If your business photos, storefront images, product shots, logo, staff photos, or social media posts are being used by scammers online, you are dealing with more than an annoying “fake page.” In the Philippines, this can involve cybercrime, estafa, identity misuse, copyright infringement, unfair competition, consumer fraud, data privacy violations, and urgent platform takedown issues. The right response is usually a mix of quick evidence preservation, platform reporting, bank or e-wallet escalation, and formal complaints with the proper Philippine agency.
What Counts as an Online Scam Using Business Photos?
This usually happens when a scammer copies real business photos and uses them to make a fake account, fake page, fake marketplace listing, or fake advertisement look legitimate.
Common examples include:
- A fake Facebook page using a restaurant’s real menu photos and accepting GCash deposits for “reservations.”
- A scammer using a salon’s before-and-after photos to sell fake services.
- A fake online shop copying Lazada, Shopee, TikTok Shop, or Instagram product photos from a real seller.
- A bogus travel agency using a real hotel’s photos to collect down payments.
- A fake investment or franchise page using photos of a real office, staff, business permit, or storefront.
- A person pretending to be the owner, manager, or sales agent of a legitimate Philippine business.
The victims may be both:
- The business owner, whose photos, goodwill, name, brand, and reputation are being misused.
- The customers, who relied on the stolen photos and paid money to the scammer.
That matters because different legal remedies may apply depending on whether you are protecting your business, trying to recover money, or helping affected customers report the fraud.
Legal Basis in the Philippines
Cybercrime Prevention Act: identity theft, computer-related fraud, and online offenses
The main cybercrime law is Republic Act No. 10175, or the Cybercrime Prevention Act of 2012. It penalizes several acts that may apply when scammers use business photos online.
Two provisions are especially relevant:
- Computer-related fraud may apply when a scammer uses computer data or online systems to commit fraud.
- Computer-related identity theft may apply when someone intentionally acquires, uses, misuses, transfers, possesses, alters, or deletes identifying information belonging to another person or juridical entity without right. A corporation, partnership, sole proprietorship, or registered business may therefore be relevant when its business identity is misused online. See the official text of Republic Act No. 10175 on Lawphil. (Lawphil)
The Supreme Court’s decision in Disini v. Secretary of Justice, G.R. No. 203335 is important because it reviewed the constitutionality of RA 10175. The Court upheld several parts of the Cybercrime Prevention Act while striking down or limiting others, showing that cybercrime enforcement must still respect constitutional rights such as privacy, due process, and free speech. (Lawphil)
For practical purposes, if a scammer is using your business identity to obtain money, personal data, passwords, bank details, or e-wallet transfers, a cybercrime complaint should be considered early because online evidence can disappear quickly.
Estafa under the Revised Penal Code
If customers paid money because of deceit, the classic criminal charge is often estafa, also called swindling, under Article 315 of the Revised Penal Code. Estafa generally involves defrauding another person by abuse of confidence or deceit.
For example, a scammer may commit estafa if they:
- Pretend to be your business.
- Use your photos to convince customers that the offer is real.
- Accept payment for goods or services they never intended to deliver.
- Block the buyer after receiving money.
Article 315 has been amended by Republic Act No. 10951, which adjusted the value thresholds for penalties. The amount lost still matters because it can affect the imposable penalty and the way prosecutors and courts handle the case. (Lawphil)
Anti-Financial Account Scamming Act: money mules and bank/e-wallet accounts
A newer and very important law is Republic Act No. 12010, or the Anti-Financial Account Scamming Act (AFASA), signed in 2024. This law targets scams involving bank accounts, e-wallets, and other financial accounts.
AFASA is relevant when scammers use business photos to lure victims into sending money to:
- GCash, Maya, or another e-wallet;
- a bank account;
- a “payment center” account;
- a mule account borrowed, rented, sold, or opened under someone else’s identity.
