If you just lost money to an online fraudster in the Philippines, act fast. The first few hours matter because transferred funds can be moved through several bank accounts, e-wallets, crypto wallets, or “money mule” accounts within minutes. Your immediate goals are to secure your accounts, report the transaction to the bank or e-wallet, preserve evidence, and file the right reports with law enforcement and regulators. Philippine law now gives victims stronger remedies, especially under the Anti-Financial Account Scamming Act, but recovery still depends heavily on speed, documentation, and proper reporting.
What Counts as Online Fraud in the Philippines?
Online fraud is not limited to fake online sellers. It can include any scheme where a person uses deception, impersonation, fake credentials, or electronic communications to make you send money, reveal account details, or authorize a transaction.
Common examples include:
- Fake Facebook Marketplace, Carousell, Shopee, Lazada, TikTok, Instagram, or Viber sellers
- Investment scams promising guaranteed returns
- Crypto “trading coaches” or fake exchange platforms
- Romance scams
- Job scams requiring “processing fees”
- Loan scams asking for advance charges
- Phishing links pretending to be banks, e-wallets, couriers, government agencies, or payment portals
- Fake customer service agents asking for OTPs, MPINs, passwords, or screen-sharing access
- Unauthorized transfers after a victim’s phone, SIM, banking app, or e-wallet account is compromised
Legally, the case may involve estafa, cybercrime, financial account scamming, access device fraud, investment fraud, money laundering, or a combination of these. The exact charge depends on what the scammer did, how the money was taken, and what evidence can prove the scheme.
Philippine Laws That May Apply
Estafa Under the Revised Penal Code
The classic criminal charge for scams is estafa under Article 315 of the Revised Penal Code. In simple terms, estafa happens when a person defrauds another through deceit or abuse of confidence, causing financial damage.
For many online scams, the relevant mode is estafa by false pretenses under Article 315(2)(a), where the scammer made a false representation before or at the same time you parted with your money. The Supreme Court has repeatedly stated that estafa by deceit requires proof that there was a false pretense or fraudulent representation, that it was made before or during the fraud, that the victim relied on it and parted with money or property, and that damage resulted. (Supreme Court E-Library)
This is why your evidence must show not only that you sent money, but also why you sent it: the fake promise, false identity, fake listing, forged receipt, fake investment dashboard, or misleading conversation that induced you to pay.
Cybercrime Prevention Act of 2012
Republic Act No. 10175, the Cybercrime Prevention Act of 2012, applies when a computer system, internet platform, electronic communication, or digital device is used in committing a crime. This matters because many traditional offenses, including fraud-related offenses, may be treated more seriously when committed through information and communications technology. (Lawphil)
Cybercrime cases are commonly handled by the PNP Anti-Cybercrime Group, the NBI Cybercrime Division, and prosecutors familiar with digital evidence. The case may require preservation of computer data, subscriber information, logs, device data, or platform records.
Anti-Financial Account Scamming Act
Republic Act No. 12010, signed on July 20, 2024, is the Anti-Financial Account Scamming Act or AFASA. It specifically targets financial account scams involving banks, e-wallets, payment service providers, social engineering, and money mule accounts. It defines financial accounts broadly to include bank accounts, transaction accounts, credit card accounts, e-wallets, and other accounts used for financial products or services. (Lawphil)
AFASA is especially important for victims because it recognizes modern scam patterns:
- Money muling — using, borrowing, renting, selling, lending, opening, or recruiting others to use accounts to receive or transfer scam proceeds
- Social engineering schemes — deceiving a person into giving sensitive financial information, leading to unauthorized access or control of a financial account
- Economic sabotage — more serious scam activity involving groups, multiple victims, mass mailers, or human trafficking (Lawphil)
AFASA also allows institutions to temporarily hold funds subject of a disputed transaction for a period set by BSP rules, but not beyond 30 calendar days unless extended by a court. It also requires coordinated verification among institutions and account owners involved in a disputed transaction. (Lawphil)
Most importantly for victims, AFASA states that financial institutions may be liable for restitution if they failed to use adequate risk management systems and controls, or failed to exercise the highest degree of diligence in preventing loss or damage from covered offenses. Conviction of the scammer is not required before restitution may be considered under the law. (Lawphil)
Access Devices Regulation Act
Republic Act No. 8484, the Access Devices Regulation Act of 1998, may apply when the scam involves cards, account numbers, PINs, access codes, credit cards, or other means of account access used to obtain money or initiate fund transfers. The law defines “access device” broadly and penalizes acts such as using unauthorized access devices, trafficking in access devices, and obtaining money through an access device with intent to defraud. (Lawphil)
If your credit card, debit card, online banking credentials, OTP, PIN, or e-wallet credentials were used, RA 8484 may be relevant together with AFASA and the Cybercrime Prevention Act.
