1) What counts as an “online scam” in Philippine law

“Online scam” isn’t a single legal term. In practice, it refers to fraudulent or deceptive conduct done through the internet, electronic devices, or online platforms—usually to obtain money, property, personal data, or access to accounts.

Most online scams fall under existing crimes in the Revised Penal Code and special laws, with added rules when computers/networks are involved.

Common patterns

Investment/crypto “guaranteed returns” schemes; “pump-and-dump” groups; fake trading platforms
Marketplace fraud: non-delivery, empty box, counterfeit; bogus “downpayment reservation”
Phishing: fake bank/e-wallet sites, SMS links, email “verification,” OTP harvesting
Account takeover: hijacked Facebook/IG accounts asking friends for money
Job/VA scams: “training fee,” “equipment deposit,” task scams, fake HR
Loan app abuses: illegal collection harassment; unauthorized contact scraping
Romance scams and “parcel/customs fee” scams
Sextortion and “video call” blackmail
SIM swap / identity theft to reset passwords and steal funds

2) Laws commonly used against online scammers (Philippine context)

A. Revised Penal Code (RPC)

Estafa (Swindling) is the workhorse charge for scams—when someone defrauds another through deceit or abuse of confidence causing damage. Many online frauds are prosecuted as Estafa, with the online aspect affecting evidence, venue, and sometimes additional charges.

Other possible RPC-related crimes depending on the acts:

Theft / Qualified Theft (e.g., stealing money via access or taking property)
Falsification (fake documents, fake receipts, fake IDs)
Grave Threats / Coercion (blackmail, extortion-like threats)

B. Cybercrime Prevention Act of 2012 (RA 10175)

RA 10175 covers crimes committed through and with computer systems and provides investigation tools and evidence rules for digital cases. It also recognizes “computer-related” offenses such as:

Computer-related fraud (fraud involving data/system interference)
Computer-related identity theft
Illegal access, data interference, system interference, etc.

Even when the base offense is under the RPC (like Estafa), RA 10175 matters because it:

enables preservation and disclosure of computer data through legal processes, and
can affect jurisdiction/venue and the way evidence is handled.

C. E-Commerce Act (RA 8792) and Rules on Electronic Evidence

These are crucial for admissibility of electronic evidence:

Electronic documents, messages, and signatures can be recognized as evidence if properly authenticated.
Courts look for integrity and reliability: how the record was created, stored, retrieved, and whether it was altered.

D. Data Privacy Act (RA 10173)

Often relevant where scammers:

misuse or leak personal data,
use stolen identity information,
scrape contacts (common in abusive loan apps), or
unlawfully process personal information.

This can support a complaint to the National Privacy Commission (NPC) and sometimes criminal/administrative liability depending on the conduct.

E. Access Devices Regulation Act (RA 8484)

May apply when the scam involves:

credit/debit card misuse,
skimming,
unauthorized use of “access devices” to obtain value.

F. Anti-Money Laundering Act (AMLA) (RA 9160, as amended)

Relevant when scam proceeds are moved through:

banks,
e-wallets,
remittance channels,
multiple accounts (“layering”).

Victims don’t file AMLA cases directly in the usual way, but reports and evidence can help law enforcement trace funds and request freezes through proper channels.

G. Securities Regulation Code (RA 8799)

Frequently implicated in investment scams:

unregistered securities offerings,
Ponzi-type solicitations,
unlicensed “brokers” and “investment managers.”

The SEC can act administratively and refer for prosecution.

3) Who you can report to (and what each is for)

You can pursue criminal, administrative/regulatory, and civil routes in parallel.

A. Criminal law enforcement / cybercrime units

PNP Anti-Cybercrime Group (ACG): cyber-enabled crimes, online fraud, phishing, account takeovers, etc.
NBI Cybercrime Division: similar coverage, often strong on digital forensics
Local police stations: for blotter entry and initial referral; may coordinate with cyber units
DOJ Office of Cybercrime: supports cybercrime case coordination/prosecution policy and processes

Practical note: If the scam is clearly online (phishing, OTP theft, marketplace chat + e-wallet transfers), reporting directly to PNP ACG / NBI Cybercrime tends to speed up the correct handling of digital evidence and requests to platforms/e-wallets.

B. Regulators (administrative action)

SEC: investment scams, unregistered platforms, “guaranteed returns,” unlicensed solicitation
BSP: banks and BSP-supervised institutions; concerns on bank/e-money provider handling, disputes, complaint escalation
NPC: personal data misuse, harassment through contact scraping, unlawful processing
DTI: consumer-related e-commerce disputes (often helpful for legitimate merchants, but less effective for fake identities)

C. The financial institution / e-wallet provider

Immediately report to:

your bank,
the scammer’s receiving bank/e-wallet (if identifiable), and
the payment channel (GCash, Maya, bank transfer, remittance, card network)

They may:

tag the transaction as disputed,
preserve records,
potentially freeze/hold remaining funds (subject to internal rules and legal limitations),
provide certifications/transaction logs later for evidence.

