Victim of Online Scam in the Philippines: How to File a Complaint with NBI Cybercrime and SEC

Victim of an Online Scam in the Philippines: How to File a Complaint with the NBI Cybercrime Division and the SEC

This article explains, in Philippine context, how victims of online scams can pursue remedies through the National Bureau of Investigation (NBI) Cybercrime Division and the Securities and Exchange Commission (SEC). It also covers parallel steps with banks/e-wallets, evidence preservation, potential criminal, administrative, and civil actions, and includes templates and checklists. This is general information, not a substitute for legal advice.

1) First Things First: Immediate Actions Within 24–72 Hours

1. Secure your accounts

  • Change passwords, enable multi-factor authentication, and revoke suspicious devices/sessions on email, social media, e-wallets, and banking apps.
  • If a device may be compromised, disconnect it from the internet and avoid installing unverified “recovery” tools.

2. Ask for transaction reversal/recall

  • Notify your bank/e-wallet’s fraud/dispute team at once. Provide the date/time, amount, reference numbers, screenshots, and recipient details.
  • File a formal dispute for unauthorized transfers (e.g., account takeover, SIM-swap). Keep the reference/ticket number.

3. Preserve evidence (do not delete)

  • Save original files: screenshots, chat logs, images, audio, video, emails, attachments, and transaction records.
  • Export metadata and headers where possible (e.g., email headers, file properties).
  • Keep the device(s) and storage media that contain the original evidence; avoid altering them. If you must copy, do a full, bit-for-bit copy and log the process.

4. Record your timeline

  • Write a chronological log with dates, times, platforms used, names/handles, phone numbers, and amounts sent.

5. Beware of “double-dip” scams

  • Fraudsters often follow up pretending to be law enforcement or recovery agents. Government agencies do not charge “processing” fees to investigate.

2) Legal Frameworks Typically Involved

  • Cybercrime Prevention Act of 2012 (RA 10175) – penalizes offenses like illegal access, computer-related fraud/forgery, identity theft; authorizes preservation of computer data and real-time collection with proper authority.
  • Securities Regulation Code (SRC; RA 8799) – prohibits selling unregistered securities (Sec. 8), acting as a broker/dealer without a license (Sec. 28), and fraudulent transactions (Sec. 26). The SEC may issue Cease and Desist Orders (CDOs) and refer cases for prosecution.
  • Access Devices Regulation Act (RA 8484) – covers ATM/credit/debit fraud and access device scams.
  • Revised Penal Code – estafa (swindling), falsification, and other relevant felonies.
  • Data Privacy Act (RA 10173) – for unauthorized disclosure/misuse of personal data.
  • Financial Products and Services Consumer Protection Act (RA 11765) – complements remedies with regulated financial institutions.

In practice, NBI Cybercrime handles the digital-crime investigation and case build-up; SEC addresses investment/securities violations. Many online investment scams trigger both tracks.

3) NBI Cybercrime Division: How to File a Complaint

A. When to go to NBI Cybercrime

  • Account takeovers; phishing/smishing/vishing; SIM-swap.
  • Online marketplace or social-media fraud, seller/buyer scams using digital channels.
  • Computer-related fraud or identity theft.
  • Online blackmail/extortion, sextortion, doxxing.
  • Investment schemes that also involve cyber elements (parallel to SEC).

B. What to prepare

  1. Complaint-Affidavit (see template below), notarized if possible.

  2. Valid government ID (bring original and photocopy).

  3. Evidence pack:

    • Screenshots (full screen if possible) and exported native files (e.g., .html, .eml, .mp4).
    • Email headers; chat exports (Messenger, WhatsApp, Viber, Telegram) with timestamps.
    • Bank/e-wallet statements, proof of transfer, recipient details (account numbers, wallet IDs, names, phone numbers).
    • Any IP addresses, URLs, domain names, device identifiers, or delivery riders/couriers used.

  4. Your incident log and list of witnesses.

C. Filing steps

  1. Prepare and execute your Complaint-Affidavit with annexes (evidence labeled as “Annex A, B, C…”).

  2. Submit to the NBI Cybercrime Division (or the nearest NBI office that receives cybercrime complaints). Some offices accept e-complaints or online pre-screening; walk-in filing is also common.

