What to Do If Someone Uses Your Restaurant Photos to Scam Customers Online

If someone is using your restaurant photos online to collect payments, accept fake orders, or pretend to be connected with your business, treat it as an active scam—not merely “photo stealing.” Your priorities are to stop the fake page or listing, preserve evidence before it disappears, warn customers clearly, report the fraud to the right agencies and platforms, and protect your restaurant’s name, goodwill, and copyrighted images.

This situation commonly happens on Facebook pages, Instagram accounts, TikTok shops, fake websites, food delivery impersonators, marketplace listings, and group chats. The scammer may copy your food photos, logo, menu, store façade, customer reviews, or staff images, then post a fake promo such as “50% off bilao orders,” “reservation fee required,” “pay now via GCash,” or “pre-order only.” The legal problem can involve cybercrime, estafa, copyright infringement, unfair competition, false advertising, consumer protection, and civil damages.

Why using restaurant photos for a scam is legally serious

Restaurant photos can carry real business value. A good food photo tells customers: “This dish exists, this restaurant prepared it, and this business stands behind the order.” When a scammer uses those photos to sell fake food, they are not only copying images. They are borrowing your credibility to deceive the public.

In Philippine law, the same act may create several layers of liability:

What the scammer did Possible legal issue
Copied your food photos or menu photos Copyright infringement under the Intellectual Property Code
Used your restaurant name, logo, menu style, or page identity Unfair competition, false designation, trademark or trade name misuse
Collected payments from customers for fake orders Estafa or swindling, possibly cybercrime if done online
Pretended to be affiliated with your restaurant Deceptive sales practice and false representation
Used personal names, contact numbers, or business identifying details Computer-related identity theft or data privacy issues, depending on the facts
Damaged your reputation or caused loss of customers Civil action for damages and possible injunction

Under Republic Act No. 10175, the Cybercrime Prevention Act of 2012, computer-related fraud covers unauthorized input, alteration, or deletion of computer data or interference in a computer system causing damage with fraudulent intent, and computer-related identity theft covers the intentional misuse of identifying information belonging to another person or juridical entity without right. The same law also provides that crimes under the Revised Penal Code or special laws, if committed through information and communications technology, are covered by the Cybercrime Prevention Act. (Supreme Court E-Library)

Key Philippine laws that may apply

Cybercrime and online estafa

If the scammer pretends to sell your restaurant’s food and induces customers to send money, the core criminal issue is usually fraud.

Article 315 of the Revised Penal Code punishes estafa, or swindling, when a person defrauds another through abuse of confidence, false pretenses, or fraudulent acts. One common form is using a fictitious name, falsely pretending to possess agency, business, credit, property, or other similar deceit. (Lawphil)

When the fraud is committed through Facebook, Instagram, a website, chat app, e-wallet instruction, online ad, QR code, or similar digital means, Republic Act No. 10175 becomes important. The NBI and PNP are the law enforcement authorities tasked to handle cybercrime cases, and cybercrime cases fall under the jurisdiction of Regional Trial Courts designated as cybercrime courts. (Supreme Court E-Library)

In practical terms, customers who actually paid the scammer may be complainants for estafa. The restaurant may also be a complainant if its identity, goodwill, copyrighted photos, trade name, customer trust, or business reputation was used and damaged.

Copyright over restaurant photos

Food photos, menu photos, interior photos, and promotional images may be protected by copyright. The Intellectual Property Code, Republic Act No. 8293, includes photographic works, pictorial illustrations, and advertisements among protected literary and artistic works. These works are protected from the moment of creation, regardless of whether they were registered. (Lawphil)

Copyright gives the rights holder the exclusive right to reproduce the work, publicly display it, distribute copies, and communicate it to the public. Posting copied restaurant photos on a fake page or scam listing can therefore violate the copyright owner’s rights. (Lawphil)

One important practical detail: paying a photographer does not always mean the restaurant owns the copyright. Under Section 178.4 of the IP Code, in commissioned works, the person who commissioned and paid for the work owns the physical or commissioned work, but the copyright remains with the creator unless there is a written stipulation saying otherwise. For employee-created works, copyright may belong to the employer if the photo was made as part of the employee’s regularly assigned duties, unless there is a contrary agreement. (Lawphil)

So before filing a copyright takedown or complaint, check who legally owns the photos:

  • Did an employee take the photos as part of their job?
  • Did a freelance photographer sign a copyright assignment?
  • Did the restaurant only receive a limited license to post the photos?
  • Are the photos from a supplier, franchise head office, influencer, or stock image site?
  • Are there original files, invoices, emails, or written permissions?

