What to Do After Losing Money to an Online Scam in the Philippines

Losing money to an online scam is frightening, embarrassing, and time-sensitive. In the Philippines, your first goal is not to “win a case” immediately; it is to stop further loss, preserve digital evidence, create an official paper trail, and report to the right office before the money disappears through mule accounts. This guide explains what to do after an online scam in the Philippines, which laws may apply, where to report, what documents to prepare, and what realistic outcomes to expect.

What counts as an online scam in the Philippines?

An online scam usually involves a person, page, app, website, or chat account that deceives you into sending money, giving account access, or sharing sensitive information. Common examples include:

  • Fake online sellers who disappear after payment
  • Fake investment platforms, crypto schemes, “double your money” offers, or Ponzi-style groups
  • Romance scams and emergency-money scams
  • Phishing links that steal bank, e-wallet, or card credentials
  • Impersonation of banks, government agencies, delivery companies, employers, or well-known brands
  • Fake job offers requiring “processing fees,” “wallet tasks,” or “merchant recharge”
  • Recovery scams where someone asks for another fee to “retrieve” the lost money

Legally, the same incident may fall under several laws at once. A fake seller may involve estafa under the Revised Penal Code. A phishing scam may involve the Cybercrime Prevention Act of 2012 and the Anti-Financial Account Scamming Act of 2024. An investment scam may involve the Securities Regulation Code and the Financial Products and Services Consumer Protection Act.

First 24 hours: what to do immediately after losing money

1. Stop all communication that asks for more money

Scammers often continue the fraud by asking for:

  • “Tax clearance”
  • “Account verification”
  • “Withdrawal fee”
  • “Customs fee”
  • “Unlocking fee”
  • “Lawyer fee”
  • “Recovery fee”

Do not send more money. If the scammer is still chatting with you, avoid threatening them or revealing that you are already reporting. Calmly preserve the conversation and payment details first.

2. Contact your bank, e-wallet, card issuer, or remittance provider

Report the transaction through the official app, hotline, branch, or verified website of the bank or e-wallet involved. Ask for a case number or ticket number. If the transaction involved a bank, e-wallet, credit card, remittance company, or other BSP-supervised financial institution, the Bangko Sentral ng Pilipinas expects consumers to first report the concern to the institution’s own Financial Consumer Protection Assistance Mechanism before escalating to BSP. BSP’s Consumer Assistance Channels also allow escalation through BSP Online Buddy and other channels if the institution’s response is unresolved or unsatisfactory. (Bureau of the Treasury)

When reporting, say clearly:

  • “I am reporting a suspected online scam/fraudulent transaction.”
  • “Please block further transactions from my account.”
  • “Please check if the recipient account can be flagged, held, frozen, or investigated under your fraud procedures.”
  • “Please provide a ticket number and written acknowledgment.”
  • “Please tell me what documents you need for dispute, chargeback, reimbursement, or investigation.”

A bank or e-wallet cannot always reverse a completed transfer, especially if the funds have already been withdrawn or moved. But early reporting may help preserve transaction records, flag mule accounts, and support law-enforcement or regulator action.

3. Secure your accounts

Change passwords immediately for:

  • Email accounts
  • Online banking
  • E-wallets
  • Social media accounts
  • Shopping apps
  • Crypto exchange accounts

Turn on multi-factor authentication. If you clicked a suspicious link, assume your phone or browser session may be compromised. Log out all devices where possible. If your SIM, phone, or email was taken over, report that separately to the telco, bank, e-wallet, and law enforcement.

4. Preserve evidence before it disappears

Do not delete chats, block the account too early, or uninstall the app without saving evidence. Online accounts, posts, and websites can vanish quickly.

