Online Gaming Scam and Unauthorized Charges: How to File Cybercrime and Fraud Complaints in the Philippines

How to File Cybercrime and Fraud Complaints in the Philippines

1) The problem in context

Online gaming scams in the Philippines commonly involve (a) deception to obtain money or valuables (e.g., “top-up” fraud, fake tournaments, fake trading of skins/items/accounts), and/or (b) unauthorized charges through stolen credentials, card details, e-wallet takeover, SIM hijacking, or social engineering.

Two things can be true at the same time:

  • You are a victim of a crime (fraud/cybercrime), and
  • You have a payment dispute (unauthorized charge) that should be acted on quickly through your bank/e-wallet/platform, even while the criminal case is ongoing.

The best outcomes usually come from doing both tracks in parallel: (1) contain the financial damage and (2) preserve evidence and file complaints.

2) Typical online gaming scam patterns

A. “Top-up” / in-game currency fraud

  • You pay a “seller” for game credits (diamonds, UC, etc.) and receive nothing, or receive a partial amount, or later the credits are reversed.
  • The seller asks you to pay outside official channels and offers a “discount.”

B. Account takeover and unauthorized purchases

  • Phishing links, fake login pages, “free skins” offers, or fake customer support.
  • Once the attacker controls the account, they buy items using linked cards/e-wallets or sell/transfer your items.

C. Trade scams (items/skins/accounts)

  • Fake middleman/escrow, doctored screenshots, “chargeback after trade,” or reversing transfers through platform abuse.

D. Romance, “guild,” or “investment” scams in gaming communities

  • You are groomed in chat/Discord/FB groups, then asked to “lend” funds, invest in “crypto + gaming,” or buy gift cards for an “emergency.”

E. Recovery scams (the “second scam”)

  • After you post about being scammed, someone claims they can recover your funds/accounts for a fee.

3) Unauthorized charges: what counts and what matters

“Unauthorized” usually means:

  • You did not make the purchase/transfer, and you did not authorize anyone to do it; or
  • Your consent was obtained through fraud (e.g., you were tricked into revealing OTP, PIN, or approving a transaction you did not understand).

Key details that matter later:

  • When you discovered it (exact date/time)
  • What instrument was charged (credit card, debit card, e-wallet, in-app purchase, bank transfer)
  • Where it appears (statement entry, reference number, merchant name, platform receipt)
  • How access was obtained (phishing, SIM swap, stolen phone, malware, shared OTP)

4) Philippine laws commonly used in these cases

A single incident can implicate multiple laws. In practice, complainants often allege several, and prosecutors evaluate which fit the evidence.

A. Revised Penal Code: Estafa and related offenses

Many gaming scams are prosecuted as Estafa (swindling), generally involving:

  • Deceit/false pretenses employed on the victim;
  • The victim parted with money/property because of the deceit;
  • Damage/prejudice resulted.

B. Cybercrime Prevention Act of 2012 (RA 10175)

If the crime is committed through a computer system, online account, or electronic means, RA 10175 can apply. Common cybercrime angles include:

  • Computer-related fraud (fraud using computer systems/data)
  • Computer-related identity theft (use/misuse of identifying information)
  • Illegal access (hacking/unauthorized access)
  • Other related acts depending on conduct

RA 10175 also affects jurisdiction, investigation powers, and handling of electronic evidence.

C. E-Commerce Act (RA 8792)

Supports the legal recognition of electronic data messages and electronic documents and is often relevant when presenting screenshots, emails, platform logs, and electronic records.

D. Access Devices Regulation Act (RA 8484)

If the case involves credit card fraud, counterfeit cards, or misuse of access devices and card data, RA 8484 may apply.

E. Data Privacy Act of 2012 (RA 10173)

If personal data was mishandled (e.g., identity theft, doxxing, unlawful processing), remedies may exist. Separately, victims should be careful not to unlawfully disclose other people’s personal data when posting online or filing documents.

