Report of Fraudulent Website to NBI Cybercrime Division Philippines

Here’s a Philippine-context legal explainer on reporting a fraudulent website to the NBI Cybercrime Division (NBI-CCD)—what crimes usually apply, exactly what to file and where, how to preserve digital evidence so it’s court-worthy, what takedown and freezing tools exist, and practical templates you can copy-paste.

One-minute snapshot

  • File a criminal complaint with NBI-CCD (and/or PNP-ACG). Bring a Complaint-Affidavit + unaltered digital evidence + ID. Ask for data preservation, trace, takedown, and follow-the-money actions.
  • Core charges commonly used: Estafa (swindling), Fraud through computer systems (under the Cybercrime law), Access Devices fraud (cards/e-wallets), and other special laws depending on the scheme (investment solicitation, phishing, identity theft, etc.).
  • Preserve first, then report: export full chat/email threads, save raw files, capture headers/URLs, compute hashes, and keep your device(s) unchanged. Don’t argue with scammers or install their “support apps.”
  • Parallel actions: bank/e-wallet dispute, AMLC report via the FI, registrar/host abuse report, SEC/DTI complaint (if investment/consumer), and data-privacy report (if your data was leaked).

Offenses typically charged (map your facts)

  • Estafa (Revised Penal Code): deceit or abuse of confidence causing you to part with money/property (classic online sales/investment scams).
  • Cybercrime Prevention law: fraud, identity theft, phishing, illegal access/interception, computer-related forgery or fraud, and content-related offenses if the site uses deceptive content to obtain credentials.
  • Access Devices Regulation: card/e-wallet/online banking credential misuse.
  • Securities/Investment laws: unregistered sale/offer of securities, investment solicitation without license (for “double your money / trading bots / mining” sites).
  • Consumer protection (financial products/services): misrepresentations by online lenders, e-wallets, or pseudo-banks.
  • Data Privacy: unauthorized acquisition/disclosure/misuse of personal data (credential-harvesting sites, “KYC” phishing).
  • Intellectual property: if the site clones a brand (counterfeit or brand impersonation).
  • Anti-Photo/Video Voyeurism / OSAEC (if the site extorts with intimate images or targets minors).

Don’t worry if you can’t label every statute. Tell NBI-CCD the full story; prosecutors will pin the precise charges.

Where to report (and who else to loop in)

  1. NBI Cybercrime Division (primary) File a Complaint-Affidavit with digital annexes. Ask for:

    • Data preservation and cyber warrants (to identify owners/hosts and logs),
    • Website takedown coordination,
    • Tracing of accounts/wallets, and
    • Referral to other regulators when needed.

  2. PNP Anti-Cybercrime Group (optional parallel) Useful for local fieldwork, device seizures (with warrants), and inquest if a suspect is caught fast.

  3. Your bank/e-wallet/credit-card issuer

    • File dispute/chargeback or fraud claim immediately.
    • Ask them to file an STR (Suspicious Transaction Report) to AMLC and to freeze counterpart accounts when possible.

  4. Regulators (depending on scheme)

    • SEC (investment solicitations / trading schemes),
    • DTI (consumer e-commerce issues; deceptive online selling),
    • BSP/IC (financial institutions/insurance),
    • NPC (data privacy breaches).

  5. Domain/hosting/platform Send abuse reports to the domain registrar, hosting provider, CDN, and any social platform being abused, requesting urgent takedown and log preservation.

Evidence: capture it like a prosecutor

A) What to save (unaltered originals)

  • Full web captures: save the page as WARC/HTML complete + PDF print + screenshots (include address bar).
  • URLs (home page, signup, login, payment page, T&Cs, privacy policy), incl. full query strings.
  • WHOIS / registrar data (screenshot + text export).
  • Payment trail: bank/GCash/PayMaya transfers, cards, crypto tx IDs, merchant descriptor, reference numbers.
  • Comms: entire email headers (RFC822), chat exports (Messenger/Telegram/Viber/WhatsApp), SMS screenshots with timestamps.
  • Files you downloaded (apps/APKs, PDFs) and any installers they asked you to run.
  • Device & network details at the time (IP, device model/OS, browser version).