Financial Products and Services Consumer Protection Act
Republic Act No. 11765, the Financial Products and Services Consumer Protection Act, protects consumers of financial products and services and gives financial regulators such as the BSP and SEC authority over financial consumer issues within their jurisdiction. It applies to financial products or services offered or marketed by financial service providers. (Supreme Court E-Library)
This law is useful when your complaint involves a bank, e-wallet, lending app, investment platform, insurance product, securities product, or other regulated financial service provider.
SIM Registration Act
Republic Act No. 11934, the SIM Registration Act, requires SIM registration before activation and defines spoofing as transmitting misleading or inaccurate information about the source of a call or text with intent to defraud, cause harm, or wrongfully obtain anything of value. (Supreme Court E-Library)
SIM registration does not automatically identify a scammer for you, and many scammers still use fake, stolen, foreign, recycled, or mule-registered numbers. But the mobile number remains valuable evidence for law enforcement, telcos, and regulators.
What to Do Immediately After You Realize You Were Scammed
1. Stop Communicating With the Scammer Except to Preserve Evidence
Do not argue, threaten, or warn the scammer that you are reporting them. Many scammers delete accounts once they sense trouble.
Instead:
- Screenshot the profile, page, listing, group post, ad, account name, phone number, email address, payment instructions, QR code, and chat history.
- Save the URL of the profile, listing, website, or app.
- Export the chat if the platform allows it.
- Record the date, time, amount, reference number, and account or wallet where you sent money.
- Save receipts, deposit slips, bank confirmations, e-wallet transaction pages, and email notifications.
Avoid editing screenshots. Keep original files where possible because metadata, filenames, and timestamps may later help establish authenticity.
2. Contact Your Bank or E-Wallet Immediately
Report the transaction through the official fraud hotline, in-app support, branch, or customer service channel of your bank or e-wallet.
Ask for:
- Immediate blocking or freezing of your account if compromised
- Dispute case number or ticket number
- Written confirmation of your report
- Trace or hold request for the recipient account
- Coordination with the receiving bank or e-wallet
- Replacement of cards, credentials, or access devices if needed
Be specific. Say that the transaction is a suspected online fraud or scam, not merely a mistaken transfer. If you were tricked by social engineering, say so. Under AFASA, disputed transactions may trigger coordinated verification and possible temporary holding of funds if the funds are still traceable within the financial system. (Lawphil)
3. Secure Your Own Accounts
Do this even if you think you “only sent money” and did not give passwords.
- Change passwords for email, banking, e-wallets, social media, and shopping accounts.
- Turn on multi-factor authentication.
- Log out of all devices.
- Remove unknown linked devices.
- Revoke screen-sharing, remote access, or third-party app permissions.
- Call your telco if your SIM lost signal, because SIM swap or account takeover may be involved.
- Check whether your email has forwarding rules you did not create.
- Scan your phone or computer if you installed an APK, remote access app, fake government app, fake bank app, or suspicious file.
If the scammer got your OTP, MPIN, password, card details, or ID documents, assume your identity and accounts may be reused in later fraud attempts.
4. File a Cybercrime Report
For cyber-related scams, report to the PNP Anti-Cybercrime Group or the NBI Cybercrime Division.