Prepare a folder containing:

  • Screenshots of the scammer’s profile, page, username, email, phone number, or website
  • Full chat history, including dates and timestamps
  • Proof of payment: receipts, reference numbers, QR codes, bank slips, GCash/Maya/bank transaction details, remittance receipts, or crypto transaction hashes
  • Links to posts, ads, websites, group chats, or listings
  • Names of other victims, if any
  • The scammer’s bank name, e-wallet number, account name, account number, QR merchant name, or wallet address
  • Your valid ID
  • A short written timeline of events

Electronic records matter. The Philippine E-Commerce Act, Republic Act No. 8792 of 2000, recognizes electronic documents and data messages when their integrity and reliability can be authenticated, so screenshots, emails, transaction confirmations, and digital logs can become useful evidence if properly preserved. (LawPhil)

Legal basis: what laws may apply to online scams

Estafa under Article 315 of the Revised Penal Code

Many online scams are prosecuted as estafa, or swindling. In simple terms, estafa happens when someone uses deceit or abuse of confidence to cause another person to part with money or property.

For online scam cases, the common theory is estafa by false pretenses under Article 315(2)(a) of the Revised Penal Code. The Supreme Court has described the elements as: a false pretense or fraudulent representation; the false pretense was made before or at the same time as the fraud; the victim relied on it and parted with money or property; and the victim suffered damage. (Supreme Court E-Library)

This is why your evidence should show not only that you paid, but why you paid. The complaint should connect the scammer’s false statements to your decision to send money.

Example:

  • Weak evidence: “I sent ₱20,000 and they blocked me.”
  • Stronger evidence: “They represented themselves as an authorized seller of a phone, showed fake proof of inventory and delivery, gave a payment account, promised delivery on June 10, 2026, and I sent ₱20,000 because of those representations.”

Cybercrime Prevention Act of 2012

Republic Act No. 10175, the Cybercrime Prevention Act of 2012, matters because many scams are committed through social media, email, messaging apps, fake websites, online marketplaces, or other information and communications technologies. Section 6 of RA 10175 provides that crimes under the Revised Penal Code and special laws, if committed through information and communications technologies, are covered by the Act and may carry a penalty one degree higher. (Supreme Court E-Library)

The cybercrime law also matters for evidence preservation. RA 10175 provides for preservation of traffic data and subscriber information for a minimum period, and disclosure of computer data through proper legal process. In practice, this is why early reporting to NBI Cybercrime Division, PNP Anti-Cybercrime Group, or the proper cybercrime desk is important before platform logs, telco data, or account information become harder to obtain. (LawPhil)

Anti-Financial Account Scamming Act of 2024

Republic Act No. 12010, the Anti-Financial Account Scamming Act (AFASA), is especially relevant when the scam used bank accounts, e-wallets, payment accounts, or “money mule” accounts. AFASA defines and penalizes financial account scamming and recognizes offenses such as money muling and social engineering schemes involving sensitive financial information. (LawPhil)

AFASA describes money muling as acts involving the use, lending, selling, renting, opening, or recruiting of financial accounts to receive, transfer, withdraw, or move proceeds known to be from crimes or social engineering schemes. It also covers social engineering schemes where a person obtains sensitive identifying information through deception or fraud, resulting in unauthorized access or control over a financial account. (LawPhil)

This is important because victims often only know the recipient account, not the true scammer. The person whose account received the money may be:

  • The scammer
  • A recruited money mule
  • A stolen-identity account
  • A person who “rented” or “lent” an account
  • A business or merchant account abused by fraudsters

Financial consumer and investment fraud laws

If the scam involved a financial product, investment, insurance, lending, remittance, payment service, or digital financial service, Republic Act No. 11765, the Financial Products and Services Consumer Protection Act of 2022, may apply. The law recognizes financial consumers’ rights to fair treatment, disclosure, protection of consumer assets against fraud and misuse, data privacy, and timely complaint handling. (Supreme Court E-Library)

RA 11765 also defines investment fraud as deceptive solicitation of investments from the public, including Ponzi schemes, promises of profits sourced from other investors’ contributions, boiler room operations, and offering or selling investment schemes to the public without the required SEC license or permit. (Supreme Court E-Library)

