What to Do About Harassment or Scam Emails

I. Introduction

Harassment and scam emails are common forms of digital abuse and cyber-enabled fraud in the Philippines. They may involve threats, intimidation, blackmail, phishing, fake investment offers, impersonation, debt collection harassment, romance scams, job scams, business email compromise, malware links, fake government notices, lottery scams, sextortion, extortion, or repeated unwanted messages.

An email may look harmless at first, but it can be used to steal personal data, access bank accounts, pressure a victim into sending money, damage reputation, spread malicious files, or continue harassment after the sender has been blocked on other platforms.

Philippine law provides several possible remedies. Depending on the facts, harassment or scam emails may involve cybercrime, estafa, unjust vexation, grave threats, coercion, libel or cyberlibel, identity theft, illegal access, data privacy violations, electronic evidence issues, consumer protection rules, banking fraud concerns, or workplace and school remedies.

The practical response should combine evidence preservation, digital safety, reporting, legal action where appropriate, and personal security measures.

II. First Rule: Do Not Panic, Do Not Engage, and Do Not Click

When a suspicious or abusive email is received, the first response should be careful and controlled.

Do not immediately:

  1. Click links;
  2. Download attachments;
  3. Reply angrily;
  4. Send money;
  5. Provide passwords or one-time PINs;
  6. Confirm personal information;
  7. Call phone numbers provided in the email without verification;
  8. Forward the email casually to many people;
  9. Delete the email before preserving evidence;
  10. Give in to threats.

Scammers and harassers often rely on panic. They want the victim to act quickly before thinking, verifying, or asking for help.

III. Common Types of Harassment and Scam Emails

A. Phishing Emails

Phishing emails pretend to come from banks, e-wallets, delivery companies, government agencies, social media platforms, employers, or well-known businesses. They usually ask the recipient to click a link, verify an account, reset a password, claim a reward, pay a fee, or prevent account suspension.

The goal is to steal login credentials, credit card details, bank information, personal data, or one-time passwords.

B. Spear Phishing

Spear phishing is a targeted form of phishing. The email may include the victim’s name, workplace, position, recent transaction, or other personal details to appear legitimate.

This is common in business email compromise, executive impersonation, payroll diversion, fake invoice scams, and targeted attacks on professionals.

C. Business Email Compromise

Business email compromise involves impersonating a company officer, supplier, client, lawyer, broker, accountant, or bank to redirect payments or obtain confidential information.

Examples include:

  1. Fake supplier bank account change;
  2. Fake CEO instruction to transfer funds;
  3. Fake invoice;
  4. Fake escrow instruction;
  5. Fake real estate payment instruction;
  6. Fake payroll account update;
  7. Fake legal settlement payment.

This can cause major financial loss.

D. Sextortion Emails

Sextortion emails claim that the sender has compromising photos, videos, browser history, or private messages of the victim. The sender demands money, usually through cryptocurrency, e-wallet, bank transfer, or remittance.

Some sextortion emails are fake mass scams. Others may involve actual intimate images, hacked accounts, or former partners. The response depends on whether the threat is real, but the victim should still preserve evidence and avoid paying without advice.

E. Blackmail or Extortion Emails

These emails threaten to expose secrets, damage reputation, report false allegations, release documents, harm family members, or cause business damage unless money or another demand is satisfied.

F. Harassing Emails From a Known Person

Emails may come from an ex-partner, former friend, co-worker, neighbor, customer, creditor, competitor, or relative. The messages may include insults, threats, stalking, repeated unwanted contact, defamation, humiliation, or pressure.

G. Debt Collection Harassment

Some emails from lenders or collectors may threaten arrest, public shaming, employer contact, family contact, social media posting, or criminal charges. While creditors may collect lawful debts, abusive and misleading collection practices may create legal liability.

H. Fake Government Emails

Scammers may pretend to be from the BIR, NBI, PNP, courts, immigration, customs, PSA, SEC, DTI, LTO, SSS, PhilHealth, Pag-IBIG, local government units, or other agencies.

They may demand payment, threaten prosecution, request documents, or direct the victim to a fake website.

I. Job and Recruitment Scams

These emails offer fake employment, overseas work, remote work, or freelance projects. They may ask for placement fees, training fees, medical fees, visa fees, equipment deposits, or identity documents.

J. Investment and Crypto Scams

These emails offer guaranteed returns, trading profits, cryptocurrency investments, forex platforms, fake cooperatives, fake lending, or Ponzi-style schemes.

K. Lottery, Prize, Donation, and Inheritance Scams

The email claims that the recipient won money, inherited funds, was chosen for a grant, or can receive a donation if they pay fees or submit personal information.

L. Romance and Relationship Scams

The scammer builds trust, then asks for money, travel costs, medical help, customs fees, or emergency assistance. Email may be used together with chat apps and social media.

M. Malware Emails

These emails contain attachments or links that install malicious software, ransomware, spyware, keyloggers, or remote access tools.

