Steps to File an Online Scam Complaint with the NBI in the Philippines

A practitioner-style guide for victims, counsel, and compliance officers

1) Why the NBI, and when to go there

The National Bureau of Investigation (NBI)—through its Cybercrime Division (NBI-CCD) and regional units—has nationwide authority to investigate cyber-enabled offenses (e.g., online estafa, identity theft, unauthorized access, phishing, card-not-present fraud, mule accounts). It coordinates closely with the Department of Justice (DOJ) and prosecutors for case filing and with other regulators (BSP, SEC, NPC, DTI) when the facts overlap with financial, securities, privacy, or consumer-protection issues.

You should go to the NBI when:

  • The scam used the internet or digital systems (social media, marketplaces, messaging apps, e-wallets, online banking).
  • You need digital forensics, platform/bank data preservation, or cross-border coordination.
  • The suspects are unknown, overseas, or operating at scale (syndicates).

Note: The Philippine National Police Anti-Cybercrime Group (PNP-ACG) also has concurrent jurisdiction. You may report to either; do not file contradictory versions in both.

2) Legal bases typically invoked

  • Revised Penal Code (RPC) – Estafa (Art. 315) as amended by RA 10951 (raising amount thresholds).
  • Cybercrime Prevention Act of 2012 (RA 10175)—e.g., computer-related fraud, identity theft, illegal access, data interference; offenses “committed by, through, and with” ICT may be prosecuted and penalties may be qualified.
  • Access Devices Regulation Act (RA 8484) for card/e-wallet fraud and skimming.
  • E-Commerce Act (RA 8792) and the Rules on Electronic Evidence (A.M. No. 01-7-01-SC) for admissibility/authentication of electronic documents/logs.
  • Data Privacy Act (RA 10173) if personal data misuse is involved (coordinate with NPC for privacy violations).
  • Other special laws may apply (e.g., Anti-Photo and Video Voyeurism, Anti-Child Pornography, IP rights, anti-pyramiding, AMLA for money mules).

3) Immediate actions: preserve and secure evidence

Digital evidence is volatile. Before contacting authorities:

  1. Do not delete anything. Keep devices and accounts intact.
  2. Capture complete screenshots (include full URLs, profile handles, timestamps, amounts, reference numbers, device clock).
  3. Export chat threads (PDF/text export), download emails (with headers if possible), save web pages (PDF/HTML), and preserve transaction logs from banks/e-wallets/couriers.
  4. List all identifiers: phone numbers, usernames, profile links, email addresses, wallet/account numbers, IPs if known.
  5. Create a chronology: date/time of discovery, communications, payments, and any demands/threats.
  6. Secure your accounts: change passwords, enable 2FA, revoke suspicious sessions, and alert your bank/e-wallet.
  7. Notify impacted platforms (marketplace, social media, classifieds) so they can lock accounts and preserve records. Preserve the ticket/acknowledgment numbers.

4) What to bring to the NBI

Prepare a tidy, prosecutor-ready set:

  • Affidavit-Complaint (sworn, notarized if practical; otherwise you can execute a sworn statement at the NBI).

    • Parties: victim/complainant; respondent(s) or “John/Jane Doe” if unknown.
    • Venue/jurisdiction: where acts occurred, where content accessed, where money changed hands, or where complainant resides (cybercrimes allow broader venue).
    • Elements of the offense: deceit and damage for estafa; use of ICT and specific acts for RA 10175 offenses.
    • Prayer: investigation, data preservation, prosecution, and recovery/restoration when applicable.

  • Annexes, indexed and paginated:

    • Screenshots, exports, emails (with headers if possible), call logs, text messages.
    • Bank/e-wallet slips, reference numbers, courier receipts.
    • Platform complaint acknowledgments.
    • Government ID(s) and contact details.
    • Proof of loss (amounts, receipts) and any mitigation steps taken.

  • Storage media (USB) containing digital originals (where safe) and the same files printed for easy review.

Tip: Keep raw originals. Printed copies help, but authenticity is stronger with native files/metadata.

