What to Do If an Online Casino Account Is Created Using Your Email

If you suddenly receive a welcome message, OTP, password reset, or gambling notification from an online casino you never joined, treat it as both a security issue and a possible misuse of your personal information. It may be a simple typo, but it may also mean someone is testing your email, trying to open a gambling account in your name, or preparing a scam involving identity theft, payment fraud, or illegal online gaming. The safest approach is to preserve evidence, secure your email, avoid “confirming” the account, and report the incident through the proper Philippine channels.

Why an Online Casino Account Was Created Using Your Email

An online casino account using your email can happen in several ways:

Situation What it usually means Risk level
Someone mistyped their email A real user entered your email by mistake Low to moderate
A scammer used your email for account testing Your email may be on a spam, phishing, or credential-stuffing list Moderate
Someone is trying to impersonate you The account may later be linked to your name, phone, ID, or payment account High
The site itself is fake or illegal The “casino” may be phishing for passwords, OTPs, IDs, or deposits High
Your email account may be compromised Someone may already have access to your inbox or verification codes Critical

The first practical question is: Did the casino account become active only because your email was entered, or did someone also verify it using a code sent to your inbox?

If the account required an OTP or confirmation link and you never clicked anything, the operator should not treat the account as fully verified. If the account was verified without your participation, that is a stronger warning sign that your email may have been accessed or that the operator’s verification process is weak.

Is an Email Address “Personal Information” Under Philippine Law?

Yes. Under the Data Privacy Act of 2012, or Republic Act No. 10173, personal information generally refers to information from which a person’s identity is apparent or can reasonably be identified. An email address can be personal information, especially if it contains your name, is linked to your accounts, or is used together with your phone number, IP address, IDs, payment details, or gambling profile.

The Data Privacy Act is built around three important principles:

  1. Transparency – you should know why and how your data is being used.
  2. Legitimate purpose – your data should be processed only for lawful and declared purposes.
  3. Proportionality – the data collected should be adequate, relevant, and not excessive.

You can read the full law here: Republic Act No. 10173, Data Privacy Act of 2012.

If an online casino collected, stored, verified, profiled, or used your email without a valid basis, you may have grounds to demand account closure, deletion or blocking of your data, preservation of logs, and investigation by the platform’s Data Protection Officer.

Is This Identity Theft or Cybercrime in the Philippines?

It can be, depending on what was done.

Under the Cybercrime Prevention Act of 2012, or Republic Act No. 10175, computer-related identity theft includes the intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another person without right. You can review the law here: Republic Act No. 10175, Cybercrime Prevention Act of 2012.

Using only your email address may not always be enough to prove a full identity theft case. But the situation becomes more serious if the person also used:

  • your full name;
  • mobile number;
  • date of birth;
  • Philippine National ID, passport, driver’s license, UMID, or other government ID;
  • selfie or KYC photo;
  • credit card, bank, GCash, Maya, or other payment account;
  • IP address or device information falsely attributed to you;
  • your email access or OTPs.

The Cybercrime Prevention Act is also relevant if there was unauthorized access, phishing, computer-related fraud, or use of information and communications technology to commit another offense.

The Supreme Court discussed the constitutionality and scope of the Cybercrime Prevention Act in Disini v. Secretary of Justice, G.R. No. 203335, February 11, 2014, which remains an important case when discussing cybercrime enforcement in the Philippines: Disini v. Secretary of Justice.

Does This Mean You Are Liable for the Online Casino Account?

Usually, no. You are not automatically liable for an online casino account merely because your email address appears on it.

For liability to attach, there must generally be proof that you actually created, verified, used, funded, controlled, or benefited from the account. Under basic civil and criminal principles, a person should not be held responsible for an act they did not commit or authorize.

That said, you should not ignore the notice. If the account is later used for gambling, fraud, money movement, chargebacks, or suspicious transactions, you want a clear paper trail showing that:

  • you did not create the account;
  • you reported the unauthorized use promptly;
  • you asked for the account to be disabled;
  • you preserved evidence;
  • you secured your email and financial accounts.

This paper trail can be important if the platform, a bank, an e-wallet provider, law enforcement, or another person later asks why your email appears in the records.