IV. Legal Framework in the Philippines

Harassment and scam emails may fall under several laws, depending on the conduct.

Important legal sources include:

  1. Cybercrime Prevention Act of 2012;
  2. Revised Penal Code;
  3. Data Privacy Act of 2012;
  4. Electronic Commerce Act;
  5. Rules on Electronic Evidence;
  6. Access Devices Regulation Act;
  7. Anti-Photo and Video Voyeurism Act, where intimate images are involved;
  8. Safe Spaces Act, where gender-based online sexual harassment is involved;
  9. Anti-Violence Against Women and Their Children Act, where abuse is committed against a woman by a covered intimate partner;
  10. Financial consumer protection and banking regulations;
  11. Consumer protection laws;
  12. Special laws on lending, financing, securities, investment solicitation, and online platforms;
  13. Civil Code, for damages and abuse of rights.

The correct remedy depends on the facts, evidence, identity of the sender, harm caused, and urgency of protection.

V. Possible Cybercrime Offenses

A. Illegal Access

If the sender hacked or accessed an email account, social media account, bank account, device, or computer system without authority, illegal access may be involved.

Examples:

  1. Logging into another person’s email without permission;
  2. Using stolen passwords;
  3. Accessing cloud storage;
  4. Breaking into a business email account;
  5. Using hacked accounts to send scam emails.

B. Computer-Related Identity Theft

If the sender uses another person’s identity online to deceive, harass, or defraud, identity theft may apply.

Examples:

  1. Sending emails pretending to be the victim;
  2. Using a fake email address with another person’s name;
  3. Impersonating a company officer;
  4. Using stolen personal data to create accounts;
  5. Pretending to be a government official.

C. Computer-Related Fraud

Emails used to deceive victims into transferring money, giving credentials, or releasing property may involve computer-related fraud.

Examples:

  1. Fake payment instructions;
  2. Phishing for online banking credentials;
  3. Fake investment links;
  4. Fake invoices;
  5. Fake donation appeals;
  6. Fake delivery fee payments.

D. Computer-Related Forgery

If an email or digital document is falsified to appear authentic, computer-related forgery may be involved.

Examples:

  1. Fake court notice;
  2. Fake bank certification;
  3. Fake government email;
  4. Fake company invoice;
  5. Fake digital receipt;
  6. Altered PDF or electronic document.

E. Cyberlibel

If the email or related online publication contains defamatory statements identifying a person and damaging reputation, cyberlibel may be involved.

Cyberlibel is especially relevant if the sender posts or sends defamatory accusations to third persons, group emails, workplaces, schools, clients, or social media.

F. Cybersex, Voyeurism, and Intimate Image Abuse

If the email involves sexual exploitation, threats to release intimate images, or actual distribution of intimate photos or videos, several cybercrime and special law issues may arise.

G. Cyberstalking or Online Harassment-Related Conduct

Philippine law does not have a single universal “cyberstalking” law covering all situations, but repeated threatening or harassing emails may be prosecuted under other offenses such as unjust vexation, threats, coercion, VAWC, Safe Spaces Act violations, data privacy violations, or cybercrime-related offenses.

VI. Revised Penal Code Remedies

Emails may support complaints under the Revised Penal Code if the elements of the offense are present.

A. Estafa

Scam emails may amount to estafa if the sender used deceit or abuse of confidence to cause the victim to part with money, property, or rights.

Examples:

  1. Fake seller receives payment but never delivers goods;
  2. Fake investment collects funds through deception;
  3. Fake job recruiter collects processing fees;
  4. Fake lover obtains money through fraudulent stories;
  5. Fake supplier redirects payment.

B. Grave Threats

If the email threatens to kill, injure, harm, expose, or seriously damage the victim unless a demand is met, grave threats may be involved.

C. Light Threats

Less serious threats may still be punishable depending on the words used and context.

D. Grave Coercion

If the sender uses threats or intimidation to force the victim to do something against their will or stop them from doing something lawful, coercion may be involved.

E. Unjust Vexation

Repeated annoying, disturbing, or harassing emails may constitute unjust vexation where the conduct unjustly irritates, annoys, or causes distress without necessarily fitting a more specific crime.

F. Libel or Slander by Deed-Related Conduct

If emails are sent to third persons containing defamatory matter, libel-related remedies may be considered. If the harassment extends beyond email into public acts, other offenses may arise.

G. Falsification and Use of Falsified Documents

Fake documents attached to emails may involve falsification, especially if they imitate official, commercial, financial, or legal documents.

VII. Data Privacy Issues

Scam or harassment emails often involve misuse of personal data.

A. Possible Data Privacy Violations

Possible violations include:

  1. Unauthorized use of personal data;
  2. Disclosure of private information;
  3. Use of personal data for harassment;
  4. Processing of personal data without consent or lawful basis;
  5. Accessing or sharing private contacts;
  6. Doxxing;
  7. Sending private information to employers, relatives, or the public;
  8. Use of leaked databases for phishing;
  9. Identity theft involving personal information.

