If you were tricked into sending money to a fake seller, investment group, romance scammer, phishing page, job recruiter, “tasking” app, or fake bank/e-wallet representative, the most urgent goal is to freeze or trace the funds before they disappear. In the Philippines, online scam victims may use several remedies at the same time: immediate bank or e-wallet reporting, cybercrime complaints with the PNP or NBI, criminal prosecution for estafa or cyber-related offenses, civil recovery of money, complaints with the BSP, SEC, DTI, or National Privacy Commission, and court-ordered restitution when a case succeeds.
What counts as an online scam in the Philippines?
An online scam is usually a fraud committed through the internet, a phone, SMS, social media, messaging apps, email, e-wallets, online banking, cryptocurrency platforms, or e-commerce platforms.
Common examples include:
- A fake seller receives payment but never ships the item.
- A scammer pretends to be from a bank, e-wallet, courier, telco, or government office and asks for OTPs, PINs, passwords, or account details.
- A “trading” or “investment” group promises guaranteed returns.
- A fake employer asks for “processing fees,” “training fees,” or “unlocking fees.”
- A romance scammer builds trust and later asks for emergency money.
- A scammer uses another person’s bank or e-wallet account as a money mule.
- Someone hacks or socially engineers access to your account and transfers funds.
The legal remedy depends on what happened: deception, unauthorized account access, use of stolen credentials, illegal investment solicitation, consumer fraud, identity theft, or misuse of personal data.
Main legal remedies available to online scam victims
| Remedy | Best used when | What it can do |
|---|---|---|
| Report to your bank or e-wallet | Money was transferred through bank, e-wallet, QR, card, or online payment | Request blocking, tracing, temporary holding of disputed funds, account restriction, or internal investigation |
| Complaint with PNP Anti-Cybercrime Group, NBI Cybercrime Division, or CICC | Scam involved the internet, social media, phone, email, or digital accounts | Start cybercrime investigation, evidence preservation, tracing, entrapment, or referral for prosecution |
| Criminal complaint for estafa or cyber-estafa | You were deceived into sending money or property | Prosecution, possible arrest, trial, penalties, and civil liability/restitution |
| Complaint under the Anti-Financial Account Scamming Act | Scam involved bank accounts, e-wallets, money mules, phishing, OTP theft, or social engineering | Temporary holding of funds, coordinated verification among financial institutions, possible restitution, penalties |
| SEC complaint | Scam is an investment, crypto trading, forex, “double your money,” Ponzi, or securities-type scheme | SEC investigation, advisories, cease-and-desist orders, referral for criminal action |
| DTI complaint | Online seller or e-commerce merchant failed to deliver, misrepresented goods, or violated consumer rules | Mediation, consumer relief, administrative enforcement |
| Civil case or small claims | You know the scammer’s real identity and want to recover a specific amount | Court order to pay money, damages, costs |
| NPC complaint | Your personal data, ID, account credentials, or private information was misused | Investigation of data privacy violations and possible administrative sanctions |
Legal basis: laws commonly used in online scam cases
Estafa under Article 315 of the Revised Penal Code
Many online scams are prosecuted as estafa, or swindling, under Article 315 of the Revised Penal Code.
In simple terms, estafa happens when a person defrauds another by deceit, abuse of confidence, or fraudulent means, causing damage.
For online scams, the usual theory is estafa by deceit. The prosecution generally looks for these facts:
- The scammer made a false representation or fraudulent promise.
- The false representation was made before or at the time the victim sent money.
- The victim relied on the lie.
- The victim suffered damage.
Examples:
- “I have this phone in stock” but the seller never intended to deliver.
- “Invest ₱10,000 and receive ₱15,000 in three days” but the scheme was fake.
- “I am from your bank; give me your OTP to stop a transaction” but the person was a scammer.
Cyber-estafa under RA 10175
When estafa is committed through information and communications technology, prosecutors often charge it as estafa in relation to Republic Act No. 10175, the Cybercrime Prevention Act of 2012.
Section 6 of RA 10175 is important because it treats crimes under the Revised Penal Code as cybercrimes when committed through ICT and generally imposes a penalty one degree higher.
This is why a complaint may be described as cyber-estafa even though “estafa” itself comes from the Revised Penal Code.
Anti-Financial Account Scamming Act: RA 12010
A major remedy for victims is Republic Act No. 12010, the Anti-Financial Account Scamming Act or AFASA, approved in 2024.