For securities or investment contracts, Republic Act No. 8799, the Securities Regulation Code of 2000, is also relevant because securities generally cannot be sold or offered to the public without proper registration or exemption, and fraudulent transactions in connection with securities are prohibited. (LawPhil)

Civil liability for damages

A scam may also create civil liability. Under the Civil Code, a person who causes damage contrary to law, through fraud, bad faith, or wrongful acts, may be liable for damages. Article 1170 makes persons liable for damages when, in the performance of obligations, they are guilty of fraud, negligence, delay, or contravention of the obligation. Civil Code principles may support recovery of the amount lost, damages, and other relief, depending on the facts. (LawPhil)

Where to report an online scam in the Philippines

Office or platform Best for What it can usually do
Your bank, e-wallet, card issuer, or remittance provider Immediate fraud report, transaction dispute, account blocking Create a fraud ticket, block your account, investigate transaction trails, coordinate with other institutions or law enforcement
CICC / I-ARC Hotline 1326 Initial cyber scam reporting and routing Receive reports, guide victims, and help route incidents to proper cybercrime authorities; government materials describe Hotline 1326 as a central 24/7 number for online scams and cybercrimes. (Philippine Information Agency)
PNP Anti-Cybercrime Group Cybercrime investigation involving social media, telco, online accounts, devices Receive complaints, investigate, request cybercrime warrants through proper channels, coordinate with prosecutors
NBI Cybercrime Division Cybercrime complaints, device examination, identity tracing, formal investigation The NBI Citizen’s Charter for victims of computer crimes lists filing, preliminary interview, sworn statements or affidavits, device examination, and supporting documents as part of the process, with no stated fee for the listed service. (National Bureau of Investigation)
Office of the City or Provincial Prosecutor Criminal complaint for estafa, cybercrime-related offenses, or special-law violations Conduct preliminary investigation and determine probable cause for filing in court
SEC Philippines Investment scams, Ponzi schemes, unauthorized solicitation of investments Receive reports/complaints, investigate entities, issue advisories, orders, or enforcement actions within SEC jurisdiction
BSP Consumer Assistance Unresolved bank/e-wallet/remittance complaints involving BSP-supervised institutions Handle escalated consumer complaints through BSP Consumer Assistance Mechanism after the consumer has first raised the issue with the institution. (Bureau of the Treasury)
DTI Consumer Care / Fair Trade Enforcement Bureau Online seller complaints, non-delivery, deceptive sales practices involving sellers DTI accepts consumer complaints through its online portal or FTEB channels; its e-commerce FAQ states that complaints against online sellers may be sent to FTEB and copied to the E-Commerce Office. (ecommerce.dti.gov.ph)
National Privacy Commission Misuse of personal data, identity theft, unauthorized disclosure, doxxing, harassment using personal data NPC requires formal complaints in a specific format, with notarization and submission through its available channels. (National Privacy Commission)

Step-by-step guide to filing a strong complaint

Step 1: Write a clear timeline

Prepare a simple chronology. Do not start with legal conclusions. Start with facts.

Include:

  1. Date and time you first saw the ad, message, post, or offer
  2. Name, username, number, email, website, or page used by the scammer
  3. What the scammer promised
  4. What proof or documents they showed
  5. Why you believed them
  6. Amount sent and payment method
  7. Recipient account details
  8. What happened after payment
  9. Attempts to request refund or delivery
  10. Current status of the scammer’s account or page

A clear timeline helps investigators see the elements of estafa: the false representation, your reliance, your payment, and the resulting damage.

Step 2: Organize evidence by transaction

For each payment, prepare a mini-record:

Item Example
Date and time July 4, 2026, 2:15 PM
Amount ₱18,500
Method GCash transfer / bank transfer / credit card / remittance / crypto
Sender account Your account name or masked number
Recipient account Name, number, bank/e-wallet, QR merchant, wallet address
Reference number App or receipt reference code
Screenshot file “Payment_1_July4_2026.png”
Related chat Screenshot showing the instruction to pay

If there are multiple payments, label them Payment 1, Payment 2, Payment 3. Investigators and prosecutors handle many cases; organized evidence helps prevent confusion.