The NBI Cybercrime Division’s Citizen’s Charter states that the general public may request investigative assistance, file a complaint, execute sworn statements, submit prepared affidavits, and submit devices relevant to the probe; the listed government fee is none. (National Bureau of Investigation)
You may also use current government reporting channels for online scam incidents. The Cybercrime Investigation and Coordinating Center is mandated to support cybercrime prevention, investigation coordination, awareness, and digital operations, and public reports also refer to the government’s 1326 cybercrime complaint hotline and eGovPH reporting channels for scam reports. (www.foi.gov.ph)
5. Prepare a Complaint-Affidavit
A complaint-affidavit is your sworn written statement explaining what happened. It is usually required for criminal complaints filed with law enforcement or the prosecutor.
A strong complaint-affidavit should include:
- Your full name, address, contact details, and government ID
- The scammer’s known names, aliases, numbers, emails, account usernames, wallet IDs, and bank details
- A clear timeline of events
- The exact false statements or promises made
- Why you believed the scammer
- The amount paid and how it was transferred
- Transaction reference numbers
- Screenshots and documents attached as annexes
- The damage you suffered
- A statement that you are willing to testify
In the Philippines, affidavits are usually notarized. If you are abroad, you may need consular notarization, apostille, or local notarization accepted by the receiving office depending on where and how the document will be used.
6. File With the Prosecutor When the Evidence Is Ready
Police or NBI investigators may help build the case, but criminal prosecution generally proceeds through the prosecutor’s office. Criminal actions are prosecuted under the direction and control of the prosecutor. (Supreme Court E-Library)
For many serious scam cases, a preliminary investigation may be required before a case is filed in court. The DOJ’s 2024 National Prosecution Service rules apply to preliminary investigations and inquests by prosecutors, and current Supreme Court materials recognize that these are executive functions of prosecutors, not court proceedings. (Supreme Court of the Philippines)
In practical terms, the prosecutor will look for evidence that can prove:
- A crime was committed
- The respondent is probably responsible
- The evidence is admissible, credible, and capable of being presented in court
- The elements of the specific offense are present
This is why “I was scammed” is not enough. You need a clear factual story supported by documents.
Where to Report Based on the Type of Scam
| Situation | Where to report | Why it matters |
|---|---|---|
| Money sent through bank or e-wallet | Your bank/e-wallet first, then BSP if unresolved | Possible account blocking, tracing, dispute handling, coordinated verification |
| Fake seller, phishing, romance scam, hacked account, online extortion | PNP Anti-Cybercrime Group or NBI Cybercrime Division | Cybercrime investigation and digital evidence preservation |
| Investment, crypto, securities, Ponzi, guaranteed-return scheme | SEC, plus PNP/NBI if fraud occurred | SEC can act on unauthorized investment-taking and corporate violations |
| Fraud involving a BSP-supervised bank, e-wallet, remittance company, or payment provider | BSP Consumer Assistance Mechanism | BSP can handle complaints involving supervised financial institutions |
| Scam text, spoofed number, malicious SMS | CICC/eGovPH/NTC-related reporting channels | Helps block numbers and preserve telecom-related leads |
| Identity theft or misuse of personal data | National Privacy Commission, plus law enforcement if criminal | Data privacy and identity misuse issues |
| Large organized scam or money laundering indicators | PNP/NBI, AMLC-related channels through authorities, and financial institution reporting | Helps trace proceeds and identify mule networks |
The BSP says consumers should first report concerns to the financial institution’s consumer assistance mechanism. If unresolved, consumers may file through BSP’s Online Buddy or submit a Complaints, Inquiries and Requests form, together with the complaint filed with the institution, its reply if any, and supporting documents. (Bureau of the Treasury)
For investment-related complaints, the SEC’s online complaint portal allows users to open tickets and check ticket status, and the SEC lists its headquarters and official online services through its public site. (Securities and Exchange Commission)
Documents and Evidence You Should Prepare
| Evidence | Why it helps |
|---|---|
| Government ID | Establishes your identity as complainant |
| Complaint-affidavit | Main sworn narrative of the scam |
| Screenshots of chats | Shows promises, deception, payment instructions, and admissions |
| Payment receipts | Proves the amount, date, recipient, and reference number |
| Bank or e-wallet statements | Supports financial loss and tracing |
| Scammer profile links and usernames | Helps investigators identify accounts before deletion |
| Phone numbers and email addresses | Useful for telco, platform, and subpoena requests |
| Website URLs and domain details | Important for fake investment sites and phishing pages |
| Delivery records or courier details | Useful for fake seller cases |
| Prior demand messages | May show refusal to refund, but not always required |
| Device used in the transaction | May be examined if malware, hacking, or account takeover is involved |
For digital evidence, keep both screenshots and original files. If possible, save PDFs of transaction confirmations, email headers, and platform receipts. Do not rely only on cropped images.