The law penalizes money muling activities, including using, borrowing, allowing the use of, buying, renting, selling, or lending a financial account for scam proceeds. It also covers social engineering schemes, where deception is used to obtain sensitive identifying information and gain unauthorized access or control over a financial account. (Lawphil)
AFASA also allows financial institutions to temporarily hold funds subject of a disputed transaction, within the period prescribed by the Bangko Sentral ng Pilipinas, not exceeding 30 calendar days unless extended by a competent court. This is why victims should report suspicious transfers to the bank or e-wallet provider immediately, not days later. (Lawphil)
Internet Transactions Act and DTI remedies
For online buying and selling, Republic Act No. 11967, or the Internet Transactions Act of 2023, is highly relevant. It applies to business-to-business and business-to-consumer internet transactions within the mandate of the Department of Trade and Industry, and it created the DTI’s e-commerce regulatory framework. (Lawphil)
The law is useful because it gives the DTI tools for online consumer protection, including action involving online merchants, e-marketplaces, and digital platforms. The official DTI e-commerce materials also identify RA 11967 as the law protecting online consumers and merchants engaged in internet transactions. (DTI ECommerce)
If the fake listing is on an online marketplace, the DTI route may help with consumer complaints, platform accountability, and referral to the correct agency. DTI’s e-commerce FAQ says complaints against online sellers may be sent to the DTI Fair Trade Enforcement Bureau at fteb@dti.gov.ph, with eco@dti.gov.ph copied for online-seller complaints. (DTI ECommerce)
Consumer Act: deceptive and unfair sales practices
The Consumer Act of the Philippines, Republic Act No. 7394, may apply when consumers are misled by fake advertising, false representations, or deceptive sales practices. A scammer who uses real business photos to misrepresent the identity, quality, origin, or availability of goods or services may be engaging in deceptive conduct. (Lawphil)
This is especially relevant for customers who were tricked into paying for goods, travel packages, services, event bookings, or products advertised using stolen business photos.
Copyright, trademark, and unfair competition
Business photos are often protected by copyright. Under Republic Act No. 8293, the Intellectual Property Code of the Philippines, photographic works are protected as literary and artistic works, and protection exists from the moment of creation regardless of the work’s content, quality, or purpose. (Lawphil)
That means a business may have copyright remedies if the scammer copied:
- product photos;
- interior or storefront photos;
- staff portraits;
- food, menu, or service photos;
- promotional graphics;
- ads, posters, or website images.
If the scammer also uses the business name, logo, trade dress, or branding, trademark and unfair competition rules may apply. The IP Code recognizes protection against unfair competition, including acts that pass off one’s goods, business, or services as those of another, or acts calculated to create the false belief that a person is offering another’s services. (Lawphil)
A registered trademark gives stronger enforcement options, but even without a registered mark, a business with established goodwill may still have an unfair competition argument depending on the facts.
Civil Code remedies for damages
Even when the case is not only about criminal prosecution, the Civil Code of the Philippines may support a claim for damages.
Important provisions include:
- Article 19: every person must act with justice, give everyone their due, and observe honesty and good faith.
- Article 20: anyone who, contrary to law, willfully or negligently causes damage to another must indemnify the injured person.
- Article 21: anyone who willfully causes loss or injury in a manner contrary to morals, good customs, or public policy must compensate the injured person. (Supreme Court E-Library)
Depending on the situation, a business may claim actual damages, reputational harm, lost sales, expenses for takedown and public notices, and other losses that can be proven with evidence.
What You Should Do Immediately
1. Preserve evidence before reporting the page
Do not rely on memory. Fake pages disappear, change names, or delete posts once reported.
Save:
- full-page screenshots showing the account name, URL, profile photo, cover photo, posts, comments, and dates;
- screen recordings scrolling through the fake page or listing;
- URLs of the fake account, posts, ads, and marketplace listings;
- screenshots of messages with the scammer;
- payment instructions, QR codes, bank details, e-wallet numbers, and account names;
- proof that the original photos belong to your business, such as original files, upload dates, invoices from photographers, website posts, or social media timestamps;
- customer complaints, receipts, and transaction slips.
If the case may go to court, organize the files by date and source. Keep the original files, not just compressed screenshots sent through Messenger.
The Supreme Court has recognized that photos and messages obtained by private individuals from Facebook Messenger can be admissible as evidence, depending on proper presentation and the facts of the case. (Supreme Court of the Philippines)
2. Warn customers without making risky accusations
Post a clear public warning on your official page or website. Keep it factual.