Step 3: Get official acknowledgments

For each report, save:

  • Bank or e-wallet ticket number
  • Email acknowledgment
  • Police or NBI reference number, if given
  • Complaint receiving copy
  • Prosecutor docket number, if filed
  • BSP, SEC, DTI, or NPC reference number, if applicable

A common problem is that victims “reported” through chat or hotline but cannot later prove what was reported, when, and to whom. Always keep screenshots or PDFs of acknowledgments.

Step 4: Execute a complaint-affidavit if required

For criminal complaints, you will usually need a complaint-affidavit. This is a sworn written statement explaining the facts and attaching evidence. It should be specific, chronological, and supported by annexes.

A practical complaint-affidavit usually includes:

  • Your full name, age, citizenship, address, and contact details
  • The identity of the respondent, if known
  • The usernames, phone numbers, email addresses, account names, and financial accounts used
  • The false representations made
  • The amount lost
  • The attached evidence
  • A statement that the contents are true based on personal knowledge and records

The NBI process for victims of computer crimes includes a complaint sheet, preliminary interview, sworn statements or prepared affidavits, supporting documents, and possible examination of relevant devices. (National Bureau of Investigation)

Step 5: File with the proper investigating agency or prosecutor

You may start with the PNP Anti-Cybercrime Group, NBI Cybercrime Division, or the local police cybercrime desk if available. For some cases, especially when you already have the respondent’s identity and evidence, a complaint may be filed directly with the Office of the City or Provincial Prosecutor.

In practice:

  • PNP/NBI can help investigate, trace digital leads, and prepare referral documents.
  • The prosecutor determines probable cause and whether to file the case in court.
  • The court determines guilt and civil liability after trial.

Do not expect a barangay blotter alone to recover money or identify a cybercriminal. A blotter may document that you reported an incident, but online scam cases usually require bank records, platform data, telco data, affidavits, and law-enforcement investigation.

What documents should you prepare?

Document Why it matters
Valid government ID Establishes your identity as complainant
Written timeline Helps investigators understand the story quickly
Screenshots of chats, posts, profiles, ads, and websites Shows false representations and scammer identity markers
Proof of payment Shows amount lost and money trail
Bank/e-wallet transaction history Helps identify recipient account and timestamps
Complaint tickets from bank/e-wallet Shows you reported promptly
Demand/refund messages, if any Shows attempts to resolve and scammer response
Affidavit-complaint Required or useful for criminal complaint filing
Witness affidavits Useful if someone else saw the transaction, joined the group, or was also scammed
Device used in the transaction May be examined if needed for cyber evidence
SEC/DTI/BSP/NPC complaint forms, when applicable Needed for regulator-specific complaints

Print important evidence, but also keep the original digital files. Screenshots should ideally show the full screen, date/time, username, URL or profile link, and context. For long chats, export the chat if the platform allows it.

Common scenarios and where they usually go

Fake online seller

If you paid for goods and the seller disappeared, this may be a consumer complaint, estafa, or both. If the seller is an identifiable business or online merchant, DTI may be useful for mediation or consumer redress. If the seller used a fake identity and never intended to deliver, law enforcement may treat it as estafa or cybercrime-related fraud.

Phishing or unauthorized account access

If your money was transferred after you clicked a link, shared an OTP, installed an app, or gave credentials, report immediately to the bank/e-wallet and to cybercrime authorities. AFASA is relevant because it covers social engineering schemes involving sensitive identifying information and unauthorized access or control over financial accounts. (LawPhil)

Investment or crypto scam

If the scheme promised profits, commissions, guaranteed returns, “AI trading,” “staking,” “mining,” “VIP levels,” or referral income, report to law enforcement and consider SEC reporting. A company being “SEC registered” as a corporation does not automatically mean it is authorized to solicit investments from the public. What matters is whether the offering is properly registered, exempt, or licensed under securities and financial laws.