AFASA directly targets modern bank and e-wallet scams. It penalizes, among others:
- Money muling — using, lending, selling, renting, buying, or recruiting the use of bank/e-wallet accounts to move scam proceeds.
- Social engineering schemes — using deception or fraud to obtain sensitive identifying information, such as passwords, OTPs, bank details, e-wallet details, or electronic credentials, resulting in unauthorized access or control over a financial account.
- Opening accounts using fictitious names or another person’s identity documents.
- Buying or selling financial accounts.
AFASA also matters because it gives financial institutions a mechanism to temporarily hold disputed funds. Under AFASA and BSP rules, BSP-supervised institutions may temporarily hold disputed funds for up to 30 calendar days, unless extended by a court. The BSP issued implementing rules through BSP Circular No. 1215, Series of 2025, which includes initial and extended holding mechanisms and coordinated verification among institutions.
This does not guarantee recovery, but it gives victims a time-sensitive remedy that did not exist in the same form before AFASA.
Access device fraud under RA 8484, as amended
If the scam involved credit cards, debit cards, account numbers, PINs, codes, or other access credentials, Republic Act No. 8484, the Access Devices Regulation Act of 1998, as amended by RA 11449, may apply.
This law is relevant when scammers:
- Use stolen card details.
- Fraudulently obtain account access information.
- Use unauthorized access devices to obtain money, goods, services, or transfer funds.
- Use fake identities or false documents to obtain access devices.
Investment scams and the Securities Regulation Code
If the scam involved investments, “guaranteed profits,” trading pools, crypto packages, forex signals, staking rewards, or referral commissions, the Securities and Exchange Commission may become involved.
Under Republic Act No. 8799, the Securities Regulation Code, securities generally cannot be sold or offered to the public in the Philippines unless properly registered or exempt. Persons selling securities may also need proper registration or licensing.
A common misunderstanding is that SEC company registration is not the same as authority to solicit investments. A corporation may be registered as a company but still have no authority to sell investment contracts to the public.
Victims can check SEC advisories and file reports through the SEC iMessage portal.
Online consumer transactions under RA 11967 and DTI rules
For online seller disputes, e-commerce transactions, and platform-based consumer issues, Republic Act No. 11967, the Internet Transactions Act of 2023, the Consumer Act, and DTI rules may be relevant.
DTI is most useful when there is an identifiable online merchant, platform seller, or business. A pure scam using fake identities may still need to be reported to cybercrime authorities, but DTI can help in consumer disputes involving legitimate businesses, defective goods, non-delivery, misleading advertisements, and unfair trade practices.
DTI’s Fair Trade Enforcement Bureau lists consumer complaint channels through its official FTEB page.
Civil liability and damages under the Civil Code
Even when a criminal case is filed, a victim may also seek civil recovery. Under the Civil Code:
- Article 19 requires every person to act with justice, give everyone his due, and observe honesty and good faith.
- Article 20 makes a person who violates the law liable for damages.
- Article 21 covers willful acts contrary to morals, good customs, or public policy that cause damage.
- Article 22 supports recovery when someone unjustly benefits at another’s expense.
- Article 1170 covers liability for fraud, negligence, delay, or contravention of obligations.
- Article 2199 allows recovery of actual or compensatory damages when proven.
In practice, money recovery depends heavily on whether the scammer, account holder, mule, business, or responsible institution can be identified and made to answer.
Step-by-step guide: what to do immediately after an online scam
1. Stop further loss
Do this first, even before writing a long complaint:
- Change passwords for your email, bank, e-wallet, social media, and shopping accounts.
- Log out of all devices if the app allows it.
- Disable linked cards or online banking access if compromised.
- Call the bank or e-wallet hotline and ask for account blocking or transaction review.
- Do not send additional “unlocking fees,” “taxes,” “refund fees,” or “verification payments.”
- Do not negotiate emotionally with the scammer. Preserve the conversation instead.
2. Report to your bank or e-wallet right away
If money passed through a bank, e-wallet, card, QR transfer, or payment gateway, reporting quickly is critical.
Ask for:
- A fraud ticket or case reference number.
- Transaction tracing.
- Temporary holding or blocking of disputed funds, if still possible.
- Restriction of the receiving account, if warranted.
- Written confirmation of your report.
- Copies of transaction details you are allowed to receive.