5) Where and how to file with the NBI (practical flow)

  1. Frontline intake / docketing

    • Go to the NBI Cybercrime Division (or the nearest NBI regional office with cyber capability).
    • State you are filing an online scam/cybercrime complaint; request log preservation letters where time-sensitive (banks, telcos, platforms).

  2. Sworn statement & document vetting

    • You’ll execute or submit your Affidavit-Complaint; attach annexes.
    • Provide devices or media only if requested for imaging. The NBI typically uses forensically sound acquisition (write-blockers, hashing) to maintain chain of custody.

  3. Initial assessment

    • The agent identifies possible offenses, red flags (syndicates, mule chains), and urgent preservation requests to banks/e-wallets/telcos/social platforms.
    • For ongoing incidents, the NBI may consider entrapment or controlled delivery (subject to feasibility and safety).

  4. Investigation & digital forensics

    • Collection of subscriber/transaction data via lawful requests; analysis of logs, device images, and money flow.
    • Coordination with DOJ Office of Cybercrime for cross-border requests/MLAT when platforms or data are overseas.

  5. Filing with the Prosecutor (Rule 110, Rules of Criminal Procedure)

    • The NBI prepares a Referral or Complaint to the Office of the City/Provincial Prosecutor (or DOJ) attaching your affidavit and evidence.
    • Inquest may apply if suspects are arrested; otherwise preliminary investigation proceeds (counter-affidavits, replies, resolution).

  6. Post-filing

    • If probable cause is found, an Information is filed in court. Warrants/subpoenas may issue; case proceeds to arraignment and trial.
    • For civil recovery, you may pursue civil action for damages or restitution (often deemed instituted with the criminal action unless waived or reserved).

Fees: Filing a criminal complaint at the NBI is generally free. You may incur costs for notarization, photocopying, certifications, or private counsel.

6) Drafting a strong Affidavit-Complaint (structure & sample clauses)

A. Caption & Parties – Identify complainant and respondent(s). If unknown, use “John/Jane Doe” and describe. B. Jurisdiction & Venue – Explain digital locus (where deceit was received, payments made, websites accessed). C. Facts – Chronological, numbered paragraphs; attach exhibits (Annex “A,” “B,” etc.). D. Offense analysis – Track elements:

  • Estafa: (1) false pretense/deceit; (2) reliance; (3) damage/amount.
  • RA 10175: specify the computer-related acts (e.g., fraudulent input/alteration, identity theft, illegal access). E. Reliefs – Request: (1) investigation and prosecution; (2) data preservation; (3) bank/platform coordination; (4) return/restitution; (5) other just reliefs. F. Verification & Oath – Sworn before an authorized officer; attach ID.

Authentication pointers (Rules on Electronic Evidence):

  • Identify the creator, the device/account used, and the manner of acquisition.
  • Keep hash or metadata where feasible; avoid editing files; document the chain of custody.

7) Special scenarios and how to handle them

A. Unknown scammer

  • Provide all identifiers (usernames, numbers, wallet IDs).
  • NBI can seek subscriber info and IP/session logs from telcos/platforms.

B. Cross-border platform or overseas suspect

  • NBI coordinates via DOJ for MLAT or other channels to lawfully obtain records.
  • Expect longer timelines; early preservation is critical.

C. Investment/pyramiding or “trading” scams

  • In addition to criminal angles, consider referral to SEC (unregistered securities/selling without license).
  • Keep evidence of promises/returns, marketing materials, and wallet flows.

D. Account takeovers & phishing

  • Immediately notify bank/e-wallet for freeze/block requests; bring acknowledgment to NBI.
  • Collect device info, suspicious links, and OTP/notification logs.

E. Money mules and layered transfers

  • Record every hop (wallet A → bank B → wallet C); annex transaction histories.
  • AML/CTF red flags help justify urgent freezes/preservation.

F. Minors and sensitive content

  • If sexual exploitation or threats are involved, flag immediately; different laws and protected procedures apply.

