Social Media Account Hacked and Used for Extortion in the Philippines: How to File a Cybercrime Complaint

Social Media Account Hacked and Used for Extortion in the Philippines: How to File a Cybercrime Complaint

This guide is written for victims and counsel in the Philippines. It synthesizes Philippine statutes and procedure as of 2024. It is general information, not legal advice.

Snapshot: What to Do in the First 24 Hours

  1. Stop engaging. Do not pay or negotiate—payment usually invites more demands.

  2. Lock down accounts.

    • Change passwords and enable multi-factor authentication (MFA) on email and all social media.
    • Revoke “remembered devices,” log out of all sessions, and remove unknown apps with access.
    • Update recovery phone/email.

  3. Preserve evidence (before you delete anything).

    • Take full-screen screenshots and record URLs, usernames, phone numbers, email addresses, e-wallet numbers, and transaction references.
    • Export chat histories where possible; keep original files and message headers.

  4. Trace and contain any money flow.

    • If funds were sent, immediately notify your bank/e-wallet to flag and hold the receiving account if possible.

  5. Report and preserve with platforms.

    • Report the account compromise and the extortion to the platform; request data preservation (your assigned law-enforcement case officer can follow with a formal preservation request).

  6. File a complaint with law enforcement (PNP Anti-Cybercrime Group or NBI Cybercrime Division), then proceed to the City/Provincial Prosecutor for preliminary investigation.

The Legal Framework

Core Criminal Statutes

  • Cybercrime Prevention Act of 2012 (RA 10175).

    • Typical charges in a hack-extortion scenario:

      • Illegal Access (unauthorized access to your account)
      • Computer-Related Identity Theft (posing as you)
      • Computer-Related Fraud (if they extract money using the account)

    • Section 6: Crimes committed “through and with the use of ICT” are generally penalized one degree higher than their analogs.

    • Jurisdiction/Venue: Specially designated Cybercrime Regional Trial Courts (RTCs) have jurisdiction; venue may lie where any element occurred, including where the complainant resides or where data is accessed.

    • Note on powers: Some warrantless surveillance/takedown powers originally in RA 10175 were invalidated by the Supreme Court in 2014. Law enforcement now generally proceeds via court-issued cybercrime warrants (see below).

  • Revised Penal Code (RPC).

    • Extortion conduct is commonly prosecuted under Robbery by Intimidation, Grave Threats, or Coercion, depending on facts (threat of harm + demand for money).
    • Libel/Defamation may attach if attackers post false statements.

  • Related Special Laws (as applicable).

    • RA 9995 – Anti-Photo and Video Voyeurism Act (non-consensual sharing of intimate images).
    • RA 11930 – Anti-Online Sexual Abuse or Exploitation of Children (OSAEC) and RA 9775 – Anti-Child Pornography (if a minor is involved).
    • RA 9262 – Anti-VAWC (if the extorter is an intimate partner/former partner and the conduct amounts to violence against women and their children).
    • RA 10173 – Data Privacy Act (you may proceed against negligent companies/controllers via the NPC if their breach enabled the attack).
    • RA 11934 – SIM Registration Act (helps law enforcement link numbers used in extortion to registered identities via lawful process).
    • RA 8484 – Access Devices Regulation Act (if attackers used your card or access device).

The Rule on Cybercrime Warrants (Supreme Court, 2018)

Courts can issue tailored warrants, commonly:

  • WDCD – Warrant to Disclose Computer Data (subscriber info, logs, transactional records)
  • WICD – Warrant to Intercept Computer Data (lawful intercept of ongoing data)
  • WSSECD – Warrant to Search, Seize, and Examine Computer Data (for imaging/exam of devices and accounts)

These allow PNP/NBI to request data from platforms, banks, and telcos, including preservation of logs and identification of perpetrators.

Electronic Evidence

Under the Rules on Electronic Evidence, electronic documents, logs, screenshots, and printouts are admissible if authenticated (by a person with knowledge, by distinctive characteristics, or by system integrity testimony). Keep original digital files whenever possible.