Even if copyright ownership is unclear, the scam may still be reportable as impersonation, fraud, unfair competition, or deceptive online selling.

Unfair competition and false association

A restaurant can also rely on its business goodwill. Under Section 168 of the IP Code, a person who has identified in the public mind his goods, business, or services has a property right in that goodwill. Anyone who uses deception or means contrary to good faith to pass off their goods, business, or services as those of another may be liable for unfair competition. (Lawphil)

This matters when the scammer does more than copy a single photo. For example:

  • using your restaurant name or a confusingly similar name;
  • using your logo, store façade, color scheme, menu layout, or watermark;
  • claiming to be your “new branch,” “delivery partner,” “authorized reseller,” or “promo page”;
  • reposting your real reviews to make the fake page look legitimate;
  • using your food photos beside a different payment account.

Section 169 of the IP Code also covers false or misleading representations likely to cause confusion about affiliation, connection, association, origin, sponsorship, or approval of goods, services, or commercial activities. (Lawphil)

Consumer protection and deceptive online selling

Republic Act No. 7394, the Consumer Act of the Philippines, prohibits deceptive sales acts or practices before, during, or after a consumer transaction. A seller or supplier acts deceptively when, through concealment, false representation, or fraudulent manipulation, the consumer is induced to enter into a sales or lease transaction. The law specifically includes false claims that a product or service has sponsorship, approval, characteristics, benefits, availability, or affiliation that it does not have. (Supreme Court E-Library)

The Department of Trade and Industry accepts consumer complaints involving deceptive, unfair, and unconscionable sales acts. DTI’s complaint guidance asks for the complainant’s name and contact details, respondent information, narration of facts, demand, proof of transaction, and a government-issued ID. (E-Sigaw)

For online sellers, DTI’s e-commerce guidance says complaints against online sellers may be sent to the DTI Fair Trade Enforcement Bureau, with the E-Commerce Office copied. (DTI ECommerce)

Internet Transactions Act of 2023

Republic Act No. 11967, the Internet Transactions Act of 2023, is also relevant because it covers internet transactions where one party is situated in the Philippines or where the digital platform, e-retailer, or online merchant is availing of the Philippine market and has minimum contacts here. It expressly includes digital platforms such as e-marketplaces, mobile application platforms, online delivery platforms, social media platforms, and travel platforms. (Supreme Court E-Library)

This law is useful when the scam happens through a digital platform or online marketplace. It strengthens the policy direction that online transactions should protect consumer rights, data privacy, secure internet transactions, and intellectual property rights.

Civil damages

Even aside from criminal liability, the restaurant may have a civil claim. Articles 19, 20, and 21 of the Civil Code require persons to act with justice, give everyone their due, observe honesty and good faith, and indemnify others for damage caused contrary to law or in a manner contrary to morals, good customs, or public policy. (Lawphil)

Civil remedies may include actual damages, moral damages in proper cases, exemplary damages, attorney’s fees, and injunction. An injunction is a court order requiring someone to stop doing something, such as continuing to use the restaurant’s identity or photos.

What to do immediately if your restaurant photos are being used in an online scam

1. Do not rely on screenshots alone—preserve evidence properly

Scam pages disappear quickly. Administrators can delete posts, change usernames, deactivate accounts, remove comments, or edit payment details. Before sending angry messages or publicly tagging the scammer, preserve the evidence.

Save:

  1. Full-page screenshots showing the fake page name, profile URL, post date, captions, comments, payment instructions, and customer messages.
  2. Screen recordings scrolling through the fake page, opening the “About” section, clicking the URL bar, and showing the date and time on your device.
  3. Direct links to the fake page, post, ad, profile, group post, marketplace listing, website, or delivery listing.
  4. Profile identifiers, such as usernames, page IDs, phone numbers, email addresses, QR codes, GCash numbers, Maya numbers, bank account details, and delivery rider details.
  5. Payment evidence from customers, including receipts, transaction reference numbers, bank slips, e-wallet screenshots, and chat instructions.
  6. Your original photos, including raw files, timestamps, metadata, cloud upload records, photographer invoices, contracts, and old social media posts showing prior publication.
  7. Customer complaints, preferably with the customer’s full name, contact number, date of transaction, amount paid, and a short written account of what happened.