B. Sensitive Personal Information

More serious concerns arise if the email involves sensitive information such as health, sexual life, religion, government IDs, financial information, passwords, biometrics, or information involving children.

C. Complaints

A victim may consider reporting privacy violations to the National Privacy Commission, especially where personal data was misused, disclosed, or processed unlawfully.

VIII. Harassment Emails in a Dating or Domestic Relationship

If the sender is a current or former intimate partner, additional remedies may be available.

A. Violence Against Women and Their Children

If a woman receives harassing, threatening, degrading, or coercive emails from a man with whom she has or had a dating, sexual, or marital relationship, the conduct may be covered by the Anti-Violence Against Women and Their Children Act if it causes or is likely to cause psychological harm.

Examples:

  1. Threatening emails after breakup;
  2. Emails threatening to release private photos;
  3. Repeated insults and humiliation;
  4. Threatening to harm the victim or child;
  5. Controlling emails;
  6. Stalking by email;
  7. Economic threats involving support;
  8. Using children to pressure the victim.

B. Protection Orders

A victim may seek a barangay protection order, temporary protection order, or permanent protection order where applicable.

A protection order may prohibit contact by email, phone, social media, third parties, or physical approach.

C. Same-Sex or Male Victims

Where VAWC does not apply, other remedies may still be available, including threats, coercion, unjust vexation, cyberlibel, data privacy complaints, civil damages, and Safe Spaces Act remedies where applicable.

IX. Safe Spaces Act and Gender-Based Online Harassment

The Safe Spaces Act may apply when harassment emails involve gender-based sexual harassment.

Examples include:

  1. Sexist insults;
  2. Misogynistic attacks;
  3. Homophobic or transphobic harassment;
  4. Unwanted sexual remarks;
  5. Sending obscene images;
  6. Demands for sexual favors;
  7. Threats to release intimate content;
  8. Repeated sexually charged messages;
  9. Gender-based cyber harassment.

This law may be relevant in workplaces, schools, public spaces, and online spaces.

X. Scam Emails Involving Banks, E-Wallets, and Financial Accounts

A. Immediate Steps

If the victim clicked a link, entered credentials, sent money, or disclosed OTPs, immediate action is needed.

The victim should:

  1. Contact the bank or e-wallet provider immediately;
  2. Request account freeze, password reset, or transaction hold;
  3. Change passwords;
  4. Revoke access to compromised devices or sessions;
  5. Report unauthorized transactions;
  6. Save transaction references;
  7. File a police or cybercrime report;
  8. Preserve emails, SMS, screenshots, and receipts.

B. Bank Responsibility and User Responsibility

Banks and financial institutions have duties to protect consumers, but customers also have responsibilities to safeguard passwords, OTPs, devices, and account credentials.

Liability for unauthorized transactions depends on facts, timing of report, negligence, system failure, phishing method, contractual terms, and regulatory rules.

C. Chargebacks and Recovery

Recovery may be difficult once money is transferred. However, prompt reporting improves the chance of blocking, tracing, or reversing funds.

XI. Business Email Compromise in Companies

For businesses, email fraud can cause large losses.

A. Common Scenarios

  1. Fake supplier changes bank account;
  2. Fake executive orders urgent transfer;
  3. Fake lawyer sends settlement payment details;
  4. Fake client sends malware invoice;
  5. Employee email is hacked;
  6. Payroll accounts are changed;
  7. Real estate closing instructions are altered;
  8. Vendor payment is diverted.

B. Immediate Business Response

The company should:

  1. Contact the bank immediately;
  2. Attempt recall or freeze of funds;
  3. Notify the receiving bank;
  4. Preserve email headers and logs;
  5. Disable compromised accounts;
  6. Force password resets;
  7. Review mailbox forwarding rules;
  8. Check for unauthorized login sessions;
  9. Notify affected parties;
  10. File cybercrime report;
  11. Notify insurers if covered;
  12. Assess data breach notification duties.

C. Internal Controls

Businesses should require callback verification, dual approval, vendor bank account verification, anti-phishing training, multi-factor authentication, and payment change protocols.

XII. Evidence Preservation

Evidence is critical. Many victims delete emails out of fear or embarrassment. This is a mistake.

A. Preserve the Original Email

Keep the original email in the inbox or archive. Do not merely screenshot and delete it.

Original emails may contain technical information such as:

  1. Sender address;
  2. Reply-to address;
  3. Routing information;
  4. Mail server details;
  5. Date and time;
  6. IP-related data;
  7. Authentication results;
  8. Attachments;
  9. Links;
  10. Message ID.

B. Save Full Email Headers

Full email headers may help trace the origin, verify spoofing, and support technical investigation.

Most email platforms allow viewing “original,” “show source,” “show original,” or “message details.” The full header should be copied and saved in a text file or PDF.

C. Take Screenshots

Screenshots should show:

  1. Sender;
  2. Subject;
  3. Date and time;
  4. Email body;
  5. Threatening or fraudulent content;
  6. Attachments;
  7. Links;
  8. Recipient list;
  9. Related thread.