First 30 Minutes: What to Do Immediately

1. Do not click “verify,” “confirm,” or “claim bonus”

If you did not create the account, do not click any button that activates, confirms, or verifies it.

Avoid links saying:

  • “Verify your account”
  • “Claim your welcome bonus”
  • “Complete KYC”
  • “Deposit now”
  • “Reset your password” unless you requested it from the official site
  • “Contact support” if the link looks suspicious

A common scam is to make you click a fake casino email that leads to a phishing page. If you enter your email password, OTP, card number, or e-wallet login, the problem can quickly become a financial fraud case.

2. Check whether the email is genuine

Look carefully at:

  • the sender’s email address;
  • the domain name;
  • spelling errors;
  • whether the link points to a strange website;
  • whether the message asks for OTPs, passwords, IDs, or deposits;
  • whether the email creates panic or urgency.

Do not rely only on the logo. Scammers can copy logos and layouts easily.

3. Take screenshots before deleting anything

Preserve the evidence while it is still available. Screenshot:

  • the full email;
  • sender address;
  • date and time received;
  • subject line;
  • links shown when you hover over buttons;
  • OTPs or verification codes, if any;
  • account username or customer ID shown in the email;
  • any messages from the casino;
  • any suspicious login alerts from your email provider.

If possible, download or print the email as PDF. Keep the original email in a folder. Do not alter screenshots.

Electronic evidence matters in the Philippines. Under the Electronic Commerce Act of 2000, or Republic Act No. 8792, electronic documents and data messages are not denied legal effect merely because they are electronic. The law also discusses authentication, integrity, retention, and evidentiary weight of electronic records: Republic Act No. 8792, Electronic Commerce Act.

The Supreme Court’s Rules on Electronic Evidence also recognize electronic documents, subject to proper authentication and admissibility rules: Rules on Electronic Evidence, A.M. No. 01-7-01-SC.

4. Secure your email account

Immediately do the following:

  1. Change your email password.
  2. Turn on two-factor authentication.
  3. Check account recovery phone numbers and recovery emails.
  4. Review recent login activity.
  5. Sign out of all devices.
  6. Check for email forwarding rules you did not create.
  7. Check filters that automatically archive or delete casino, bank, or OTP emails.
  8. Scan your devices for malware.
  9. Change passwords on accounts that reuse the same password.

This is especially important if the online casino account appears to have been verified.

5. Do not send your ID unless you are sure you are dealing with the real operator

Some casino support teams may ask for ID to prove your identity before deleting an account. That may be legitimate for regulated platforms, but it is dangerous if the website is fake.

Before sending any ID:

  • verify whether the operator is licensed;
  • contact the operator only through its official website, not through links in the suspicious email;
  • redact unnecessary details if the purpose is only to prove you own the email;
  • ask why the ID is needed and how it will be stored;
  • avoid sending selfies with ID unless clearly necessary.

Step-by-Step Guide to Remove the Account and Protect Yourself

Step 1: Identify Whether the Online Casino Is PAGCOR-Licensed

In the Philippines, gambling and gaming activities are regulated. The Philippine Amusement and Gaming Corporation (PAGCOR) licenses and regulates various gaming activities, including certain electronic gaming and internet gaming operations.

PAGCOR states that its regulatory groups issue licenses and regulate local gaming operations involving electronic casino games, bingo games, and sports betting. PAGCOR also launched the PAGCOR Guarantee site to help the public verify licensed internet gaming platforms and avoid illegal online gaming sites.

Useful official pages:

If the platform is not listed, does not show a valid license, hides its corporate identity, or uses only Telegram/Viber/WhatsApp for “support,” treat it as high-risk.

Why licensing matters

If the operator appears licensed If the operator appears illegal or fake
You can complain to the operator’s support and Data Protection Officer Do not send additional personal data
You may escalate to PAGCOR Preserve evidence and report as possible scam/cybercrime
There may be KYC and responsible gaming procedures The site may be phishing for IDs, OTPs, or money
The operator may be subject to Philippine regulatory oversight Recovery or takedown may be harder, especially if offshore

Step 2: Contact the Casino Through Official Channels Only

Do not reply to a suspicious email unless you are confident it is genuine. Instead, manually type the official domain or use PAGCOR’s official verification page.