8) Timelines, prescription, and expectations

  • Speed matters for log preservation; many providers keep limited retention windows.
  • Prescription (statute of limitations) varies by offense and penalty; estafa’s prescriptive period depends on the imposable penalty after RA 10951’s updated thresholds. File as early as possible.
  • Not all cases result in immediate recovery; criminal proceedings focus on accountability. For restitution, complement with civil/administrative remedies and direct bank/platform claims.

9) Parallel remedies you can pursue (without undermining the NBI case)

  • Banks/E-Wallets (dispute channels, freeze requests, internal investigations).

  • Platforms/Marketplaces (takedowns, seller verification, refund programs if any).

  • Regulators:

    • BSP Consumer Assistance (for bank/e-money issues),
    • SEC (investment scams),
    • NPC (privacy/data misuse),
    • DTI (consumer protection for goods/services).

  • Civil action for damages and injunctions (particularly for ongoing impersonation or reputational harm).

10) Practical checklists

Victim’s one-page checklist

  • Freeze/block requests sent to bank/e-wallet/platform (keep ticket numbers).
  • Affidavit-Complaint drafted, sworn (or ready to swear at NBI).
  • Evidence bundle: screenshots with timestamps/URLs; chat/email exports; receipts; IDs.
  • Chronology prepared; list of identifiers compiled.
  • Devices preserved; passwords changed; 2FA enabled.

Counsel/compliance checklist

  • Map offenses to elements (RPC estafa, RA 10175, RA 8484).
  • Venue theory (anywhere deceit received/transactions occurred).
  • Draft preservation language for banks/telcos/platforms.
  • Prepare chain-of-custody plan for digital media.
  • Consider referrals (BSP/SEC/NPC/DTI) and civil strategy.

11) Frequently asked questions

Q: Can I file if I don’t know the scammer’s real name? A: Yes. Use descriptive identifiers; NBI can seek subscriber/transaction data.

Q: Do I need a lawyer? A: Not required to file, but counsel helps with elements, venue, and evidence sufficiency—especially for complex or high-value cases.

Q: Will I get my money back? A: Possible but not guaranteed. Combine criminal complaint with bank/platform disputes and civil claims.

Q: Are screenshots admissible? A: Yes, subject to authenticity. Keep original files/exports and be ready to testify about how you created/kept them.

Q: Can NBI arrest immediately? A: Only with lawful cause (e.g., in flagrante, warrant) or during entrapment. Otherwise, the usual path is investigation → prosecutor → court.

12) Model Affidavit-Complaint outline (for adaptation)

  1. Caption (NBI Case Reference / For Filing with Prosecutor)
  2. Personal circumstances of complainant
  3. Statement of jurisdiction/venue
  4. Narration of facts (chronology; attach Annexes “A–__”)
  5. Offense analysis (elements mapped to facts: estafa, RA 10175, etc.)
  6. Damages suffered (amounts, consequential losses if any)
  7. Reliefs sought (investigation, data preservation, prosecution, restitution)
  8. Verification and Oath
  9. Annex list with index and pagination

13) Good practices to maintain case strength

  • Be consistent across platform disputes and the NBI complaint (same facts/amounts/timestamps).
  • Maintain an evidence log: who collected what, when, and how; record hash values if imaging is done.
  • Avoid editing/annotating originals; make separate working copies for highlights/redactions.
  • Keep communications with the NBI professional and responsive; promptly provide additional info when requested.
  • Beware of fixers or anyone asking for fees to “fast-track” prosecution.

14) Summary

Filing with the NBI is straightforward if you: (1) preserve evidence early, (2) submit a clean, element-based Affidavit-Complaint with annexes, and (3) cooperate during digital forensics and platform/bank requests. Pair the criminal track with parallel regulatory and civil remedies to maximize recovery and prevent further harm.

This guide is for general information only and is not a substitute for tailored legal advice. For complex or high-stakes cases, consult counsel experienced in cybercrime litigation and electronic evidence.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login