, Republic Act No. 10173, may apply when personal information is unlawfully collected, processed, used, disclosed, or shared.
This law is especially relevant when the complaint involves:
Unauthorized use of valid IDs Disclosure of private personal information Misuse of sensitive personal information Use of personal data for fraudulent transactions Improper collection of data by apps, platforms, lenders, recruiters, or businesses Identity compromise involving databases or customer records
The Data Privacy Act is generally enforced through the National Privacy Commission, but facts involving fraud, identity theft, or cybercrime may also be brought to the NBI or prosecutors.
Sensitive personal information includes data such as age, marital status, health, education, government-issued identification numbers, financial information, and other protected categories.
5. Access Devices Regulation Act
The Access Devices Regulation Act, Republic Act No. 8484, may be relevant when the scam involves credit cards, debit cards, bank account numbers, electronic payment instruments, account credentials, OTPs, or similar access devices.
Possible examples:
Unauthorized use of credit card details.
Fraudulent use of bank credentials.
Using another person’s account information to obtain money.
Possessing or trafficking access device information.
Card-not-present fraud or online purchase fraud.
This law may overlap with cybercrime and estafa.
6. Falsification of Documents
If the scammer used fake IDs, forged signatures, altered documents, fake receipts, fake authorization letters, fake business permits, fake contracts, or false statements in official or private documents, the Revised Penal Code provisions on falsification may apply.
Examples:
Fake government ID using your photo or name.
Edited proof of payment.
Forged authorization letter.
Fake employment contract.
Fake loan documents.
Fake business registration papers.
Falsification may be charged together with estafa or cybercrime when documents were used to deceive victims.
7. Illegal Access and Account Takeover
If a person hacked, accessed, or took over another person’s account without permission, the Cybercrime Prevention Act may apply.
Examples:
Unauthorized access to Facebook or Gmail.
Changing passwords without authority.
Using a hacked account to ask for money.
Accessing an e-wallet or bank account through stolen OTPs.
Controlling a business page and redirecting payments.
The complaint should clearly explain how the account was accessed, what changed, what messages were sent, and what loss occurred.
8. SIM-Related Misuse
If a mobile number or SIM card was used in the scam, the matter may also involve SIM registration issues, impersonation, or use of falsely registered SIMs.
The complainant should preserve the number used, message logs, call logs, screenshots, and telco-related information. The NBI or law enforcement may later request subscriber information through proper legal process.
IV. Why File With the NBI?
The NBI is commonly approached when the scam involves:
Cybercrime Identity theft Online fraud Fake social media accounts Hacked accounts Digital payments Fraudulent use of documents Multi-victim scams Cross-city or cross-province offenders Technically complex evidence Need for digital tracing or preservation
An NBI complaint may lead to investigation, identification of suspects, referral to prosecutors, coordination with banks or platforms, and possible filing of criminal charges.
However, filing with the NBI does not automatically guarantee immediate recovery of money. It is primarily a criminal investigation route. Recovery may require additional steps, such as bank dispute, civil action, restitution, settlement approved through proper channels, or court proceedings.
V. Where to File
A complainant may approach the appropriate NBI office, commonly the cybercrime-related unit if the matter involves online or electronic means.
Depending on the facts, the complainant may also consider:
Philippine National Police Anti-Cybercrime Group Office of the City or Provincial Prosecutor National Privacy Commission Bangko Sentral ng Pilipinas complaint channels for bank/e-money issues Bank or e-wallet fraud department Telecommunications provider Platform reporting systems Local police station for blotter or initial documentation
For serious cyber fraud, it is often useful to report quickly to banks, e-wallets, platforms, and law enforcement because transaction records, IP logs, device logs, and account records may be time-sensitive.
VI. Elements of a Strong NBI Complaint
A good complaint should answer these questions clearly:
Who is the complainant?
What personal information was used?
Who used it, if known?
What exactly happened?
When did it happen?
Where did the communication or transaction occur?
How was the scam carried out?
What platform, account, phone number, bank account, e-wallet, or website was used?
How much money was lost?
Who are the victims?