Electronic documents can be used as evidence in the Philippines when integrity, reliability, and authentication requirements are satisfied. Republic Act No. 8792, the Electronic Commerce Act, recognizes electronic documents as the functional equivalent of written documents for evidentiary purposes, subject to authentication and best evidence rules. (Supreme Court E-Library)

The Supreme Court has also recognized that photos and Facebook Messenger messages obtained by private individuals may be admissible in court, depending on how they were obtained and authenticated. (Supreme Court of the Philippines)

2. Warn customers clearly, but avoid risky accusations

Post a short, factual warning on your official channels:

  • Pin it on your Facebook page and Instagram.
  • Put it on your website, Google Business Profile, and TikTok bio if relevant.
  • Tell customers your only official ordering channels.
  • List the fake page name or fake account link if needed, but avoid doxxing private individuals.
  • State that your restaurant does not accept payments through the scammer’s number or account.
  • Ask affected customers to preserve receipts and messages.

Avoid statements such as “This person is definitely the scammer” unless law enforcement has verified it. The payment account holder, page admin, SIM owner, and real scam operator may be different people. A careless public accusation can create separate defamation or privacy issues.

A safer warning is:

“We have received reports of a fake page using our restaurant photos and collecting payments for orders not connected with our business. Our only official ordering channels are listed below. Please do not send payment to any unverified account. If you paid the fake page, please save your receipts and screenshots and report the incident to the proper authorities.”

3. Report the fake page, post, ad, or website to the platform

Use the platform’s strongest reporting category. For restaurant photo scams, you may need to file more than one report:

Platform issue Best report type
Copied food photos Copyright infringement
Copied logo or restaurant name Trademark or brand impersonation
Fake restaurant page Impersonation or fake business
Fake promo collecting payment Scam, fraud, or deceptive content
Fake website Phishing or fraudulent site report
Paid ad using copied photos Ad policy violation plus IP report

For Facebook and Instagram, Meta provides intellectual property reporting channels and says reports alleging infringement should come from the rights owner or an authorized representative. (Facebook)

If the scam involves a fake website or phishing page appearing in search results, Google provides channels to report spam, phishing, malware, and unsafe sites. (Google for Developers)

When filing a platform report, include:

  • the original photo links from your official page or website;
  • the copied photo links from the fake page;
  • your business registration documents if available;
  • proof that you own or are authorized to use the photos;
  • a short explanation that the photos are being used to collect fraudulent payments.

4. Report payment accounts immediately

If customers paid through GCash, Maya, bank transfer, QRPH, or another payment channel, time matters. Funds may be transferred out quickly.

Ask affected customers to report directly to their payment provider because they are the account holders who made the transfers. For example, GCash advises scam victims to report to authorities such as the PNP or NBI, report to GCash immediately with details and screenshots, and block the scammer. (GCash Help Center)

The restaurant should also compile all payment details reported by customers and submit them to law enforcement. Do not expect the e-wallet or bank to disclose the account holder’s personal details directly to you. Subscriber, banking, or account information is usually released through proper legal process, law enforcement request, subpoena, or court order.

5. Report to cybercrime authorities

For an active online restaurant scam, the usual government channels are:

Office or channel When it helps Practical notes
CICC / Inter-Agency Response Center hotline 1326 Ongoing online scam needing quick routing or guidance The hotline is used for reporting scams and cybercrime concerns; enforcement is coordinated with agencies such as PNP-ACG and NBI-CCD. (Philippine Information Agency)
PNP Anti-Cybercrime Group Cybercrime complaint, online fraud, fake page, identity misuse Bring organized evidence, IDs, business documents, and customer complainant details.
NBI Cybercrime Division Computer-related fraud, identity misuse, digital evidence investigation NBI’s citizen charter for computer crime victims lists complaint intake, sworn statements, and device/document examination, with no filing fee stated for the service. (National Bureau of Investigation)
City or Provincial Prosecutor’s Office Filing a criminal complaint for estafa, cybercrime, or related offenses Usually requires complaint-affidavits, evidence, IDs, and witness affidavits.
DTI Consumer Care / FTEB Consumer complaints, deceptive online selling, fake merchant transactions Useful especially when consumers paid for supposed products or services. (E-Sigaw)
IPOPHL or courts IP infringement, unfair competition, brand misuse Useful for repeat infringers, counterfeit-style listings, or broader brand abuse.

For cybercrime investigations, the law recognizes that subscriber information, traffic data, content data, search and seizure of computer data, and blocking or takedown issues may require proper legal process. RA 10175 includes preservation of computer data, disclosure upon court warrant, search and seizure, and access restriction procedures. (Supreme Court E-Library)

6. Prepare a proper complaint packet

A well-organized complaint packet saves time and makes it easier for investigators, prosecutors, platforms, and payment providers to act.