D. Export or Print to PDF

For legal use, save the email as PDF and, where possible, export the original email file.

E. Preserve Attachments Without Opening Them

If an attachment appears malicious, do not open it. Save the email intact and let technical or law enforcement personnel handle it.

F. Preserve Related Evidence

Save:

  1. Payment receipts;
  2. Bank transaction slips;
  3. GCash or Maya references;
  4. Crypto wallet addresses;
  5. Remittance details;
  6. Chat messages;
  7. Call logs;
  8. Social media profiles;
  9. Website links;
  10. Domain names;
  11. Sender names and aliases.

XIII. Electronic Evidence in Philippine Proceedings

Emails may be admissible as electronic evidence if properly authenticated and relevant.

Important considerations include:

  1. Authenticity of the email;
  2. Integrity of the electronic record;
  3. Identity of the sender;
  4. Chain of custody;
  5. Reliability of screenshots;
  6. Preservation of metadata;
  7. Testimony of the recipient or custodian;
  8. Certification or technical evidence, where needed.

A screenshot may be useful, but the original email and full header are stronger.

XIV. How to Examine a Suspicious Email Safely

Without clicking links, check:

  1. Does the sender address match the real organization?
  2. Is the domain misspelled?
  3. Is there a sense of urgency?
  4. Is the greeting generic?
  5. Are there grammar or formatting errors?
  6. Does the email ask for passwords, OTPs, or PINs?
  7. Does the link point to a strange domain?
  8. Is the attachment unexpected?
  9. Is payment demanded through unusual channels?
  10. Does the message threaten consequences unless immediate action is taken?

A legitimate bank or government agency generally should not ask for passwords or OTPs by email.

XV. What to Do If You Already Clicked a Link

If a suspicious link was clicked, do the following:

  1. Disconnect from the internet if malware is suspected;
  2. Do not enter any more information;
  3. Change passwords from a clean device;
  4. Enable multi-factor authentication;
  5. Check email forwarding rules;
  6. Log out of all sessions;
  7. Scan device for malware;
  8. Check bank and e-wallet transactions;
  9. Notify bank or e-wallet provider;
  10. Preserve the email;
  11. Report the incident.

If login credentials were entered, act as though the account has been compromised.

XVI. What to Do If You Opened an Attachment

If an attachment was opened:

  1. Disconnect the device from the internet;
  2. Do not plug in external drives;
  3. Do not log into sensitive accounts from that device;
  4. Run trusted anti-malware tools;
  5. Ask IT support to inspect the device;
  6. Change passwords from another device;
  7. Check for unauthorized transactions;
  8. Preserve the email and attachment;
  9. Report to relevant authorities if damage occurred.

For company devices, immediately report to IT or information security personnel.

XVII. What to Do If You Sent Money

If money was sent due to a scam email:

  1. Contact the sending bank or payment provider immediately;
  2. Ask for recall, hold, freeze, or dispute;
  3. Contact the receiving institution if known;
  4. Preserve proof of payment;
  5. File a report with law enforcement or cybercrime authorities;
  6. Prepare a sworn statement;
  7. Report to the platform used;
  8. Monitor accounts for further compromise;
  9. Avoid sending additional “recovery fees.”

Scammers often perform a second scam by pretending they can recover the money for a fee.

XVIII. What to Do If You Shared Personal Information

If personal information was shared:

  1. Change affected account passwords;
  2. Enable multi-factor authentication;
  3. Monitor bank and credit accounts;
  4. Watch for SIM swap attempts;
  5. Alert banks and e-wallets;
  6. Replace compromised IDs if necessary;
  7. Be alert for follow-up scams;
  8. Report identity theft if accounts are created in your name;
  9. Consider filing a data privacy or cybercrime complaint.

If government ID numbers were shared, extra caution is needed because they may be used for identity theft.

XIX. What to Do If the Email Threatens Violence

If the email threatens physical harm:

  1. Preserve the email;
  2. Do not meet the sender alone;
  3. Report immediately to police or barangay authorities;
  4. Inform trusted persons;
  5. Strengthen home, workplace, or school safety;
  6. Seek a protection order if applicable;
  7. Avoid replying in a way that escalates danger;
  8. Keep a record of all threats.

If the sender is known and has access to the victim, treat the threat seriously.

XX. What to Do If the Email Threatens to Release Private Photos

If the email threatens to release private or intimate content:

  1. Do not panic;
  2. Do not immediately pay;
  3. Preserve the email and all related messages;
  4. Save the sender details and payment demands;
  5. Report to law enforcement or cybercrime authorities;
  6. Report to the platform if content is posted;
  7. Seek takedown where possible;
  8. Notify trusted persons if safety planning requires it;
  9. Consider protection order remedies if the sender is an intimate partner;
  10. Consult counsel if the content is real and identifiable.

Paying does not guarantee deletion. It may encourage further extortion.