What evidence supports the complaint?
What laws may have been violated?
What action is requested from the NBI?
The facts should be presented in chronological order.
VII. Evidence to Prepare
Evidence is critical. In cybercrime and fraud cases, a weak complaint often fails because the complainant only gives a narrative without proof.
Prepare the following, if available:
1. Proof of Identity
Government-issued ID Contact details Proof of address Authority to represent a business, if applicable Special power of attorney, if filing for another person
2. Screenshots of Communications
Chat messages SMS messages Emails Social media messages Group chat posts Marketplace messages Comments or posts Call logs Profile pages
Screenshots should show:
Account name Username or handle Profile URL Date and time Full message thread Phone number or email address Context before and after the fraudulent message
Avoid cropping too much. Cropped screenshots may lose evidentiary value.
3. Links and Digital Identifiers
Profile URLs Post URLs Website URLs Email headers, if available Phone numbers Usernames Account IDs Transaction reference numbers QR code details Bank account numbers E-wallet names and numbers Crypto wallet addresses, if applicable
4. Proof of Payment or Loss
Bank transfer slips E-wallet transaction receipts Remittance receipts Payment confirmation emails Deposit slips Credit card statements Screenshots of transaction history Order confirmation Invoice Delivery records Chargeback or dispute records
5. Proof of Identity Misuse
Fake profile using your name or photo Unauthorized use of your ID Messages sent by impersonator Complaints from victims who thought they were dealing with you Screenshots of scam posts using your identity Evidence that you did not create or control the account
6. Platform Reports
Reports filed with Facebook, Instagram, TikTok, X, Telegram, Google, banks, e-wallets, telcos, or marketplaces.
Save confirmation emails or ticket numbers.
7. Witness Statements
If other victims or witnesses exist, ask them to prepare written statements or affidavits.
Witnesses may include:
Person who sent money Person who received scam messages Friend who saw the fake account Customer deceived by fake business profile Bank or platform representative, later through official records
8. Device and Account Evidence
Do not delete messages or accounts before preserving evidence.
Keep the device used.
Save exported chats if possible.
Record relevant dates of account compromise.
Change passwords and enable two-factor authentication, but preserve evidence first.
VIII. Importance of Original Digital Evidence
Screenshots are useful, but they are not always enough. The original messages, links, emails, account pages, and transaction records should be preserved.
The complainant should avoid:
Deleting conversations Blocking the scammer before documenting the account Editing screenshots Using fake engagement to entrap without guidance Threatening the suspect publicly Posting sensitive information online Sharing unredacted IDs of innocent persons Destroying device logs Sending additional money to “test” the suspect
Digital evidence may later need to be authenticated under rules on electronic evidence.
IX. Affidavit-Complaint
The NBI will usually require a written complaint or affidavit. The affidavit should be truthful, specific, and supported by annexes.
A typical affidavit may contain:
Name, age, citizenship, address, and contact information of complainant.
Statement that the complainant is executing the affidavit to file a complaint for scam, fraud, identity theft, cybercrime, and related offenses.
Chronological narration of facts.
Description of the personal information used.
Description of the fraudulent act.
Amount of damage, if any.
Identification of suspect, if known.
List of accounts, numbers, links, bank details, and other identifiers used by suspect.
List of attached evidence.
Request for investigation and filing of appropriate charges.
Signature before a notary or authorized officer.
The affidavit should avoid exaggeration. It should distinguish between facts personally known to the complainant and information received from others.
X. Sample Structure of an NBI Complaint-Affidavit
A complaint may be organized as follows:
1. Personal circumstances of complainant State name, age, citizenship, address, contact number, and email.
2. Purpose of affidavit State that the affidavit is for filing a complaint regarding scam, fraud, unauthorized use of personal information, identity theft, and related cybercrime offenses.
3. Background facts Explain who you are and how your personal information was obtained or misused, if known.
4. Discovery of the scam State when and how you discovered the scam.
5. Fraudulent acts Describe the fake account, transaction, representation, or impersonation.
6. Damage caused State financial loss, reputational harm, emotional distress, threats, complaints from others, or risk of liability.
