Text Scams in the Philippines: How to Report and Protect Your Rights

A text scam can feel small at first—a suspicious “bank alert,” a fake delivery notice, a job offer that asks for a fee, or a message pretending to come from GCash, Maya, a bank, LTO, PhilPost, a courier, or a government agency. But under Philippine law, these messages can become serious criminal, consumer, privacy, and financial-account cases, especially when money is lost, personal data is stolen, or an account is taken over. This guide explains what text scams are, which Philippine laws protect you, where to report them, what evidence to prepare, and what practical steps to take if you already clicked a link or sent money.

What counts as a text scam in the Philippines?

A text scam is any SMS, messaging-app message, or phone-related communication that uses deception to get money, account access, personal information, or some other benefit from you.

Common examples include:

  • “Your bank account is suspended. Click this link to verify.”
  • “You have a parcel pending delivery. Pay ₱17 customs fee.”
  • “Congratulations, you won ₱50,000. Send your details.”
  • “Your GCash/Maya wallet is locked. Login here.”
  • “Your LTO violation must be settled today.”
  • “We are hiring part-time workers. Deposit first to activate your account.”
  • “Loan approved. Pay processing fee before release.”
  • Messages showing a trusted sender name even though the message is fake.

In practice, many Philippine text scams use phishing. Phishing means tricking someone into giving passwords, OTPs, card details, IDs, or other sensitive information. Some scams also use spoofing, where the sender makes the message appear to come from a trusted number, business name, or institution.

A scam does not need to succeed before it can be reported. Even attempted fraud, suspicious links, fake sender names, and repeated scam messages may be worth reporting because they help authorities and telcos block numbers, trace patterns, and preserve digital evidence.

Philippine laws that may apply to text scams

Text scams often fall under several laws at the same time. The exact case depends on what happened: whether money was lost, whether an account was accessed, whether the sender used fake identity documents, whether your personal data was misused, or whether a bank or e-wallet failed to act properly.

Revised Penal Code: estafa or swindling

If a scammer deceives you into sending money, goods, or anything of value, the basic offense may be estafa under Article 315 of the Revised Penal Code.

Estafa usually involves:

  • Fraud or deceit;
  • The victim relying on the deceit; and
  • Damage or loss, usually money or property.

For example, if someone texts you pretending to be a loan officer, convinces you to pay a “release fee,” and disappears, that may be treated as estafa. If the deceit was committed through a phone, SMS, website, social media, or electronic payment channel, the cybercrime law may also come in.

RA 10175: Cybercrime Prevention Act of 2012

The Cybercrime Prevention Act of 2012, or Republic Act No. 10175, is important when the scam uses information and communications technology.

It may apply to text scams involving:

  • Computer-related fraud;
  • Computer-related identity theft;
  • Unauthorized access to accounts;
  • Use of fake websites, fake login pages, or malicious links;
  • Fraud committed through SMS, email, messaging apps, or online platforms.

RA 10175 also provides that crimes under the Revised Penal Code and special laws may carry a higher penalty when committed through information and communications technology. In practical terms, a scam that would already be estafa may become more serious when carried out through digital systems.

The National Bureau of Investigation and Philippine National Police have cybercrime units specifically tasked to handle cybercrime cases.

RA 11934: SIM Registration Act

The SIM Registration Act, or Republic Act No. 11934 of 2022, requires SIM registration before activation. It also defines spoofing as transmitting misleading or inaccurate information about the source of a phone call or text message with intent to defraud, cause harm, or wrongfully obtain anything of value.

This matters because many victims ask: “Can the scammer be identified through the number?”

Sometimes yes, but not automatically. Under the SIM Registration Act, public telecommunications entities must keep SIM registration data confidential. Disclosure generally requires proper legal process, such as a subpoena by competent authority in an investigation based on a sworn complaint. This is why filing a proper report matters: it creates the paper trail that may allow law enforcement to request subscriber information legally.

The law also requires telcos to provide user-friendly reporting mechanisms for potentially fraudulent texts or calls and, after due investigation, deactivate SIMs used for fraudulent messages.

RA 12010: Anti-Financial Account Scamming Act

The Anti-Financial Account Scamming Act, or Republic Act No. 12010 of 2024, is especially relevant when a text scam targets bank accounts, e-wallets, credit cards, online banking, or payment accounts.

RA 12010 covers social engineering schemes, including the use of electronic communications such as SMS, phone calls, email, social media messages, and instant messaging to obtain sensitive identifying information by deception or fraud.