XXI. What to Do If the Email Is Defamatory

If the email contains false accusations and was sent to others:

  1. Preserve the email;
  2. Identify all recipients;
  3. Save any replies or forwarding evidence;
  4. Determine whether the statement is defamatory;
  5. Check whether it was sent privately or published broadly;
  6. Consider a demand letter;
  7. Consider criminal or civil remedies for libel, cyberlibel, or damages;
  8. Avoid retaliatory defamatory statements.

If the email was sent only to the victim, it may be abusive but not necessarily defamatory publication. If sent to third persons, defamation issues are stronger.

XXII. What to Do If the Sender Is Unknown

If the sender is unknown:

  1. Preserve full email headers;
  2. Do not assume the displayed name is real;
  3. Check whether the sender is spoofing another address;
  4. Report to the email provider;
  5. Report to law enforcement for serious threats or fraud;
  6. Avoid engaging;
  7. Block or filter after preserving evidence;
  8. Monitor for repeated patterns.

Anonymous senders may still be traced in some cases through provider records, IP logs, payment trails, domain registration, bank accounts, or mistakes made by the sender.

XXIII. What to Do If the Sender Is Known

If the sender is known, the options may be stronger.

Possible steps include:

  1. Send a no-contact notice, if safe;
  2. Report to barangay or police;
  3. File a complaint for threats, coercion, unjust vexation, VAWC, Safe Spaces Act violations, or cybercrime as applicable;
  4. Request workplace or school intervention if the relationship is institutional;
  5. Seek a protection order where applicable;
  6. File civil action for damages if harm occurred.

If there is risk of violence, do not rely only on a demand letter. Seek immediate protection.

XXIV. No-Contact Notice

A no-contact notice may help establish that further emails are unwanted.

Example:

“You are directed to stop contacting me by email, phone, social media, messaging applications, through third persons, or any other means. Any further contact will be documented and may be reported to the proper authorities.”

This should only be sent if safe. In dangerous situations, it may be better to report directly to authorities.

XXV. Blocking and Filtering

After preserving evidence, the victim may:

  1. Block the sender;
  2. Mark as spam or phishing;
  3. Create email filters;
  4. Report the sender to the email provider;
  5. Disable automatic image loading;
  6. Use separate email addresses for public contact;
  7. Strengthen privacy settings.

Blocking helps reduce contact but does not replace legal remedies for serious threats or fraud.

XXVI. Reporting to Email Providers and Platforms

Most email providers allow reporting phishing, spam, abuse, impersonation, and compromised accounts.

Reporting may result in:

  1. Account suspension;
  2. Blocking of malicious links;
  3. Warnings to other users;
  4. Preservation of technical records;
  5. Takedown of abusive content;
  6. Reduced future spam.

For serious cases, platform reporting should be combined with legal reporting.

XXVII. Reporting to Banks, E-Wallets, and Payment Providers

If the email involves payment fraud, report immediately to:

  1. Bank;
  2. E-wallet provider;
  3. Credit card issuer;
  4. Remittance company;
  5. Crypto exchange, if applicable;
  6. Merchant platform;
  7. Payment gateway.

Provide:

  1. Email copy;
  2. Payment reference;
  3. Account number or wallet number of recipient;
  4. Date and time;
  5. Amount;
  6. Screenshot of transaction;
  7. Government ID, if required for report;
  8. Police report, if later required.

Time is critical.

XXVIII. Reporting to Law Enforcement

Serious harassment, threats, extortion, scams, identity theft, hacking, and cyber-related offenses may be reported to cybercrime authorities or police.

A report may include:

  1. Complaint-affidavit;
  2. Printed emails;
  3. Full email headers;
  4. Screenshots;
  5. Proof of payment;
  6. Bank or wallet records;
  7. Links and attachments;
  8. Witness statements;
  9. IDs;
  10. Timeline of events.

The victim should request a copy or reference number of the report.

XXIX. Filing a Complaint With the Prosecutor

For criminal cases, a complaint may be filed with the prosecutor’s office.

The complaint should include:

  1. Complaint-affidavit;
  2. Evidence of emails;
  3. Full headers and technical details;
  4. Proof of sender identity, if known;
  5. Proof of payment or loss, if scam;
  6. Proof of threats or harassment;
  7. Witness affidavits;
  8. Certifications or records from platforms, banks, or providers, if available;
  9. Other supporting documents.

The prosecutor evaluates probable cause.

XXX. Filing a Data Privacy Complaint

If the emails involve unauthorized use or disclosure of personal data, a privacy complaint may be considered.

Examples:

  1. Doxxing;
  2. Use of private contact lists;
  3. Disclosure of sensitive data;
  4. Harassment using personal data;
  5. Unauthorized access to email or cloud accounts;
  6. Sharing private documents;
  7. Misuse of IDs or personal details.

The complaint should include evidence of the data involved, how it was used, harm caused, and identity of the suspected violator if known.

XXXI. Civil Remedies

Victims may seek civil remedies for damages in proper cases.