Because AFASA and BSP Circular No. 1215 allow temporary holding and coordinated verification, speed matters. If the funds have already been withdrawn, converted to cash, moved through several accounts, or converted to crypto, recovery becomes much harder.
3. Preserve evidence properly
Screenshots help, but weak screenshots often cause problems later. Preserve evidence in a way investigators and prosecutors can understand.
Prepare:
- Full screenshots showing the scammer’s profile name, username, phone number, email, URL, page link, group name, and date/time.
- Screenshots of the full conversation, not only selected messages.
- Transaction receipts, reference numbers, account numbers, QR codes, and bank/e-wallet names.
- Delivery tracking numbers, fake invoices, order confirmations, or receipts.
- Links to profiles, pages, websites, posts, ads, and marketplaces.
- Proof of identity used by the scammer, if given.
- Names and contact details of witnesses.
- Your bank/e-wallet complaint ticket number.
- Any reply from the platform, bank, e-wallet, SEC, DTI, or BSP.
For email scams, preserve the email headers if possible. For websites, take screenshots of the URL bar and page content. For social media, capture the profile link before the account disappears.
4. File a cybercrime complaint
You may report cyber-related scams to:
- NBI Cybercrime Division
- PNP Anti-Cybercrime Group
- Cybercrime Investigation and Coordinating Center
- DOJ Office of Cybercrime, especially for cybercrime coordination and international cooperation issues
The NBI Cybercrime Division Citizen’s Charter lists the process for investigative assistance for victims of computer crimes. The initial filing and processing steps are not the same as the full investigation timeline; the actual investigation may take longer depending on tracing, records requests, cooperation from platforms, and whether suspects can be identified.
5. Execute a complaint-affidavit
For criminal prosecution, you will usually need a complaint-affidavit. This is a sworn written statement explaining what happened.
A strong complaint-affidavit should include:
- Your identity and contact details.
- A chronological timeline.
- The scammer’s representations.
- How you relied on those representations.
- Amounts sent and dates of transfer.
- Account numbers, wallet numbers, usernames, or links used.
- The damage you suffered.
- Attached screenshots and receipts.
- A request for investigation and prosecution.
The affidavit should be notarized if executed in the Philippines. If executed abroad, a Philippine embassy/consulate notarization or apostille/authentication issues may arise depending on where the document will be used. The DFA maintains official apostille information through its Authentication Division.
6. File with the prosecutor when ready
A criminal complaint may be filed with the Office of the City Prosecutor or Provincial Prosecutor that has jurisdiction, often where the victim resides, where the transaction occurred, where the account was accessed, or where an element of the offense happened.
For cybercrime, venue can be more technical because the internet may involve several locations. Investigators or prosecutors will usually assess whether the case should be filed in a particular city or province.
After filing, the usual path is:
- Complaint-affidavit and evidence are submitted.
- Prosecutor conducts preliminary investigation, if required.
- Respondent may be required to submit a counter-affidavit.
- Prosecutor issues a resolution.
- If probable cause exists, an Information is filed in court.
- Court proceedings begin.
Timelines vary widely. Simple complaints may move faster, but cases involving anonymous accounts, multiple banks, foreign platforms, crypto, or organized groups often take months or longer.
Where to report based on the type of scam
| Type of scam | Primary office to consider | Additional office |
|---|---|---|
| Fake seller or non-delivery | DTI, platform, police if fraudulent | Bank/e-wallet, NBI/PNP ACG |
| Phishing, OTP theft, hacked account | Bank/e-wallet immediately | NBI/PNP ACG, BSP CAM |
| Investment, crypto, forex, Ponzi | SEC | NBI/PNP ACG, prosecutor |
| E-wallet or bank transfer scam | Bank/e-wallet fraud unit | BSP CAM, NBI/PNP ACG |
| Identity theft or leaked personal data | NPC | NBI/PNP ACG, affected bank/platform |
| Romance scam | NBI/PNP ACG | Bank/e-wallet, prosecutor |
| Job scam or tasking scam | NBI/PNP ACG | DTI/DOLE depending on facts |
| Scam by known person | Prosecutor or police | Civil case/small claims if recovery is practical |
Can the bank or e-wallet be required to return the money?
Sometimes, but not always.
