If you've discovered that photos of you—or someone you know—are being used without permission on Facebook Marketplace as part of a scam, or if you've encountered suspiciously good deals featuring images that don't seem to match the seller, this situation can feel invasive and concerning. In the Philippines, the unauthorized use of another person's photographs to facilitate online fraud is not only unethical but often violates specific provisions of law. This article explains how Philippine law addresses this practice, what rights are involved, and the practical steps people commonly take when affected by these incidents on platforms like Facebook Marketplace.

How Facebook Marketplace Scams Using Stolen Photos Usually Operate

Scammers frequently harvest publicly available photographs from social media profiles, including Facebook, Instagram, or other sites. They then create or take over accounts to post listings for high-demand items such as smartphones, laptops, vehicles, or appliances at prices well below market value. The stolen photos—often of ordinary individuals, attractive people, or even the original owners of the items—make the listing appear more credible to potential buyers.

Buyers who inquire are directed to send deposits or full payments through e-wallets like GCash, bank transfers, or similar methods. Once payment is received, the scammer typically blocks the buyer, provides a fake tracking number, or delivers nothing or a worthless substitute. In some cases, the same photos appear across multiple fake listings or cloned accounts. The visual familiarity of the images helps lower buyers' guard, making the deception more effective.

This tactic exploits the trust people place in seeing a "real" person associated with the item. While the photos themselves may have been posted publicly by their owners, their reuse in a fraudulent scheme crosses into illegal territory under Philippine law.

Legal Consequences of Using Someone’s Photos Without Consent in Scams

Philippine law treats the intentional misuse of another person's photographs for deceptive purposes as a serious offense, particularly when it enables fraud.

Computer-Related Identity Theft under the Cybercrime Prevention Act

Republic Act No. 10175, the Cybercrime Prevention Act of 2012, specifically addresses this in Section 4(b)(3). It penalizes the intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another person without right.

Photographs qualify as identifying information because they allow visual recognition and association with a specific individual. When scammers use these images to create the false impression of a legitimate seller or to impersonate someone, they meet the elements of this offense. The law applies even if the original photo was posted publicly, as the key issue is the lack of right to use it for fraudulent or deceptive ends.

Penalties include imprisonment of prision mayor (six years and one day to twelve years) and a fine of at least two hundred thousand pesos, or an amount commensurate with the damage caused, or both. If no actual damage has occurred yet, the penalty may be lowered by one degree. The Supreme Court upheld the constitutionality of these provisions in Disini v. Secretary of Justice (G.R. No. 203335, February 18, 2014).

The same law also covers computer-related fraud under Section 4(b)(2) when the photo use is part of a scheme that causes financial loss or wrongful gain through computer systems.

Estafa under the Revised Penal Code

Beyond the cyber-specific rules, the underlying scam itself typically constitutes estafa (swindling) under Article 315 of the Revised Penal Code. This covers defrauding another through deceit—such as false pretenses about the existence or legitimacy of a sale—causing damage. Using stolen photos to build false credibility strengthens the element of deceit.

Data Privacy Considerations

Republic Act No. 10173, the Data Privacy Act of 2012, also comes into play. Identifiable photographs constitute personal information. Collecting, using, or disclosing such data without a lawful basis (including consent or legal authority) for an unlawful purpose like fraud can violate the Act. The National Privacy Commission has authority to investigate and order corrective measures, such as deletion of the misused data.

Civil Liability for Privacy Violations

In addition to criminal liability, affected individuals may pursue civil remedies. Articles 19, 20, 21, and 26 of the Civil Code recognize the right to privacy, dignity, and protection from abusive acts. Victims who suffer reputational harm, emotional distress, or other damages—such as when buyers mistakenly contact or accuse the photo owner—can seek actual, moral, and exemplary damages through a civil case in the appropriate court.

Practical Steps If Your Photos Are Being Used in a Marketplace Scam

Many people in this situation feel uncertain about where to begin. Acting methodically helps preserve options.

1. Preserve evidence immediately and thoroughly. Take full screenshots of the fake profile, Marketplace listing, any messages, payment instructions, and timestamps. Include the complete URL or post link in the address bar. Record a screen video if conversations are ongoing. Save original copies of your own photos alongside the misused versions. Create a simple timeline noting when you discovered the misuse and any interactions that followed. Store everything securely on multiple devices or cloud storage without editing the files. Reverse image searches on Google Images or similar tools can reveal other places the photo appears.

2. Report the profile and listing directly to Facebook (Meta). Use the platform's built-in reporting tools on the profile or specific Marketplace post. Select categories such as impersonation, scam or fraud, or privacy violation. Provide context that the photos belong to you and link to your legitimate profile or original post as proof of ownership. Reports for clear impersonation or fraudulent activity often receive faster attention. You can also ask trusted contacts to submit separate reports, but avoid coordinated mass reporting that could be misinterpreted.

3. File a formal complaint with Philippine law enforcement. The PNP Anti-Cybercrime Group (ACG) handles many cases involving social media fraud and identity misuse. You can visit their main office at Camp Crame in Quezon City, a Regional Anti-Cybercrime Unit, or check their official channels for online options. The NBI Cybercrime Division is another primary agency, particularly for more complex or organized cases; complaints can be filed in person at their Taft Avenue headquarters or regional offices.

