If your stolen phone is now being used to message people, ask for money, access e-wallets, or pretend to be you, treat it as both a theft incident and a cybercrime/identity misuse incident. Your priorities are to stop the SIM and device from being used, secure your accounts, preserve evidence, create a clear legal paper trail, and report the scam activity to the right Philippine agencies before more victims are affected or your name is dragged into the fraud.
What usually happens when a stolen phone is used for scams
A stolen phone can be more dangerous than a lost wallet because it may contain your SIM, email, banking apps, e-wallets, social media, saved passwords, photos of IDs, and access to one-time passwords or OTPs.
Common situations in the Philippines include:
- The thief uses your registered SIM to text your contacts asking for GCash, Maya, bank transfers, or load.
- Your Facebook, Messenger, Viber, WhatsApp, Telegram, Instagram, or email is used to impersonate you.
- The scammer asks your friends or relatives to send money to a different account.
- Your mobile number is used to register new accounts, receive OTPs, or reset passwords.
- Your phone is used as part of a larger scam operation, including phishing, fake online selling, fake job offers, investment scams, or romance scams.
- Victims report your name, number, or profile because those are what they saw during the scam.
The important point is this: being the owner of the stolen phone or registered SIM does not automatically mean you committed the scam. But you need proof that the phone or SIM was stolen, that you reported it promptly, and that you did not authorize the transactions or messages.
Immediate steps to take within the first few hours
1. Lock, track, or erase the phone remotely
Use the official device recovery tools immediately:
- For iPhone: use Apple’s Find My iPhone and Activation Lock.
- For Android: use Google’s Find, secure, or erase a lost Android device.
If you can still track the device, take screenshots showing:
- Date and time
- Location shown by the app
- Device name
- Last online status
Do not personally confront the suspected holder of the phone. If the location appears specific, bring that information to the police.
If you cannot recover the phone quickly, remotely lock or erase it. Erasing may remove local data, but it is often necessary if the phone contains banking apps, IDs, private photos, business data, or customer information.
2. Change passwords and remove active sessions
Start with the accounts that control other accounts:
- Main email address
- Apple ID or Google account
- Facebook/Messenger
- GCash, Maya, bank apps, crypto apps, shopping apps, and delivery apps
- Work email, Microsoft 365, Google Workspace, Slack, or company systems
- Password manager
- Cloud storage accounts such as Google Drive, iCloud, OneDrive, or Dropbox
Look for “logged-in devices,” “active sessions,” or “security activity,” then remove the stolen phone. Change passwords from a different trusted device.
If your SIM is still active, remember that the thief may still receive OTPs. That is why SIM blocking is urgent.
3. Report the stolen SIM to your telco and ask for barring or deactivation
Under the SIM Registration Act, Republic Act No. 11934, subscribers must immediately inform their public telecommunications entity or telco when a SIM is lost. The law requires the telco to deactivate the SIM within 24 hours from the report, and the RA 11934 IRR requires telcos to bar a reported lost or stolen SIM so it cannot be used for incoming or outgoing calls, texts, or mobile data.
When you contact the telco, ask for:
- Immediate barring or deactivation of the stolen SIM
- A reference number, ticket number, or written confirmation
- SIM replacement procedure if you want to keep the same number
- Confirmation that the report is tagged as “lost/stolen” and not merely “service concern”
Prepare the following:
| Requirement | Why it matters |
|---|---|
| Valid government ID | Proves you are the registered SIM owner |
| Mobile number | Identifies the SIM to be blocked |
| Registered name, address, and date of birth | Matches the SIM registration record |
| SIM card jacket, ICCID, PUK, old receipts, or screenshots, if available | Helps prove ownership |
| Police report or affidavit of loss/theft, if requested | Supports the lost/stolen report |
| Authorization letter and IDs, if a representative will go for you | Some telcos require personal appearance or strict verification |
For Smart/TNT, Smart’s official help page says lost or stolen phones may be reported through Smart’s channels, and that SIM replacement requires visiting a Smart Store with a valid government ID by the registered SIM owner: Smart lost or stolen phone guidance and Smart SIM replacement requirements.
For Globe/TM, use the GlobeOne app, official hotlines, or Globe Stores. For DITO, use the DITO app, official customer service, or DITO Experience Stores. Requirements may vary, but the legal duty to report a lost or stolen SIM applies to all registered SIMs.
