Reporting Online Scams in the Philippines: A Comprehensive Legal Guide

Updated for the Philippine legal framework as of 2024. This is general information, not legal advice.

---

I. What counts as an “online scam”?

“Online scam” isn’t a single crime in Philippine law. It is a mode (use of the internet, mobile networks, or electronic devices) by which various offenses are committed. The most common legally cognizable offenses are:

1. Estafa (swindling) under the Revised Penal Code (RPC, Art. 315), including online buy-sell fraud, investment scams, “catfishing” swindles, and payment diversion.
2. Computer-related offenses under the Cybercrime Prevention Act of 2012 (Republic Act No. 10175), e.g., computer-related fraud, identity theft, illegal access, and cyber-libel.
3. Access Devices Regulation Act (RA 8484) violations (credit/debit card and e-wallet fraud).
4. E-Commerce Act (RA 8792) violations (unauthorized access, interference with computer systems and data).
5. Data Privacy Act (RA 10173) violations (unlawful processing or data breach leading to scams like SIM-swap, phishing).
6. Securities Regulation Code (RA 8799) violations (unregistered investment schemes; Ponzi/pyramid).
7. Anti-Money Laundering Act (RA 9160, as amended) implications (use of mule accounts; laundering scam proceeds).
8. Special laws by context, e.g., Anti-Photo and Video Voyeurism Act (RA 9995) for sextortion, Anti-Child Pornography Act (RA 9775), and Financial Products and Services Consumer Protection Act (RA 11765, 2022) for abusive financial practices.
9. Internet Transactions Act (ITA, 2023; regulates online merchants, e-marketplaces, and e-retailers) for marketplace compliance and consumer recourse.

Key takeaway: Label the correct offense(s) first. The “online” element typically aggravates liability (penalty one degree higher under RA 10175 for crimes committed through ICT).

---

II. Which agencies handle what?

• PNP Anti-Cybercrime Group (ACG) and NBI Cybercrime Division: primary criminal investigation for cyber-enabled crimes.
• Department of Justice (DOJ) – Office of Cybercrime (OOC): central authority for cybercrime, international cooperation, and prosecutorial support.
• Cybercrime Investigation and Coordinating Center (CICC) / DICT: incident coordination; computer emergency response functions.
• Securities and Exchange Commission (SEC): investment scams, unregistered securities, pyramid schemes (Enforcement & Investor Protection).
• Bangko Sentral ng Pilipinas (BSP) / banks & e-money issuers (EMIs): transaction disputes, unauthorized transfers, recall/freeze requests; supervision under RA 11765.
• National Privacy Commission (NPC): privacy breaches, doxxing, SIM-swap/identity theft arising from unlawful processing.
• AMLC: freezing/forfeiture of laundered funds; financial intelligence.
• Platform/marketplace operators: takedown/removal and cooperation duties (strengthened under the ITA).

---

III. Where to file: jurisdiction & venue

• Under RA 10175, venue may lie where any element of the offense occurred, where any part of the computer system is located, or where the complainant/accused resides (subject to rules).
• You can file a criminal complaint with NBI-Cybercrime or PNP-ACG, then elevate to the Office of the City/Provincial Prosecutor for inquest or preliminary investigation.
• Civil actions for damages may be filed in the proper Regional Trial Court (RTC) (or first-level courts depending on amount), often where the plaintiff resides or cause of action arose.

---

IV. Evidence: what to preserve and how

The Rules on Electronic Evidence (REE) and the Rules on Cybercrime Warrants (A.M. No. 17-11-03-SC) govern handling and admissibility.

1. Preserve immediately

   • Full URLs, usernames/handles, complete email headers, SMS/MMS with timestamps, call logs, IP addresses (if accessible), device details.
   • Screenshots that capture the whole context (showing date/time, account name, platform UI). Use screen-recording for ephemeral content.
   • Bank/e-wallet statements, OTP logs, confirmation emails/SMS, dispute reference numbers.
   • Chain of custody: note who collected what, when, and how. Keep originals; work on forensic copies if possible.

2. Collect platform data

   • Use in-app “download your data” tools where available.
   • Request message metadata and login history from platforms via their legal request portals (law enforcement can issue preservation requests).

3. Authenticate

   • Keep devices unaltered; avoid deleting chats or factory resets.
   • REE allows authentication by ephemeral metadata, hash values, witness testimony on how the record was created, or platform certifications.