4) The first 24 hours: what to do immediately (damage control + evidence)

A. Stop further loss

Do not send additional money “to release,” “to verify,” or “to recover funds.”
Cut contact except for evidence capture (don’t warn them you’re reporting if it risks deletion).

B. Secure accounts and devices

Change passwords (email first), enable 2FA, log out other devices
If OTP was compromised, contact your bank/e-wallet immediately
Check email forwarding rules (scammers sometimes add them)
Scan devices if you installed unknown apps or gave remote access

C. Preserve evidence before it disappears

Scammers delete chats, pages, and accounts quickly. Capture:

chat threads, profiles, posts, comments,
transaction confirmations and reference numbers,
URLs, usernames, phone numbers, email addresses,
timestamps and dates.

D. Notify the bank/e-wallet promptly

Ask for:

a case/ticket number,
preservation of records,
details required for law enforcement (receiving account name/number, channel, timestamp).

5) Evidence preservation: how to make digital proof usable in court

Digital evidence is often rejected not because it’s irrelevant, but because it’s poorly captured, unauthenticated, or inconsistent. Aim for clarity, completeness, and integrity.

A. Evidence checklist (what to collect)

Identity indicators of the scammer

Profile page screenshots showing name, username/handle, URL, and any ID-like details
Phone numbers, email addresses, Telegram/WhatsApp/Viber IDs
Any “ID” sent (but treat as potentially fake)

Communications

Full chat logs (Messenger, Viber, Telegram, WhatsApp, email)
Screenshots including the top of the conversation (participants) and timestamps
Voice notes / call recordings (if any) and call logs
Any threats, “scripts,” payment instructions, delivery promises

Transaction records

Screenshots of:
- bank transfer confirmation,
- e-wallet transfer details,
- QR screenshots used,
- receipts, reference numbers,
- remittance slips.
Bank/e-wallet statements showing the debit
If card used: card statement, merchant descriptors, dispute reference

Scam artifacts

Links to fake sites (phishing URLs), pages, group posts
Screenshots of the site showing the web address bar
Packages received (photos/videos), airway bills, rider texts
“Contracts,” “invoices,” “job offers,” “investment certificates”

Your timeline

A written chronology: first contact → demands → transfers → later demands → discovery

B. How to capture screenshots properly

Screenshot with the URL/address bar visible when capturing websites
Capture the entire conversation context, not just isolated lines
Include date/time where visible; if the platform shows “Today/Yesterday,” capture enough to infer the actual date (or note it separately)
Avoid editing/cropping where possible; if you must crop for readability, keep the original too
Export chats where the platform allows it (e.g., “download your information” features)

C. Preserve original files and metadata

Keep original images, videos, PDFs, and exported chat files in a folder without renaming if possible
Back up to two locations (e.g., external drive + secure cloud)
Do not repeatedly open/modify files in editing apps that overwrite metadata

D. Document integrity (optional but helpful)

To strengthen credibility:

Create a simple evidence index (Item 1: Screenshot of profile; Item 2: Chat export; etc.)
Generate file hashes (MD5/SHA-256) for key files and record them (useful for proving no alteration)
Printouts should match the digital originals

E. Authentication in court: what usually matters

Under Philippine practice (including the Rules on Electronic Evidence), electronic evidence typically needs:

Proof it is what you claim it is (authenticity)
Proof it was not altered materially (integrity)
A witness who can testify:
- how they obtained it,
- that it is a fair and accurate representation,
- and how it was stored.

If you’re presenting printouts or screenshots, expect questions like:

Who took the screenshot? When? On what device?
Is this the complete conversation?
Can you show the original device/account?
Were there edits?

6) Filing a criminal complaint: step-by-step (typical workflow)

There are two common tracks: police/cyber unit intake and prosecutor filing. They often run together.

Step 1: Prepare the core documents

Affidavit-Complaint (narrative + allegations)
Attachments (evidence annexes)
Proof of identity (government ID)
If acting for someone else: authorization / SPA as needed

Affidavit-Complaint contents (practical template)

Your details (name, address, contact)
The respondent’s identifiers (name/handle/number/email; “John Doe” if unknown)
Facts in chronological order:
- how you met/contacted,
- representations made,
- what you relied on,
- payments made,
- damages/loss,
- subsequent demands or disappearance,
- discovery that it was a scam.
Specific amounts, dates, reference numbers
Platforms used (Facebook, IG, Telegram, website URL, bank/e-wallet channel)
A statement that attachments are true copies and where originals are kept
Verification and signature (usually notarized)

Step 2: Choose where to lodge

Option A: PNP ACG / NBI Cybercrime

Good for: phishing, account takeover, platform-based fraud, tracing and preservation requests, digital forensics
Output: incident report, referral, assistance in evidence handling, potential follow-through to prosecutor

Option B: Office of the City/Provincial Prosecutor (criminal complaint)

This is the formal entry point for many criminal cases (especially Estafa).
You submit your affidavit and evidence for preliminary investigation (or in some cases, inquest is not applicable because there’s no arrest).

Often, victims first go to a cybercrime unit for guidance, then file at the prosecutor with a better-prepared packet.

