Reporting Online Scams in the Philippines: A Practical Legal Guide

Updated for the Philippine legal framework through 2024. This is general information, not legal advice.

1) What counts as an “online scam” under Philippine law?

“Online scams” are typically prosecuted using a mix of the Revised Penal Code (RPC) and special cyber and financial statutes. Depending on the facts, one or more of the following may apply:

Estafa (Swindling) under the RPC (Art. 315, etc.) Deceit causing damage (e.g., fraudulent online selling, investment pitches, romance scams). Note: Under Section 6 of the Cybercrime Prevention Act (RA 10175), RPC offenses committed through information and communications technologies (ICT) are penalized one degree higher.
Cybercrime Prevention Act (RA 10175)
- Computer-related fraud (Sec. 4(b)(2)) – unauthorized input, alteration, or interference with computer data or programs resulting in fraud (e.g., account takeovers to divert payments).
- Computer-related identity theft (Sec. 4(b)(3)) – unauthorized acquisition, use, misuse, or alteration of identifying information.
- Illegal access/data interference/system interference (Sec. 4(a)) – hacking or disrupting systems to facilitate scams.
Access Devices Regulation Act (RA 8484) Fraud involving cards, account numbers, OTPs, or other “access devices”.
E-Commerce Act (RA 8792) Recognizes electronic contracts and signatures; relevant to proving online transactions and enforcing obligations.
Financial Consumer Protection Act (RA 11765) Sets duties of banks/e-wallets and regulators (BSP, SEC, IC) on complaints, redress, and fair treatment of financial consumers.
Anti-Money Laundering Act (RA 9160, as amended) Enables freezing/forfeiture of proceeds; useful if funds are traced to accounts or virtual asset wallets.
Data Privacy Act (RA 10173) Covers misuse/exposure of personal data during scams; basis for complaints against entities mishandling data.
SIM Registration Act (RA 11934) Facilitates attribution of mobile numbers used in scams; supports investigations.

Other special laws may apply (e.g., RA 9995 on voyeurism for sextortion variants, IP laws for counterfeit goods schemes).

2) Which agency should you report to?

A. Law enforcement (criminal complaint/investigation)

PNP Anti-Cybercrime Group (PNP-ACG) – for most cyber-enabled scams (online selling, phishing, sextortion, account takeovers, investment fraud with local actors, etc.).
NBI Cybercrime Division (NBI-CCD) – parallel national investigative authority; you may file with either PNP-ACG or NBI-CCD.
Department of Justice – Office of Cybercrime (DOJ-OOC) – central policy and international cooperation; coordinates takedowns and cyber warrants with prosecutors.

B. Sector regulators (administrative complaints and rapid coordination)

Your Bank/E-Wallet (e.g., banks, GCash, Maya) – immediately trigger internal fraud blocks, chargeback/dispute workflows, and interbank tracing.
Bangko Sentral ng Pilipinas (BSP) – for complaints against banks/e-money issuers/payment operators and issues tied to the Financial Consumer Protection Act.
Securities and Exchange Commission (SEC) – investment scams, unauthorized lending/investment solicitations, Ponzi-type schemas; report to SEC Enforcement and Investor Protection Department (EIPD).
Department of Trade and Industry (DTI) – deceptive e-commerce and consumer practices; unfair/false advertising; disputes with online merchants and marketplaces.
Insurance Commission (IC) – insurance-related online fraud.
National Privacy Commission (NPC) – data privacy violations, doxxing, identity misuse involving personal data.
DICT/CERT-PH – incident reporting for phishing sites, malware, and infrastructure takedown coordination.

You can (and often should) report to more than one: file with law enforcement for criminal liability, and regulators for swift remedial action (account freezes, platform removals).

3) Evidence you should preserve (before and after reporting)

Create a case file. The stronger your documentation, the faster the action.

Screenshots/recordings of: listings, chats, emails, social profiles, video calls, and any threats or instructions (keep timestamps visible).
Full URLs and web addresses (copy & paste, don’t just screenshot).
Transaction records: receipts, bank/e-wallet logs, reference numbers, chargeback correspondence, QR codes.
Identifiers: phone numbers, SIM details, user IDs, email addresses, IPs if available, device names, package waybills, crypto wallet addresses/transaction hashes.
Header and metadata: email headers, file hashes (if you can compute), device logs.
Delivery records: waybills, courier SMS, proof of shipment/receipt.
Witness statements: concise notes of dates, times, and conversations.

Don’t alter original files. Keep originals in read-only storage and provide investigators with copies. If you must export chats, use native export features to maintain metadata.

4) How to file a report (step-by-step)

Step 1: Contain the damage

Contact your bank/e-wallet immediately to block further transfers and start dispute/trace procedures.
Change passwords and enable MFA on compromised accounts; revoke suspicious sessions/app passwords.
Preserve devices and accounts—do not factory reset before imaging or instructed by investigators.

Step 2: File with law enforcement

Prepare: valid ID, affidavit/complaint, and your evidence bundle.
You may file with PNP-ACG or NBI-CCD (in person or via available e-complaint channels). Include:
- Narrative of facts (who/what/when/where/how; attach exhibits).
- Offenses you believe apply (e.g., estafa via ICT; computer-related fraud/identity theft).
- Requested actions (preservation orders, subpoena to platforms, account freezes via AMLC).

Step 3: Parallel reports

SEC (investment/lending/“trading bot”/“crypto doubling” schemes).
DTI (deceptive online selling/marketplace disputes).
NPC (personal data misuse).
DICT/CERT-PH (malicious sites/phishing infrastructures for takedown coordination).