Sensitive identifying information can include:

  • Usernames;
  • Passwords;
  • OTPs;
  • Bank account details;
  • Credit card details;
  • E-wallet details;
  • Other electronic credentials or confidential personal information.

RA 12010 also penalizes money muling, such as selling, lending, renting, or allowing the use of a financial account to receive or move scam proceeds.

A key practical feature of this law is the rule on temporary holding of disputed funds. Financial institutions may temporarily hold funds subject of a disputed transaction within the period prescribed by the Bangko Sentral ng Pilipinas, which must not exceed 30 calendar days unless extended by a court. The law also recognizes possible restitution where an institution failed to use adequate risk management systems or failed to exercise the required diligence.

This is why speed matters. If money was transferred, report to your bank or e-wallet immediately—not tomorrow, not after posting online, and not after waiting for the scammer to reply.

RA 10173: Data Privacy Act of 2012

The Data Privacy Act of 2012, or Republic Act No. 10173, may apply when your personal information was misused, leaked, collected without authority, or used for identity fraud.

This can matter where:

  • You suddenly receive scam texts using your full name;
  • A company, platform, or service may have mishandled your data;
  • Your ID, address, birth date, contact number, or financial details were exposed;
  • Someone used your personal information to register accounts or apply for loans.

A privacy case is different from a criminal scam case. The scammer may be criminally liable, while a company or organization that failed to protect personal data may face proceedings before the National Privacy Commission.

RA 8484: Access Devices Regulation Act

The Access Devices Regulation Act of 1998, or Republic Act No. 8484, may apply when the scam involves credit cards, debit cards, account numbers, PINs, card codes, or other access devices.

This law is relevant when a scammer obtains or uses your card details or other access credentials to get money, goods, services, or fund transfers. It also makes immediate reporting important because the law recognizes the effect of notifying the issuer after loss or theft of an access device.

What to do immediately if you receive a scam text

If you have not clicked the link or sent money, your goal is to preserve evidence and prevent harm.

  1. Do not click the link. Even opening a link may expose you to fake login pages, malware, or tracking.
  2. Do not reply. Replying may confirm that your number is active.
  3. Take screenshots. Capture the full message, sender number or sender name, date, time, and any link shown.
  4. Copy the suspicious link safely. Do not open it. If your phone allows copying the message text without visiting the link, save it in your notes.
  5. Report to your telco and NTC. This helps with blocking and deactivation.
  6. Block the sender after preserving evidence.
  7. Warn vulnerable family members. Seniors, kasambahays, students, and OFWs’ family members are common targets.

Do not delete the message until you have reported it or backed it up. Screenshots are useful, but the original message may still help show the sender details and timing.

What to do if you clicked the link but did not send money

If you clicked a link, assume your information may be at risk.

  1. Close the page immediately.
  2. Do not enter any OTP, password, PIN, card number, or selfie verification.
  3. Change passwords for the affected account and any account using the same password.
  4. Enable multi-factor authentication if available.
  5. Log out from all devices in your email, banking, e-wallet, and social media accounts.
  6. Call your bank or e-wallet provider if the link pretended to be from a financial institution.
  7. Monitor transactions for the next several days.
  8. Scan your phone using reputable mobile security tools or reset the device if you suspect malware.

If the link asked for your email password, treat that as urgent. Email access can allow scammers to reset your bank, shopping, social media, and government-service accounts.

What to do if you sent money or lost access to an account

If money was transferred, speed is more important than perfect paperwork.

  1. Call your bank or e-wallet immediately. Use the official hotline from the app, card, or official website—not a number from the suspicious text.
  2. Ask for the transaction to be flagged as fraudulent.
  3. Request temporary blocking, freezing, or holding of funds if still possible.
  4. Change your PIN, password, and security questions.
  5. Ask for a case reference number.
  6. Request written confirmation by email or in-app ticket.
  7. Report to 1326, PNP-ACG, NBI Cybercrime, or the nearest police station.
  8. Prepare a complaint affidavit if you want a formal criminal complaint.

When talking to the bank or e-wallet, be specific:

  • Date and time of transaction;
  • Amount;
  • Reference number;
  • Sender and receiver account details;
  • Name shown in the app, if any;
  • How the scam happened;
  • Whether you gave an OTP, password, PIN, card details, or remote access.

Avoid saying “I authorized it” without explaining the fraud. A victim may have tapped “send” or entered an OTP because of deception. The relevant issue is whether the transaction was induced by fraud, social engineering, unauthorized access, or account takeover.

Where to report text scams in the Philippines

Different agencies handle different parts of the problem. It is common to report to more than one office.