Mapping Facts to Charges (Common Patterns)

Attacker’s act Likely offenses
Hacked your account, changed password Illegal Access (RA 10175), Computer-Related Identity Theft
Impersonated you to solicit money Identity Theft; Fraud/Estafa (RPC) elevated under Sec. 6, RA 10175
Threatened to post private photos unless paid Grave Threats/Coercion (RPC); if intimate images: RA 9995; if minor: RA 11930/RA 9775
Posted defamatory content using your account Libel under RPC, “one degree higher” when online
Demanded payment via e-wallet/bank Fraud/Estafa; Access Device violations; money-laundering reporting triggers for FIs

Evidence: What to Capture and How to Preserve It

Collect comprehensively (before takedowns/auto-deletions):

  • Identity artifacts: Profile URLs, user IDs, vanity names, email handles, mobile numbers, e-wallet account names/numbers, transaction IDs, device names, IPs if visible, and any linked accounts.
  • Threat proof: Full conversation threads (export if possible), audio/video, voicemails, and timestamps.
  • Account events: Login alerts, password change notices, recovery emails/SMS, “new device” notifications.
  • Financial traces: Receipts, reference numbers, screenshots from your bank/e-wallet app.
  • System info: If you still have the compromised device, avoid altering it; your examiner may later image the device to maintain chain-of-custody.

Good practice

  • Keep original files; avoid re-saving screenshots at lower quality.
  • Maintain an Evidence Log (who captured what, when, and on which device).
  • Note time zone (PH: Asia/Manila) for all timestamps.

Evidence Log Template

# Evidence Log
Victim: [Name]      Case Ref: [to be assigned]
Collector: [Name]   Date Started: [YYYY-MM-DD]

Item No.: 001
Description: Screenshot - Messenger chat w/ extortion demand
Source/URL: https://m.me/username/...
Date/Time Captured: 2025-08-20 21:35 Asia/Manila
Original File: IMG_1234.PNG (iPhone 13 Pro)
Hash (if available): [MD5/SHA-256]
Notes: Shows threat to post images unless paid ₱xx,xxx.

[Repeat for each item]

Step-by-Step: Filing a Cybercrime Complaint

1) Make an Initial Report (PNP-ACG or NBI-CCD)

Bring:

  • Valid ID, contact details.
  • Affidavit of Complaint (draft; see template below).
  • Evidence bundle (USB/cloud link), plus a printed index of annexes.
  • Any transaction proofs if money changed hands.

What happens:

  • Intake officer evaluates and may refer for forensics.
  • They may immediately issue platform/bank preservation requests and apply for the appropriate cybercrime warrants.
  • You’ll receive a reference number.

2) File with the Office of the City/Provincial Prosecutor

  • Submit the Sworn Complaint-Affidavit with annexes.

  • Prosecutor issues Subpoena for the respondents (if identified) to submit counter-affidavits.

  • Preliminary Investigation follows (complainant’s reply may be allowed).

  • Prosecutor resolves probable cause:

    • If yes, an Information is filed in the designated Cybercrime RTC; a warrant of arrest may be issued.
    • If no, case is dismissed (you may move for reconsideration or appeal to the DOJ).

Unknown perpetrator? You can still file against “John/Jane Doe” while identification proceeds via warrants to platforms/telcos/banks.

3) Parallel Protective/Remedial Actions

  • Bank/e-Wallet: File a fraud/extortion incident report to attempt post-transaction holds while law enforcement pursues a freeze via court order or AMLC processes.
  • Social Media Platform: Continue pursuing account recovery; provide your police/NBI reference to strengthen takedown and data preservation.
  • Telco/SIM Issues: If SIM-swap or number misuse is implicated, request a number block and coordinate through your case officer for lawful disclosure requests under the SIM Registration Act.
  • Data Privacy (NPC): If a company’s breach exposed your credentials, you may file a privacy complaint against the controller.

Account Recovery & Digital Hygiene Checklist

  • Change passwords (use long passphrases; unique per service).
  • Turn on MFA (prefer app-based or hardware keys).
  • Review login activity and terminate unknown sessions.
  • Remove suspicious connected apps and browser extensions.
  • Check email filters/forwarders that attackers may have added.
  • Enable alerts for logins and password changes.
  • Consider a fresh OS install if malware is suspected.

