What to Do If Someone Used Your Name for an Online Appointment

If someone used your name to book an online appointment in the Philippines, treat it as a possible identity misuse, privacy issue, or cybercrime depending on what information was used and what the appointment was for. A harmless clerical mix-up is handled very differently from someone using your full name, birthdate, ID number, email, phone number, passport details, or photo to reserve a DFA, NBI, hospital, school, bank, government, visa, or private-service appointment. The safest first move is to preserve proof, contact the office or platform immediately, ask for cancellation or annotation of the unauthorized appointment, and decide whether the facts justify a data privacy complaint, cybercrime report, or ordinary police blotter.

Why an Unauthorized Online Appointment Under Your Name Matters

An online appointment may look minor, but it can affect you in practical ways:

  • It may block you from booking your own appointment.
  • It may cause a government office or private company to think you failed to appear.
  • It may expose your email, mobile number, birthdate, ID details, or other personal data.
  • It may be part of a scam, fixer scheme, loan application, fake account registration, visa-related misrepresentation, or attempted document processing.
  • It may create a record that later needs explanation.

Not every unauthorized use of a name is automatically a criminal case. Philippine law usually looks at what information was used, whether it was used without right, whether there was damage or fraudulent intent, and whether a computer system or online platform was involved.

For example, if another person accidentally typed the wrong email address but used their own name, that may be a correction issue. But if someone intentionally used your full name and identifying details to create an online booking, receive an appointment packet, transact with a government agency, or impersonate you, the issue becomes more serious.

Is Using Someone Else’s Name for an Online Appointment Illegal in the Philippines?

It can be illegal, but the exact legal basis depends on the facts.

1. Computer-related identity theft under RA 10175

The most direct cybercrime provision is computer-related identity theft under Section 4(b)(3) of Republic Act No. 10175, or the Cybercrime Prevention Act of 2012. The law covers the intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of identifying information belonging to another person or entity, without right. If no damage has yet been caused, the penalty may be one degree lower. (Supreme Court E-Library)

This may apply when someone intentionally used your identifying details to create or manipulate an online appointment, especially if the appointment system required more than a mere name, such as:

  • date of birth;
  • email address or mobile number;
  • passport number, reference number, or application number;
  • government ID number;
  • address;
  • photo or scanned ID;
  • account login credentials;
  • personal data previously obtained from a leak, scam, or unauthorized access.

In Disini v. Secretary of Justice, the Supreme Court discussed challenges to RA 10175 and recognized that the law regulates specific cyber-related acts such as acquisition, use, misuse, or deletion of another person’s personal identifying data. (Supreme Court E-Library)

2. Data Privacy Act violations under RA 10173

Republic Act No. 10173, or the Data Privacy Act of 2012, protects personal information in government and private-sector information systems. The law recognizes privacy as a fundamental human right and requires personal information to be processed according to transparency, legitimate purpose, and proportionality. (National Privacy Commission)

Under the Data Privacy Act, you are a data subject if your personal information is being processed. You have rights to be informed, to access your data, to correct inaccurate data, to request blocking or removal when data is false or unlawfully obtained, and to be indemnified for damages caused by inaccurate, false, unlawfully obtained, or unauthorized use of personal information. (National Privacy Commission)

This matters because many appointment systems collect personal data. If the agency, clinic, school, private company, courier, travel service, or appointment website refuses to correct or remove an unauthorized booking under your name, the issue may become a data privacy complaint.

The Data Privacy Act also penalizes unauthorized processing of personal information and sensitive personal information, unauthorized access or intentional breach, malicious disclosure, unauthorized disclosure, and related acts. (National Privacy Commission)

3. Computer-related forgery or fraud

If the appointment record was created so that it would be treated as authentic for legal, government, financial, medical, immigration, or commercial purposes, computer-related forgery under RA 10175 may be relevant. Section 4(b)(1) covers input, alteration, or deletion of computer data without right resulting in inauthentic data intended to be considered or acted upon as authentic. (Supreme Court E-Library)

If the person used the online appointment to cause damage with fraudulent intent, computer-related fraud under Section 4(b)(2) may also be considered. (Supreme Court E-Library)

4. Falsification, estafa, or other Revised Penal Code offenses

The Revised Penal Code may also apply when the online appointment leads to false documents, false statements, or deception.