Where to report Best for What to prepare
Telco provider Blocking scam numbers, suspicious sender IDs, fraudulent calls or SMS Screenshot of message, sender number/name, date and time, your mobile number
National Telecommunications Commission (NTC) Text spam, scam texts, telco-related complaints, SIM-related concerns Government ID, screenshot of scam text showing number/sender, complaint details
I-ARC Hotline 1326 / CICC Centralized online scam reporting, phishing, cyber fraud, account recovery guidance Basic facts, screenshots, transaction details, affected account
PNP Anti-Cybercrime Group (PNP-ACG) Criminal cybercrime investigation Screenshots, transaction records, IDs, complaint affidavit, device if relevant
NBI Cybercrime Division Criminal investigation, digital evidence, complex scams Complaint form, affidavit, evidence, transaction records, IDs
Bank or e-wallet provider Freezing funds, reversing or investigating unauthorized/disputed transactions Reference number, amount, date/time, account details, screenshots
Bangko Sentral ng Pilipinas (BSP) Escalating unresolved complaints against BSP-supervised banks/e-wallets Prior complaint to bank/e-wallet, provider’s reply, supporting documents
National Privacy Commission (NPC) Misuse, leak, or improper handling of personal data Notarized complaint or verified complaint, evidence, prior written notice to respondent when required
Securities and Exchange Commission (SEC) Investment scams, fake lending/investment companies, Ponzi schemes Screenshots, names, payment records, group chats, promised returns
Department of Trade and Industry (DTI) Online seller scams involving consumer goods/services Proof of order, payment, seller details, chat records, delivery records

For text scam and spam reports, the NTC has directed complainants to its text spam/scam report page. The government’s anti-scam response system also promotes Hotline 1326 for online scams. ScamWatch Pilipinas describes 1326 as an Inter-Agency Response Center project involving DICT, CICC, NPC, and NTC, with other hotline numbers for Smart, Globe, and DITO users through its online scam reporting page.

For financial complaints that remain unresolved by a bank or e-wallet provider, the BSP explains its complaint escalation channels through the BSP Consumer Assistance Channels and Chatbot. For privacy complaints, the NPC explains its filing process through its formal complaint page and mechanics for complaints. For investment-related complaints, the SEC accepts reports through the SEC iMessage portal. For consumer complaints against online sellers, the DTI Fair Trade Enforcement Bureau provides guidance through its consumer complaint FAQ.

Step-by-step guide to reporting a text scam

1. Prepare your evidence

Before filling out forms or going to an office, organize your proof.

Prepare:

  • Screenshot of the full text message;
  • Sender number, sender name, or shortcode;
  • Date and time received;
  • Suspicious link, if visible;
  • Your mobile number that received the message;
  • Screenshots of any website opened;
  • Chat records with the scammer;
  • Proof of payment, transfer slip, QR code, account number, or wallet number;
  • Bank or e-wallet reference number;
  • Name of receiving account, if shown;
  • Copy of your valid government ID;
  • Written timeline of what happened.

For serious cases, prepare a short timeline like this:

Date and time What happened Evidence
June 1, 9:15 AM Received text pretending to be from bank Screenshot 1
June 1, 9:20 AM Opened link and entered login details Screenshot 2
June 1, 9:27 AM Unauthorized transfer of ₱25,000 Bank receipt
June 1, 9:40 AM Called bank hotline and received case number Email confirmation

A clear timeline helps investigators, banks, and complaint officers understand the case faster.

2. Report to your telco

Use your telco’s official reporting channel. Many telcos have in-app or website-based reporting for spam, scam SMS, fake sender IDs, and suspicious links.

Include:

  • Scam sender number or sender ID;
  • Message content;
  • Screenshot;
  • Date and time;
  • Your contact details.

The telco may block, investigate, or refer the number depending on its process and legal requirements.

3. Report to the NTC

For NTC reporting, prepare at least:

  • A valid ID;
  • Screenshot of the text spam or scam with the sender number or name;
  • Your basic complaint details.

The NTC’s role is usually regulatory and coordination-focused. It may receive complaints, endorse matters to the proper public telecommunications entity, and coordinate blocking or other action. For criminal prosecution, you still need law enforcement such as PNP-ACG or NBI.

4. Report to 1326 or CICC for online scam assistance

Hotline 1326 is useful when you need quick direction on where to report an online scam, phishing incident, impersonation scam, or account compromise.

Be ready to explain:

  • What type of scam it was;
  • Whether money was lost;
  • Whether an account was compromised;
  • Which bank, e-wallet, or platform was involved;
  • Whether you already contacted the provider.

5. Report to your bank or e-wallet provider

This should happen immediately if any financial account is involved.