4. Warn your contacts clearly but carefully
Post or send a short warning from a safe account:
My phone and SIM were stolen on [date/time/place]. Please do not respond to messages or calls from [number/account] asking for money, OTPs, load, bank transfers, or personal information. I have reported the incident to my telco and the authorities.
Avoid naming suspected thieves online unless you are certain and have evidence. Public accusations can create separate legal problems.
Ask people who received scam messages to send you screenshots showing:
- The sender’s number or account name
- Full message thread
- Date and time
- Payment instructions
- Account name and number where money was requested
- Any voice notes, links, QR codes, or images sent by the scammer
Tell them not to delete the conversation.
File a police report or blotter as soon as possible
A police report is not just for recovery of the phone. It creates an official record that the phone was stolen before or around the time the scam messages began.
Go to the nearest police station, preferably where the theft happened or where you discovered the theft. If the matter involves online scams, identity misuse, bank/e-wallet fraud, or hacking, you may also report to the PNP Anti-Cybercrime Group (PNP-ACG) or the NBI Cybercrime Division.
Bring:
- Valid ID
- Proof of ownership of the phone, if available
- IMEI number
- Box, receipt, warranty card, online purchase receipt, or screenshots from your phone account
- Your mobile number and telco
- Telco report ticket number
- Screenshots of scam messages
- Names and contact details of people who received scam messages
- Proof of unauthorized transactions, if any
- Timeline of events
A useful timeline looks like this:
| Date and time | Event |
|---|---|
| July 9, 2026, 8:15 PM | Phone snatched at [place] |
| July 9, 2026, 8:40 PM | Friend received message asking for ₱5,000 |
| July 9, 2026, 9:05 PM | Telco report filed, ticket no. [number] |
| July 9, 2026, 9:20 PM | Bank/e-wallet report filed |
| July 10, 2026, 9:00 AM | Police report filed |
Ask for a copy of the police report or blotter entry. You may need it for the telco, NTC, bank, e-wallet provider, insurance, employer, or prosecutor.
A barangay blotter can help create a local record, but for stolen phones used in scams, a police report is usually more useful because telcos, NTC, banks, e-wallet providers, PNP-ACG, and NBI commonly ask for it.
Report the cybercrime angle to PNP-ACG, NBI, or CICC
If the stolen phone is being used for online scams, report the cybercrime side separately from the theft.
You may report through:
- PNP Anti-Cybercrime Group (PNP-ACG), including its e-complaint channels
- NBI Cybercrime Division, whose official Citizens’ Charter describes complaint intake, sworn statements or affidavits, and examination of relevant devices: NBI Investigative Assistance for Victims of Computer Crimes
- Cybercrime Investigation and Coordinating Center (CICC), including the government anti-scam hotline 1326, also promoted through Scam Watch Pilipinas
- DOJ Office of Cybercrime, especially for cybercrime coordination and matters involving foreign platforms or cross-border issues
For cybercrime complaints, evidence quality matters. Bring both printed copies and digital copies when possible. Screenshots should show the full screen, not cropped images only. If a scam link was sent, copy the exact URL but do not click it. If money was transferred, get the transaction reference number, account name, receiving bank/e-wallet, amount, and time.
Request NTC blocking of the phone’s IMEI
The IMEI is the device identifier of the phone. If the IMEI is blocked, the handset may be prevented from using Philippine mobile networks even if a different SIM is inserted.
You can usually find the IMEI from:
- Phone box
- Official receipt
- Warranty card
- Apple ID device list
- Google account device list
- Telco device plan records
- Purchase invoice from Lazada, Shopee, Apple, Samsung, or a telco store
The National Telecommunications Commission commonly requires:
| Requirement | Notes |
|---|---|
| Accomplished NTC blocking form or affidavit form | Use the current form from NTC or the relevant NTC regional office |
| Notarized Affidavit of Ownership and Loss/Theft with Undertaking | The affidavit should state the IMEI and circumstances of loss or theft |
| Valid ID | Bring original and photocopy |
| Proof of ownership showing IMEI | Receipt, box sticker, warranty card, device plan documents |
| Police report | Especially important if proof of ownership is incomplete |
| Contact details | Use an email and number that the thief cannot access |
Smart’s official help page also states that NTC may require an Affidavit of Ownership and Loss with Undertaking, proof of ownership, and a police report if proof of ownership is unavailable: Smart guidance on IMEI blocking.
