A practical legal guide for victims, families, and counsel

1) First 24 Hours: The “Do-Now” Checklist

Contain the loss

Freeze/recall funds: Call your bank or e-wallet (e.g., GCash, Maya) and request an immediate transaction dispute and fund recall for the specific reference numbers (InstaPay/PESONet IDs, e-wallet transaction IDs). Ask for a case number.
Lock down compromised accounts: Change passwords; enable MFA. If a SIM is compromised or used for OTP hijacking, request SIM block/SIM change from your telco (under the SIM Registration Act).
Deactivate rogue sessions: Log out from all devices on email, social media, and financial apps. Revoke third-party app access.

Preserve evidence

Screenshots and exports: Capture full-screen images of chats, profiles, listings, receipts, and bank/e-wallet confirmations (include date/time and URLs). Export chat threads where possible.
Headers & metadata: Save email headers, download message export files (e.g., .txt, .json), and keep original images/videos.
Create an incident log: A simple table (date/time → event → platform → amount → reference number → witness, if any).

Notify authorities and platforms

Platform reports: Report the account/marketplace page (Facebook, IG, X, Lazada, Shopee, Carousell, etc.). Keep the report confirmation.
Initial police blotter: File a blotter report at your local station or directly with PNP Anti-Cybercrime Group (ACG) or NBI Cybercrime Division (CCD); bring your incident log and IDs.
Inform recipients’ banks: If you know the receiving bank/e-wallet from a receipt, send a preservation letter asking it to retain logs and not dispose of transaction data pending investigation.

2) Understanding the Legal Landscape

Core criminal statutes

Estafa (swindling) under the Revised Penal Code (RPC, Art. 315 as amended by R.A. 10951): Deceit causing damage through false pretenses, fraudulent means, or misappropriation.
Cybercrime Prevention Act (R.A. 10175): Captures online modalities including computer-related fraud, illegal access, identity theft, and use of computer systems to commit traditional crimes (e.g., estafa via internet).
Access Devices Regulation Act (R.A. 8484): Fraud involving ATMs, credit/debit/virtual cards, and similar access devices.
Financial Products and Services Consumer Protection Act (R.A. 11765): Establishes consumer rights and redress mechanisms with BSP-supervised institutions and other regulators.
Data Privacy Act (R.A. 10173): If personal data were compromised, duties and remedies may arise, especially for businesses (breach notification rules).

Regulatory & enforcement bodies (who does what)

PNP-ACG / NBI-CCD: Criminal complaints, digital forensics, and case build-up.
BSP Consumer Assistance / banks & e-wallets: Dispute resolution, fund recall/credit reversals, and internal fraud probes for supervised institutions.
Securities and Exchange Commission (SEC): Investment scams, unregistered securities, Ponzi-type schemes; complaints to the EIPD.
Department of Trade and Industry (DTI): Consumer protection for retail e-commerce sellers; deceptive online sales practices.
National Telecommunications Commission (NTC): SIM/account misuse, spam/scam texts; coordination with telcos.
National Privacy Commission (NPC): Personal data misuse, identity theft complaints, breach notifications (for organizations).

Civil remedies (money back and damages)

Sum of money / damages under the Civil Code (contractual and tort claims).
Small Claims (no lawyers required): file for recovery of a sum of money within the Supreme Court’s current small-claims threshold (check the latest limit before filing). Useful for direct seller-buyer online scams.
Provisional remedies: Preliminary attachment (to secure assets), injunctions against ongoing fraudulent use of your identity or marks.
Unjust enrichment, rescission/cancellation of online sale contracts procured by fraud.

3) Evidence: What Holds Up in a Philippine Court

Rules on Electronic Evidence (A.M. No. 01-7-01-SC) essentials

Authenticity & integrity: Keep originals whenever possible; avoid altering files. If you must annotate, also keep an untouched copy.
Best form of capture: Full-page screenshots with visible URL and timestamp; downloads/exports from the platform; email header files; server logs.
Hashing & chain of custody: If feasible, compute file hashes (e.g., SHA-256) and keep a brief chain-of-custody note (who collected, where stored).
Linking the actor: Correlate account handles, phone numbers, bank/e-wallet accounts, IPs, delivery addresses, and courier waybills; preserve KYC replies from banks/wallets (often only available via subpoena, but request preservation now).

Must-keep artifacts

Payment proofs (reference numbers, transaction IDs, bank statements)
Marketplace listing URLs and cached copies
Chat exports (Messenger, Viber, WhatsApp, Telegram) with phone numbers
Email headers (to trace domains and relays)
Device logs (SMS inbox, missed calls, OTP traces)
Courier receipts/waybills and CCTV snapshots if delivery was involved

4) Filing a Criminal Complaint

Where to file

PNP-ACG (Camp Crame units and regional offices) or NBI-CCD. Local prosecutors can also accept complaints after initial blotter.

What to bring

Government ID, sworn complaint-affidavit, incident log, and all evidence.
If bank/e-wallet is involved, the dispute case number and copies of your preservation letters.

Offense selection (illustrative, to be tailored by counsel)

Estafa for deceit/misappropriation.
Computer-related fraud/identity theft under R.A. 10175 if the scheme used computers, networks, fake websites/apps, or stolen digital identities.
Access device fraud under R.A. 8484 for card/OTP/credentials abuse.

Timelines & prescription

Estafa’s prescriptive period depends on the imposable penalty (which hinges on the amount defrauded and other factors). Do not delay; file promptly to avoid prescription issues.

5) Parallel Civil Action or Small Claims

When to choose civil routes

You know the scammer’s identity or there is a payee account holder you can sue.
Amount is within small-claims threshold (summary process, no lawyers required).
You need quick executory judgments to garnish or levy assets (if identifiable).