Step 3: Identify respondents (even if unknown)

You can file against:

the person using the account/number/handle, and/or
John/Jane Doe (unknown perpetrator) with identifiers (handles, numbers, receiving accounts).

As the investigation develops, respondents can be identified through lawful requests to platforms and financial institutions.

Step 4: Preliminary investigation basics (what happens next)

Prosecutor evaluates if there’s probable cause
Respondent is asked to submit counter-affidavit (if identified/served)
Possible clarificatory hearings
Resolution: dismissal or filing of information in court

Key point: Your evidence quality affects whether probable cause is found, especially if the scammer’s identity is unclear.

7) Venue and jurisdiction issues (why your location matters)

For cyber-enabled crimes, determining where to file can be confusing:

where you were when you received the messages,
where you made the transfer,
where the receiving account is located,
where the platform/user is based.

In practice, prosecutors and cybercrime units look for a reasonable Philippine nexus and appropriate venue supported by your affidavit and transaction records. Include in your narrative:

your physical location when the scam occurred, and
where you executed payments/transfers.

8) Preservation and disclosure requests (why acting fast matters)

Digital evidence held by banks/platforms can disappear due to retention limits or deletion. Philippine cybercrime law provides mechanisms for:

preservation of computer data, and
disclosure upon lawful process.

Because these are typically obtained by law enforcement/prosecutors through proper legal channels, your job is to:

report early,
provide precise identifiers (URLs, usernames, transaction references),
request your bank/e-wallet to preserve internal records,
avoid tipping off the scammer.

9) Parallel actions: administrative/regulatory complaints

A. SEC (investment scams)

Useful when:

solicitations are public, group-based, or persistent
there are “guaranteed returns,” referral commissions, or unregistered offerings

Evidence to include:

pitch decks, posts, group chats, promised ROI, proof of payments, organizer identities.

B. NPC (data privacy / harassment)

Useful when:

a loan app scraped contacts and sent messages
personal info is leaked, used without consent, or processed unlawfully
harassment is enabled by data misuse

Evidence:

app permissions, screenshots of contacts accessed, harassing messages sent to third parties, call logs.

C. BSP / financial institution escalation

Use when:

a bank/e-wallet fails to act on a fraud report appropriately, or
you need an official complaint trail and documentation.

Keep ticket numbers and written replies.

10) Civil remedies and recovery options

Criminal cases aim to punish and may include restitution/civil liability, but collection can be difficult if the offender is unknown or insolvent.

Possible civil routes (depending on facts):

Civil action for damages (fraud, bad faith)
Collection / sum of money cases if the defendant is identifiable
Small claims may apply for purely monetary claims within the allowed threshold and when the defendant can be served (but scams often involve hidden identities)

Reality check: Recovery is most realistic when:

the receiving account is identified and funds can be traced quickly, and/or
the scammer is part of a larger group with assets.

11) Common mistakes that weaken scam cases

Incomplete screenshots (no URL, no timestamps, no context)
Only sending chat snippets, not the full thread
Losing the original device/account used for the transaction
Relying on edited images without keeping originals
Not recording reference numbers and exact amounts
Delaying reports, allowing deletion and fund movement
Public accusations online that create counter-risk (see next section)

12) Posting warnings online: beware of libel and evidence risks

It’s natural to warn others, but public naming/shaming can:

alert scammers to delete accounts and evidence,
complicate investigations, and
expose you to libel/cyberlibel allegations if statements are framed as assertions of guilt rather than careful reporting.

If you do post:

stick to verifiable facts (dates, transaction refs, screenshots),
avoid conclusions beyond your evidence, and
preserve the original evidence first.

13) Special scenario notes

A. OTP/Phishing and bank transfers

OTP sharing is often exploited by social engineering. Even if the transfer was “authorized” in system logs, it can still be fraud.
Evidence focus: phishing link, fake page screenshots, SMS/email lure, call logs, IP/device alerts, transaction timing.

B. Account takeover (friend asks for money)

Capture proof the account is compromised (new email/number linked, unusual messages, profile changes).
Get a statement from the real account owner if possible (helps prove impersonation).

C. Sextortion

Preserve chats, threats, payment demands, and any account details.
Avoid paying (demands typically escalate).
Consider reporting quickly to cybercrime units because accounts/videos are rapidly redistributed.

14) Practical evidence packet (what to submit)

A strong submission usually looks like this:

Affidavit-Complaint (notarized)
Annex A: Screenshot of scammer profile + URL
Annex B: Full chat screenshots/export (ordered by date)
Annex C: Proof of payments (bank/e-wallet confirmations, statements)
Annex D: Any ads/posts/investment promises/terms
Annex E: Your timeline document
Annex F: Tickets with bank/e-wallet + responses
Storage note: where originals are kept (phone, email account, cloud backup)

Use consistent labeling and mention each annex in your affidavit narrative.

15) Bottom line: what wins these cases

Online scam complaints succeed more often when they combine:

clear elements of deceit (what was promised vs. what happened),
traceable money flow (reference numbers + receiving account details),
fast reporting (before data and funds vanish), and
court-ready digital evidence (complete, authenticated, preserved).