Romance scam

Romance scams are often estafa cases if the scammer used false pretenses to induce you to send money. Evidence should show the story they used: medical emergency, travel documents, customs fees, business crisis, inheritance, military deployment, or similar claims.

Job task, recharge, or commission scam

These scams usually begin with small payments or small withdrawals to build trust, then require larger “recharge” payments to unlock commissions. Preserve the task instructions, group chats, account levels, recruiter details, and payment trails. These cases often involve multiple victims and mule accounts.

What if you are abroad, an OFW, or a foreigner?

You can still prepare a complaint if the scam involved a Philippine account, Philippine resident, Philippine platform activity, or money sent into the Philippines. The practical challenge is signing sworn documents and coordinating follow-ups.

If you are outside the Philippines:

  • Prepare a detailed affidavit and evidence bundle.
  • Check whether the agency will accept initial reporting by email or online channel.
  • If someone in the Philippines will file or follow up for you, prepare a Special Power of Attorney.
  • Documents executed abroad may need notarization before a Philippine Embassy or Consulate, or apostille/authentication depending on where the document was issued and where it will be used. The DFA Apostille system allows appointment-based authentication services, and authorized representatives may apply with required authorization documents. (DFA Appointment System)
  • Keep time zones clear in your timeline. State both local time abroad and Philippine time if possible.

Foreigners should also keep passport pages, visa status if relevant, remittance records, and proof of their connection to the Philippine transaction. If documents are in a language other than English or Filipino, a translation may be needed.

Realistic timelines and bottlenecks

Stage Practical timing Common bottleneck
Bank/e-wallet fraud report Same day, preferably within minutes or hours Funds already withdrawn or transferred onward
CICC/I-ARC report Hotline reports may be made immediately; government materials describe 1326 as 24/7 Routing to the proper agency and completeness of details
NBI Cybercrime initial assistance NBI Citizen’s Charter lists an initial process involving complaint filing, interview, affidavits, and approval steps with no fee and a total listed processing time of about 1 hour and 10 minutes for the chartered service Queueing, complexity of case, availability of records, regional office capacity (National Bureau of Investigation)
Prosecutor preliminary investigation Often several weeks to months Need to identify respondents, obtain records, and serve notices
Court case Often months to years Docket congestion, witness availability, technical evidence, settlement discussions
BSP escalation BSP states that BOB complaints are immediately processed with a reference number, while email or postal concerns are evaluated and acted on or referred within seven banking days from receipt Incomplete proof of prior complaint with the financial institution (Bureau of the Treasury)

The hardest part is often not proving that you lost money. It is identifying the real person behind the account, preserving platform and financial records, and proving deceit before or at the time you paid.

Mistakes that can weaken your case

Deleting the conversation

Do not delete chats because they are embarrassing. The parts that feel embarrassing may be the exact parts that prove deceit.

Posting accusations without preserving evidence first

Public posts may warn others, but they can also alert the scammer to delete accounts, move funds, or change names. Preserve evidence first.

Relying only on screenshots

Screenshots are useful, but investigators may need URLs, account IDs, phone numbers, transaction references, device data, and original files. A screenshot without context is easier to challenge.

Sending money to “recovery agents”

Many victims are scammed twice. Be suspicious of anyone who guarantees recovery for an advance fee, claims to know a “bank insider,” or asks for your OTP, seed phrase, password, or remote access.

Assuming the account name is the mastermind

The named bank or e-wallet account holder may be a mule, identity-theft victim, or low-level participant. Still report the account details, but avoid assuming the whole case is solved just because you have a recipient name.

Waiting too long

Delay makes it harder to preserve digital records and freeze or trace funds. Report quickly even if your evidence is not perfect yet. You can supplement the complaint later.

Frequently Asked Questions

Can I still recover money lost to an online scam in the Philippines?