Relevant provisions may include:

Possible act Possible legal basis Practical example
Making it appear that you participated in a transaction when you did not Article 171 and Article 172 on falsification A person uploads a form or document suggesting you authorized the appointment
Using a false name to cause damage Article 178 on using fictitious name and concealing true name A person uses your identity to avoid being traced
Defrauding another by deceit Article 315 on estafa A fixer collects money from someone using an appointment under your name

Article 172 penalizes falsification by private individuals and use of falsified documents, including falsifications in public, official, commercial, or private documents under the conditions stated in the Code. (Lawphil) Article 178 penalizes public use of a fictitious name for purposes such as concealing a crime, evading judgment, or causing damage. (Lawphil) Article 315 covers swindling or estafa when a person defrauds another through the means listed in the Code. (Lawphil)

5. Civil action for privacy, dignity, and damages

Even if the act does not fit neatly into a criminal offense, the Civil Code may provide remedies. Article 26 of the Civil Code requires every person to respect the dignity, personality, privacy, and peace of mind of others. The Supreme Court has recognized that Article 26 can support claims for damages, prevention, and other relief for acts that disturb private life or humiliate another person, even if the act is not independently criminal. (Lawphil)

This is especially relevant if the unauthorized appointment caused embarrassment, reputational harm, repeated harassment, disruption of travel or work, or exposure of private information.

What to Do Immediately

1. Preserve the evidence before asking anyone to delete it

Before requesting cancellation, take screenshots and save copies of everything. Capture:

  • appointment confirmation page;
  • appointment reference number;
  • date and time of booking;
  • office, branch, clinic, school, agency, or service provider;
  • email or mobile number used, if visible;
  • QR code or barcode, if shown;
  • IP address or login history, if available;
  • sender email address and full email headers, if the notice came by email;
  • SMS sender ID and message details;
  • URL of the appointment website;
  • any messages from the suspected person;
  • proof that you did not make the booking, such as travel history, work records, or your own email logs, if relevant.

Do not rely only on screenshots. Save the email as a file, download PDFs, keep SMS messages, and write a short timeline while the details are fresh.

2. Check whether it is a real appointment or a phishing message

Some “appointment confirmations” are phishing links. Before entering any information:

  • go directly to the official website by typing the address yourself;
  • avoid clicking shortened links;
  • check whether the sender email uses an official domain;
  • call the office using numbers listed on its official website;
  • never send a selfie, OTP, password, or ID scan through a suspicious link.

For DFA passport appointments, the official system reminds users to review all fields carefully and provide complete and accurate information, and warns that incorrect or inaccurate information may result in delay, rejection, or forfeiture. (Passport Appointment System) The DFA also states that passport appointments should be made only through the official passport appointment system and discourages appointments through fixers or social media accounts. (Passport Appointment System)

3. Contact the office or platform in writing

Send a short written notice to the office, agency, or platform. Use email or a helpdesk ticket so there is a record.

State:

  • your full name;
  • the appointment reference number;
  • that you did not create or authorize the booking;
  • that you request cancellation, correction, or annotation;
  • that you request preservation of logs and related data;
  • that you want to know what personal information was used;
  • that you request confirmation in writing.

A simple message is enough:

I discovered an online appointment under my name with reference number ____ scheduled on ____. I did not create, authorize, or consent to this appointment. Please cancel or mark it as unauthorized, preserve all related logs and submitted data, and inform me what personal information was used to create it.

4. Ask for access, correction, blocking, or deletion under the Data Privacy Act

If the appointment system processed your personal data, you may invoke your rights as a data subject. Under Section 16 of the Data Privacy Act, you may request access to your personal information, dispute inaccuracies, have inaccurate information corrected, and ask for blocking, removal, or destruction when the data is false, unlawfully obtained, or used for unauthorized purposes. (National Privacy Commission)

In practice, send your request to the organization’s Data Protection Officer, privacy office, customer support, or records unit. Ask for:

  • copy of the appointment data under your name;
  • source of the information, if known;
  • email, phone number, or account used to make the booking;
  • date and time of creation;
  • whether documents or IDs were uploaded;
  • confirmation that the unauthorized record was corrected, blocked, cancelled, or annotated;
  • incident reference number.

5. File a complaint with the National Privacy Commission if the data issue is not resolved

If a government office, company, school, clinic, online platform, or service provider refuses to correct the unauthorized record, ignores your privacy request, or mishandled your personal data, you may consider filing a formal complaint with the National Privacy Commission (NPC).