Under AFASA, financial institutions must maintain adequate risk management systems and controls such as multi-factor authentication, fraud management systems, and account verification processes. AFASA also states that institutions may be liable for restitution if they fail to employ adequate risk management systems and controls or fail to exercise the highest degree of diligence in preventing loss or damage from covered offenses.
Important practical points:
- If you voluntarily sent money to a scammer, the bank may say it was an authorized transfer.
- If your account was taken over through phishing or OTP compromise, the bank/e-wallet will examine whether its systems, warnings, authentication, and response were adequate.
- If funds are still in the receiving account, temporary holding may help.
- If funds have been withdrawn, recovery becomes harder, but investigation may still identify account holders or mules.
- If the institution refuses to act, gives unclear responses, or mishandles your complaint, you may escalate through the BSP Consumer Assistance Channels.
BSP’s Consumer Assistance Mechanism generally expects that you first raised the issue with the bank, e-wallet, or BSP-supervised financial institution. Keep the ticket number and written replies.
Criminal case vs civil case: which is better?
Many victims ask whether they should file a criminal case or a civil case. The answer depends on the goal.
A criminal case aims to punish the offender and may include civil liability or restitution. It is useful when there is fraud, multiple victims, money mules, identity theft, hacking, or organized scamming.
A civil case aims to recover money or damages. It may be useful when the person is identifiable, has assets, and the claim can be proven.
A small claims case may be practical when the dispute is a straightforward money claim not exceeding the current small claims threshold under the Rules on Expedited Procedures in the First Level Courts. The Supreme Court’s small claims page provides forms and guidance. However, small claims is not designed to investigate anonymous cybercriminals. It works best when you know whom to sue and where to serve court papers.
In real scam cases, victims often start with bank/e-wallet reporting and cybercrime reporting first, then consider civil recovery once identities and responsible parties become clearer.
Common mistakes that hurt online scam cases
Waiting too long before reporting
Funds move quickly. In many scams, money is transferred from one mule account to another within minutes or hours. Report immediately, even if your evidence package is not yet perfect.
Deleting chats or blocking the scammer too early
Blocking may stop harassment, but deleting messages can destroy evidence. Before blocking, preserve the profile link, username, phone number, messages, payment instructions, and receipts.
Sending more money to “recover” the first payment
Recovery scams are common. After the first scam, another person may claim they can recover your funds for a fee. Government agencies do not require victims to pay random “unlocking,” “tax clearance,” or “fund release” fees to recover scam proceeds.
Relying only on barangay proceedings
Barangay conciliation is not the main remedy for serious cyber-estafa or financial account scamming. It may apply to minor disputes between individuals in the same city or municipality, but many online scam cases involve offenses beyond barangay jurisdiction, unknown respondents, corporations, or parties in different locations.
Filing a vague complaint
A complaint that says only “I was scammed” is weak. Investigators need dates, amounts, account numbers, URLs, screenshots, and a clear timeline.
Assuming the named account holder is always the mastermind
The receiving account holder may be a money mule, identity theft victim, recruited “agent,” or direct scammer. The complaint should identify the receiving account, but the investigation should still trace who controlled the scheme.
Special issues for OFWs, foreigners, and victims outside the Philippines
Victims outside the Philippines can still report Philippine-linked scams, especially when:
- The receiving bank or e-wallet account is in the Philippines.
- The scammer is believed to be in the Philippines.
- The victim was in the Philippines when the damage occurred.
- A Philippine platform, company, or financial account was used.
- The offense involved a computer system or infrastructure located partly in the Philippines.
AFASA also recognizes jurisdiction where elements are committed in the Philippines, where Philippine-based systems or financial accounts are involved, or where damage is caused to a person in the Philippines or whose financial account is maintained with an institution operating in the Philippines.
For overseas complainants, practical requirements may include:
- Passport or valid government ID.
- Complaint-affidavit executed abroad.
- Consular notarization or apostille, depending on the country and intended use.
- Special Power of Attorney if someone in the Philippines will file or follow up for you.
- Screenshots and transaction records showing time zones clearly.
- Translation if evidence is in a foreign language.
Foreigners should also keep proof of remittance, bank statements, crypto exchange records, and communications showing the Philippine connection.