4. Anticipate warrants

   • Investigators may seek WDCD (Warrant to Disclose Computer Data), WICD (Warrant to Intercept), and WSSECD (Warrant to Search, Seize, and Examine Computer Data). Complainants should be ready to identify accounts, dates, IP logs, and service providers to narrow requests.

---

V. Immediate steps for victims (first 24–72 hours)

1. Secure accounts & devices

   • Change passwords; enable MFA; revoke unknown sessions; update OS/AV.
   • Call telco to secure SIM if SIM-swap suspected.

2. Contact your bank/e-wallet right away

   • Report unauthorized transactions; request freeze/hold on destination accounts and fund recall/chargeback if rails allow (e.g., InstaPay/PESONet dispute flows).
   • Many providers impose short deadlines (some within 7–15 days). Act immediately.

3. File a formal complaint

   • NBI-Cybercrime or PNP-ACG: submit evidence, IDs, and a sworn statement. Get your complaint reference number.
   • If it’s an investment scam, file with the SEC (and attach proof of solicitation, receipts/transfers).
   • If privacy breach/identity theft, notify NPC; if data breach, ask the covered entity to file a breach notification.

4. Notify the platform/marketplace

   • Report the seller/page/post; request takedown and account suspension. Keep the platform ticket/acknowledgment.

5. Document everything

   • Maintain a timeline: date/time, action taken, person/office spoken to, case/incident numbers.

---

VI. Building a prosecutable case

A complete criminal affidavit (complaint-affidavit) should include:

• Complainant’s identity and capacity;
• Detailed narration (who/what/when/where/how; include chat excerpts, payment steps, URLs);
• Elements of the offense (e.g., for estafa: deceit + damage; for computer-related fraud: use of computer system to input/alter/suppress data causing loss);
• Attachments: screenshots, logs, statements, certifications;
• Reliefs sought: filing of charges, issuance of warrants for data, preservation orders, and hold-departure if appropriate.

Tip: Align facts to statutory elements. For mixed schemes (e.g., phishing + unauthorized transfers), plead in the alternative (RA 10175, RA 8484, RPC estafa).

---

VII. Civil, administrative, and financial remedies (parallel to criminal action)

1. Civil damages (Civil Code): actual, moral, exemplary; restitution or rescission for vitiated consent through fraud.

2. Provisional remedies: preliminary attachment to secure assets; injunction to stop ongoing scam operations.

3. Financial dispute channels:

   • Internal: bank/EMI complaint desk → escalation to BSP Consumer Assistance under RA 11765 if unresolved.
   • Chargeback/dispute: card network rules; InstaPay/PESONet dispute and fund recall (best-efforts; not guaranteed).
   • Insurance/cyber-riders: if applicable.

4. Regulatory complaints:

   • SEC (investment solicitations, Ponzi/pyramids).
   • NPC (privacy/identity theft, unlawful processing).
   • DICT/CICC (cyber incident reporting, coordination).
   • DTI/LGU BPLO (deceptive sales practices by local entities; consumer protection).

---

VIII. Special scenarios: how the law maps

• Phishing/Smishing/Vishing: RA 10175 (computer-related identity theft/fraud), RA 8484 (access devices), RPC estafa; possible Data Privacy Act breaches.
• Account takeover/unauthorized transfers: RA 8484 + RA 10175; financial dispute mechanisms; AMLA red flags for mule accounts.
• Investment/crypto schemes: SEC jurisdiction (unregistered securities/selling); estafa; AMLA.
• Marketplace seller “no-delivery/defective”: estafa if deceit is present; otherwise civil/consumer protection; platform duties under ITA.
• Romance scams/sextortion: estafa; RA 9995; anti-photo/video voyeurism; possibly RA 10175.
• Deepfakes/impersonation: RA 10175 identity theft; possible privacy/IP claims.
• Business email compromise (BEC)/payment diversion: estafa + RA 10175; move for rapid recall and freezing; consider civil action vs. negligent counterparties.

---

IX. Penalties & prescription (time limits)

• Penalty uplift: crimes committed through ICT can be one degree higher under RA 10175.

• Estafa penalties vary by amount defrauded (from prisión correccional to prisión mayor; fines/restitution).

• Prescription (RPC Art. 90 et seq.):

  • Afflictive penalties → typically 15 years;
  • Correctional penalties → typically 10 years;
  • Light offenses → 2 months. The exact period depends on the penalty attached to the charged offense and runs from discovery/commission per statute and case law. Do not delay.