Do not post your IMEI publicly on social media or public complaint portals. Give it only through official forms or direct agency/telco channels.
Legal basis: what laws may apply
Theft or robbery under the Revised Penal Code
If the phone was taken without your consent and without violence or intimidation, the basic offense may be theft under Article 308 of the Revised Penal Code.
If the phone was taken through violence, intimidation, or force upon things, the facts may point to robbery instead of simple theft.
The police report should be factual. State exactly what happened: “snatched while I was walking,” “taken from my bag,” “left on the table and later missing,” or “borrowed and not returned.” Do not guess details you did not personally see.
SIM Registration Act: lost or stolen SIMs must be reported
The SIM Registration Act, RA 11934, and its implementing rules are very important when a stolen phone is used for scams because the SIM may still be under your name.
Key points:
- The end-user must immediately report a lost or stolen SIM to the telco.
- The telco must deactivate the SIM within 24 hours from the report.
- The telco must bar a reported lost or stolen SIM so it cannot be used for texts, calls, or mobile data.
- Telcos must provide reporting mechanisms for fraudulent texts or calls.
- SIM registration data is confidential, but may be disclosed under legal process, such as subpoena based on a sworn complaint that a number was used in a crime or fraudulent act.
This is why your written telco report and ticket number are important. They help show when you gave notice.
Cybercrime Prevention Act: identity theft, fraud, and illegal access
Under the Cybercrime Prevention Act of 2012, RA 10175, a smartphone is treated as a computer system because it processes data and connects to communications networks. The RA 10175 IRR expressly includes mobile phones and smartphones within computer devices.
Depending on the facts, the scammer may be investigated for:
- Illegal access to accounts or systems
- Computer-related identity theft
- Computer-related fraud
- Use of ICT to commit estafa, threats, coercion, or other crimes
- Unauthorized use of data, credentials, or accounts
The Supreme Court discussed the constitutionality and scope of the Cybercrime Prevention Act in Disini v. Secretary of Justice, G.R. No. 203335, February 11, 2014: Disini decision on Lawphil.
Estafa and scams under the Revised Penal Code
If the person using the stolen phone deceives victims into sending money, the act may also fall under estafa or swindling under Article 315 of the Revised Penal Code.
For example:
- “This is [your name]. I’m in an emergency. Please send ₱10,000.”
- Fake online selling using your account
- Fake job processing fees
- Fake investment messages
- Borrowing money through impersonation
If committed through online platforms, mobile messaging, or electronic communications, cybercrime laws may also come into play.
Access Devices Regulation Act for cards, OTPs, and account access
If the stolen phone was used to access cards, bank accounts, online banking, e-wallets, OTPs, account numbers, codes, or other account credentials, the Access Devices Regulation Act, RA 8484, as amended by RA 11449, may apply.
RA 11449 defines an access device broadly. It can include a card, code, account number, electronic serial number, personal identification number, telecommunications service, equipment identifier, or other means of account access that can be used to obtain money, goods, services, or transfer funds.
This matters because a stolen phone may contain more than messages. It may contain the tools to access value.
Anti-Financial Account Scamming Act for e-wallet and bank scams
The Anti-Financial Account Scamming Act, RA 12010, also known as AFASA, specifically addresses financial account scams, money muling, and social engineering schemes.
This law is relevant if the stolen phone is used to:
- Obtain sensitive financial information through deception
- Access e-wallets or bank accounts
- Move scam proceeds through accounts
- Recruit or use money mules
- Conduct coordinated scams against multiple victims
AFASA allows covered financial institutions, under BSP rules, to temporarily hold funds subject of a disputed transaction for a period that must not exceed 30 calendar days, unless extended by a court. This can be very important when money was just transferred and there is still a chance to freeze or trace it.
Report disputed transactions to the bank or e-wallet provider immediately, then escalate unresolved financial consumer issues through the BSP’s official Consumer Assistance Channels.
Data Privacy Act issues if the phone contained other people’s data
If the stolen phone was purely personal, your main concern is usually account security and identity misuse.
But if the phone was used for business, employment, medical, school, lending, HR, customer service, real estate, or professional work, it may contain personal data of other people. In that case, the incident may become a personal data breach under the Data Privacy Act of 2012, RA 10173.