Documents to prepare
| Document | Why it matters |
|---|---|
| Valid ID or passport | Establishes complainant’s identity |
| Complaint-affidavit | Main sworn narrative for prosecutor or investigator |
| Transaction receipts | Proves amount, date, reference number, and destination account |
| Bank/e-wallet statement | Corroborates actual loss |
| Screenshots of chats | Shows false promises, instructions, threats, or admissions |
| Profile links and URLs | Helps investigators identify accounts before deletion |
| Email headers or SMS details | Helps trace sender information |
| Platform reports | Shows you reported the page, listing, ad, or account |
| Bank/e-wallet ticket number | Shows prompt reporting and escalation |
| SEC/DTI/BSP/NPC complaint records | Supports regulatory action |
| SPA for representative | Needed if someone else will act for you |
| Apostilled/consularized documents | Often needed for documents executed abroad |
Frequently Asked Questions
Can I still recover my money after an online scam in the Philippines?
Yes, but recovery depends on speed, traceability, and whether funds can be held or assets can be reached. Report immediately to your bank or e-wallet and request action under AFASA mechanisms. If the money has been withdrawn or layered through mule accounts, recovery becomes harder but a criminal investigation may still proceed.
Is online scam considered cybercrime in the Philippines?
Often, yes. If the scam used the internet, social media, email, messaging apps, online banking, e-wallets, or other ICT systems, the case may involve RA 10175. Many complaints are filed as estafa under Article 315 of the Revised Penal Code in relation to the Cybercrime Prevention Act.
Where should I report an online scam first?
If money was transferred, report first to your bank or e-wallet because fund holding is time-sensitive. Then report to the NBI Cybercrime Division, PNP Anti-Cybercrime Group, or CICC. If it is an investment scam, also report to the SEC. If it is an online seller dispute, consider DTI as well.
Do I need a lawyer to file a cybercrime complaint?
A lawyer is not always required to make an initial report with law enforcement, a bank, e-wallet, BSP, DTI, or SEC. However, a lawyer can help when drafting a complaint-affidavit, organizing evidence, identifying proper charges, filing with the prosecutor, or pursuing civil recovery.
What if I only know the scammer’s GCash, Maya, or bank account number?
That information is still useful. Include the account name, number, transaction reference, date, time, amount, and receiving institution. The account holder may be a money mule or may lead investigators to other persons. Report quickly so the institution can check whether funds remain.
Can the receiving bank or e-wallet freeze the scammer’s account?
Banks and e-wallets may temporarily hold disputed funds under AFASA and BSP rules if the requirements are met. The hold is not unlimited and generally cannot exceed 30 calendar days unless extended by a court. Institutions must also follow verification and notification rules.
Is a fake online seller case handled by DTI or NBI?
It depends. If the seller is a real merchant or platform seller who failed to deliver or misrepresented goods, DTI may help. If the seller used fake identity, fake pages, mule accounts, or a deliberate scheme to defraud, NBI or PNP cybercrime reporting is usually appropriate. Many victims report to both the platform/DTI and cybercrime authorities.
What if the scammer is abroad?
You may still report if Philippine accounts, victims, platforms, or systems were used. The DOJ Office of Cybercrime serves as the central authority for international mutual assistance and extradition matters related to cybercrime, but cross-border cases are slower and depend on cooperation, treaties, platform records, and foreign authorities.
Can I file a small claims case against an online scammer?
Only if you know the defendant’s identity and can serve court papers. Small claims is useful for straightforward money recovery against an identifiable person or business. It is not an investigative tool for anonymous scammers.
What if I gave my OTP or password because I was tricked?
You should still report. Scammers often use social engineering to manipulate victims into giving OTPs or credentials. Under AFASA, social engineering schemes involving sensitive identifying information and unauthorized access to financial accounts are specifically addressed.
Key Takeaways
- Report to your bank or e-wallet immediately; fund holding and tracing are time-sensitive.
- Preserve complete evidence: screenshots, links, receipts, reference numbers, account details, and complaint tickets.
- Online scams may be prosecuted as estafa, cyber-estafa, access device fraud, financial account scamming, securities violations, or other offenses depending on the facts.
- AFASA gives victims an important remedy through temporary holding of disputed funds and coordinated verification among financial institutions.
- SEC handles investment-type scams; DTI handles many online consumer disputes; BSP handles unresolved complaints against banks and e-wallets; NPC handles misuse of personal data.
- Criminal cases can lead to penalties and restitution, while civil cases or small claims focus on money recovery.
- For OFWs and foreigners, Philippine remedies may still be available when Philippine accounts, victims, systems, or institutions are involved.