Can You Get Your Money Back?
Sometimes, yes. But recovery depends on timing and traceability.
You have better chances when:
- You reported within minutes or hours
- The funds are still in the receiving account
- The receiving institution acts quickly
- The recipient account is not merely a first-layer mule account
- You have complete transaction details
- The scam involved a regulated financial institution that failed to apply adequate safeguards
You have lower chances when:
- Days or weeks have passed
- The funds were withdrawn in cash
- The money passed through multiple mule accounts
- The scammer used crypto, foreign accounts, or unregistered offshore platforms
- You only have a nickname or deleted profile
- You paid through informal channels with little verification
Under AFASA, institutions may temporarily hold disputed funds and coordinate verification, but this is not a magic refund button. If the money has already left the system, the case may shift from immediate recovery to criminal prosecution, restitution, civil liability, or asset tracing. AFASA also provides that conviction for covered offenses carries civil liability, which may include restitution for damage suffered by the aggrieved party. (Lawphil)
Criminal Case, Civil Case, or Both?
A criminal case punishes the offender. A civil case focuses on recovering money or damages. In Philippine criminal procedure, the civil action for recovery of civil liability arising from the offense is generally connected with the criminal action unless waived, reserved, or otherwise handled under the rules. (Lawyerly)
In practical terms:
- If you file a criminal complaint for estafa or cybercrime, the court may later award civil liability if there is a conviction.
- If speed of recovery is the main concern, civil remedies may be considered, especially if the scammer’s identity and assets are known.
- If the scammer is unknown, fake, or abroad, law enforcement investigation may be the first realistic step.
- If a regulated bank, e-wallet, or financial provider mishandled your dispute, regulatory complaint channels may be important alongside criminal reporting.
Common Mistakes That Hurt Online Fraud Cases
Waiting Too Long Before Reporting
Many victims wait because the scammer promises a refund, says there is a “processing delay,” or asks for more payments. This is common in investment scams, romance scams, and fake courier scams.
Report once you have a reasonable basis to believe there is fraud. You can always supplement your report later.
Sending More Money to “Unlock” the Refund
Scammers often ask for additional fees: tax, customs, withdrawal charge, verification deposit, anti-money laundering clearance, lawyer fee, or account upgrade fee. These are usually part of the same scam.
Deleting Chats Out of Embarrassment
Embarrassment is understandable, especially in romance scams or scams involving private photos. But deleted messages can weaken your case. Preserve first, decide later what is relevant.
Posting Everything Publicly
Public posts may warn others, but they can also alert the scammer, trigger deletion of evidence, or expose you to defamation counter-threats if you name the wrong person. It is safer to preserve evidence and report through official channels first.
Filing Only a Barangay Complaint
Barangay conciliation is not the main remedy for most online fraud cases, especially where the offense is serious, the scammer is unknown, parties live in different cities, or cybercrime and public offenses are involved. Philippine barangay conciliation rules exclude, among others, offenses punishable by imprisonment exceeding one year or a fine over ₱5,000. (Lawphil)
Thinking a GCash, Maya, or Bank Account Name Is Automatically the Scammer
The account holder may be the scammer, a paid mule, a hacked account owner, or a trafficking victim forced to open accounts. AFASA specifically targets money muling, but investigators still need proof of the person’s role and intent.