Say:
- which page/account is fake;
- what your official channels are;
- what payment methods you actually use;
- that customers should not send money to unverified accounts;
- that affected customers should preserve receipts and messages.
Avoid naming private individuals as “scammers” unless you have verified evidence. A careless public accusation may create a separate defamation issue.
3. Report the fake account or listing to the platform
Use the platform’s reporting tools. Choose the most accurate ground:
| Situation | Best report category |
|---|---|
| Fake page pretending to be your business | Impersonation or scam |
| Stolen product photos | Copyright infringement |
| Use of registered logo or brand name | Trademark infringement |
| Fake marketplace product listing | Fraud, counterfeit, IP infringement, or misleading listing |
| Paid ads using your identity | Scam ad, impersonation, or IP violation |
For Facebook, Meta provides a form to report an impostor account and a separate copyright report form. (Facebook)
For Shopee, the platform states that brand owners can report IP rights infringement through its Brand IP Portal. (Shopee Seller)
When reporting, attach proof of ownership. Platforms often reject vague reports like “this is fake” but act faster when you provide original URLs, copyright ownership details, trademark certificates, DTI/SEC registration, business permit, and side-by-side comparisons.
4. Report payment channels immediately
If money was sent, time is critical.
The victim should contact:
- the sending bank or e-wallet;
- the receiving bank or e-wallet, if known;
- the platform where the scam happened;
- PNP Anti-Cybercrime Group or NBI Cybercrime Division.
Ask for a fraud report reference number. Under AFASA, disputed transactions and suspicious accounts may trigger coordinated verification and possible temporary holding of funds, but delays reduce the chance of preserving money. (Lawphil)
5. File a cybercrime complaint
For criminal investigation, victims commonly approach either:
- PNP Anti-Cybercrime Group (PNP-ACG) or the nearest police cybercrime unit;
- NBI Cybercrime Division;
- the local prosecutor’s office, usually after evidence has been gathered.
The DOJ Office of Cybercrime was created under RA 10175 and serves as the central authority for cybercrime matters. (Department of Justice)
The NBI’s official website has a section for investigative assistance for victims of computer crimes, and its main office contact page lists the NBI hotline. (National Bureau of Investigation)
For NBI complaints, an FOI response from the NBI states that complainants may submit a complaint-affidavit with documentary evidence at the nearest NBI Regional or District Office, or use the NBI report link or email channel identified by the agency. (www.foi.gov.ph)
Documents Usually Needed
Prepare both printed and digital copies.
| Document or evidence | Why it matters |
|---|---|
| Government ID of complainant | Proves identity of the person filing |
| Business registration | Shows legal existence of the business |
| Mayor’s permit, BIR registration, SEC/DTI certificate | Helps prove legitimate business identity |
| Original business photos | Shows ownership or prior use |
| Photographer contract or invoice | Helps prove copyright ownership or license |
| Trademark certificate, if any | Supports trademark/IP complaint |
| Screenshots and URLs of fake page | Identifies the online offender or account |
| Customer messages and complaints | Shows actual harm and reliance |
| Payment receipts and account details | Supports estafa, AFASA, and tracing |
| Notarized affidavit or complaint-affidavit | Usually required for formal complaints |
| Authorization letter or board secretary’s certificate | Needed if an employee files for a company |
If the complainant is abroad, Philippine authorities may require consularized, apostilled, or properly notarized documents depending on where the affidavit is executed and how it will be used. Foreign documents for Philippine use often need an apostille if issued in an Apostille Convention country, or consular authentication if not.