Send a short written notice asking the operator to:

  • confirm whether an account exists using your email;
  • disable login and gambling activity immediately;
  • prevent withdrawals, deposits, or KYC changes while the account is under dispute;
  • delete or block your email from further use, unless retention is legally required;
  • preserve account creation logs, IP addresses, device identifiers, verification history, and transaction records;
  • confirm whether any ID, payment method, phone number, or personal data was submitted;
  • explain how your email was collected and processed;
  • provide the contact details of the Data Protection Officer.

Keep your message factual. Do not speculate or threaten.

Sample message to the online casino

I received an email indicating that an online casino account was created using this email address. I did not create, authorize, verify, fund, or use any such account. Please immediately disable or suspend the account, prevent any gambling or financial transaction, preserve all account creation and verification logs, and confirm whether any personal information, KYC document, phone number, payment method, or transaction is associated with it.

Please also treat this as a data privacy concern and refer it to your Data Protection Officer. I request confirmation that my email address will not be used for any account I did not authorize.

Step 3: Use Your Data Privacy Rights

Under the Data Privacy Act, a data subject has rights relating to their personal information, including rights to be informed, object, access, correct, and complain when personal data is misused.

In plain English, you can ask:

  • What personal data do you have about me?
  • Where did you get my email?
  • Was my email verified?
  • Was any ID uploaded?
  • Was any payment method linked?
  • Was the account accessed from the Philippines or abroad?
  • Who are the recipients of my data?
  • Can you delete, block, or suppress my email from unauthorized use?
  • Can you preserve logs for investigation?

If the platform ignores you, gives vague answers, continues sending gambling emails, refuses to act on obvious unauthorized use, or processed more personal data without your consent or another lawful basis, consider filing a complaint with the National Privacy Commission (NPC).

The NPC’s complaint page states that a formal complaint must be filed in a specific format, printed and filled out, notarized, and submitted in person, by courier, or by scanned email submission: NPC – Filing Formal Complaints.

Step 4: Report Cybercrime If There Is Impersonation, Fraud, Hacking, or Financial Loss

Report the matter as a possible cybercrime if any of these happened:

  • someone accessed your email;
  • the casino account was verified without your participation;
  • your ID or photo was uploaded;
  • your phone number was used;
  • your bank, card, GCash, Maya, or e-wallet was linked;
  • money was deposited or withdrawn;
  • someone used the account to scam others;
  • the site is phishing for passwords or OTPs;
  • you received threats, blackmail, or harassment;
  • your name appears in gambling or debt-related records.

Possible reporting channels include:

  • PNP Anti-Cybercrime Group (PNP-ACG);
  • NBI Cybercrime Division;
  • Department of Justice Office of Cybercrime;
  • CICC / Inter-Agency Response Center hotline 1326 for online scams and cyber fraud guidance;
  • your bank, card issuer, or e-wallet provider if any financial account is involved.

The DOJ Office of Cybercrime page on reporting cybercrime incidents is here: DOJ – Reporting of Cybercrime Incidents.

The Cybercrime Investigation and Coordinating Center (CICC) is under the DICT framework for cybercrime coordination: DICT – Cybercrime Investigation and Coordinating Center.

Step 5: Notify Your Bank, Credit Card, or E-Wallet Provider if Money Is Involved

If the online casino account is linked to a bank account, credit card, debit card, GCash, Maya, or another wallet, act quickly.

Ask your provider to:

  • block the card or account temporarily, if needed;
  • flag unauthorized gambling-related transactions;
  • issue a chargeback or dispute form, if applicable;
  • preserve transaction records;
  • check for linked merchants or recurring billing;
  • remove unauthorized devices;
  • reset your online banking or wallet credentials.

If financial accounts are used in a scam, Republic Act No. 12010, the Anti-Financial Account Scamming Act (AFASA), may be relevant. AFASA covers financial account scamming and recognizes that cybercriminals target financial accounts through electronic communications, including email. You can read the law here: Republic Act No. 12010, Anti-Financial Account Scamming Act.