  3. Cooperate in preliminary assessment. The NBI may:

    • Issue requests for data preservation to service providers pursuant to RA 10175.
    • Coordinate with banks/e-wallets/telcos for subscriber or transaction information via proper process.
    • Prepare a Referral or Complaint to the Department of Justice (DOJ) for inquest or preliminary investigation.

  4. Track your case number and keep copies of all receipts/acknowledgments.

D. What to expect procedurally

  • Intake & evaluationforensics & data requestsidentification of suspectsDOJ filing (criminal complaint) → preliminary investigation → possible filing of Information in court.
  • You may be called to execute supplemental affidavits, authenticate evidence, or testify.

4) SEC (Securities and Exchange Commission): How to File a Complaint for Investment/Trading Scams

A. When to go to the SEC

  • Promises of high returns through crypto/forex/trading bots, “doublers,” mining farms, or “staking,” where funds are pooled or passively invested.
  • Unregistered investment contracts (e.g., “packages” with guaranteed profits).
  • Entities soliciting investments without secondary license or individuals acting as brokers/agents without license.
  • Ponzi/pyramid structures; referral commissions for recruiting downlines.
  • Misrepresentation of SEC registration (e.g., using a business registration to imply investment authority).

Red flags: guaranteed returns, pressure to reinvest, complex fee structures, unverifiable trading claims, and blocking of withdrawals.

B. Where within the SEC to file

  • Enforcement and Investor Protection Department (EIPD) typically handles complaints on unregistered securities, illegal solicitation, and investment fraud.

C. What to prepare

  1. Complaint-Affidavit detailing the scheme.

  2. Identification (ID copies).

  3. Evidence:

    • Advertisements, social-media posts, whitepapers, pitch decks, webinars, recorded calls.
    • Contracts/subscription agreements, receipts, referral trees, wallet addresses, transaction hashes (if crypto), exchange IDs, and proof of deposits/withdrawals.
    • Names/handles of recruiters, promoters, and entities; screenshots of dashboards and “earnings.”

  4. List of other victims (if any) and your sworn estimate of loss.

D. Filing steps and outcomes

  1. Submit your complaint with annexes to EIPD (in person or through accepted channels).

  2. SEC may:

    • Open an enforcement inquiry; issue advisories warning the public.
    • Issue Cease and Desist Orders (CDOs) against the entity and its officers/agents.
    • Impose administrative penalties and/or revoke registrations.
    • Refer the matter to the DOJ/NBI/PNP-ACG for criminal prosecution under the SRC and related laws.

  3. You can coordinate your SEC complaint with your NBI complaint, sharing reference numbers so agencies can cross-reference evidence.

5) Parallel and Supporting Reports

  • PNP Anti-Cybercrime Group (ACG): Alternative or additional venue for cybercrime complaints, especially for on-the-ground operations and coordination with local units.
  • BSP Consumer Assistance Mechanisms: For disputes with banks/e-money issuers (EMIs). Cite your bank’s final response when escalating.
  • Insurance Commission / DTI / CDA: Depending on whether the entity is an insurer, a pure goods/services online seller, or a cooperative.
  • National Privacy Commission (NPC): If your personal data was misused or leaked (identity theft, doxxing, unlawful processing).
  • NTC / Telcos: For SIM-related fraud and spoofing; telcos act upon lawful requests/orders channelled by law enforcement.

6) Evidence Strategy and Chain of Custody

A. Authenticity and integrity

  • Keep original devices/storage; avoid altering data. If you must view files, do so in read-only mode when possible.
  • Generate hash values (e.g., SHA-256) for critical files and record them in your log.
  • Printouts should include URL bars, full timestamps, and page titles where relevant.

B. Organizing annexes

  • Use a clear file/folder structure: /00_Affidavit/, /01_Screenshots/, /02_Transactions/, /03_Headers/, /04_Chat_Exports/.
  • Name files descriptively: 2025-09-20_GCash_Ref123456.png, EmailHeader_victim@gmail.com_2025-09-19.eml.