A. Moral Damages

Available where the victim suffered mental anguish, fright, serious anxiety, wounded feelings, social humiliation, or reputational injury due to unlawful conduct.

B. Actual Damages

May include proven losses such as:

  1. Money sent to scammers;
  2. Unauthorized transfers;
  3. Therapy expenses;
  4. Cybersecurity repair costs;
  5. Business losses;
  6. Legal expenses, where recoverable;
  7. Account recovery costs;
  8. Lost income.

C. Exemplary Damages

May be awarded where the defendant acted in a wanton, fraudulent, oppressive, or malicious manner.

D. Injunction

In appropriate cases, a court may order a person to stop certain conduct, remove content, or refrain from further harassment.

XXXII. Workplace Harassment by Email

If harassment emails come from a co-worker, supervisor, subordinate, client, or vendor, internal remedies may be available.

The victim may:

  1. Preserve emails;
  2. Report to HR;
  3. Report to the data protection officer, if data is involved;
  4. Report to management;
  5. Request safety or access controls;
  6. File a Safe Spaces Act complaint if gender-based harassment is involved;
  7. File a labor complaint if employer fails to act on workplace harassment;
  8. File criminal or civil complaints where appropriate.

Employers should act promptly to prevent retaliation and preserve electronic records.

XXXIII. School-Related Harassment by Email

If the victim is a student or the sender is connected with a school, possible remedies include:

  1. Report to school administration;
  2. Report to guidance office;
  3. Preserve emails;
  4. Request disciplinary action;
  5. Seek protection from bullying or harassment;
  6. File Safe Spaces Act complaint if applicable;
  7. File police or prosecutor complaint for serious threats, extortion, or cybercrime.

Schools may have duties to protect students from harassment, including online harassment connected to school life.

XXXIV. Harassment by Online Lenders or Collectors

Harassment emails from online lenders or collectors may involve:

  1. Threats of arrest without basis;
  2. Public shaming;
  3. Contacting employers or relatives;
  4. Misrepresenting legal consequences;
  5. Excessive interest or charges;
  6. Data privacy violations;
  7. Coercion;
  8. Unfair collection practices.

A debtor still has a duty to pay lawful debts, but creditors and collectors must follow the law. A victim may report abusive collection practices to appropriate regulators or authorities, depending on the lender and conduct.

XXXV. Demand Letters and Cease-and-Desist Letters

For known harassers, a lawyer’s demand letter may be useful.

It may demand that the sender:

  1. Stop sending emails;
  2. Stop contacting the victim;
  3. Preserve evidence;
  4. Remove defamatory content;
  5. Retract false statements;
  6. Stop using personal data;
  7. Pay damages;
  8. Return money;
  9. Stop impersonation;
  10. Confirm compliance.

However, a demand letter is not always appropriate for anonymous scammers or dangerous harassers. Safety and evidence preservation come first.

XXXVI. Protection Orders

Protection orders may be available in specific contexts, especially VAWC cases.

A protection order may prohibit:

  1. Sending emails;
  2. Calling or texting;
  3. Messaging on social media;
  4. Contact through third persons;
  5. Coming near the victim;
  6. Going to the victim’s home, workplace, or school;
  7. Threatening or harassing the victim;
  8. Posting private or defamatory content;
  9. Possessing firearms, where applicable.

If the harassment is connected to intimate partner abuse, protection orders may be among the most effective remedies.

XXXVII. When the Email Contains a Fake Court, Police, or Government Notice

Scammers may send fake subpoenas, warrants, tax notices, immigration notices, customs notices, or court orders.

The recipient should:

  1. Do not click links;
  2. Do not pay through channels listed in the email;
  3. Verify directly with the agency using official contact information;
  4. Preserve the email;
  5. Check for grammar, suspicious domains, and unofficial payment instructions;
  6. Report impersonation to the relevant agency and law enforcement.

Government agencies generally use formal procedures and official channels. A real court process will not usually demand immediate payment to a private account through a random email.

XXXVIII. When the Email Contains Malware or Ransomware

If an email caused ransomware or malware infection:

  1. Disconnect affected devices;
  2. Do not pay ransom immediately;
  3. Notify IT or cybersecurity professionals;
  4. Preserve logs and emails;
  5. Report to law enforcement;
  6. Determine whether personal data was breached;
  7. Notify affected persons or regulators if required;
  8. Restore from clean backups;
  9. Change credentials;
  10. Review security controls.

Businesses may have data breach reporting obligations if personal information was compromised.

XXXIX. If the Email Account Was Hacked

Signs of email compromise include:

  1. Unknown sent messages;
  2. Password reset notices;
  3. Login alerts from unfamiliar locations;
  4. Missing emails;
  5. Forwarding rules added;
  6. Contacts receiving scam emails from the account;
  7. Locked account;
  8. Unusual bank or social media activity.