Prepare these documents:

Document Why it matters
Government-issued ID of complainant or authorized representative Proves identity
DTI business name registration, SEC certificate, GIS, mayor’s permit, BIR registration, or franchise documents Proves the legitimate restaurant business
Authorization letter, board resolution, secretary’s certificate, or SPA Needed if the complainant signs for a corporation, partnership, franchise, or owner abroad
Complaint-affidavit Narrates facts under oath
Screenshots and screen recordings Shows the scam content
URLs and page identifiers Helps trace and preserve digital evidence
Original photos and proof of ownership or license Supports copyright or IP takedown
Photographer contract or assignment Clarifies who owns copyright
Customer affidavits or written statements Shows actual deception and payment
Payment receipts and transaction IDs Supports fraud, tracing, and loss
Public warning posts and customer inquiries Shows business impact and mitigation
Platform takedown reports and responses Shows efforts to stop the scam
Loss summary Shows financial and reputational damage

For corporations or foreign owners, authorization matters. A manager cannot always file and sign everything unless properly authorized. If the owner is abroad, Philippine authorities may require a notarized and apostilled special power of attorney or board secretary’s certificate, depending on the document, country, and use.

Foreign businesses should also note that the IP Code gives protection to persons from countries that are parties to relevant IP conventions or that extend reciprocal rights to Filipinos. Foreign juridical persons meeting the IP Code requirements may bring civil or administrative actions for trademark enforcement, unfair competition, false designation of origin, and related claims even if they are not licensed to do business in the Philippines. (Lawphil)

Should you send a demand letter?

A demand letter can help when you know who is behind the misuse, such as a competitor, former employee, ex-franchisee, unauthorized reseller, influencer, photographer, or marketing agency. It can demand takedown, preservation of records, cessation of use, accounting of payments, and compensation.

But for anonymous scam pages, a demand letter may be less useful than immediate evidence preservation, platform reporting, payment-channel reporting, and cybercrime reporting. If you warn the scammer too early, they may delete the page, move funds, change numbers, or create a new account.

A demand letter should normally include:

  • your restaurant’s legal name and official channels;
  • the specific fake pages, posts, URLs, numbers, and payment accounts;
  • the copyrighted photos, logo, trade name, or confusing elements used;
  • the law or rights being invoked;
  • a demand to cease, take down, preserve records, and account for payments;
  • a deadline;
  • a statement that you reserve civil, criminal, administrative, and platform remedies.

Common mistakes restaurant owners make

Mistake 1: Reporting the page before saving evidence

Platforms sometimes remove content quickly. That is good for customer safety but bad if you failed to document the scam. Capture evidence first unless the scam is causing immediate widespread harm.

Mistake 2: Assuming “we paid for the photos” means “we own the copyright”

For freelance or commissioned photos, copyright may remain with the photographer unless a written assignment says otherwise. Get written copyright assignments or broad commercial licenses for all future shoots.

Mistake 3: Only filing a copyright report

A scam page may survive a weak copyright report by changing the photos. Report all applicable issues: impersonation, fraud, fake business, trademark misuse, copied photos, fake ads, and payment scam.

Mistake 4: Not involving customers who paid

If no customer paid, the case may still involve attempted cybercrime, identity misuse, unfair competition, or IP infringement. But if customers paid, their receipts and affidavits become very important for estafa or fraud.

Mistake 5: Publicly posting private account details without care

It is usually acceptable to warn customers about fake channels, but avoid unnecessary exposure of private personal data. Let banks, e-wallets, platforms, and law enforcement handle identity verification.

Mistake 6: Ignoring Google Business Profile, maps, and delivery apps

Scammers may copy your photos into fake listings, not just social media pages. Check Google Maps, food delivery apps, marketplace posts, and sponsored ads.

Mistake 7: Waiting until the scam becomes viral

The faster you document, warn, report, and request payment-channel action, the better. Delay gives scammers time to collect more payments and disappear.

Practical prevention steps for restaurants

You cannot stop every scammer, but you can make your restaurant harder to impersonate.

  1. Maintain one official link hub. Put your official website, Facebook, Instagram, TikTok, delivery links, reservation link, phone number, and payment rules in one page.
  2. Pin your official ordering rules. State whether you accept reservation fees, deposits, GCash, bank transfer, or COD.
  3. Use consistent watermarks. A discreet watermark can help customers identify stolen photos, though it does not replace copyright proof.
  4. Register important marks. Consider registering your restaurant name and logo as trademarks with IPOPHL, especially if you have branches, franchise plans, packaged products, or strong brand recognition.
  5. Keep original photo files. Store raw files, edited files, invoices, photographer agreements, and publication dates.
  6. Use written photographer agreements. Include copyright assignment or a clear, broad, perpetual commercial license.
  7. Monitor copied content. Search your restaurant name, menu item names, and key photos regularly.
  8. Train staff. Frontliners should know what to say when customers ask, “Is this promo legit?”
  9. Create a scam response template. Have ready-made evidence folders, public warning text, and platform reporting links.
  10. Avoid confusing unofficial pages. Old branch pages, fan pages, and unused promo pages can confuse customers and make impersonation easier.

