Online Scam in the Philippines: How to File a Cybercrime Complaint and Seek Refunds

Online Scam in the Philippines: How to File a Cybercrime Complaint and Seek Refunds

Last updated for Philippine law and practice as commonly applied up to 2024. This is general information—if your situation is urgent or high-value, consult a Philippine lawyer for advice specific to your facts.

1) What counts as an “online scam”?

In Philippine practice, most online scams fall under one or more of these:

  • Estafa (swindling) under the Revised Penal Code (RPC)—e.g., fake online sellers, investment swindles, “budol-budol”/social engineering, advance-fee fraud.
  • Computer-related fraud and allied offenses under the Cybercrime Prevention Act of 2012 (RA 10175).
  • Access devices fraud under RA 8484 (credit/debit/ATM, OTP interception, card-not-present misuse).
  • Unregistered investment solicitations / securities fraud (for “double your money”/trading apps) under the Securities Regulation Code (SRC).
  • Data Privacy Act (RA 10173) violations (e.g., doxxing, unauthorized use of your personal data).
  • E-Commerce Act (RA 8792) (recognition of electronic documents; certain hacking/piracy offenses).
  • Financial Products and Services Consumer Protection Act, RA 11765 (FCPA)—your rights as a financial consumer versus banks/e-money issuers and other regulated entities.

Important multiplier: If an RPC or special-law crime is committed by, through, and with the use of ICT, RA 10175 generally imposes a penalty one degree higher than usual. That’s why online estafa is treated more seriously.

2) First 24–72 hours: containment & evidence

A. Stop the bleeding

  • Freeze/secure your accounts: Change passwords; enable 2FA; de-link compromised devices; call your bank/e-wallet to block cards, hotlist accounts, and open a fraud/dispute ticket.
  • Ask your bank/e-wallet to initiate a recall/hold: Give the exact transaction reference numbers, date/time, amount, channel (e.g., InstaPay/PESONet), recipient account/e-wallet, screenshots. Banks can request the receiving institution to place an administrative hold if funds are still there. Acting fast matters.

B. Preserve evidence (don’t alter originals)

  • Screenshots/recordings of chats, listings, profiles, emails, and the full URL with visible timestamps.
  • Payment proofs: transaction receipts, SMS/OTP logs (do not share active OTPs), bank statements.
  • Email evidence: save .eml files with headers; don’t forward as your only copy.
  • Device data: keep the phone/PC unaltered if possible; avoid “deep cleaning” before consulting investigators (helps show integrity/metadata).
  • Names/handles/IDs: phone numbers, e-wallet IDs, bank accounts, social media URLs, marketplace order numbers, crypto wallet addresses/tx hashes, courier waybills.

C. Report on-platform

  • Use the marketplace/social app’s dispute center or “Report” function; start the in-platform refund process within their deadlines.

3) Where—and how—to file a cybercrime complaint

You can take two parallel tracks: (1) criminal complaint against the scammer and (2) refund/chargeback/dispute with financial institutions or platforms. They support each other.

A. Law enforcement & prosecution

  1. PNP Anti-Cybercrime Group (ACG) or NBI Cybercrime Division (CCD)

    • Bring a Complaint-Affidavit and your evidence. They can investigate, issue subpoenas through prosecutors/courts, coordinate with banks/telcos, and assist in identifying suspects.
    • For arrests caught in the act, cases may proceed to inquest; otherwise it’s via regular filing.

  2. Office of the City/Provincial Prosecutor (OCP/OPP)

    • File your Complaint-Affidavit directly (even without first going to police/NBI). The prosecutor will issue a subpoena to respondents, receive counter-affidavits/replies, and resolve probable cause. If found, an Information is filed in court.

  3. Cybercrime courts & warrants

    • Regional Trial Courts are designated as special cybercrime courts.
    • Special cybercrime warrants exist (e.g., to disclose, intercept, search, seize, and examine computer data). Investigators/prosecutors handle applications.
    • Jurisdiction/venue is flexible for cybercrimes: where any element occurred, where any party resides, or where computer systems are located. There’s limited extraterritorial reach for offenses involving Filipinos or Philippine systems.

Barangay conciliation? Usually not required for cybercrime/estafa cases (penalties exceed the Katarungang Pambarangay thresholds and parties are often in different cities).

B. What to bring for filing

  • Complaint-Affidavit (see template outline below), signed and subscribed before a prosecutor or notarized.
  • Valid ID; for minors, a parent/guardian. For companies, a board resolution/SPA authorizing the representative.
  • Annexes: all screenshots, receipts, chat exports, email headers, bank certifications, and a concise Evidence Index.
  • Contact details you used (email/number), and current contact for service of subpoenas/notices.