The National Privacy Commission’s breach reporting guidance explains when notification is mandatory and states that covered Personal Information Controllers or Processors must submit required breach notifications within 72 hours upon knowledge or reasonable belief that a notifiable personal data breach occurred.
For example, this may matter if the stolen phone contains:
- Client IDs
- Patient records
- Student records
- Employee payroll data
- Customer lists
- Loan applications
- Photos of passports, driver’s licenses, or national IDs
- Confidential work chats with personal information
If victims are accusing you because your number or account was used
Stay calm and respond with facts. Do not ignore them, but do not admit liability for transactions you did not authorize.
A practical response is:
My phone/SIM was stolen on [date/time/place]. I did not send or authorize those messages or transactions. I have reported the stolen SIM to my telco under ticket number [number] and filed a police report. Please keep the screenshots, transaction receipts, account numbers, and full chat history because these may be needed by the police, NBI, PNP-ACG, telco, bank, or e-wallet provider.
Ask the victim to report the receiving account to their own bank or e-wallet immediately. In financial scams, the victim’s institution may be better positioned to initiate a dispute, trace request, or freeze request.
Common mistakes that make the situation worse
Waiting several days before reporting the SIM
Delay gives the scammer more time to receive OTPs, message victims, open accounts, and drain wallets. It also weakens your explanation if your number is later connected to fraudulent transactions.
Deleting messages or call logs
Do not clean up your accounts before preserving evidence. Screenshots, login alerts, call records, emails, and app notifications may help show the timeline.
Posting the IMEI, SIM number, IDs, or police report publicly
Public posts can expose more personal information. Share sensitive identifiers only with telcos, NTC, law enforcement, banks, e-wallets, or official complaint channels.
Assuming a telco report is enough
A telco report stops the SIM, but it does not fully document the theft, cybercrime, impersonation, or financial fraud. You usually need a police report and, when scams are involved, a cybercrime report.
Relying only on screenshots from victims
Screenshots help, but investigators may later need original messages, links, transaction records, account logs, telco records, platform records, bank/e-wallet records, and affidavits. Ask victims to preserve originals.
Paying the scammer to return the phone
This can expose you to more extortion. If someone demands money to return the phone, document the message and report it to the police.
Documents to prepare
| Purpose | Documents and evidence |
|---|---|
| Telco SIM blocking or replacement | Valid ID, mobile number, registered name/details, proof of SIM ownership if available, police report or affidavit if requested |
| NTC IMEI blocking | Notarized affidavit of ownership and loss/theft, valid ID, proof of ownership with IMEI, police report |
| Police theft report | Valid ID, timeline, proof of phone ownership, IMEI, place/date/time of loss, witness details |
| Cybercrime complaint | Screenshots, links, usernames, mobile numbers, receiving accounts, transaction references, victim statements, telco ticket, police report |
| Bank/e-wallet dispute | Account details, transaction references, screenshots, police report, ticket numbers, ID |
| Data privacy assessment for businesses | Inventory of affected data, number of affected persons, type of personal data, containment steps, breach timeline |
Practical timelines in the Philippines
| Action | Usual timeline |
|---|---|
| Telco lost/stolen SIM report | Same day through hotline, app, store, or official support channel |
| SIM barring/deactivation | Law requires deactivation within 24 hours from report; IRR requires immediate barring once reported lost/stolen |
| SIM replacement | Often same day if identity verification is complete; may take longer if records do not match or a representative is used |
| Police blotter/report | Often same day, depending on station workload and completeness of facts |
| NBI/PNP cybercrime intake | Initial filing may be same day; investigation can take weeks or months |
| NTC IMEI blocking | Varies by regional office and completeness of documents |
| Bank/e-wallet scam dispute | Report immediately; freezing or recovery depends heavily on whether funds are still traceable or within the system |
| BSP escalation | Usually after first reporting to the bank, e-wallet, or BSP-supervised financial institution |
The biggest bottlenecks are usually missing IMEI, lack of proof of ownership, incomplete screenshots, victims deleting messages, telco identity mismatch, and delays in getting records from platforms, banks, or e-wallet providers.
Special notes for OFWs, foreigners, and people outside the Philippines
If you are abroad when the stolen Philippine phone or SIM is being used for scams:
- Report the SIM through your telco’s official online or hotline channels immediately.
- Ask a trusted representative in the Philippines to file local reports if personal appearance is required.