Possibly, but recovery is not automatic. The best chance is when you report immediately, the receiving account still has funds, the transaction can be disputed, or law enforcement/regulators can trace and preserve assets. If the money has passed through multiple mule accounts or was withdrawn in cash or crypto, recovery becomes harder.

Should I report first to the police, NBI, or my bank/e-wallet?

Report to your bank or e-wallet immediately because they control the account-level response. At the same time or shortly after, report to CICC, PNP Anti-Cybercrime Group, NBI Cybercrime Division, or the proper prosecutor depending on the case. For financial institution complaints, BSP generally expects you to raise the concern first with the institution’s own consumer assistance mechanism before escalation. (Bureau of the Treasury)

Is an online scam considered estafa?

Often, yes. If the scammer used false pretenses or fraudulent representations before or at the time you sent money, and you relied on those representations and suffered loss, the facts may support estafa under Article 315 of the Revised Penal Code. The exact charge depends on the evidence and the prosecutor’s evaluation. (Supreme Court E-Library)

Is a barangay blotter enough?

Usually, no. A barangay or police blotter may help document that you reported an incident, but online scams normally require a formal complaint, affidavits, payment records, digital evidence, and investigation by the proper law-enforcement or prosecutorial office.

What if the scammer used a fake name?

You can still report. Provide account numbers, e-wallet numbers, phone numbers, usernames, URLs, IP-related clues if available, delivery details, courier information, and transaction references. Law enforcement may need warrants, requests, or coordination with platforms and financial institutions to identify the person behind the account.

What if I sent money through GCash, Maya, bank transfer, or QR code?

Report through the official fraud or customer support channel of the app or bank immediately. Ask for a ticket number and whether the recipient account can be flagged. Save the receipt, reference number, account name, account number or mobile number, and exact timestamp.

What if the scam involved crypto?

Save the wallet address, transaction hash, exchange account details, screenshots of instructions, and any KYC-related information. Crypto transfers are often difficult to reverse, but the transaction trail can still be useful. If the scheme promised investment returns, also consider SEC reporting.

Can an OFW or foreigner file a complaint for an online scam in the Philippines?

Yes, if there is a Philippine connection such as a Philippine recipient account, Philippine suspect, Philippine platform activity, or money routed through the Philippines. The person abroad may need a notarized, consularized, or apostilled affidavit or a Special Power of Attorney for a representative in the Philippines, depending on the filing requirements.

Do I need a lawyer to report an online scam?

Not always. Many victims start by reporting to their bank/e-wallet, CICC, PNP ACG, NBI Cybercrime Division, SEC, DTI, BSP, or NPC without a lawyer. For large losses, multiple victims, complex investments, crypto tracing, or a prosecutor/court case, legal assistance can help organize evidence, draft affidavits, and monitor the case.

Are screenshots enough evidence?

Screenshots help, but they are stronger when supported by payment receipts, exported chats, URLs, account IDs, email headers, bank statements, device records, and sworn statements. The goal is to show a complete chain: false representation, reliance, payment, receipt by the account, and loss.

Key Takeaways

  • Act fast. The first hours matter because funds can be withdrawn or moved through mule accounts.
  • Report immediately to your bank, e-wallet, card issuer, or remittance provider and get a ticket number.
  • Preserve chats, screenshots, URLs, account details, receipts, and transaction references before blocking or deleting anything.
  • Online scams may involve estafa, cybercrime, financial account scamming, investment fraud, consumer protection, data privacy, and civil liability.
  • PNP ACG, NBI Cybercrime Division, CICC/I-ARC, SEC, BSP, DTI, and NPC handle different parts of the problem.
  • A strong complaint is factual, chronological, and supported by organized evidence.
  • Recovery is possible in some cases, but not guaranteed; tracing, freezing, and reimbursement become harder as time passes.
  • OFWs and foreigners can still prepare complaints involving Philippine transactions, but sworn documents and representation may require consular notarization, apostille, or a Special Power of Attorney.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.