Ask the provider to:

  • Block or secure your account;
  • Investigate the transaction;
  • Flag the receiving account;
  • Attempt recovery or hold, if still possible;
  • Issue a case or ticket number;
  • Provide written acknowledgment.

If the bank or e-wallet does not resolve the matter, you may escalate to BSP, but BSP generally expects that you first raised the concern with the financial institution.

6. File a complaint with PNP-ACG or NBI Cybercrime

For a formal criminal complaint, you may approach:

  • PNP Anti-Cybercrime Group;
  • NBI Cybercrime Division;
  • Nearest police station for blotter and referral, especially if there is urgency or no cybercrime office nearby.

A formal complaint may require:

  • Complaint affidavit;
  • Valid ID;
  • Screenshots and printouts;
  • Transaction records;
  • Device used, if relevant;
  • Bank or e-wallet certifications, when available;
  • Names or account details of suspected perpetrators, if known.

A complaint affidavit is a sworn written statement of what happened. It is usually notarized or subscribed before an authorized officer. In cybercrime cases, the affidavit helps support requests for subscriber information, preservation of data, subpoenas, or further investigation.

7. Escalate to NPC, SEC, or DTI when appropriate

Report to NPC if the issue involves misuse, exposure, or improper handling of personal information.

Report to SEC if the scam involves:

  • Investment offers;
  • Guaranteed high returns;
  • “Tasking” or “trading” groups;
  • Crypto or forex investment schemes;
  • Fake company registration;
  • Lending or financing entities using deceptive practices.

Report to DTI if the issue involves:

  • Online seller fraud;
  • Non-delivery of paid goods;
  • Fake products;
  • Misleading online selling practices;
  • Platform-based consumer transactions.

If the “seller” is not a real business and simply disappeared after receiving money, DTI may refer the matter to cybercrime authorities because it becomes more of a fraud investigation than a normal consumer mediation case.

Common mistakes that hurt text scam complaints

Deleting the message too soon

Victims often delete scam texts out of fear or frustration. This can make it harder to prove sender details, timing, and content. Screenshot first, back up, then block.

Waiting too long to report money transfers

For bank and e-wallet scams, hours matter. Scam proceeds can move through several accounts quickly. Report immediately so the provider can try to flag or hold funds.

Posting all details publicly

Posting the scammer’s number online may warn others, but do not post your own OTPs, full account numbers, IDs, reference numbers, address, or private bank details. You may accidentally expose more personal data.

Reporting only to Facebook groups

Community warnings help, but they are not official complaints. Use official channels if you want blocking, investigation, fund recovery attempts, or prosecution.

Sending more money to “recover” the first loss

Scammers often return pretending to be “recovery agents,” “lawyers,” “bank insiders,” or “cyber police.” If someone asks for a fee to recover stolen money, verify independently. Do not send more money based on another message.

Giving OTPs to anyone

In most cases, legitimate banks, e-wallets, telcos, and government agencies will not ask for your OTP, password, PIN, or full card details through text. Treat OTP requests as a major red flag.

Special situations

The scam text used my full name. Does that mean my data was leaked?

Not always, but it is a warning sign. Your name and number may have come from an old form, delivery record, contact list, compromised app, online marketplace transaction, public post, or data breach.

If the message includes sensitive details such as your address, government ID number, account information, or transaction history, consider reporting to the NPC and the company or platform that may have held the data.

The message appeared inside a legitimate sender thread

Some victims receive fake messages that appear under a familiar sender name or thread. This can happen through spoofing or sender ID abuse. Do not rely only on the sender name. Verify through the official app, official website, or hotline you already know.

I am an OFW or foreigner outside the Philippines

You can still preserve evidence and report through online channels where available. If a formal affidavit is needed, you may need notarization in your country or consular acknowledgment depending on the receiving agency’s requirements. For documents executed abroad, Philippine agencies may require an apostille or consular authentication depending on the country and document type.

If the affected account is a Philippine bank, e-wallet, SIM, or Philippine-based platform, report to that provider immediately even if you are abroad.

A family member was scammed

If the victim is elderly, a minor, or not comfortable with technology, help them preserve evidence and contact the provider. For formal complaints, a representative may need written authority, a special power of attorney, or proof of relationship depending on the agency or institution.

The scammer is known to me

If you know the person, keep the evidence and avoid threats or public shaming that could create a separate legal problem. A known identity may make it easier to file estafa, cybercrime, or civil claims, but you still need proof of deceit, payment, account details, and damage.