B) How to preserve

  • Don’t edit or crop original files. If you must annotate, do it on copies and label them “For reference.”
  • Compute SHA-256 hashes of key files and write them in your affidavit (e.g., “fraudsite_home.html SHA-256: ___”).
  • Keep your phone/PC with originals unchanged; avoid factory resets or app deletions.
  • Record a screen-capture video scrolling through pages, showing the URL bar and system clock.

C) Chain of custody (simple but solid)

  • Number your exhibits (A-1, A-2, …).
  • Create an Exhibit List with filename, description, timestamp, hash.
  • Store copies on a write-once medium (e.g., burned disc/locked USB) and bring it sealed to NBI.

Filing: step-by-step at NBI-CCD

  1. Draft your Complaint-Affidavit (template below).
  2. Prepare 2–3 printed sets (+ soft copy on USB): affidavit, exhibit list, and annexes. Bring original ID.
  3. At intake, state if there is ongoing loss or imminent harm (e.g., active phishing, money still in transit). Ask for urgent preservation/takedown.
  4. NBI logs the complaint, may forensic-image your device(s) (with consent) or request you to keep them ready for imaging.
  5. Expect subpoenas to banks/e-wallets/hosts/registrars and, where required, cybercrime warrants for logs/content.
  6. You may be called to clarify facts, identify suspects, or authenticate exhibits.
  7. If probable cause develops, NBI endorses to the Prosecutor for preliminary investigation; once an Information is filed, the case proceeds in court.

Venue/jurisdiction: Cyber offenses may be filed where any element occurred, including where you accessed the site or where your device is (helpful for victims).

Money trails, freezes, and recovery

  • Banks/e-wallets: act fast; many have short windows for chargebacks/disputes. Provide screenshot of the site, transaction refs, and your police/NBI blotter number or complaint receipt.
  • Crypto: give addresses/tx IDs and any exchange accounts you used (KYC’d exchanges can be subpoenaed).
  • AMLC: your bank/e-wallet should file an STR; NBI may coordinate with AMLC for freeze/inquiry orders.
  • Reality check: Recovery is not guaranteed, but speed, detail, and complete paperwork materially improve outcomes.

Website takedown & data preservation

  • Ask NBI to issue preservation requests (the cybercrime law provides for expedited preservation of stored data) and to coordinate takedown with registrars/hosts.

  • You can also send civil abuse notices to registrars/hosts/CDNs citing:

    • the fraudulent/deceptive nature,
    • brand impersonation (if applicable), and
    • risk of ongoing consumer harm—request immediate suspension and log preservation.

  • For .ph domains or local hosts, also notify the local domain administrator/host. For foreign hosts, rely on their abuse policies; NBI mutual assistance may follow.

Data privacy & your safety

  • Share only what is necessary; redact unrelated IDs.

  • If you uploaded sensitive IDs to the site, assume compromise:

    • Replace passwords, enable MFA.
    • Hotlist IDs with banks/e-wallets.
    • Monitor credit/new-account alerts.

  • Do not install remote-access tools or “verification apps” they send; never share OTP or MFA codes.