The NPC states that a formal complaint must be filed in a specific format, printed and filled out, notarized, and submitted in person, by courier, or by scanned email submission. (National Privacy Commission)

Prepare:

  • notarized complaint form;
  • valid ID;
  • screenshots and appointment confirmation;
  • your written request to the organization;
  • the organization’s reply or proof of non-response;
  • timeline of events;
  • proof of harm, if any.

6. Report to NBI Cybercrime Division or PNP Anti-Cybercrime Group when there is impersonation, fraud, threat, or repeated misuse

If the facts suggest intentional identity misuse, fraud, hacking, phishing, fixer activity, harassment, or repeated unauthorized appointments, report it to a cybercrime unit.

RA 10175 designates the National Bureau of Investigation (NBI) and the Philippine National Police (PNP) as law enforcement authorities responsible for cybercrime cases, with cybercrime units or centers to handle violations of the law. (Supreme Court E-Library)

For NBI cybercrime assistance, the NBI Citizen’s Charter describes a process where complainants and witnesses execute sworn statements or submit prepared affidavits, investigators collect supporting documents, and cybercrime regional centers may handle similar complaints. (National Bureau of Investigation)

Bring or prepare:

  • valid government ID;
  • printed screenshots and digital copies;
  • appointment confirmation and reference number;
  • email headers or SMS details;
  • suspected person’s profile link, phone number, email, or account;
  • proof of loss or damage, if any;
  • draft affidavit or written narration;
  • device used to receive the message, if investigators need to inspect it.

Where to Report: Which Office Handles What?

Situation Best first step Possible office
Wrong name or accidental booking Ask platform to correct or cancel Customer support, records office, appointment unit
Personal data was used without consent Exercise data subject rights Data Protection Officer; National Privacy Commission
Your name was used to impersonate you online Preserve evidence and report NBI Cybercrime Division or PNP Anti-Cybercrime Group
Someone used your details for DFA, NBI, PSA, visa, school, hospital, or bank appointment Notify the specific office immediately The concerned agency or private institution
A fixer or scammer sold an appointment using your name Report fraud and identity misuse NBI, PNP ACG, concerned agency
You only need an official record that you reported it Request blotter or incident report Barangay or police station, depending on facts
You are abroad and need someone in the Philippines to act for you Execute an SPA or affidavit Philippine Embassy/Consulate, local notary plus apostille where accepted

For DFA apostille appointments, the DFA’s appointment system states that the document owner or an authorized representative may book an online appointment, and lists requirements for authorized representatives such as an authorization letter, copy of the owner’s valid government-issued ID, representative’s valid ID, and proof of affiliation or kinship when applicable. (DFA Appointment System)

Should You Go to the Barangay?

A barangay blotter may help create an early record, especially when the suspected person is a neighbor, relative, former partner, co-worker, or local fixer. But barangay conciliation is not always required or appropriate.

Under the Katarungang Pambarangay rules in the Local Government Code, certain disputes are excluded, including offenses punishable by imprisonment exceeding one year or a fine exceeding ₱5,000. (Lawphil) Cybercrime and data privacy offenses often involve penalties beyond barangay-level authority, so do not assume that barangay mediation is enough.

A practical approach:

  • Use the barangay for a blotter if you need an immediate local record.
  • Use the police or NBI if there is cybercrime, fraud, threat, or identity theft.
  • Use the NPC if the core issue is mishandling or unauthorized processing of your personal data.
  • Use the concerned agency’s complaint or helpdesk system if the urgent goal is cancellation, correction, or restoration of your own appointment access.

How to Write Your Incident Timeline

A clear timeline often determines whether your complaint is taken seriously. Keep it factual and avoid speculation.

Use this format:

Date and time What happened Proof
June 1, 9:15 AM Received appointment confirmation under my name Screenshot of email
June 1, 9:30 AM Checked official website and found appointment reference Screen recording or screenshot
June 1, 10:00 AM Emailed support denying authorization Sent email copy
June 2, 3:00 PM Support confirmed another email/number was used Reply email
June 3, 11:00 AM Filed incident report Blotter or complaint copy

Avoid writing statements like “I am sure X hacked me” unless you have proof. Instead, write: “I suspect X because…” and list the facts.