Special Situations
If You Are an OFW or Abroad
You can still report a Philippine online scam, especially if the receiving account, e-wallet, suspect, victim, or platform activity is connected to the Philippines. Practical steps include:
- Save Philippine transaction records and chat evidence.
- Ask your bank or remittance provider for official receipts.
- Prepare a sworn statement abroad.
- Check whether the receiving Philippine office requires consular notarization, apostille, or a locally notarized affidavit.
- Designate a trusted representative in the Philippines through a Special Power of Attorney if physical filing or follow-up is needed.
Foreign notarization rules can be strict. If your affidavit will be submitted to a Philippine prosecutor or court, ask the receiving office what format they will accept before spending money on authentication.
If You Are a Foreigner Scammed by Someone in the Philippines
Foreigners can file complaints in the Philippines if the fraud has Philippine elements, such as a Philippine bank account, e-wallet, phone number, suspect, platform user, or victim impact in the country. AFASA provides jurisdiction when elements are committed in the Philippines, when Philippine computer systems or infrastructure are used, or when damage is caused to a person in the Philippines or to a financial account maintained with an institution operating in the Philippines. (Lawphil)
Foreign complainants should prepare clear identity documents, proof of transfer, and properly authenticated statements if filing from abroad.
If the Scam Was an Investment Scheme
Investment scams should usually be reported to both law enforcement and the SEC. Warning signs include:
- Guaranteed high returns
- Referral commissions
- “No risk” investment claims
- Use of “trading bots” without verifiable licenses
- Pressure to recruit others
- Refusal to allow withdrawals unless more money is paid
- Claiming to be “SEC registered” when only a business name or corporation exists
SEC registration as a corporation is not the same as authority to solicit investments from the public.
If Crypto Was Involved
Crypto cases are harder because transfers may be irreversible and wallets may be offshore. Still, preserve:
- Wallet addresses
- Transaction hashes
- Exchange account details
- Chat instructions
- Screenshots of fake dashboards
- Deposit and withdrawal records
- Names of apps or exchanges used
If a Philippine bank or e-wallet was used to buy or transfer crypto, report that part immediately because it may still provide a traceable entry point.
Practical Timeline: What Usually Happens
| Stage | Typical timing | What happens |
|---|---|---|
| Bank/e-wallet fraud report | Same day if possible | Account may be blocked, ticket created, trace or hold request initiated |
| BSP escalation | After reporting to institution, if unresolved | BSP may refer or require response from supervised institution |
| PNP/NBI cybercrime report | Same day to a few days | Evidence intake, complaint sheet, sworn statement, possible forensic review |
| Prosecutor complaint | After evidence is organized | Complaint-affidavit and annexes submitted for evaluation |
| Preliminary investigation | Weeks to months | Respondent may be required to answer if identified |
| Court case | Months to years | Trial, evidence presentation, possible restitution upon conviction |
| Recovery | Varies widely | Fast if funds are frozen early; difficult if withdrawn or transferred onward |
Bottlenecks are common. Investigators may need platform records, bank coordination, subscriber information, digital forensic work, or prosecutor approval. International platforms and foreign wallets add delay.
Official Links and Reporting Resources
- Anti-Financial Account Scamming Act, Republic Act No. 12010 — Lawphil (Lawphil)
- Cybercrime Prevention Act, Republic Act No. 10175 — Lawphil (Lawphil)
- Access Devices Regulation Act, Republic Act No. 8484 — Lawphil (Lawphil)
- Financial Products and Services Consumer Protection Act, Republic Act No. 11765 — Supreme Court E-Library (Supreme Court E-Library)
- SIM Registration Act, Republic Act No. 11934 — Supreme Court E-Library (Supreme Court E-Library)
- NBI Cybercrime Division Citizen’s Charter for computer crime complaints (National Bureau of Investigation)
- BSP Consumer Assistance channels for complaints against BSP-supervised financial institutions (Bureau of the Treasury)
- SEC i-Message portal for complaints and tickets (Securities and Exchange Commission)
Frequently Asked Questions
Can I still report an online scam if I only lost a small amount?