- Prepare an authorization letter, copy of your passport or valid ID, and your representative’s valid ID.
- If an affidavit must be signed abroad for Philippine use, check whether it should be notarized before the Philippine Embassy/Consulate or notarized locally and apostilled, depending on where you are.
- If the stolen phone contains foreign bank apps or foreign IDs, report to those institutions separately.
- If the scam victims are in the Philippines, encourage them to file reports with their own bank/e-wallet and local authorities because their reports may trigger faster freezing or tracing.
Foreigners in the Philippines should bring their passport, ACR I-Card if available, visa documents if relevant, proof of local address, and proof of phone ownership. If the phone was purchased abroad, bring the foreign receipt, box, or account record showing the IMEI.
Frequently Asked Questions
Am I liable if my stolen phone is used to scam people?
Not automatically. Liability depends on proof of participation, authorization, knowledge, benefit, or conspiracy. However, because the number, SIM, or account may be registered to you, you should immediately report the theft, SIM loss, account compromise, and scam misuse to create a clear record that you did not authorize the messages or transactions.
What should I do first: police, telco, or bank?
If the SIM is still active, report to the telco first so it can be barred or deactivated. At the same time, secure your email, social media, and financial accounts. If money or e-wallet access is involved, report to the bank or e-wallet immediately. Then file the police and cybercrime reports with your evidence.
Can the telco reveal who is using my stolen SIM or phone?
Not simply upon request. SIM registration information is confidential. Under RA 11934, disclosure may be made through proper legal process, such as subpoena based on a sworn complaint involving a specific number used in a crime or fraudulent act. This is why filing a sworn complaint matters.
Can I block the phone even if the thief changes the SIM?
Yes, if you know the IMEI and complete the NTC requirements. SIM blocking stops the number. IMEI blocking targets the handset. You should do both when possible.
What if I do not have the IMEI?
Check the phone box, receipt, warranty card, Apple ID, Google account, telco plan documents, or purchase invoice. If you cannot find it, still report the stolen SIM, secure accounts, file a police report, and report the scam activity. IMEI helps, but lack of IMEI should not stop you from reporting.
Should I wipe the phone remotely?
Usually yes if you cannot quickly recover it and it contains sensitive accounts, IDs, photos, work files, or financial apps. Before wiping, take screenshots of the device status or location if available. Wiping may affect what you can later retrieve from the phone, but it may prevent greater harm.
What if someone already sent money to the scammer?
The sender should immediately report the transaction to their own bank, e-wallet, or payment provider and ask for a fraud dispute, trace, or temporary hold if possible. They should also preserve screenshots and file their own police or cybercrime report. Under AFASA, disputed financial transactions may be subject to coordinated verification and temporary holding of funds under BSP rules.
Is a barangay blotter enough?
Usually no. A barangay blotter can help document a local incident, but for stolen phones used in scams, telcos, NTC, banks, e-wallet providers, NBI, PNP-ACG, and prosecutors usually need a police report, sworn statement, affidavit, or formal cybercrime complaint.
Can I recover money stolen from my e-wallet or bank app?
Recovery depends on speed, whether the funds remain in the receiving account, the institution’s fraud controls, and the evidence. Report immediately to the bank or e-wallet, ask for account locking and dispute handling, preserve all transaction details, and escalate unresolved complaints through BSP’s consumer assistance channels when appropriate.
What if the scammer uses my photos or ID from the phone?
Report it as identity misuse and possible cybercrime. Notify banks, e-wallets, telcos, and platforms where your identity may be used. If the phone contained personal data of customers, employees, students, patients, or clients, assess whether the Data Privacy Act breach notification rules apply.
Key Takeaways
- Report the stolen SIM to your telco immediately and ask for barring or deactivation.
- Secure your email, cloud, social media, banking, and e-wallet accounts from a trusted device.
- File a police report and preserve proof that the phone was stolen before or around the time scams began.
- If online fraud or impersonation is involved, report to PNP-ACG, NBI Cybercrime Division, or CICC hotline 1326.
- Request NTC IMEI blocking if you know the phone’s IMEI and can provide the required documents.
- Tell victims to preserve messages and report financial transfers to their own bank or e-wallet immediately.
- Keep ticket numbers, screenshots, affidavits, and certified reports because they protect your position if your number, account, or name is later linked to the scam.