4) Refund and recovery avenues (what realistically works)

1) Bank / e-wallet dispute & recall

  • Open a formal dispute with your bank/e-wallet ASAP.
  • Provide: transaction references, proof of fraud, police/NBI blotter or prosecutor’s acknowledgment (if available).
  • Banks and e-money issuers may hold or recall funds if still in the recipient account and if timely requested.
  • Outcomes depend on whether the case is unauthorized access (e.g., account takeover) versus customer-induced (e.g., OTP volunteered under social engineering). Don’t accept finality too quickly—escalate.

2) Chargeback (credit/debit cards)

  • If you paid a scammer via card, ask your issuing bank about a chargeback under card-network rules (time limits apply). Provide evidence of non-delivery or fraud.
  • For card-not-present fraud, issuers often provisionally credit while investigating; keep your documentation tight.

3) Platform remedies

  • Marketplaces and payment gateways have buyer protection. File within their return/refund windows. Provide the same evidence pack.

4) Regulator escalation under RA 11765 (FCPA)

  • If a bank/e-money issuer or other regulated entity mishandles your complaint (e.g., perfunctory denial, slow action), escalate to their regulator:

    • BSP for banks/e-money issuers/remittance/EMIs.
    • SEC for investment/securities platforms and unregistered investment solicitations.
    • Insurance Commission for insurance/MBAs/HMOs.

  • Regulators can direct corrective action and, in some cases, restitution; they also compel better consumer-protection processes.

5) Civil actions (independent of the criminal case)

  • Small Claims (no lawyers appearing for parties): for money claims up to ₱1,000,000 (latest rules). Fast, document-driven. Use for simple “I paid, nothing delivered” cases.
  • Ordinary civil action (collection, rescission, or damages) for higher or complex claims.
  • Preliminary attachment (Rule 57): If you can show fraud, you may ask the court to freeze the defendant’s assets early to secure satisfaction of judgment.

6) Civil liability within the criminal case

  • By default, filing a criminal case carries the civil action for restitution, unless you waive or reserve it. If the accused is convicted (or even acquitted on reasonable doubt with civil liability still proven), the court may order restitution/damages.

7) AMLC & asset freezing

  • Financial institutions must report suspicious transactions to the Anti-Money Laundering Council (AMLC). For significant or patterned fraud, AMLC may seek freeze orders from the Court of Appeals. This is usually institution-driven but your report helps trigger it.

8) Crypto-related losses

  • Immediately notify the exchange (sender and recipient sides, if known) with tx hashes and account identifiers.
  • Centralized exchanges can flag/freeze funds held with them; purely on-chain transfers to self-custody wallets are much harder to claw back, but timely notices still help.

5) Building a winning evidence pack (and why it matters)

Rules on Electronic Evidence (A.M. No. 01-7-01-SC) recognize electronic documents, signatures, and printouts. What helps:

  • Completeness: full conversation threads (not cherry-picked), profile links, ad/listing pages, and system messages.
  • Metadata: file properties, message headers, and device/app logs when you can export them.
  • Traceability: payment trail from your account to the recipient, including intermediary references (InstaPay/PESONet numbers).
  • Integrity: avoid editing; if you must redact privacy data, keep an unedited master for the prosecutor/court under seal.
  • Indexing: paginate and index exhibits (Annex “A,” “B,” etc.) to make life easier for investigators and judges.

6) Step-by-step: Filing a criminal complaint for an online scam

  1. Draft a Complaint-Affidavit stating:

    • Your identity and contact details.
    • Facts in chronological order (how you found the seller/investment, promises made, payments sent, what happened next).
    • Specific offenses you believe were committed (e.g., Estafa under Art. 315 RPC as qualified by RA 10175; computer-related fraud under RA 10175; RA 8484 if access devices were used).
    • Damages (principal, incidentals, moral, exemplary if warranted).
    • Prayer: issuance of subpoenas, cybercrime warrants where appropriate, and prosecution to the fullest extent.
    • Verification & jurat: sign, and have it subscribed before a prosecutor or notarized.

  2. Attach evidence with an Evidence Index.

  3. File with PNP-ACG or NBI-CCD (for investigation) or directly with the OCP/OPP.

  4. Prosecutor’s proceedings:

    • Subpoena to respondents → Counter-AffidavitReply/Rejoinder (if allowed).
    • Resolution on probable cause. If positive, Information is filed in the RTC (cybercrime court).

  5. Court stage:

    • Warrants and preservation orders as needed.
    • Arraignment/trial; civil liability is typically part of the case unless reserved/waived.

7) Special scenarios & which authority helps most

  • Unregistered investments / trading apps / “profit-sharing” invitesSEC (Enforcement & Investor Protection). File a complaint and check for advisories. Pair with estafa/cybercrime complaints.

  • Harassment by lending apps / doxxing / contact scrapingNational Privacy Commission (NPC) under the Data Privacy Act; also PNP/NBI for threats/extortion.

  • Text/SIM scams and number spoofing → Report to your telco and law enforcement; SIMs must be registered under RA 11934—subscriber info can be compelled via lawful orders.