Special Concerns for Filipinos Abroad and Foreigners

If you are a Filipino abroad

You may need to execute an affidavit or Special Power of Attorney (SPA) so a trusted person in the Philippines can request records, appear at an office, or file documents for you. Philippine consular posts commonly notarize affidavits and SPAs for use in the Philippines, and personal appearance with valid identification is generally required for consular notarization. (Philippine Consulate LA)

Prepare:

  • valid passport or government ID;
  • draft affidavit describing the unauthorized appointment;
  • SPA naming your representative and the exact acts allowed;
  • copies of the appointment proof;
  • copies of your representative’s ID.

If you are a foreigner dealing with a Philippine office

If your documents are issued abroad, the Philippine office may require notarization, apostille, consular acknowledgment, or authentication depending on the document type, issuing country, and purpose. DFA apostille services generally concern Philippine public documents for use abroad, while foreign documents follow the rules of the issuing country and the receiving Philippine agency. (Apostille Pilipinas)

Commonly useful documents include:

  • passport bio page;
  • affidavit denying authorization;
  • police report from your country, if identity theft occurred abroad;
  • apostilled or consularized authorization for a Philippine representative;
  • screenshots and appointment records;
  • proof that you did not create the appointment.

Common Scenarios

Someone used my name for a DFA passport appointment

Act quickly because the appointment may affect your ability to book or may create confusion at the consular office. Save the appointment packet, reference number, and email. Contact DFA through the official channel and state that the booking was unauthorized. DFA appointment rules warn that inaccurate information may result in delay or rejection, and confirmed appointment schedules are non-transferable. (Passport Appointment System)

Someone used my name for an NBI clearance appointment

This is more sensitive because NBI clearance relates to identity verification. Preserve all proof, contact NBI, and consider filing directly with the NBI Cybercrime Division if your personal details were intentionally used. Bring valid ID and any appointment reference.

Someone used my name for a hospital or clinic appointment

This may involve sensitive personal information, especially if the appointment concerns health services. Ask the clinic’s privacy officer or records department to correct or block the record and confirm that no medical record was created under your name. Health information is sensitive personal information under the Data Privacy Act. (National Privacy Commission)

Someone used my name for a visa, embassy, or immigration appointment

Treat this as urgent. Notify the embassy, visa center, or immigration office in writing. Ask them to mark the appointment as unauthorized. If any document was uploaded, ask how to submit a formal correction or denial. If a representative will act for you in the Philippines, prepare a properly notarized, consularized, or apostilled authority depending on the receiving office’s requirements.

A fixer used my details to reserve a slot

Fixers may collect names and personal data to hoard slots, resell appointments, or create fake bookings. Do not pay to “release” your name. Report the booking to the official agency, preserve messages with the fixer, and consider a cybercrime report if identity details were used without authority.

Evidence Checklist

Keep both printed and digital copies.

Evidence Why it matters
Screenshot of appointment confirmation Shows existence of the unauthorized booking
Reference number, QR code, or barcode Helps the office locate the record
Full email headers Helps trace sender and technical origin
SMS screenshots Shows sender ID, number, and date
URL of appointment page Distinguishes official site from phishing site
Copy of your ID Proves you are the real data subject
Written denial of authorization Creates a clear record of non-consent
Platform or agency replies Shows whether they corrected or ignored the issue
Affidavit Useful for NPC, NBI, PNP, or agency investigation
Proof of damage Supports claims for damages, fraud, or urgency

Practical Timelines and Bottlenecks

Action Usual practical timing Common bottleneck
Screenshot and evidence preservation Same day Missing URL, cropped screenshots, deleted emails
Helpdesk cancellation or correction A few days to several weeks Generic replies, no privacy officer, high ticket volume
Data privacy request Often several days to weeks Office asks for identity verification
NPC formal complaint Depends on docketing and case complexity Notarization, incomplete attachments, unclear respondent
NBI or PNP cybercrime intake Initial intake may be same day; investigation varies Lack of technical evidence or suspect identifiers
Prosecutor-level complaint Weeks to months or longer Need for affidavits, supplemental evidence, service provider records

In cybercrime cases, logs and account records may be time-sensitive. RA 10175 includes provisions on preservation and disclosure of computer data, including preservation periods and court-warrant requirements for disclosure of certain data. (Supreme Court E-Library) This is why early reporting and a written request to preserve records can matter.