---

X. Cross-border issues

• The Philippines is party to the Budapest Convention on Cybercrime, enabling 24/7 cooperation and lawful cross-border data requests; DOJ-OOC is the central point.
• Investigations may require Mutual Legal Assistance (MLA), letters rogatory, or platform cooperation through preservation and disclosure channels.

---

XI. Practical filing checklist (ready-to-use)

A. Evidence pack

• Photo/scans of government IDs
• Device make/model, OS version
• Screenshots (full-screen with date/time) of chats, profiles, listings, transaction confirmations
• Email files (.eml/.msg) preserving headers
• Bank/e-wallet statements; dispute forms; ticket numbers
• Any platform acknowledgments/takedown receipts

B. Sworn statement essentials

• Your identity and contact details
• Clear timeline of events with dates/times/timezone
• How you found/engaged the scammer
• What promises/deceits were made
• How and where money/data was sent
• Actual loss and continuing harm
• Specific legal requests (investigate; file charges; issue warrants; direct banks/platforms to preserve data; coordinate with AMLC/SEC/NPC as needed)

C. Where to submit

• NBI-Cybercrime or PNP-ACG complaint desks (attach ID and evidence pack)
• SEC (investment cases)
• BSP/Bank/EMI (financial disputes)
• NPC (privacy/identity theft)
• Platform (report & takedown)

---

XII. Prevention and resilience (to avoid repeat victimization)

• Strong authentication (MFA, authenticator apps; avoid SMS-only where possible).
• Transaction controls (transfer limits; allow-lists; cooling-off for new payees).
• Out-of-band verification for payments and investment solicitations.
• Data hygiene (minimize oversharing; lock down social profiles).
• SIM security (PIN/PUK; alerts for SIM changes).
• Incident playbook (who to call; copies of KYC documents; template affidavit).

---

XIII. Model templates

1) Incident Timeline (attach to affidavit)

Date/Time (PH)	Event/Action	Proof/Ref No.
2024-05-01 14:03	Received IG DM re investment	Screenshot S-01
2024-05-02 10:12	Sent ₱25,000 via InstaPay to XXX	Bank Ref #12345
2024-05-03 09:00	Reported to Bank; requested recall	Case #B-9876
2024-05-04 16:30	Filed with NBI-Cybercrime	NBI-Ref #N-2024-001

2) Complaint-Affidavit (skeleton)

I, [Name, Age, Status, Address], after being duly sworn, state:

1. I am the owner of mobile number [xxx] and email [xxx]; my government ID is attached.
2. On [date/time], I encountered the respondent’s online account [handle/URL] which represented [promise/offer].
3. Relying on said representations, I transferred [amount] via [bank/e-wallet], Ref. No. [xxx].
4. I later discovered the representations were false because [facts]; the respondent blocked me and failed to deliver [goods/services/returns].
5. The acts constitute [estafa under Art. 315 RPC / computer-related fraud under RA 10175 / access device fraud under RA 8484 / etc.].
6. I suffered [loss amount] and continuing harm. PRAYER: That respondents be investigated and charged; that preservation/disclosure/search warrants be issued for [accounts/devices/records]; and that banks/platforms be directed to preserve/hold funds. ATTACHMENTS: S-01 to S-nn (screenshots), B-01 to B-nn (bank records), P-01 to P-nn (platform tickets).

---

XIV. FAQs

1) Can the bank instantly return my money? Not guaranteed. Philippine rails allow best-efforts recall and freezing when funds remain. Speed and complete documentation materially improve outcomes.

2) What if the scammer is anonymous? Identity can be unmasked via platform/bank/telco records, subject to warrants and cooperation. Your initial report triggers preservation to keep logs from being purged.

3) Do I need a lawyer? Not strictly to file a complaint—but counsel is highly recommended for strategy, affidavit drafting, civil remedies, and asset-tracing.

4) I’m embarrassed and deleted the chats. Is my case dead? Not necessarily. Backups, recipient records, and platform retention may still exist. Report immediately and disclose deletion to preserve credibility.

---

XV. Bottom line

Move fast, preserve everything, file with the right agencies, and pursue parallel tracks (criminal, civil, and financial dispute). A well-documented first 72 hours markedly increases the chances of recovery and prosecution.