Immediate steps:

  1. Change password from a clean device;
  2. Enable multi-factor authentication;
  3. Remove unknown recovery emails or numbers;
  4. Check forwarding and filters;
  5. Log out of all devices;
  6. Scan devices;
  7. Notify contacts not to click suspicious emails;
  8. Check connected accounts;
  9. Preserve evidence of compromise;
  10. Report if financial or personal data was affected.

XL. If the Email Is Part of a Larger Scam

Many scams involve multiple channels: email, SMS, calls, Facebook, Messenger, Telegram, Viber, WhatsApp, fake websites, and payment accounts.

The victim should document the entire scheme, not just the email.

Create a folder containing:

  1. Emails;
  2. Chat screenshots;
  3. Website screenshots;
  4. Phone numbers;
  5. Bank accounts;
  6. Wallet numbers;
  7. Names used;
  8. IDs provided by scammer;
  9. Receipts;
  10. Timeline.

This makes a complaint stronger.

XLI. If a Company Receives Harassment or Scam Emails

A company should handle scam emails through legal, IT, compliance, and HR processes.

Steps include:

  1. Preserve evidence;
  2. Notify IT security;
  3. Isolate compromised accounts;
  4. Check financial exposure;
  5. Notify banks;
  6. Notify affected customers or employees if data was compromised;
  7. File cybercrime report;
  8. Review incident response plan;
  9. Consider data breach notification;
  10. Discipline employees only after fair investigation if internal involvement is suspected;
  11. Update controls.

Corporate victims should consider board, audit, insurance, and regulatory reporting obligations.

XLII. Legal Issues in Tracing Senders

Tracing email senders can be difficult because scammers may use:

  1. Fake accounts;
  2. VPNs;
  3. Compromised accounts;
  4. Spoofed addresses;
  5. Overseas servers;
  6. Disposable email services;
  7. Public Wi-Fi;
  8. Money mules;
  9. Cryptocurrency wallets;
  10. Fake identities.

However, traces may still exist through:

  1. Email headers;
  2. Provider logs;
  3. IP logs;
  4. Payment accounts;
  5. Bank KYC records;
  6. Domain registration;
  7. Device metadata;
  8. Reused phone numbers;
  9. Social media accounts;
  10. Human mistakes.

Law enforcement or court processes may be needed to obtain provider records.

XLIII. Jurisdiction Issues

Harassment or scam emails may come from outside the Philippines. Legal action may still be possible if:

  1. The victim is in the Philippines;
  2. The harm occurred in the Philippines;
  3. The email was received in the Philippines;
  4. Philippine accounts or financial systems were used;
  5. The offender is in the Philippines;
  6. Philippine law provides jurisdiction over the act.

Cross-border enforcement can be difficult, but reporting is still important, especially for bank freezing, account tracing, and pattern detection.

XLIV. Prescription and Timeliness

Legal remedies must be pursued within applicable prescriptive periods. The period depends on the offense or civil action.

Victims should act promptly because:

  1. Logs may be deleted;
  2. Accounts may be closed;
  3. Funds may be withdrawn;
  4. Posts may be deleted;
  5. Witnesses may forget;
  6. Evidence may be lost;
  7. legal deadlines may run.

Prompt reporting is especially important for financial fraud.

XLV. Do Not Pay “Recovery Agents”

After a scam, victims may be contacted by people claiming they can recover the money for a fee. These may be recovery scams.

Warning signs:

  1. Guaranteed recovery;
  2. Upfront fees;
  3. Claims of secret government contacts;
  4. Request for more personal data;
  5. Demand for crypto payment;
  6. Pressure to act quickly;
  7. Refusal to provide verifiable identity;
  8. Use of fake law firm or agency names.

Victims should verify before engaging anyone.

XLVI. Preventive Measures

To reduce risk:

  1. Use strong unique passwords;
  2. Enable multi-factor authentication;
  3. Never share OTPs;
  4. Verify payment instructions through trusted channels;
  5. Do not click suspicious links;
  6. Keep software updated;
  7. Use antivirus or endpoint protection;
  8. Disable automatic downloads;
  9. Use separate email addresses for banking, work, and public use;
  10. Review privacy settings;
  11. Train employees and family members;
  12. Beware of urgency and secrecy;
  13. Confirm bank account changes by phone using known numbers;
  14. Keep backups;
  15. Use password managers.

XLVII. Practical Checklist for Victims

If you receive a harassment or scam email:

  1. Do not click links or open attachments.
  2. Do not send money.
  3. Preserve the original email.
  4. Save full email headers.
  5. Take screenshots.
  6. Save related messages and payment details.
  7. Block or filter only after preserving evidence.
  8. Report phishing to the email provider.
  9. Contact bank or e-wallet immediately if money or credentials are involved.
  10. File a report with police or cybercrime authorities for serious cases.
  11. Consider a lawyer’s demand letter if sender is known.
  12. Seek a protection order if the harassment is connected to intimate partner abuse.
  13. File a data privacy complaint if personal data was misused.
  14. Monitor accounts and change passwords.
  15. Keep a timeline of incidents.