   Prepare a notarized complaint-affidavit detailing the facts, your evidence, and how the misuse has affected you. Bring valid government-issued identification. Many victims start with the PNP ACG because of its specialized focus on cyber offenses. Authorities can request court orders (such as warrants to disclose computer data) to obtain information from Meta that private individuals cannot access directly.

4. Consider additional channels when appropriate. If the misuse involves broader personal data concerns, you may file a complaint with the National Privacy Commission. For significant financial or reputational harm, consult the possibility of a civil action for damages and injunctive relief in the Regional Trial Court. In cases involving minors, additional child protection laws may apply with heightened priority.

Common Realities and Challenges

Scammers often delete or rename accounts quickly once reports begin, so early action improves the chance of preserving digital evidence such as IP logs. Investigations by PNP ACG or NBI can take weeks or months because perpetrators frequently use virtual private networks, multiple SIMs, or mule accounts. Platform cooperation usually requires formal legal process rather than direct victim requests.

Notarization of affidavits typically costs a modest amount (often between one hundred and a few hundred pesos). There are generally no filing fees for initial criminal complaints with these agencies. However, full tracing and prosecution depend on the scale of the fraud and available resources. Foreign victims or perpetrators add jurisdictional layers—RA 10175 applies when any element occurs in the Philippines, a Philippine computer system is involved, or harm is felt by a person in the country—but enforcement across borders can be slower and more complex.

Ordinary Filipinos, overseas workers whose photos appear in "legitimate-looking" listings, and even foreigners whose images were taken during travel have encountered these issues. Reputational spillover is common: buyers who feel scammed sometimes post publicly or message the photo owner, creating secondary stress. Documenting these contacts strengthens both criminal and civil angles.

If You Were the Buyer in a Suspicious Marketplace Transaction

The same legal framework protects buyers. The use of stolen photos to make fraudulent listings appear trustworthy strengthens the case for estafa and cyber fraud complaints. Report the transaction to Facebook immediately, dispute the payment with your e-wallet or bank provider as soon as possible, and file a complaint with PNP ACG or NBI with all chat records, proof of payment, and evidence of non-delivery or misrepresentation. Recovery of funds is never guaranteed, especially once money has moved through multiple accounts, but prompt reporting gives authorities the best opportunity to act.

Frequently Asked Questions

Is it illegal to use someone else’s publicly posted photo on Facebook Marketplace even without editing it?
Yes, when the use is part of a scheme to deceive buyers or commit fraud. RA 10175’s computer-related identity theft provision covers the intentional use of identifying information (including photos) without right, regardless of whether the image was originally public.

What penalties apply for using stolen photos in Philippine online scams?
For computer-related identity theft under RA 10175, penalties include imprisonment from six years and one day up to twelve years plus fines starting at ₱200,000 or higher depending on damage. The underlying estafa carries its own penalties, which can run higher when committed through computer systems.

How can I prove the photos are mine when reporting?
Provide direct links to your original public posts or profile where the images first appeared, along with dates or other context in your sworn statement. Authorities and platforms often accept this corroboration alongside a clear explanation of ownership.

How quickly does Facebook usually remove fake Marketplace listings or profiles?
Response times vary but can range from hours to a few days for well-documented impersonation or scam reports. Persistent follow-up through the app’s reporting system helps, and multiple independent reports from different users can accelerate review.

Do I need to go to Manila to file a complaint with PNP ACG or NBI?
No. You can file at any Regional Anti-Cybercrime Unit of the PNP or at NBI regional or district offices. Some initial reports can also begin through official online or Facebook channels before in-person requirements.

What if the scammer used an AI-edited or altered version of my photo?
This is still covered. RA 10175 explicitly includes “alteration” of identifying information in the definition of computer-related identity theft.

Can I recover damages if the misuse of my photo caused reputational harm or stress?
Philippine courts have awarded moral and other damages in privacy and quasi-delict cases under the Civil Code when harm is proven. A civil action in the Regional Trial Court is the usual route, often filed alongside or after criminal proceedings.

Is there a time limit for reporting this kind of misuse?
While criminal actions have prescriptive periods under the law, digital evidence disappears quickly. Reporting as soon as you discover the misuse gives authorities the best chance to secure data before accounts are deleted or logs expire.

Does the Data Privacy Act apply even if my photo was already public on social media?
The Act focuses on how personal data is processed. Using it without lawful basis for a fraudulent purpose can still violate the law, separate from the original public posting.

Key Takeaways

• Using another person’s photographs without consent to run scams on Facebook Marketplace can constitute computer-related identity theft and fraud under Section 4(b)(3) and related provisions of RA 10175, as well as estafa under the Revised Penal Code.
• Photographs qualify as identifying information, and their deceptive use remains illegal even when originally posted publicly.
• Immediate, detailed evidence preservation through full screenshots, URLs, timelines, and original images is essential.
• Report first to Facebook’s internal tools for impersonation or scam violations, then to the PNP Anti-Cybercrime Group or NBI Cybercrime Division with a notarized affidavit and supporting documents.
• Civil remedies for damages arising from privacy violations or reputational harm are available under the Civil Code in addition to criminal complaints.
• Investigations take time and resources; acting quickly while evidence exists improves outcomes, though success depends on the specifics of each case.
• The same legal framework protects both photo owners and buyers who fall victim to these deceptive listings.