Template: Complaint-Affidavit (you can adapt)

COMPLAINT-AFFIDAVIT I, [Name], Filipino, of legal age, with address [address], after being duly sworn, state:

  1. On [date/time], I visited [URL], a website representing itself as [describe: e.g., investment/trading/marketplace]. Copies of screenshots and full page saves are attached as Exhibits A-1 to A-__.
  2. The site induced me to [register/pay/provide credentials] through [specific misrepresentations]. Chat/email exchanges are attached as Exhibits B-1 to B-__ (exports with timestamps).
  3. I paid ₱[amount] on [date/time] via [bank/e-wallet/card/crypto], reference [txn IDs] (Exhibits C-1 to C-__).
  4. After payment, [what happened: access blocked, further demands, funds disappeared] (Exhibits D-__).
  5. The site and its agents used [fake credentials/brand impersonation]; WHOIS/host/registrar evidence is attached (Exhibits E-__).
  6. I respectfully request investigation and filing of appropriate charges for [estafa, computer-related fraud, illegal access, identity theft, etc.], immediate data preservation, takedown, and tracing and freezing of the counterpart accounts/wallets.
  7. I am willing to submit my device(s) for forensic imaging and to testify.

Exhibit List (sample) A-1 HTML save of home page (SHA-256: …); A-2 PDF print; A-3—A-5 screenshots with URL bar and clock. B-1 Messenger JSON export (zip) (hash …); B-2—B-5 chat screenshots. C-1 Bank transfer receipt (ref …); C-2 e-wallet receipt; C-3 crypto tx (hash …). D-1 Error/lockout screenshot; D-2 follow-on demand. E-1 WHOIS lookup; E-2 DNS records; E-3 server headers.

[Signature over printed name] [ID details]

Template: Registrar/Host abuse notice (quick)

Subject: Urgent Abuse Report — Fraudulent Website [domain]

We report [domain] as a fraudulent site impersonating [brand/type], deceiving Philippine users into paying money and/or disclosing credentials.

Evidence: URLs, screenshots (with URL bars), payment receipts, and chat logs are attached.

Request:

  1. Immediate suspension/takedown per your AUP;
  2. Preservation of logs and subscriber records (IP logs, access logs, payment/registrant info) pending lawful process;
  3. Abuse ticket/reference number.

This activity risks ongoing consumer harm. Law-enforcement complaint has been filed with NBI-CCD (reference to follow).

[Your name/contact]

Fast FAQs

Do I need a lawyer to file with NBI-CCD? Not required, but helpful for drafting a strong affidavit and coordinating parallel civil/regulatory actions.

Will NBI immediately take the site down? NBI coordinates takedown with registrars/hosts; many hosts respond swiftly to clear fraud. Some overseas hosts require formal process—preservation first is key.

Can I get my money back? Sometimes—via chargeback, e-wallet reversal, or freeze/seizure in an active case. Speed and complete documentation drastically improve odds.

What if I only shared credentials but didn’t pay? Still file—request credential compromise documentation, data preservation, and takedown to protect others, and reset all passwords with MFA.

Should I keep talking to the scammer? No. Stop contact; do not send “verification fees” or use their “support apps.” Preserve chats and report.

Practical checklist (copy-paste)

  • Preserve site pages (HTML/PDF/screens), URLs, headers, WHOIS, DNS.
  • Export chats/emails (full threads + headers).
  • Collect payment proofs (bank/e-wallet/card/crypto IDs).
  • Compute SHA-256 hashes for key files; make an Exhibit List.
  • Draft Complaint-Affidavit; print 2–3 sets + USB.
  • File with NBI-CCD; request preservation/takedown/trace/freeze.
  • Dispute with bank/e-wallet; ask for STR/AMLC escalation.
  • Notify registrar/host/platform via abuse channels.
  • Report to SEC/DTI/BSP/IC/NPC as applicable.
  • Harden your accounts (MFA, password resets); monitor statements.

Bottom line

For fraudulent websites targeting Philippine users: preserve meticulously, file swiftly, and escalate in parallel. A well-prepared Complaint-Affidavit with unaltered digital evidence, paired with bank/e-wallet disputes and abuse reports to the domain/host, gives NBI-CCD the fastest path to takedowns, traces, freezes—and, when possible, recovery.

If you want, share an anonymized outline of what happened, where you paid, and what proof you already have. I can convert it into a tight Complaint-Affidavit + Exhibit List and a set of abuse letters tailored to your case.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login