Venue & defendants

Where the plaintiff resides, where the defendant resides, or where the cause of action arose (check updated venue rules).
Consider including account name holders, platform storefronts, and John/Jane Does (to be substituted once true identities are known).

6) Money-Movement Playbook (Banks & E-Wallets)

Fund recall realities

Instant transfers (InstaPay) settle fast; recalls often need the recipient’s consent unless there is a lawful order (subpoena, writ, or regulator directive). Early reporting increases the chance that funds are still parked or frozen.
PESONet (batch credit) sometimes allows recall before crediting cut-offs; call immediately.
Chargebacks/charge reversals are uncommon for P2P, but possible for card-rail transactions per issuer rules.

What to ask for

Case number & written acknowledgment of your dispute.
Preservation of logs: login IPs, device IDs, timestamps, KYC details of recipient accounts.
Status updates in writing and escalation to the bank’s consumer protection unit (citing R.A. 11765).

If the bank/e-wallet denies relief

File with the regulator: BSP Consumer Assistance for banks/e-money; provide your dispute file, case numbers, and evidence.
Pursue civil action for recovery and damages; request judicial subpoenas for KYC and logs if not voluntarily disclosed.

7) Special Scenarios

Phishing & account takeover

File for illegal access and identity theft; your own bank may also treat it as unauthorized transaction if you exercised due care.
Replace compromised SIMs/emails; update recovery emails/numbers everywhere.

Investment schemes & “doublers”

Report to SEC (EIPD) if securities or “investment contracts” were sold without registration or by unlicensed brokers/agents.
Seek asset freezing avenues by coordinating with law enforcement; banks may escalate suspicious flows to AMLC.

Marketplace or courier fraud

For defective/non-delivery by a seller, consider DTI complaints and civil actions.
Preserve CCTV, waybills, and delivery rider details quickly (issue preservation letters to the courier).

Identity-misuse and deepfakes

File criminal complaints for identity theft and injunctive relief to stop ongoing impersonation.
Notify platforms using their impersonation reporting channels; keep takedown receipts.

8) Working With Counsel: Litigation Strategy

Prioritize asset discovery: Subpoena duces tecum to banks/e-wallets; explore Rule 12 discovery after filing civil cases.
Provisional remedies early: Attachment/injunction can meaningfully improve recovery odds.
Forum selection: Consider practicality—small claims for speed vs. regular courts for complex damages and multiple defendants.
Settlement levers: A verified complaint and preserved logs often prompt recipient account holders (e.g., mules) to settle to avoid criminal exposure.

9) Templates You Can Adapt (Short Forms)

(A) Preservation Letter (to a Bank/E-Wallet/Telco)

Re: Request to Preserve Records – Online Fraud Incident Date/Time of transactions: [YYYY-MM-DD HH:MM] Amounts & Ref Nos.: [list each] Parties: [Your name], Recipient Account Name/No.: [if known] Request: Please preserve all KYC, logs (login IPs/device IDs), and transaction data for the above references pending investigation and possible court process. Kindly confirm in writing.

(B) Demand Letter (to a Seller/Payee)

You induced payment of ₱[amount] on [date] via [platform/bank], but failed to deliver. Unless you return the funds within five (5) days, we will file appropriate criminal and civil actions, seek attachment, and report to regulators.

(C) Incident Log (first page)

Date/Time — Event — Platform — Amount — Ref No. — Notes/Witness

(D) Sworn Statement (key paragraphs)

I am [name, age, address]. On [date/time], I saw [post/listing/link]. I communicated via [app/number]. I transferred ₱[amount] via [channel], Ref No. [xxx]. No goods/services were delivered. Attached as Annexes “A–G” are true copies of [evidence list]. I executed this affidavit to support criminal and civil complaints.

10) Protecting Yourself After the Incident

Credit freeze/monitoring: Ask banks to monitor unusual activity; change cards where OTP compromise is suspected.
Password hygiene: Unique, 12+ character passwords and app-based MFA.
Device audit: Run anti-malware scans; remove unknown profiles/extensions.
Awareness: Beware of “refund recovery” scams that target victims post-incident.

11) Frequently Asked Practical Questions

Q: Will I get my money back? A: Sometimes—especially if you report within hours and funds remain in the recipient account. Without consent or a court/regulatory order, banks are limited. Parallel legal action maximizes leverage.

Q: Do I need a lawyer for small claims? A: No. But for criminal complaints, complex damages, or cross-border elements, engaging counsel helps.

Q: Can I sue the platform? A: It depends on their role (host vs. seller), your contract with them, and their takedown/compliance. Preserve their policy pages, receipts, and communications.

Q: The scammer used a “mule” account. Sue the mule? A: Yes, consider including the account holder/recipient if facts support knowledge or participation, while authorities pursue the principal offenders.

12) Document Checklist (Print This)

Government ID
Police blotter / complaint number
Bank/e-wallet dispute number and correspondence
Incident log (with ref numbers and amounts)
Screenshots and exports (chats, listings, emails with headers)
Proof of payment (receipts, statements)
Copies of preservation and demand letters (with proofs of delivery)
Any courier waybills/CCTV or delivery communications

Final Notes and Cautions

Act fast. Time is everything for fund recalls, data preservation, and attachment.
Mind prescription. Do not wait; even if negotiations are ongoing, prepare filings.
Tailor your theory. Align facts to estafa, cybercrime, and any sector-specific law (securities, access devices).
This guide is general information. For case-specific advice—including venue, penalties, and current thresholds—consult a Philippine lawyer and confirm the latest rules and circulars.