Where to File: Practical Options
| Concern | Where to go | Best for |
|---|---|---|
| Fake page, cyber fraud, online impersonation | PNP-ACG or NBI Cybercrime Division | Investigation, tracing, cybercrime complaint |
| Customers lost money | Bank/e-wallet fraud department, then PNP/NBI | Possible fund hold and account tracing |
| Online seller or marketplace issue | DTI Fair Trade Enforcement Bureau | Consumer complaint and e-commerce referral |
| Misuse of personal data | National Privacy Commission | Data privacy complaint |
| Copyright, trademark, unfair competition | IPOPHL, platform IP tools, or court action | Brand and content protection |
| Criminal prosecution | City or provincial prosecutor | Filing of criminal complaint |
| Damages or injunction | Regular courts or designated commercial courts | Compensation and restraining orders |
The National Privacy Commission requires formal complaints to follow a specific format, with a downloadable form, notarization, and submission options such as in person, courier, or scanned email submission. (National Privacy Commission)
How the Criminal Process Usually Works
A typical cyber scam complaint in the Philippines may move this way:
Evidence gathering
- You collect screenshots, URLs, payment records, and proof of ownership of the photos or business identity.
Initial report
- You report to the platform, bank/e-wallet, PNP-ACG, NBI, or DTI depending on the problem.
Investigation or case build-up
- Law enforcement may ask for more evidence, request platform data, coordinate with financial institutions, or prepare cybercrime warrant applications.
Complaint-affidavit
- The complainant executes a sworn statement explaining what happened, who was affected, how the scam worked, and what evidence supports the complaint.
Preliminary investigation
- For offenses requiring preliminary investigation, the complaint is filed with the proper officer for determination of whether the case should proceed. Rule 112 of the Rules of Criminal Procedure governs preliminary investigation. (Lawphil)
Filing in court
- If the prosecutor finds sufficient basis, an information is filed in court.
Trial or settlement of civil aspects
- Criminal liability is handled by the court. Civil liability, restitution, damages, or settlement may also be addressed depending on the case.
Timelines vary widely. A simple platform takedown may happen in days or weeks. A cybercrime investigation involving anonymous accounts, foreign platforms, or mule accounts may take months. A criminal case can take much longer, especially if subpoenas, warrants, bank records, and platform data are needed.
Cybercrime Warrants and Why Speed Matters
Online scammers often delete pages, change usernames, use VPNs, recycle SIM cards, or move funds quickly. Philippine law has procedures for cybercrime warrants under A.M. No. 17-11-03-SC, the Rule on Cybercrime Warrants, which took effect in 2018. It covers warrants and orders involving preservation, disclosure, interception, search, seizure, and examination of computer data. (Office of the Court Administrator)
This is one reason victims should not wait until “many people complain” before acting. Logs, device data, IP records, ad account details, payment trails, and account recovery data may become harder to obtain over time.
Special Issues for Business Owners
If your business is a sole proprietorship
A sole proprietorship is tied closely to the owner. Bring your DTI registration, business permit, BIR registration, official receipts or invoices, and proof that the official social media page belongs to you.
If your business is a corporation
The person filing should have authority. Bring a secretary’s certificate, board authorization, or written authorization from an authorized officer. Law enforcement and platforms may reject reports from employees who cannot prove authority to act for the company.
If the photos were taken by a photographer
Do not assume the business owns copyright just because the photos show the business. Check the contract. If the photographer retained copyright and merely licensed the photos, you may need the photographer’s authorization or assignment to file a copyright-based complaint.
If the scammer used customer or staff photos
This can raise privacy and dignity issues. The Data Privacy Act may apply if personal information or identifiable images were misused in a way covered by the law. The NPC route is stronger when the complaint involves personal data misuse, unauthorized disclosure, or mishandling of personal information.
Special Issues for Foreigners and OFWs
Foreigners and Filipinos abroad can still be victims of scams involving Philippine businesses, Philippine bank accounts, Philippine e-wallets, or Philippine-based online sellers.
Practical points:
- Keep all transaction records, including foreign remittance slips.
- Save the time zone shown in screenshots if relevant.
- If signing affidavits abroad, ask whether the receiving Philippine office requires notarization, apostille, or consular authentication.
- If the business is Philippine-based but the platform or scammer is abroad, enforcement may be slower because authorities may need platform cooperation or cross-border coordination.
- If you cannot appear personally, a Philippine representative may need a special power of attorney.
Common Mistakes That Hurt the Case
Reporting before preserving evidence
Many victims immediately report the fake account. The account is removed, but they forget to save the URL, screenshots, messages, and payment details. That can make investigation harder.