7. Evidence Identify screenshots, receipts, account links, phone numbers, bank accounts, e-wallet details, messages, and witnesses.
8. Request for investigation Ask the NBI to investigate, identify the perpetrator, preserve digital evidence, and refer the case for prosecution if warranted.
9. Verification State that the contents are true and correct based on personal knowledge and authentic records.
XI. Possible Charges
Depending on facts, the NBI or prosecutor may consider:
Estafa Computer-related fraud Computer-related identity theft Illegal access Misuse of devices Falsification Use of falsified documents Unauthorized use of access devices Data privacy offenses Grave threats or unjust vexation, if threats are involved Libel or cyberlibel, if defamatory statements were posted Harassment-related offenses, depending on conduct Other special law violations
The exact charge is ultimately determined by prosecutors and courts. A complainant may suggest applicable laws, but the facts are more important than the label.
XII. If Your Identity Was Used to Scam Others
If your name, face, ID, number, or business was used by a scammer, you should act quickly to protect yourself.
Recommended steps:
Document the fake account or transaction.
File reports with the platform.
Notify friends, family, customers, or affected persons.
File a police blotter or NBI complaint.
Prepare proof that you do not own or control the fraudulent account.
Collect statements from people who contacted you about the scam.
Report unauthorized use of your ID to relevant institutions.
Consider notifying banks, e-wallets, or telcos if your details were used.
If your ID was compromised, be alert for loan applications, account openings, or future scams.
A person whose identity is used by scammers may be both a victim and a potential subject of complaints by deceived third parties. Early documentation helps show that the person did not participate in the fraud.
XIII. If You Sent Money to a Scammer
Act immediately.
Contact the bank, e-wallet, or remittance company and request account freezing, reversal, hold, or fraud investigation if still possible.
Preserve proof of transfer.
Do not delete chats.
Get the full name, account number, mobile number, and transaction reference.
Report the receiving account.
File a complaint with law enforcement.
Prepare an affidavit.
If there are multiple victims, coordinate evidence but avoid contaminating individual statements.
The receiving account holder may not always be the mastermind. Sometimes scammers use money mules. Still, the receiving account is an important lead.
XIV. Role of Banks, E-Wallets, and Platforms
Banks and platforms usually require formal reports before acting. They may not release private account holder information directly to the complainant without proper legal process.
They may, however:
Receive fraud reports Freeze accounts when justified and legally allowed Preserve records Investigate suspicious transactions Provide transaction references Cooperate with law enforcement Respond to subpoenas or court orders
The complainant should obtain ticket numbers and written acknowledgments from these institutions.
XV. Preservation of Evidence
In cybercrime cases, speed matters. Platforms may delete accounts. Scammers may change usernames. Messages may disappear. Bank accounts may be emptied.
The complainant should preserve:
Screenshots URLs Original messages Transaction receipts Device logs Email headers Profile IDs Names and numbers used Dates and times
When possible, use screen recording to capture navigation from the profile URL to the scam content. This helps show that the screenshot corresponds to a real account or page.
XVI. Filing for Data Privacy Violations
If the main issue is unauthorized processing or exposure of personal information, a complaint may also be filed with the National Privacy Commission.
Data privacy issues may include:
Unauthorized collection of ID Unlawful sharing of private data Use of personal data to harass or defraud Processing of data without consent or lawful basis Failure of an organization to secure personal information Misuse of customer information by employees or agents
However, where there is clear fraud or identity theft, law enforcement remains important because the case may involve criminal investigation.
XVII. Civil Remedies
Aside from criminal complaint, victims may consider civil remedies.
These may include:
Recovery of money Damages Injunction Correction or takedown requests Civil action based on fraud Civil action for misuse of identity Claim for reputational injury Claim for data privacy-related damages, where applicable
Civil remedies may be pursued separately or together with criminal proceedings depending on the procedural posture of the case.
XVIII. Practical Challenges
Scam and identity misuse cases can be difficult because:
Suspects use fake names.
SIM cards may be registered using false information.
Bank accounts may belong to money mules.