Yes. Small losses can still involve criminal conduct, and small reports may help link one scammer to many victims. Even if you decide not to pursue a full case, reporting helps banks, e-wallets, telcos, platforms, and law enforcement identify mule accounts and repeat offenders.
Should I report first to the police, NBI, or my bank?
If money just moved through a bank or e-wallet, report to the bank or e-wallet first because speed matters for tracing and possible holding of funds. Then report to PNP Anti-Cybercrime Group or NBI Cybercrime Division for investigation. If the financial institution does not resolve your complaint, escalate to BSP if it is BSP-supervised.
What if the scammer deleted the account?
Deleted accounts can still leave traces. Save URLs, usernames, screenshots, email notifications, payment records, phone numbers, and transaction IDs. Platforms, banks, telcos, and payment providers may have logs, but those usually require proper law enforcement or legal processes.
Can the bank or e-wallet reverse the transfer?
Not always. If the funds are still available and the transaction is flagged quickly, a hold or coordinated verification may help. If the recipient already withdrew or moved the money, reversal becomes difficult. AFASA improves the framework for disputed financial transactions, but it does not guarantee automatic recovery.
Is an online seller scam automatically estafa?
Not always. A failed delivery or bad transaction is not automatically estafa. The key issue is whether there was deceit from the beginning or at the time you paid. A seller who never intended to deliver, used a fake identity, sent fake proof, or repeatedly used the same scheme is more likely to face criminal exposure.
Do I need a notarized affidavit?
Usually, yes, for a formal criminal complaint. Law enforcement may first receive your report or complaint sheet, but a sworn complaint-affidavit is commonly needed for prosecutor action. If you are abroad, ask the receiving office whether it requires apostille, consular notarization, or a specific affidavit format.
Can I file a case if I only know the scammer’s GCash, Maya, or bank account?
Yes, you can start with the account details, phone number, reference number, and screenshots. But to prosecute a person, investigators must identify who controlled or used the account and prove the person’s participation. The named account holder may be a mule, victim, recruiter, or direct scammer.
What if the scammer is outside the Philippines?
You can still report if there is a Philippine connection, such as a Philippine account, e-wallet, phone number, victim, platform activity, or financial institution. Cross-border recovery is harder, but early reporting can preserve local evidence and help identify Philippine-based accomplices.
Should I accept a partial refund from the scammer?
Be careful. A partial refund does not automatically erase criminal liability, but messages about settlement can affect how the dispute is documented. Do not sign anything saying you were not scammed or that you have no complaint unless you fully understand the effect. Keep records of all refund offers and payments.
Can I post the scammer’s name online?
You may warn others, but public accusations carry risk if you identify the wrong person, expose private data, or publish unverified claims. It is generally safer to file official reports first, preserve evidence, and avoid posting sensitive IDs, bank details, or private information publicly.
Key Takeaways
- Report the scam to your bank or e-wallet immediately; speed can determine whether funds are held or lost.
- Preserve all evidence before the scammer deletes accounts, chats, listings, or websites.
- Online fraud may involve estafa, cybercrime, AFASA violations, access device fraud, investment fraud, or multiple offenses.
- AFASA gives stronger tools for disputed financial transactions, money mule accounts, social engineering, temporary holding of funds, coordinated verification, and possible restitution.
- File cybercrime reports with PNP ACG or NBI Cybercrime Division, and escalate financial institution issues to BSP or investment-related matters to SEC.
- A strong complaint needs a clear timeline, proof of deception, proof of payment, respondent identifiers, and properly organized attachments.
- Recovery is most realistic when you report within hours and the funds remain traceable.
- Do not send more money, delete evidence, or rely only on barangay proceedings for serious online fraud.