Civil Remedies and Other Avenues

  • Damages under the Civil Code (e.g., Articles 19–21 for abuse of rights/acts contra bonos mores, and Article 26 for interference with privacy/dignity).
  • Injunctions/TROs in appropriate cases to restrain further dissemination (fact-specific and discretionary).
  • Writ of Habeas Data (when your right to privacy in life, liberty, or security is implicated), potentially compelling deletion or disclosure of data held by respondents; consult counsel due to its specialized nature.

Special Notes for “Sextortion” and Minors

  • Do not send additional images or attempt to “prove” anything to the offender.
  • If a child is involved (minor subject or viewer), authorities will also invoke RA 11930/RA 9775; cases are prioritized.
  • Seek psychosocial support; investigators can coordinate with appropriate child-protection units.

Sample Complaint-Affidavit (Skeleton)

Affidavit of Complaint I, [Name], Filipino, of legal age, with address at [Address], after having been duly sworn, depose and state:

  1. I am the registered owner/user of the social media account “[handle]” with URL [link], and email “[email]”.
  2. On [date/time], I received [login alert/password change notice]. I was thereafter locked out of my account.
  3. At [date/time], an unknown person using the compromised account sent messages to me/my contacts demanding ₱[amount] and threatening to [post private images/reveal data/etc.]. Copies are attached as Annexes “A-1” to “A-n”.
  4. The offender provided the following receiving accounts: [bank/e-wallet details], phone numbers [xxx], and email/usernames [xxx].
  5. I did not authorize any access or transactions.
  6. I suffered [financial loss/reputational harm/mental anguish].
  7. I charge the respondent(s) with violations of RA 10175 (Illegal Access; Computer-Related Identity Theft; [Fraud]), and the Revised Penal Code [Grave Threats/Robbery by Intimidation], and [RA 9995/other applicable laws].
  8. I reserve the right to submit supplemental affidavits as new evidence arises.

Affiant further sayeth naught. [Signature over Printed Name] [Date/Place] SUBSCRIBED AND SWORN TO before me this [date] at [place]. [Prosecutor/Notary]

Annexing evidence: Index your annexes with short, descriptive labels; tie every material allegation to at least one annex.

Frequently Asked Questions

Do I need a lawyer? Not strictly to report, but strongly recommended for drafting charges, preserving evidence, and managing parallel civil remedies.

Are screenshots enough? They are a start. Whenever possible, export full chats, collect URLs, and preserve original files. For stronger authentication, keep device originals and be ready to explain capture methods.

Can I recover my money? Recovery is fact-dependent and time-sensitive. Immediate reports to banks/e-wallets and quick action by law enforcement increase the odds of freezing funds before they are “cashed out.”

What if the offender is overseas? Philippine courts can still take cognizance if any element occurred in the Philippines or the victim is here. Law enforcement can use cooperation channels, but timelines are longer.

Will the platform give me the attacker’s info? Platforms typically disclose only to law enforcement upon receipt of proper legal process (e.g., WDCD). Share your case reference with the platform to align preservation.

Practical Pitfalls to Avoid

  • Deleting chats or posts too early (capture first; takedowns can follow).
  • Paying “to make it stop.” It rarely stops.
  • Using public Wi-Fi during recovery (risk of further compromise).
  • Reusing passwords across social and email accounts.
  • Letting the only copy of evidence sit on a compromised device. Back up to a safe drive/cloud.

One-Page Checklist (Print & Tick)

  • Change passwords + enable MFA on email and socials
  • End all sessions; remove suspicious apps/extensions
  • Capture full evidence (screens/exports/URLs/IDs)
  • Notify bank/e-wallet; file incident report
  • Report to platform; request preservation
  • File with PNP-ACG/NBI-CCD (get reference no.)
  • Prepare and file Complaint-Affidavit + annexes with Prosecutor
  • Keep an Evidence Log and update as you receive replies/subpoenas
  • Consider civil/privacy remedies where applicable
  • Arrange counseling/support if sexual images or minors are involved

Final Notes

  • Speed and documentation win these cases. Preserve first, then act.
  • The same fact pattern can implicate multiple offenses; it is normal to allege several in a single complaint.
  • Coordinate closely with your assigned investigator to ensure timely preservation and warrants to platforms, telcos, and financial institutions.

If you want, I can turn this into a printable packet (templates + fill-in forms) or tailor the affidavit to your specific facts.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login