Scammers operate across provinces or abroad.
Platforms may be slow to respond.
Victims may have incomplete screenshots.
Messages may be deleted.
The amount lost may be small individually but large collectively.
Complainants may not know the real identity of the offender.
Despite these challenges, a well-documented complaint increases the chance of investigation.
XIX. What the NBI May Do
Depending on the case, the NBI may:
Interview the complainant Evaluate evidence Request additional documents Trace digital identifiers Coordinate with platforms, banks, telcos, or e-wallets Prepare requests for preservation or disclosure through proper channels Identify suspects Conduct entrapment or follow-up operations where legally appropriate Refer the case to prosecutors Recommend charges
Not every complaint results in immediate arrest. Some cases require subpoenas, record verification, platform cooperation, or coordination with prosecutors.
XX. Entrapment and Caution
Victims sometimes want to set up a meeting with scammers or pretend to send money again. This can be risky.
Entrapment should be coordinated with law enforcement. Private citizens should avoid actions that may endanger them or create legal complications.
Do not threaten, extort, publicly shame, or hack the suspect. Even if the person is a scammer, unlawful retaliation may expose the victim to liability.
XXI. Online Posting and Public Accusations
Victims often post warnings online. This may help prevent further scams, but it must be done carefully.
Avoid publishing:
Unverified accusations Private addresses Government ID numbers Bank account details beyond what is necessary Personal data of innocent relatives Edited screenshots that distort context Threats or insults
A factual warning is safer than a defamatory accusation. Use neutral language such as:
“This account appears to be using my identity without authorization. I have reported it to the platform and authorities. Please do not transact with it.”
XXII. Defenses Commonly Raised by Suspects
A suspect may claim:
The account was hacked.
They merely lent their bank account.
They did not know the money came from fraud.
They were also a victim.
The transaction was a failed business deal, not a scam.
The complainant voluntarily sent money.
The screenshots are fake.
Someone else used their name or phone.
The issue is civil, not criminal.
This is why evidence of deceit, identity misuse, transaction flow, communications, and intent is important.
XXIII. Distinguishing Scam From Civil Breach
Not every unpaid debt or failed transaction is automatically estafa.
A case is more likely to be criminal when there was deceit from the beginning, such as:
Fake identity False ownership No intent to deliver goods Fake documents Multiple victims Use of stolen personal information Immediate disappearance after payment Repeated fraudulent pattern False claim of authority Fabricated proof of payment
A simple failure to pay, without initial fraud, may be treated as civil. The facts must show criminal deceit or fraudulent intent.
XXIV. When the Suspect Is Unknown
A complaint may still be filed even if the real identity of the scammer is unknown. The complaint should identify all available digital traces:
Usernames Profile links Email addresses Phone numbers Bank accounts E-wallet numbers Transaction references Websites IP-related evidence, if available Delivery addresses Names used Photos used Associated accounts
The complaint may be filed against “John Doe,” “Jane Doe,” or unknown persons, subject to later identification.
XXV. Checklist Before Going to the NBI
Bring the following:
Valid government ID Printed complaint-affidavit, if already prepared Printed screenshots Soft copies of evidence in USB or device Transaction receipts Bank or e-wallet statements URLs and usernames Phone numbers and email addresses used by the suspect Platform report confirmations Names and contact details of witnesses Police blotter, if any Authorization documents, if representing another person or company Timeline of events Summary of total financial loss
Keep both printed and digital copies.
XXVI. Recommended Timeline Format
A clear timeline helps investigators.
Example:
January 5, 2026 – I received a message from the Facebook account named “ABC Seller” offering an iPhone for sale.
January 6, 2026 – I sent ₱15,000 to GCash number 09XX-XXX-XXXX under the name Juan D.
January 7, 2026 – The seller claimed the item had been shipped but sent a fake tracking number.
January 8, 2026 – The account blocked me.
January 9, 2026 – I discovered that the account used the photo and ID of another person without authority.
January 10, 2026 – I reported the account to Facebook and my e-wallet provider.
This format is easier to investigate than a long emotional narrative.
XXVII. Drafting Tips
Use exact dates.