Practical timeline: what usually happens after reporting

Timelines vary, but this is a realistic picture:

Stage Usual timing Practical reality
Bank/e-wallet urgent report Same day Best chance of flagging funds is immediately after the transaction
Telco or NTC report Same day to several days Blocking or deactivation may require review and coordination
Police/NBI intake Same day to several weeks Complex cases need affidavits, digital evidence, and provider records
Subpoena or data request Weeks or longer Requires legal basis and proper process
BSP escalation After unresolved provider complaint BSP usually looks for proof that you first complained to the bank/e-wallet
NPC complaint After preparation of proper complaint Notarization, evidence, and exhaustion of remedies may be required
Criminal prosecution Months or longer Depends on identification of suspect, evidence, prosecutor action, and court docket

The biggest bottleneck is usually not the initial report. It is identifying the real person behind a number, wallet, bank account, or fake profile, especially when accounts were opened using false identities or passed through money mules.

Frequently Asked Questions

How do I report a scam text in the Philippines?

Take a screenshot showing the sender, message, date, time, and link. Report it to your telco, the NTC text scam reporting page, and Hotline 1326 for online scam assistance. If you lost money or your account was accessed, also report immediately to your bank or e-wallet and file with PNP-ACG or NBI Cybercrime.

Can I recover money lost to a text scam?

Recovery is possible but not guaranteed. Your best chance is to report to your bank or e-wallet immediately and request the transaction to be flagged. Under RA 12010, disputed transactions involving financial account scamming may be subject to temporary holding rules, and institutions may face restitution issues if they failed to use adequate risk controls or required diligence.

Is a text scam a cybercrime?

It can be. If the scam uses SMS, links, fake websites, online accounts, e-wallets, or other digital systems, RA 10175 may apply. If the scam involves financial accounts and social engineering, RA 12010 may also apply.

Can the police trace the scammer’s mobile number?

Possibly, but law enforcement generally needs proper legal process. SIM registration data is confidential. Under RA 11934, disclosure of subscriber information generally requires a subpoena by competent authority based on an investigation and sworn complaint.

What if the scammer used a registered SIM under someone else’s name?

That may involve false registration, use of fraudulent IDs, SIM transfer violations, money muling, identity theft, or other offenses. It can also make investigation harder because the registered person may be a mule, victim, fake identity, or negligent account holder.

Should I report the scam even if I did not lose money?

Yes. Reports help telcos and authorities detect patterns, block numbers, warn the public, and build intelligence on scam campaigns. Preserve the evidence before blocking or deleting the message.

What agency handles GCash, Maya, bank, or e-wallet scam complaints?

Report first to the bank or e-wallet provider because it can secure the account and investigate the transaction. If unresolved, complaints involving BSP-supervised financial institutions may be escalated to BSP. For criminal investigation, report to PNP-ACG or NBI Cybercrime.

Can I file a case if I gave the OTP myself?

Yes, depending on the facts. Scammers often obtain OTPs through deception, impersonation, fake websites, or social engineering. Giving an OTP may affect the bank’s evaluation, but it does not automatically erase the possibility of fraud, cybercrime, or financial account scamming.

Do foreigners have protection against text scams in the Philippines?

Yes. Foreigners using Philippine SIMs, banks, e-wallets, platforms, or services may report scams to Philippine providers and agencies. Foreign nationals registering SIMs must comply with RA 11934 requirements, and formal documents executed abroad may need proper notarization, apostille, or consular authentication depending on the use.

Can I sue the company that leaked my number?

Possibly, if there is evidence that a company or organization improperly processed, disclosed, or failed to protect your personal data. A complaint may be filed with the National Privacy Commission, but you will need evidence linking the misuse of your personal data to the organization’s handling of it.

Key Takeaways

  • Text scams in the Philippines may involve estafa, cybercrime, SIM spoofing, identity theft, data privacy violations, access-device fraud, and financial account scamming.
  • Preserve evidence before blocking or deleting the message.
  • If money or account access is involved, report to your bank or e-wallet immediately.
  • Use official reporting channels: telco, NTC, Hotline 1326/CICC, PNP-ACG, NBI Cybercrime, BSP, NPC, SEC, or DTI depending on the facts.
  • SIM registration does not mean scammers are automatically easy to identify; subscriber information is confidential and usually requires proper legal process.
  • RA 12010 gives stronger protection against financial account scams, including rules on disputed transactions, temporary holding of funds, money mules, and social engineering.
  • Never share OTPs, passwords, PINs, full card details, or account recovery codes through text, calls, or links.
  • Report even attempted scams because early reports help authorities and telcos block scam operations before more people are harmed.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.