If a credit card or access device is involved, Republic Act No. 8484, the Access Devices Regulation Act of 1998, may also become relevant, especially for unauthorized use of credit cards, account numbers, or access devices: Republic Act No. 8484, Access Devices Regulation Act.

Step 6: File a Data Privacy Complaint With the NPC When Appropriate

A complaint with the National Privacy Commission may be appropriate if:

  • your email or other personal data was processed without a lawful basis;
  • the casino refuses to delete, block, or correct unauthorized data;
  • the operator ignores your request for information;
  • your ID or KYC documents were used without permission;
  • the operator continues sending marketing or gambling messages after you object;
  • a data breach or security failure may have occurred;
  • the platform has no visible Data Protection Officer or privacy process.

Practical documents to prepare for an NPC complaint

Document or evidence Why it matters
Screenshot or PDF of the casino email Shows the account creation or notification
Full email headers, if available Helps trace sender and technical route
Screenshots of casino account pages, if accessible without verifying Shows account details connected to your email
Your written request to the operator Shows you tried to resolve it
Operator’s reply or lack of reply Shows response or inaction
Proof you own the email address Establishes your connection to the personal data
Valid ID for filing purposes Usually needed for formal complaints
Notarized complaint form NPC formal complaints generally require notarization
Police, NBI, or bank reports, if any Helpful if fraud or identity theft is involved

The NPC process can take time. Simple inquiries or informal assistance may move faster, while formal complaints, orders, hearings, or investigations can take months depending on complexity, evidence, and responsiveness of the parties.

Step 7: File a Police or NBI Complaint if There Is a Clear Suspect or Loss

For cybercrime or fraud complaints, law enforcement will usually ask for a written complaint-affidavit and evidence.

Prepare:

  • government-issued ID;
  • screenshots and printed copies;
  • original emails, if possible;
  • full email headers;
  • URLs and domain names;
  • transaction records;
  • bank or e-wallet statements;
  • details of calls, texts, or chats;
  • names, usernames, phone numbers, or account numbers used by the suspect;
  • timeline of events;
  • proof that you reported to the casino, bank, or platform.

In practice, a complaint-affidavit is often notarized. If you are abroad, the Philippine authority receiving the document may ask for consular notarization or apostille, depending on the document type and where it was executed.

What If You Are a Filipino Abroad?

If you are a Filipino overseas and your email is used for an online casino account connected to the Philippines:

  1. Preserve digital evidence immediately.
  2. Contact the casino’s official support and Data Protection Officer.
  3. File complaints by email where allowed, such as with the NPC complaint channel.
  4. Contact your bank or e-wallet provider if Philippine financial accounts are involved.
  5. Consider executing a notarized affidavit abroad.

For affidavits signed abroad, Philippine agencies or courts may require proper authentication. If the country is part of the Apostille Convention, an apostille may be accepted. If not, consular authentication may be required. Requirements can vary depending on the receiving agency, so check before paying for notarization.

What If You Are a Foreigner?

Foreigners can also be affected if a Philippine-linked online casino account uses their email, identity document, payment account, or personal data.

You may still report to:

  • the casino operator;
  • PAGCOR, if the platform is PAGCOR-regulated;
  • the NPC, if your personal data is processed in connection with the Philippines;
  • Philippine cybercrime authorities, especially if the operator, suspect, victim impact, or infrastructure is in the Philippines;
  • your home country’s cybercrime or consumer protection agency.

If your passport was used for KYC, ask the operator to confirm whether a passport image, selfie, or address document was uploaded. If yes, consider reporting it to your embassy or passport authority as possible identity misuse.

Should You Reset the Casino Password to Close the Account?

Usually, avoid logging in unless necessary.

Resetting the password can create confusion because it may make you look like you exercised control over the account. If you must access the account to prevent harm, keep a careful record showing why you did it, what you clicked, and that you did not gamble, deposit, withdraw, or change details except to secure or close the unauthorized account.

A safer first step is to send a written notice to the operator requiring suspension or deletion.