C. Technical details that help

  • Email: full headers to reveal sender IPs/paths (where available).
  • Messaging apps: export chats including media and system messages (join/leave notices).
  • Web: capture the full page (PDF) and also save the WARC/HTML where feasible.
  • Crypto: transaction hashes, wallet addresses, chain, and block explorers; screenshots plus CSV exports from exchanges/wallets.

7) Building Your Complaint-Affidavit

A. Elements to cover

  1. Your identity and capacity (and of any co-complainants).
  2. Overview of the scam and what the respondent(s) did.
  3. Detailed chronology with dates, times, channels, and amounts.
  4. Specific offenses/violations you believe were committed (e.g., RA 10175 computer-related fraud; SRC Sec. 8/26/28 for unregistered securities/fraud; RPC estafa).
  5. Damages suffered (actual and, if applicable, moral/exemplary).
  6. Prayer/relief sought (investigation, prosecution, restitution, CDO, preservation orders).
  7. Annex list with clear labels.

B. Sample Complaint-Affidavit (skeleton)

Republic of the Philippines [City/Municipality] x--------------------x

COMPLAINT-AFFIDAVIT

I, [Full Name], Filipino, of legal age, with address at [Address], after having been duly sworn, depose and state:

  1. I am the victim of an online scam perpetrated by [Name/Handle/Entity] who, through [platform/channel], deceived me into [brief description].
  2. On [Date/Time], respondent [actions—messages/calls/webpages] induced me to transfer [Amount] via [Bank/E-wallet/Crypto] with reference [Txn Ref] to [Account/Wallet].
  3. Attached as Annex “A” to “_” are screenshots, chat exports, transaction proofs, and email headers substantiating the foregoing.
  4. Respondent’s acts constitute [estafa under the RPC; computer-related fraud under RA 10175; violations of SRC Sec. 8/26/28, etc.].
  5. I suffered [amount] in actual damages, exclusive of other damages allowed by law.
  6. Prayer: I respectfully pray that respondents be investigated and prosecuted; that necessary data preservation/disclosure requests be issued to [banks/e-wallets/telcos/ISPs]; and that appropriate cease and desist or other administrative measures be taken.

Affiant further sayeth naught. [Signature over Printed Name] Government ID No.: Contact No./Email:

SUBSCRIBED AND SWORN to before me this [date] in [place]. [Notary Public/Authorized Officer]

Attach Annexes with a table of contents.

8) Decision Path: NBI vs. SEC (Often: Both)

  • Pure investment/securities issue (unregistered investment contracts, Ponzi, illegal solicitation): File with SEC EIPD; optionally also file with NBI/PNP-ACG if there are cyber elements or identity theft.
  • Pure cybercrime (account takeover, phishing, sextortion, marketplace fraud without an “investment” pitch): File with NBI Cybercrime (or PNP-ACG).
  • Hybrid (investment pitch delivered online with wallets/exchanges, mass recruitment through social media, dashboard blocking): File with both NBI and SEC. Reference the other agency’s case number in each filing.

9) Remedies and Possible Outcomes

Criminal

  • Prosecution for estafa, computer-related fraud/identity theft, access-device offenses, SRC violations (criminal aspects), etc.
  • Restitution may be sought as part of the criminal case, though recovery depends on asset tracing.

Administrative (SEC)

  • Cease and Desist Orders, revocation of corporate/regulatory registrations, administrative fines, public advisories warning potential victims.

Civil

  • Rescission of investment contracts, damages, injunctions, and ancillary relief (e.g., asset preservation orders where applicable under procedural rules).

Banking/E-Money

  • Chargebacks/recalls (where still possible), credits under customer-protection frameworks for unauthorized electronic fund transfers (case-by-case), and internal goodwill remedies.

10) Practical Tips to Strengthen Your Case

  • Corroborate with other victims. Collective complaints carry weight and help quantify total public harm.
  • Name natural persons behind the entity if known (promoters, officers, recruiters), not just the trade name/page.
  • Quantify losses precisely; include fee receipts and FX conversions used.
  • Keep communications professional; avoid contacting suspects once you decide to file—let law enforcement handle engagement.
  • Maintain confidentiality of sensitive documents to avoid tipping off suspects or violating privacy laws.