Posting emotional accusations
Public warnings are useful, but avoid unsupported accusations against named persons. Stick to verifiable facts: fake page name, fake URL, unauthorized payment details, and official channels.
Sending threats to the scammer
Do not warn the scammer that police are coming. Preserve evidence first. Let investigators handle tracing and formal requests.
Assuming DTI registration is enough
A DTI business name registration does not automatically prove copyright ownership, trademark ownership, or ownership of every photo. It helps prove business identity, but IP ownership may require separate evidence.
Waiting too long to report bank or e-wallet transfers
Money can move through mule accounts quickly. Report to financial institutions immediately and ask for a fraud or dispute reference number.
Frequently Asked Questions
Can I sue someone for using my business photos in the Philippines?
Yes, depending on the facts. Possible remedies include copyright infringement, unfair competition, civil damages, cybercrime complaints, and platform takedown requests. If the photos were used to deceive customers and collect money, estafa and cybercrime charges may also be relevant.
Is using my business photos on a fake Facebook page a cybercrime?
It can be. If the photos are used with your business identity to deceive people, obtain money, or misuse identifying information, the facts may support computer-related fraud, identity theft, estafa committed through ICT, or related offenses under RA 10175.
What should I do first if someone copied my business photos?
First, preserve evidence. Save screenshots, URLs, page details, messages, payment instructions, and proof that the photos are yours. After that, report the page to the platform, warn customers through your official channels, and file the appropriate complaint with PNP-ACG, NBI, DTI, NPC, or the platform’s IP system.
Can customers recover money sent to a scammer?
Sometimes, but it depends on how fast the transaction is reported and whether the funds are still traceable or still within the financial system. Under AFASA, disputed transactions may be temporarily held by financial institutions under certain conditions, so victims should report immediately to the bank or e-wallet provider.
Do I need a registered trademark to report a fake page?
No, not always. You can report impersonation, scam activity, and copyright infringement even without a registered trademark. However, a registered trademark usually makes brand enforcement stronger, especially for repeated fake pages, counterfeit listings, and marketplace takedowns.
Are screenshots enough as evidence?
Screenshots can help, but they are stronger when supported by URLs, timestamps, screen recordings, original files, witness affidavits, payment records, and testimony from someone with personal knowledge. For serious cases, preserve the original digital files and avoid editing them.
Should I file with PNP or NBI?
Either may be appropriate. PNP-ACG and NBI Cybercrime Division both handle cybercrime complaints. In practice, choose the office most accessible to you and bring complete evidence. For large scams, multiple victims, or complex tracing, investigators may coordinate with other agencies.
Can DTI remove a fake online seller?
DTI may assist with consumer complaints and internet transactions within its jurisdiction, especially involving online sellers, e-marketplaces, or digital platforms. For pure impersonation, hacking, or criminal fraud, DTI may refer or coordinate with cybercrime authorities.
What if the scammer is outside the Philippines?
You can still report if Filipino victims, Philippine businesses, Philippine bank/e-wallet accounts, or Philippine platforms are involved. Cross-border enforcement is more difficult, but local evidence, payment trails, and platform data may still help.
Can I demand damages for harm to my business reputation?
Yes, if you can prove damage and legal basis. Civil Code provisions, IP law, unfair competition rules, and the civil aspect of criminal cases may support claims for actual damages, moral damages in proper cases, exemplary damages, attorney’s fees, and injunctive relief.
Key Takeaways
- Stolen business photos used for scams may involve cybercrime, estafa, AFASA violations, copyright infringement, unfair competition, consumer fraud, and civil damages.
- Preserve evidence before reporting the fake page or listing.
- Report payment transfers immediately to the bank or e-wallet provider because funds can move fast.
- Use the correct channel: PNP/NBI for cybercrime, DTI for online consumer complaints, NPC for personal data misuse, and platform IP tools for copyright or trademark takedowns.
- A registered trademark helps, but it is not the only remedy.
- Businesses should keep original photo files, registrations, contracts, and proof of official pages ready for fast takedowns and formal complaints.
- The strongest cases are built with organized screenshots, URLs, payment records, affidavits, and proof that the business identity or photos were used without authority.