Mistakes to Avoid

  • Do not delete the confirmation email or SMS. It may be evidence.
  • Do not click suspicious links repeatedly. Use official websites.
  • Do not accuse a person publicly without proof. Public accusations can create defamation problems.
  • Do not pay fixers to cancel or “unlock” appointments.
  • Do not submit your ID to random pages claiming to fix the problem.
  • Do not rely only on a phone call. Always create a written record.
  • Do not assume the barangay can resolve a cybercrime or data privacy issue.
  • Do not ignore a government-related appointment under your name. It may later appear in records or block your own transaction.

Frequently Asked Questions

Can someone be charged for using my name in an online appointment?

Yes, if the facts show intentional unauthorized use of your identifying information, fraud, forgery, or misuse of computer data. The most relevant law is often RA 10175 on computer-related identity theft, but the Data Privacy Act, Revised Penal Code, or Civil Code may also apply depending on the facts.

Is using only my name enough for identity theft?

Not always. A name alone may be insufficient if there is no intent, no identifying details, and no damage. But a name combined with birthdate, ID number, contact details, passport information, photo, account access, or official transaction details is much stronger evidence of identity misuse.

What if the person used my email address by mistake?

If it appears accidental, start with correction. Ask the office to remove your email and confirm that no personal data was processed under your identity. If the person repeatedly uses your email after being warned, or if the appointment contains your personal details, the issue becomes more serious.

Can I ask the office to tell me who booked the appointment?

You can ask what personal information was processed and request access to your data under the Data Privacy Act. However, the office may limit disclosure of another person’s data or technical logs unless required by law enforcement, the NPC, or a court process.

Should I file with the NPC or the NBI?

File with the NPC when the main problem is unauthorized processing, refusal to correct or delete data, mishandling of personal information, or a privacy rights violation. File with the NBI or PNP Anti-Cybercrime Group when there is impersonation, fraud, phishing, hacking, threats, fixer activity, or repeated identity misuse.

Do I need a notarized affidavit?

For an initial helpdesk request, usually no. For NPC formal complaints, the NPC requires a notarized complaint format. (National Privacy Commission) For NBI, PNP, prosecutors, and many government offices, a sworn statement or affidavit is commonly required or requested.

Can I cancel the appointment myself?

Only if the system allows it and doing so will not destroy evidence. First save proof. Then cancel or ask the office to mark it unauthorized. If the appointment involves a government record, passport, visa, NBI clearance, bank, hospital, or legal document, it is better to notify the office in writing rather than silently cancelling.

What if the unauthorized appointment caused me to lose money?

Save proof of payment, receipts, failed booking attempts, travel costs, missed work, or forfeited fees. Depending on the facts, this may support a cybercrime complaint, estafa complaint, civil damages claim, or data privacy complaint.

What if I am abroad and cannot appear personally?

You may prepare an affidavit and authorize a trusted representative through a Special Power of Attorney. Depending on where you are and where the document will be used, the SPA may need consular notarization or apostille. Many Philippine consular posts require personal appearance for notarials. (Philippine Consulate LA)

Can foreigners file complaints in the Philippines?

Yes, foreigners can report identity misuse affecting Philippine transactions, especially if the appointment was made through a Philippine office, platform, agency, or computer system, or if the harm occurred in the Philippines. Documents executed abroad may need proper notarization, apostille, or consular acknowledgment depending on the receiving office.

Key Takeaways

  • Someone using your name for an online appointment may be a simple error, but it can also be identity theft, data privacy violation, fraud, or falsification.
  • Preserve evidence before asking for cancellation or deletion.
  • Notify the concerned office or platform in writing and ask for correction, cancellation, annotation, and preservation of logs.
  • Use your rights under the Data Privacy Act to request access, correction, blocking, removal, or information about how your personal data was used.
  • Report to the NPC for privacy and data-processing issues.
  • Report to the NBI Cybercrime Division or PNP Anti-Cybercrime Group when there is intentional identity misuse, fraud, hacking, phishing, threats, or repeated unauthorized use.
  • Barangay blotters can help create a local record, but serious cybercrime or data privacy cases usually require the proper agency, police, NBI, prosecutor, or NPC process.
  • Filipinos abroad and foreigners should prepare properly notarized, consularized, or apostilled documents when appointing a Philippine representative or submitting foreign-issued documents.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login