  • Business victims (B2B fraud, CEO/finance impersonation) → Move quickly on bank recalls and consider a preliminary attachment in civil court; preserve mail-server logs; loop in your internal IT for forensic imaging.

  • Cross-border suspects → DOJ-Office of Cybercrime coordinates mutual legal assistance with foreign counterparts; keep expectations realistic but file anyway—it helps with platform takedowns and future enforcement.

8) Deadlines & prescription (high level)

  • Civil actions for fraud: generally 4 years from discovery; written contract claims 10 years; quasi-delict 4 years.
  • Criminal prescription depends on the penalty (which varies by amount of damage and qualifying circumstances). For many estafa/cybercrime cases, the window is long (often 10+ years)—but do not delay because practical recoveries (recalls/chargebacks/platform windows) are time-sensitive.

9) Costs, timelines, and expectations

  • Law enforcement filing is typically free (minimal fees for copies/certifications).
  • Civil filing fees scale with claim amount; Small Claims is cost-efficient and fast.
  • Refunds are most successful when reported immediately, when funds remain in the receiving account, or when platform/buyer-protection applies. Chargebacks take time but can work with solid documentation.

10) Practical do’s and don’ts

Do

  • Act immediately; speed is critical for fund holds/recalls.
  • Keep one master folder of evidence; name files clearly; maintain an Evidence Index.
  • Use plain, chronological storytelling in your affidavit; attach proof for each key fact.
  • Escalate within the bank/e-wallet and, if needed, to the regulator.
  • For high-value cases, consider hiring counsel to seek preliminary attachment.

Don’t

  • Don’t delete chats or “clean” your device before preserving evidence.
  • Don’t pay “verification fees” or “unlock fees” to scammers after the fact.
  • Don’t rely on screenshots alone if you can export original files/headers/logs.
  • Don’t disclose your OTPs, recovery codes, or full card/PIN details to anyone.

11) Templates & outlines (you can copy-paste and adapt)

A) Complaint-Affidavit (outline)

  1. Affiant’s Details: Name, age, citizenship, address, ID.
  2. Introduction: “I am the complainant in this case for Estafa (Art. 315 RPC) in relation to RA 10175 and Computer-Related Fraud (RA 10175).”
  3. Facts (chronological): How you encountered the respondent(s); promises/representations; payments made (date/amount/channel/reference); default/non-delivery; subsequent communications.
  4. Evidence: “Annex ‘A’ (chat export), Annex ‘B’ (payment receipt) …”
  5. Offenses & Legal Basis: Briefly cite the applicable laws.
  6. Damages: Principal loss, incidentals (courier, bank fees), and non-monetary harm (if any).
  7. Prayer: Investigation, issuance of subpoenas/cybercrime warrants as warranted, and filing of Information; civil liability for restitution/damages.
  8. Verification & Jurat: Signature; subscribed before prosecutor/notary with ID details.

B) Bank/e-Wallet Transaction Recall Request (email or ticket text)

  • Subject: Urgent Fraud Recall – [Your Name], [Txn Ref #, Date, Amount]

  • Body:

    • Description of fraud (2–4 sentences).
    • Transaction details (sender account, recipient account/e-wallet, amount, date/time, channel, all reference numbers).
    • Attach proof (receipts, screenshots, complaint acknowledgment from police/NBI/prosecutor).
    • Request immediate recall/hold and coordination with receiving institution; ask for written confirmation and case/ticket number.
    • Provide reachable phone/email; authorize sharing details with counterpart banks/authorities.

C) Small Claims – Statement of Claim (outline)

  • Parties & addresses.
  • Nature of claim: “Sum of money due to online sale non-delivery / advance-fee scam.”
  • Cause of action (facts, dates, amounts, broken promises).
  • Amount claimed and interest (state the rate claimed, if any, and basis).
  • Evidence list.
  • Certification against forum shopping.
  • Prayer.

12) Quick routing guide (who handles what)

  • Police/NBI – investigate, collect evidence, identify suspects, coordinate with banks/telcos.
  • Prosecutor – determines probable cause; files the case in court.
  • RTC Cybercrime Court – trial and judgment; may order restitution.
  • BSP/SEC/IC – regulator escalation when a regulated entity mishandles your complaint.
  • NPC – privacy harassment/doxxing by apps or scammers.
  • AMLC – freeze/forfeit ill-gotten funds in significant/suspicious patterns.

13) Final notes

  • File early, file completely. Even if refunds look uncertain, your complaint strengthens any bank/platform dispute and helps stop repeat offenders.
  • Parallel tracks help: criminal complaint + financial/platform dispute + (when needed) civil action for recovery.
  • Stay reachable: keep your phone/email active for subpoenas and investigator calls.

If you want, tell me your exact fact pattern (how you paid, through which bank/e-wallet/platform, and what evidence you already have). I can tailor an affidavit draft and a bank recall letter right now to fit your case.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login