If the platform has a “this wasn’t me” or “report unauthorized account” option that does not require account activation, use that instead.

What Evidence Is Most Useful?

Good evidence is clear, complete, and time-stamped.

Preserve these items

  • Welcome email or OTP email;
  • password reset notices;
  • marketing messages from the casino;
  • sender email address and domain;
  • full email headers;
  • URLs shown in the email;
  • screenshots of suspicious pages;
  • customer support chat transcripts;
  • complaint tickets;
  • replies from the operator;
  • bank or e-wallet transaction alerts;
  • device login alerts from your email provider;
  • screenshots showing you enabled two-factor authentication after discovery.

Avoid these mistakes

  • deleting the email before saving it;
  • clicking verification links;
  • forwarding the email in a way that destroys headers;
  • editing screenshots;
  • posting your personal data publicly on Facebook;
  • sending IDs to an unverified “support” account;
  • paying a “processing fee” to close the account;
  • using the casino account “just to check” and accidentally activating it.

Common Scenarios and What to Do

Scenario 1: You received only a verification email

This may mean someone typed your email, but the account is not fully active.

Do this:

  1. Do not click verify.
  2. Screenshot the email.
  3. Mark it as suspicious or spam after preserving evidence.
  4. Contact the platform through its official site and ask it to remove the unverified account.
  5. Secure your email.

Scenario 2: You received a welcome email saying the account is active

This is more serious.

Do this:

  1. Preserve all emails.
  2. Change your email password and enable two-factor authentication.
  3. Contact the operator and demand suspension.
  4. Ask whether any KYC, phone number, or payment account is linked.
  5. Report to NPC or cybercrime authorities if the operator does not act or if other data was used.

Scenario 3: The casino asks you to send ID before deleting the account

Be careful. If the casino is legitimate and licensed, it may need reasonable identity verification. But if the site is fake, sending ID can make the problem worse.

Before sending anything:

  • verify the platform through PAGCOR or official sources;
  • ask for the Data Protection Officer’s contact;
  • ask what exact data is required;
  • redact information not needed for the request;
  • do not send your ID through social media chat unless the channel is verified.

Scenario 4: Someone used your email and your e-wallet

Act as a financial fraud case.

  1. Contact your e-wallet provider immediately.
  2. Change passwords and remove unauthorized devices.
  3. File a dispute or unauthorized transaction report.
  4. Report to CICC hotline 1326, PNP-ACG, or NBI Cybercrime Division.
  5. Preserve all transaction references.

Scenario 5: You keep receiving gambling ads after you objected

This may be a data privacy and marketing consent issue.

Send a written objection and request deletion or suppression of your email. If the operator continues, consider filing a complaint with the NPC and report spam/phishing through your email provider.

Government Offices and Agencies That May Be Involved

Concern Office or agency Practical use
Licensed online casino verification PAGCOR Check whether the platform is regulated
Misuse of personal data National Privacy Commission Data privacy complaint, deletion/blocking, investigation
Hacking, phishing, identity theft, online fraud PNP-ACG, NBI Cybercrime Division, DOJ Office of Cybercrime Cybercrime investigation and prosecution support
Online scam response CICC / I-ARC hotline 1326 Initial guidance and scam reporting
Bank, card, or e-wallet misuse Bank, card issuer, GCash, Maya, other provider Freeze, dispute, chargeback, device removal
SIM or mobile number misuse Telco, NTC, law enforcement SIM-related fraud concerns
Court case or prosecution Prosecutor’s Office, MTC/RTC depending on offense Formal criminal proceedings

Typical Timelines in Real Life

Action Possible timeline Common bottleneck
Securing email and changing passwords Same day User cannot access recovery methods
Casino support acknowledgment Same day to 7 days Illegal sites may not respond
Data deletion or account closure A few days to several weeks Operator asks for identity verification
Bank or e-wallet fraud review Days to weeks Missing transaction details
NPC complaint filing Filing can be done once documents are ready Notarization and completeness of evidence
Cybercrime complaint Initial report can be immediate Need complaint-affidavit and technical evidence
Full investigation or prosecution Months or longer Identifying suspect, platform cooperation, foreign servers

Practical Legal Points to Remember

Unauthorized use of your email is not automatically your fault

An email address can be entered by anyone. Liability should depend on proof of actual participation, authorization, benefit, or control.