F. Consumer protection and financial consumer protection

Unauthorized charges also implicate a bank or e-wallet provider’s consumer-protection duties and dispute processes, typically handled through internal dispute channels and escalations.

5) First response: what to do in the first 24–72 hours

A. Contain the financial loss

  1. Freeze or secure your payment instrument

    • For cards: call the issuing bank to block the card, dispute transactions, and request a replacement.
    • For e-wallet/banking apps: change password, revoke devices, lock account if available.

  2. Dispute the unauthorized transaction immediately

    • Ask for the case/reference number.
    • Request temporary credit policies if applicable (varies by provider).

  3. Secure your accounts

    • Change passwords (email first, then gaming account, then wallet/bank).
    • Enable 2FA (prefer app-based authenticator over SMS where possible).
    • Check recovery email/phone settings for changes.

B. Preserve evidence (do this before chats disappear)

Create a folder and store:

  • Screenshots with timestamps (full screen if possible, showing URL/usernames)
  • Chat logs (export if possible)
  • Receipts and transaction details (merchant name, amount, date/time, reference ID)
  • Emails/SMS OTP messages (screenshots and/or copies)
  • Your device details (model, phone number, SIM, email used, game UID/player ID)
  • Links, profiles, wallet addresses, and bank account details given by the scammer
  • Any voice calls: note date/time and what was said

Do not edit screenshots beyond cropping; keep originals. If possible, save to cloud and a USB.

C. Report to the platform (for containment)

  • Report the scammer account to the game/platform and request:

    • Account suspension,
    • Preservation of logs,
    • Reversal/hold of in-app transfers if still possible,
    • Recovery steps if your account was taken.

6) Where to file complaints in the Philippines

You can file with law enforcement, and separately with regulators/consumer channels depending on what happened.

A. Criminal complaints for cybercrime/fraud

Common filing options:

  • Philippine National Police Anti-Cybercrime Group (PNP ACG)
  • National Bureau of Investigation Cybercrime Division (NBI Cybercrime)

These offices can receive complaints, conduct initial case build-up, and coordinate with prosecutors.

B. Prosecution coordination (cybercrime oversight)

  • Department of Justice Office of Cybercrime plays a role in coordinating cybercrime matters and capacity building; in practice, criminal complaints still proceed through investigative bodies and prosecutors.

C. Payment-provider disputes and escalations

If a bank/e-wallet is involved, exhaust internal dispute steps first, then consider escalation to:

  • Bangko Sentral ng Pilipinas consumer assistance mechanisms (for banks and many supervised financial institutions).

D. Data privacy complaints (if personal data misuse is central)

  • National Privacy Commission may be relevant for complaints involving unlawful processing, identity misuse, or breaches—separate from criminal fraud.

E. E-commerce/consumer issues (when a seller/merchant is identifiable)

  • Department of Trade and Industry may be relevant for consumer complaints involving merchants, deceptive online selling, or marketplace disputes, depending on circumstances and jurisdiction.

7) Which case to file: matching facts to possible offenses

Below are common “complaint theories” used in online gaming and unauthorized charge incidents:

Scenario 1: You paid for top-up/items and received nothing

Likely angles:

  • Estafa (deceit-induced payment)
  • If done online: computer-related fraud (RA 10175)

What strengthens the case:

  • Proof of promise/offer and your payment
  • Proof of non-delivery
  • Proof of identity used by the scammer (accounts, numbers, bank/wallet details)

Scenario 2: Your game account was hacked and items/currency were spent/transferred

Likely angles:

  • Illegal access (unauthorized access)
  • Computer-related fraud
  • Possibly identity theft (if personal identifiers were used)
  • If payment instrument was used: potential access device/card fraud angles

What strengthens the case:

  • Login alerts, device login history, IP/device records if available
  • Proof you did not authorize purchases/transfers
  • Bank/e-wallet transaction dispute records

Scenario 3: Your card/e-wallet was charged via in-app purchases you didn’t make

Likely angles:

  • Unauthorized use of payment credentials (potential RA 8484 angles for cards)
  • Computer-related fraud
  • Possibly theft concepts depending on facts (handled carefully by prosecutors)

What strengthens the case:

  • Merchant descriptor showing platform/game
  • Charge timestamps showing you were not the user (location, device custody evidence)
  • Evidence of phishing, stolen OTP, SIM hijack, or lost phone

8) Evidence checklist that investigators and prosecutors typically look for

A. Identity and victim documentation

  • Government ID
  • Proof you own the affected account (email receipts, registration info, prior purchase receipts)
  • Proof of phone number ownership (SIM registration details, telco records if accessible to you)

B. Transaction documentation

  • Bank statement entries or e-wallet history
  • Official transaction references
  • Screenshots of merchant receipts/in-app order IDs
  • Your dispute filing (reference number, emails, chat transcripts with bank/support)

C. Communication evidence

  • Full chat logs with the scammer (not just selected screenshots)
  • Group chats where the scam occurred (tournament/guild pages, marketplace threads)
  • Voice/video call summaries (time/date + what was said)

D. Technical/context evidence

  • Login notifications, security emails, password reset notices
  • Device possession timeline (who had your phone, if it was lost/stolen)
  • Any phishing URLs or fake support pages encountered

9) How to draft and file a cybercrime/fraud complaint (Philippine practice)

A criminal complaint usually starts with a Complaint-Affidavit. While formats vary by office, the structure below is commonly acceptable.

A. Core parts of a Complaint-Affidavit

  1. Caption / heading (Office/Prosecutor/Investigative unit)

  2. Your identity (name, address, contact details)

  3. Respondent details (name if known; otherwise “John/Jane Doe” + identifiers: usernames, phone numbers, wallet IDs, bank accounts, profile links)

  4. Narration of facts in chronological order:

    • How you met/encountered the scammer
    • What representations were made
    • What you did (payments, sharing details, logging in)
    • What happened after (non-delivery, takeover, charges)
    • When you discovered the unauthorized charge

  5. Damages (amount lost, other losses like items)

  6. Offenses alleged (e.g., Estafa, RA 10175 computer-related fraud/illegal access, etc.)

  7. Prayer (request investigation, identification of perpetrators, filing of charges)

  8. Verification and signature

  9. Jurat (notarization)

B. Attachments (mark as Annexes)

  • Annex “A”: Government ID
  • Annex “B”: Transaction records
  • Annex “C”: Chats/screenshots
  • Annex “D”: Platform emails/security notices
  • Annex “E”: Bank/e-wallet dispute reference

C. Filing steps

  1. Prepare printed copies of affidavit + annexes, plus a digital copy (USB) if possible.

  2. Go to PNP ACG or NBI Cybercrime and file a complaint.

  3. You may be asked to:

    • Execute additional affidavits (supplemental),
    • Provide original devices for inspection (handle carefully; ask for proper documentation),
    • Identify accounts/links live during intake.

  4. The investigative office may guide you on:

    • Proper venue/jurisdiction,
    • Referral to prosecution for inquest/preliminary investigation (depending on circumstances).

10) Venue and jurisdiction: where you can file

In cybercrime and fraud matters, venue can be broader than traditional crimes because acts occur online. Practically, you can usually file where:

  • You reside, or
  • You accessed the system / made the payment, or
  • The damage was felt, or
  • The investigative office accepts and coordinates (especially for cyber-enabled cases)

When unsure, filing with specialized cybercrime units is often the most efficient starting point because they can advise on proper routing.

11) Parallel track: bank/e-wallet dispute and chargeback strategy

Even if you plan to file a criminal case, do not delay payment disputes.

A. Credit card disputes (general approach)

  • Notify issuer immediately; request card replacement and dispute unauthorized transactions.
  • Provide a written narrative + supporting documents.
  • Monitor deadlines in your issuer’s dispute process.