Step 4: Platform and telco

Report the scammer’s social media/marketplace profiles and web host.
If SMS/voice based, inform your telco; reference the SIM Registration Act to request assistance in attribution as lawfully authorized via investigators.

5) Jurisdiction, venue, and procedure highlights

Special cybercrime rules: The Rule on Cybercrime Warrants (A.M. No. 17-11-03-SC) provides for warrants to disclose computer data (WCD), search/seizure (WSC), and intercept (WICD)—important for subpoenas to platforms and ISPs.
Electronic evidence: The Rules on Electronic Evidence (A.M. No. 01-7-01-SC) govern the admissibility, authentication (e.g., hashes, metadata), and weight of electronic documents and signatures.
Venue can be where any essential element occurred (e.g., where the victim sent funds, accessed the fraudulent page, or where the offender operated); cybercrime courts may be designated to hear such cases.
Penalty elevation: Crimes under the RPC committed through ICT can be penalized one degree higher (RA 10175, Sec. 6).
Civil and criminal may proceed in tandem: You can seek restitution/damages in civil actions while the criminal case progresses.
Small claims: For purely civil recovery of smaller amounts without lawyers, the Small Claims procedure (under the latest Supreme Court revisions) allows quick money claims up to the current threshold (check the most recent circulars for the exact ceiling).

6) Financial tracing, freezes, and recovery

Immediate notification to your bank/e-wallet is critical—time windows for chargebacks/disputes are short.
AMLC coordination: Investigators may request freeze/hold on suspect accounts and trace fund flows (including to virtual asset service providers (VASPs)).
VASPs and exchanges: BSP-registered VASPs are subject to KYC/recordkeeping; provide transaction hashes, wallet addresses, and platform tickets to aid attribution.
Cross-border: DOJ-OOC may activate mutual legal assistance or 24/7 cyber points of contact. Some platforms respond faster to preservation requests if sent quickly.

7) Common online scam archetypes and applicable laws

Phishing/Smishing/“Job-text” scams → RA 10175 (illegal access, computer-related fraud, identity theft), RA 8484, estafa.
Investment/Trading bots/“Double-your-money” → SEC laws (unauthorized solicitation), RA 11765, estafa, AMLA.
Marketplace fraud (no delivery/counterfeit) → Estafa, Consumer Act/DTI, E-Commerce Act recognition of e-contracts.
Account takeovers (email/social/e-wallet) → RA 10175 offenses, RA 8484, estafa; also Data Privacy Act if personal data was mishandled by a controller.
Romance and sextortion → Estafa, RA 10175 offenses; in some cases RA 9995 (anti-voyeurism) and anti-photo extortion provisions.
Business email compromise (BEC) → RA 10175 (illegal access, fraud), estafa; immediate bank-to-bank recall attempts are crucial.

8) Drafting your complaint: a quick template

Affidavit/Complaint Outline

Parties – Your full name, address, ID; respondent’s identifiers known so far.
Jurisdiction/Venue – Where material acts occurred (e.g., funds sent from ___, website accessed at ___).
Statement of Facts – Chronological narrative; attach Exhibits A-__ (screenshots, receipts, chat exports).
Legal Basis – Cite RA 10175 Sec. 4(b)(2)/(3), RPC estafa, RA 8484, etc., as applicable.
Reliefs Sought – Investigation, issuance of subpoenas/warrants to disclose computer data, freezes/holds, takedown coordination, and prosecution.
Verification and Certification – As required.

9) Practical do’s and don’ts

Act immediately; speed helps recover funds and preserve logs.
Keep a paper trail and a digital evidence folder with consistent filenames and dates.
Use official complaint portals/addresses and hotlines of PNP-ACG/NBI-CCD/SEC/DTI/BSP/NPC.
Consider civil recovery strategies alongside criminal complaints.

Don’t

Transfer “verification” fees or “unlock” charges to supposed support agents.
Delete chats or wipe devices before investigators review them.
Engage in counter-hacking or public “outing” that may expose you to liability.
Rely solely on platform-based dispute systems when criminal fraud is involved—file with authorities as well.

10) Frequently asked questions

Q: Can I get my money back? Maybe. Success rates improve with fast reporting, clear trails (bank-to-bank, regulated e-wallets/VASPs), and AMLC freezes. Cross-platform transfers and cash-outs reduce recovery odds.

Q: What if the scammer is overseas? Still report. Authorities can seek data preservation and use mutual legal assistance. Platforms may disable accounts and share data under lawful process.

Q: Are screenshots enough? They help, but combine them with native exports, transaction references, and email headers. Forensically-sound copies carry more weight.

Q: Can platforms be held liable? It depends on facts and notice. The E-Commerce Act and jurisprudence assess the platform’s role, knowledge, and responses to takedown/notice. Individual sellers remain primarily liable.

11) Quick checklist (print and keep)

Freeze/notify bank/e-wallet; start dispute/trace.
Change passwords, enable MFA; revoke suspicious sessions.
Archive evidence (originals + copies, metadata, logs).
File with PNP-ACG or NBI-CCD (affidavit + exhibits).
Parallel reports: SEC (investments), DTI (e-commerce), NPC (privacy), BSP (financial consumer), DICT/CERT-PH (infrastructure).
Report to platform/telco/host with URLs and identifiers.
Consider civil recovery (including small claims if eligible).
Monitor for identity theft; place alerts with your bank and credit channels.

Final note

Laws evolve (thresholds, procedures, and portals change). When you prepare to file, double-check current forms and channels of PNP-ACG, NBI-CCD, SEC, DTI, BSP, NPC, and DICT/CERT-PH, and consider consulting counsel—particularly for large losses, cross-border elements, or corporate victims.