The platform should not ignore obvious unauthorized use

A legitimate operator should have procedures for account disputes, data subject requests, fraud prevention, and responsible gaming.

Do not activate the account by accident

Clicking verification links, logging in, accepting bonuses, or uploading ID can complicate the record.

Evidence should be preserved early

Emails, headers, URLs, timestamps, and support tickets are often more useful than a general statement that “someone used my email.”

Illegal casino sites are high-risk

If the platform is not PAGCOR-verified, you may be dealing with phishing, offshore fraud, or a scam site. Do not send more personal data.

Frequently Asked Questions

Can someone create an online casino account with just my email?

Yes. Some platforms allow a person to start registration with only an email address. A properly designed platform should still require verification before allowing full use, deposits, withdrawals, or KYC-linked activity. If the account was fully activated without your participation, treat it as suspicious.

Am I responsible for gambling done through an account using my email?

Not automatically. You should not be responsible merely because your email was entered. But report it promptly and keep proof that you did not create, verify, fund, or use the account.

Should I click the unsubscribe link in casino emails?

Not if the email looks suspicious. Scam emails sometimes use unsubscribe links to confirm that your email is active or to lead you to phishing pages. Preserve the email, report it as spam or phishing, and contact the operator only through verified channels.

Can I ask the online casino to delete my email?

Yes. You can ask the operator to delete, block, suppress, or correct unauthorized personal data, subject to lawful retention requirements. If the operator claims it must retain data for anti-fraud, anti-money laundering, or regulatory reasons, ask it to restrict the data and confirm that the account cannot be used.

Should I report this to PAGCOR?

Report or check with PAGCOR if the platform claims to be licensed in the Philippines or appears to operate under Philippine gaming regulation. PAGCOR verification is especially useful when deciding whether the operator is legitimate before sending any personal documents.

Should I report this to the National Privacy Commission?

Consider reporting to the NPC if your personal information was misused, the operator refuses to act, the account contains your personal details, your data privacy rights were ignored, or the platform continues processing your email without a valid basis.

What if the online casino is based outside the Philippines?

Still preserve evidence and report to your email provider, bank, e-wallet, and relevant authorities. If there is a Philippine connection, such as a Philippine victim, Philippine payment account, Philippine license claim, Philippine-facing operation, or Philippine data processing, local remedies may still be relevant. Enforcement may be harder if the operator has no Philippine presence.

What if my ID was uploaded to the casino?

Treat it as serious identity misuse. Ask the operator to suspend the account and preserve KYC records. Report to the NPC and cybercrime authorities. Also monitor your bank, e-wallet, credit card, SIM, and other accounts for unusual activity.

What if I accidentally clicked the verification link?

Change your email password immediately and enable two-factor authentication. Contact the casino and state that you did not create the account and clicked by mistake. Ask for account suspension and deletion or blocking of your data. Do not deposit, withdraw, gamble, or upload documents.

Can screenshots be used as evidence in the Philippines?

Screenshots can help, but they are stronger when supported by original emails, full headers, URLs, timestamps, device logs, affidavits, and other records. Philippine law recognizes electronic documents and data messages, but authenticity and reliability still matter.

Key Takeaways

  • An online casino account created using your email may be a typo, phishing attempt, data privacy issue, or cybercrime warning sign.
  • Do not click verification links, claim bonuses, or upload IDs until you verify the platform.
  • Secure your email immediately by changing your password, enabling two-factor authentication, and checking login activity.
  • Preserve evidence, including emails, headers, screenshots, URLs, timestamps, and support tickets.
  • If the platform is Philippine-linked, check whether it is PAGCOR-licensed.
  • Use your rights under the Data Privacy Act to ask what data was collected, how it was used, and to request deletion, blocking, or correction.
  • Report to the NPC for data privacy concerns, and to cybercrime authorities if there is hacking, impersonation, financial fraud, or identity theft.
  • You are not automatically liable just because your email was used, but you should create a clear record that you did not authorize the account.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.