11) Evidence & Filing Checklists

A. Evidence Checklist

  • Valid ID (original + copy)
  • Complaint-Affidavit (signed; notarized if feasible)
  • Screenshots (full frames) and native exports of chats/emails
  • Email headers / server logs (if available)
  • Bank/e-wallet statements and transaction receipts (PDF/CSV)
  • Crypto addresses & hashes; exchange account IDs/CS tickets
  • URLs, domains, social media handles, phone numbers (including those on receipts/OTP messages)
  • Device information (IMEI, serial nos., SIM numbers) if relevant
  • Timeline log of events and calls

B. NBI Filing Checklist

  • Visit NBI Cybercrime intake or submit via accepted channels
  • Submit Affidavit + annexes and present ID
  • Get your case/reference number
  • Provide storage media (USB) with digital evidence, if requested
  • Cooperate with supplemental affidavits/clarifications

C. SEC Filing Checklist

  • Address complaint to EIPD with Affidavit + evidence
  • Identify SRC provisions likely violated (Sec. 8, 26, 28)
  • Attach investor communications, contracts, dashboards, referral trees
  • Include list of other victims/witnesses (if any)
  • Keep your SEC case/reference number

12) Frequently Asked Questions

Q1: Can I get my money back? It depends on speed of reporting, whether funds remain in the recipient institution, and law-enforcement ability to trace/freeze assets. Administrative CDOs stop further solicitations but do not guarantee restitution. Civil actions may be necessary.

Q2: Do I need a lawyer? Not strictly required to file with NBI/SEC, but legal counsel helps craft affidavits, identify proper charges, and preserve digital evidence.

Q3: Where is the proper venue? Cybercrime venue can be where any element occurred (e.g., where messages were received or money sent). SEC administrative cases are filed with the Commission; criminal aspects go to DOJ and courts with jurisdiction.

Q4: Can I file if the scammer is abroad? Yes. Agencies can coordinate through MLAT and other channels, though cross-border recovery is complex and takes time.

Q5: Should I keep engaging the scammer to gather more proof? No. Preserve what you already have and let authorities handle further contact to avoid obstruction, entrapment issues, or additional loss.

13) Model Narratives for Common Scenarios

A. Phishing leading to unauthorized e-wallet transfers

  • Charges may include computer-related fraud under RA 10175 and estafa. Evidence: phishing page captures, SMS/email with links, device logs, IP data, OTP messages, transaction trail. File with NBI Cybercrime; pursue bank/e-wallet dispute; consider NPC report if data misuse occurred.

B. Social-media investment with guaranteed returns and blocked withdrawals

  • Likely SRC Sec. 8/26/28 violations; also estafa and possibly RA 10175 if dashboards or spoofed sites used. File with SEC EIPD and NBI. Seek CDO, criminal referral, and evidence preservation requests to platforms/exchanges.

C. Crypto “trading bot” with referral commissions

  • Investment contract analysis (expectation of profits from efforts of others). Gather wallet addresses and on-chain data. File with SEC for securities violations and NBI for cyber angles.

14) Draft Language for Preservation Requests (to be routed through Authorities)

“Complainant respectfully requests that investigators issue lawful preservation requests under RA 10175 to [Bank/E-wallet/Telco/Platform/ISP] for the retention of traffic data, subscriber information, and content data relating to [accounts/phone nos./IPs/URLs] covering [date range], pending issuance of the necessary warrants/subpoenas.”

15) Final Reminders

  • Move quickly, document everything, and keep originals.
  • Use both NBI and SEC tracks when the facts overlap.
  • Maintain realistic expectations: stopping the scheme and building a prosecutable case often precede recovery.
  • Keep your contact details current with agencies and check for updates using your case/reference numbers.

Disclaimer

This article is for general information about Philippine procedures and laws commonly invoked in online scam situations. Specific facts and agency practices can vary; consult a lawyer for advice tailored to your circumstances.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login