B. Debit card / bank account transfers

  • Report immediately; request account security actions and investigation.
  • Transfers can be harder to reverse; speed is critical.

C. E-wallet disputes

  • Report within the wallet’s in-app support channels.
  • Secure your wallet account (change PIN, devices, email, recovery).
  • Ask for internal investigation and any available hold/reversal steps.

D. Keep a paper trail

Save:

  • Ticket numbers
  • Chat transcripts
  • Emails
  • Screenshots of dispute submissions and outcomes

These also become annexes for your criminal complaint.

12) Practical tips to avoid weak spots that derail cases

A. Avoid public “doxxing” while gathering leads

Posting personal data of suspects can create legal and safety issues. Share evidence with investigators instead.

B. Don’t pay “recovery agents”

A large portion of victims get scammed again.

C. Don’t tamper with evidence

Avoid editing files or changing filenames in ways that confuse timelines. Keep originals.

D. Use consistent identifiers

List the scammer’s:

  • Exact usernames (case-sensitive)
  • UID/player ID
  • URLs
  • Phone numbers
  • Wallet/bank account numbers (as shown in your records)

E. If you shared OTP/PIN under pressure

Be honest about it in your affidavit. Unauthorized charge cases often involve social engineering; the point is the deception and lack of informed consent.

13) Common questions

“If I voluntarily sent money, is it still a crime?”

Yes, if your consent was obtained by deceit (e.g., fake seller, fake tournament, fake middleman). That is the typical estafa pattern.

“If I clicked a link and gave an OTP, will my bank deny my dispute?”

It depends on provider rules and the specific facts. Even if a provider argues “authorized,” you may still have a criminal case if deception was used. Document the deception clearly.

“Do I need the scammer’s real name to file?”

No. You can file against “John/Jane Doe” and identify the person through:

  • Usernames, account links, phone numbers
  • Wallet/bank destination details
  • Chat logs and platform IDs

“What if the scammer is abroad?”

Cross-border cases are more complex but still worth reporting—platform logs, money trails, and local co-conspirators can be actionable.

14) Sample outline: Complaint narrative (adapt as needed)

  • On (date), I encountered (username/link) offering (top-up/items) at (price) via (platform).
  • The respondent represented that upon payment to (account/wallet), (delivery) would occur within (time).
  • Relying on these representations, I transferred PHP (amount) on (date/time), reference no. (ref).
  • Despite repeated follow-ups, respondent failed to deliver and/or blocked me.
  • On (date/time), I also discovered unauthorized charges totaling PHP (amount) from (bank/e-wallet) described as (merchant), which I did not make or authorize.
  • I immediately reported to (bank/e-wallet/platform) under ticket no. (no.) and secured my accounts.
  • I believe respondent committed (Estafa and/or relevant cybercrime offenses) through online means, causing me damage in the total amount of PHP (amount), excluding consequential losses.
  • I respectfully request investigation, identification of the perpetrator(s), and filing of appropriate charges.

15) Prevention: practical safeguards for gamers and buyers

  • Use official top-up channels and avoid off-platform discounts.
  • Turn on 2FA and secure your email first (email is the master key).
  • Never share OTP, PIN, recovery codes, or “verification” screenshots.
  • Use unique passwords; consider a password manager.
  • Treat “urgent” requests as a red flag.
  • Keep payment instruments unlinked from gaming accounts when possible; use virtual cards or lower-risk payment setups if available.

16) Quick action checklist

  • Block card / secure e-wallet and change passwords
  • Dispute unauthorized transactions and get reference numbers
  • Save screenshots, chats, receipts, transaction refs, URLs, IDs
  • Report scammer and incident to the platform/game
  • Prepare Complaint-Affidavit + annexes
  • File with Philippine National Police Anti-Cybercrime Group or National Bureau of Investigation Cybercrime Division
  • For bank/e-wallet escalation, document everything for Bangko Sentral ng Pilipinas channels if needed
  • Consider privacy-related remedies with National Privacy Commission when identity/personal data misuse is central

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login