Use exact amounts.
Identify platforms clearly.
Attach evidence as annexes.
Label screenshots.
Avoid speculation.
Separate facts from assumptions.
State how you know each fact.
Include the URL, not just the account name.
Preserve the original digital source.
Mention if other victims exist.
Mention if your personal information was used without permission.
State whether the suspect is known or unknown.
XXVIII. Sample Opening Paragraph
A complaint-affidavit may begin this way:
“I am executing this Affidavit-Complaint to request investigation and the filing of appropriate criminal charges against the person or persons responsible for using my personal information without authority and for committing scam, fraud, identity theft, and related cybercrime offenses through online platforms and electronic payment channels.”
XXIX. Sample Prayer or Request
The complaint may end with:
“WHEREFORE, I respectfully request the National Bureau of Investigation to investigate the foregoing acts, identify the person or persons responsible, preserve and secure relevant digital evidence, coordinate with concerned banks, e-wallet providers, telecommunications companies, and online platforms as may be necessary, and refer this matter for prosecution for estafa, computer-related fraud, computer-related identity theft, falsification, violation of data privacy laws, and such other offenses as may be warranted by the evidence.”
XXX. Coordination With Other Victims
If multiple people were scammed by the same person or account, they may coordinate, but each victim should prepare their own affidavit.
A group complaint may be stronger when it shows a pattern. However, each transaction, representation, payment, and damage should be documented separately.
The group should avoid relying on one person’s screenshots for all. Each victim should preserve their own evidence.
XXXI. Businesses as Victims
Businesses may file complaints when their names, logos, pages, invoices, receipts, or customer lists are used for fraud.
A business complaint should include:
SEC or DTI registration Mayor’s permit, if relevant Authority of representative Official page or website Fake page or impersonating account Customer complaints Proof of diverted payments Brand misuse evidence Internal records showing no authorization
If an employee or former employee misused customer data, additional issues may arise under employment law, criminal law, data privacy law, and civil liability.
XXXII. Minors and Vulnerable Victims
If the victim is a minor, elderly person, person with disability, or vulnerable individual, the complaint should state this. A parent, guardian, or authorized representative may need to assist.
Extra caution should be used when the scam involves intimate images, threats, blackmail, or exploitation. Other special laws may apply.
XXXIII. Red Flags of Identity-Based Scams
Common red flags include:
Newly created account Refusal to video call Rushed payment demand Too-good-to-be-true price Use of someone else’s ID as “proof” Different account name from seller name Multiple payment accounts Fake courier receipts Fake escrow service Requests for OTP Requests for ID photo Requests for face verification Pressure tactics Romance or emergency narrative Investment guarantee No physical office Copied business page Payment first before verification
Victims should be cautious when a person sends an ID as proof. Scammers often use stolen IDs.
XXXIV. Preventive Measures
To reduce risk of identity misuse:
Watermark ID photos when submitting them.
State the purpose on copies of IDs, such as “For employment verification only.”
Avoid sending clear ID photos through unsecured chats.
Do not share OTPs.
Use strong passwords and two-factor authentication.
Regularly check account login history.
Avoid posting full birthdate, address, and IDs online.
Monitor e-wallet and bank alerts.
Report fake accounts quickly.
Educate contacts about impersonation scams.
Use official payment channels.
Verify sellers and businesses independently.
XXXV. Conclusion
A scam involving the use of personal information is not merely a private inconvenience. In the Philippines, it may involve estafa, computer-related fraud, computer-related identity theft, data privacy violations, falsification, unauthorized access device use, and other offenses.
A strong NBI complaint depends on clear facts and well-preserved evidence. The complainant should prepare a detailed chronology, screenshots, transaction records, account links, proof of identity misuse, platform reports, and affidavits from witnesses or other victims.
Where personal information has been used without authority, the victim should act quickly to protect identity, warn affected persons, report to platforms and financial institutions, and seek investigation by the appropriate authorities. While criminal prosecution may take time, prompt reporting and organized evidence improve the chances of identifying the offender, preventing further harm, and pursuing legal remedies.