XLVIII. Sample Incident Timeline

A useful timeline may look like this:

  1. Date and time received: 10 April 2026, 8:32 p.m.
  2. Sender email: example@email.com
  3. Subject: “Final Warning”
  4. Summary: Sender threatened to post private photos unless ₱20,000 was sent.
  5. Demand: Payment to named e-wallet number by midnight.
  6. Evidence preserved: Original email, screenshots, full headers, e-wallet number.
  7. Action taken: Did not reply; reported to email provider; filed police report.
  8. Effect: Victim experienced fear and anxiety; informed family for safety.
  9. Related incidents: Similar messages on 8 April and 9 April 2026.

Specific details help investigators and lawyers.

XLIX. Sample No-Contact Email

This may be used only where safe and appropriate.

Subject: Cease Contact

You are directed to stop contacting me by email, phone, text message, social media, messaging applications, through third persons, or by any other means.

Your further messages are unwanted. Any future contact, threat, harassment, or disclosure of my personal information will be documented and may be reported to the proper authorities.

This message is sent without waiver of any legal rights and remedies.

L. Sample Evidence Preservation Note

A victim may keep a note like this:

I received the email with subject [subject] from [sender] on [date and time] at my email address [recipient email]. I did not click the link or open the attachment. I preserved the original email, exported the full headers, took screenshots, and saved copies in a secure folder. I also saved related payment demands and account details.

This note can help organize facts later.

LI. Frequently Asked Questions

1. Should I delete scam emails?

Not immediately if the email is serious, threatening, or caused loss. Preserve it first, including full headers and screenshots.

2. Should I reply to the scammer?

Usually no. Replying may confirm that your email is active and may invite more harassment. For known harassers, a single no-contact notice may be useful if safe.

3. What if I clicked the link but did not enter information?

Change passwords if there is any doubt, scan your device, and monitor accounts. Some links may still track or attempt malware.

4. What if I entered my password?

Change the password immediately from a clean device, enable multi-factor authentication, log out of all sessions, and check account recovery settings.

5. What if I gave my OTP?

Contact the bank or provider immediately. OTP disclosure can allow unauthorized transactions.

6. Can I file a case for scam emails?

Yes, if the facts support cybercrime, estafa, fraud, identity theft, threats, coercion, or other offenses.

7. Can I file a case if I did not lose money?

Possibly. Threats, harassment, identity theft, attempted fraud, data privacy violations, or cybercrime may still be actionable depending on facts.

8. Can anonymous senders be traced?

Sometimes. Full email headers, provider logs, payment trails, and platform records may help. Law enforcement or court processes may be required.

9. Is an email admissible in court?

Yes, electronic evidence may be admissible if properly authenticated and relevant.

10. What if the sender is my ex-partner?

If the emails are threatening, abusive, or coercive, remedies may include VAWC protection orders, criminal complaints, cybercrime complaints, and civil damages, depending on the facts.

11. What if the email threatens to post intimate photos?

Preserve evidence, do not pay immediately, report promptly, and seek legal protection. This may involve serious criminal and civil remedies.

12. Can I sue for emotional distress?

You may seek moral damages in proper cases if the unlawful act and emotional harm are proven.

13. Should I report phishing emails even if I did not fall for them?

Yes, especially if the email impersonates a bank, employer, government agency, or contains malicious links.

14. Can a debt collector threaten arrest by email?

A creditor may pursue lawful remedies, but misleading threats of arrest, public shaming, harassment, or unauthorized disclosure may be unlawful.

15. What should a company do after a scam email causes payment loss?

Immediately contact the bank, attempt recall or freeze, preserve email headers and logs, investigate compromise, report to authorities, and review security controls.

LII. Conclusion

Harassment and scam emails should be taken seriously. Some are simple spam, but others are tools for fraud, extortion, identity theft, stalking, psychological abuse, cybercrime, or financial loss. The correct response is not panic, retaliation, or immediate deletion. The correct response is to preserve evidence, secure accounts, avoid engagement, report promptly, and pursue the proper legal remedy.

In the Philippines, possible remedies may arise under cybercrime law, the Revised Penal Code, data privacy law, VAWC, Safe Spaces Act, electronic evidence rules, consumer protection rules, banking regulations, and civil law. The best remedy depends on whether the email is merely suspicious, financially fraudulent, threatening, defamatory, sexually exploitative, privacy-invasive, or part of a pattern of harassment.

For victims, the most important practical steps are: do not click, do not pay without verification, preserve the original email and full headers, contact financial institutions immediately if money or credentials are involved, report serious incidents to the proper authorities, and seek protection if the harassment threatens safety.

For businesses, scam emails require both legal and cybersecurity responses: preserve logs, freeze payments, investigate compromised accounts, notify affected parties where required, and strengthen internal controls.

Email abuse may be digital, but its consequences are real. Philippine law provides remedies, and timely action can prevent further harm, preserve rights, and improve the chance of accountability.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login