Frequently Asked Questions

Can I file a case if someone copied my restaurant photos from Facebook?

Yes. Posting photos publicly on Facebook does not automatically give others permission to copy them for commercial use or scams. If the photos are original and protected, copying and reposting them may violate copyright. If the photos are used to make customers believe the fake seller is your restaurant, the issue may also involve unfair competition, false association, deceptive selling, estafa, or cybercrime.

Is using my restaurant photos for fake orders considered cybercrime?

It can be, depending on the facts. If the scammer uses online posts, fake pages, chats, websites, or e-wallet instructions to deceive customers and collect money, the conduct may involve estafa under Article 315 of the Revised Penal Code in relation to Republic Act No. 10175. If your restaurant’s identifying information is misused, computer-related identity theft may also be considered.

Who should file the complaint—the restaurant or the customers?

Usually both sides can help. Customers who paid have direct evidence of financial loss. The restaurant has evidence of brand misuse, copied photos, official channels, business registration, customer confusion, and reputational damage. A stronger complaint often includes both the restaurant’s evidence and affected customers’ receipts or affidavits.

What if the scammer used my photos but did not use my restaurant name?

There may still be copyright infringement if the photos were copied without authority. If customers are not being led to believe the seller is your restaurant, the unfair competition or impersonation angle may be weaker, but copyright and platform takedown remedies may still apply.

What if a freelance photographer owns the copyright?

Ask the photographer to file the copyright takedown or sign an authorization allowing the restaurant to act. If your contract includes a copyright assignment or sufficient enforcement authority, include that document in your report. If there is no written assignment, the restaurant may still report impersonation, scam activity, fake business, unfair competition, or misuse of trade name and goodwill.

Can I ask GCash, Maya, or the bank for the scammer’s identity?

You can report the transaction details, but payment providers usually cannot disclose account holder information directly to private persons without proper legal basis. Law enforcement, prosecutors, courts, and authorized processes are typically needed to obtain subscriber, banking, or account information.

Are screenshots enough evidence?

Screenshots help, but they are stronger when supported by URLs, screen recordings, timestamps, original files, payment receipts, customer statements, and testimony from the person who captured them. Electronic evidence must still be authenticated and shown to be reliable.

Should I go to the barangay first?

For an online scam involving estafa, cybercrime, anonymous accounts, payment channels, or parties in different cities, barangay conciliation is often not the most effective first step. Go directly to cybercrime authorities, the payment provider, the platform, and, when appropriate, the prosecutor or DTI. Barangay proceedings may be relevant only for some civil disputes between identifiable parties covered by the Katarungang Pambarangay system.

Can a foreign restaurant owner file in the Philippines?

Yes, but documentation must be handled carefully. A foreign owner or foreign company may need proof of authority, corporate existence, authorization of the Philippine representative, and notarized or apostilled documents if signed abroad. For IP matters, the IP Code recognizes rights of qualified foreign nationals and juridical persons under conventions, treaties, reciprocity, and specific provisions on enforcement.

How long does takedown or investigation take?

Platform takedowns can happen quickly or take repeated reports, especially if the fake page changes content. Payment-provider action depends on how fast the report is made and whether funds remain. Cybercrime intake may be quick, but full investigation, identification of suspects, subpoenas, warrants, prosecutor review, and court proceedings can take much longer. The safest approach is to preserve evidence and report through multiple proper channels immediately.

Key Takeaways

  • Copying restaurant photos for fake online orders is not just a copyright issue; it may involve estafa, cybercrime, unfair competition, deceptive selling, and civil damages.
  • Preserve evidence before confronting the scammer or filing takedown reports.
  • Save URLs, screenshots, screen recordings, payment details, customer statements, and original photo files.
  • Report the fake content to the platform under copyright, impersonation, fraud, and scam categories where applicable.
  • Ask affected customers to report payment transactions immediately to their e-wallet or bank.
  • Use proper government channels such as CICC hotline 1326, PNP Anti-Cybercrime Group, NBI Cybercrime Division, DTI, and, when needed, the prosecutor’s office or courts.
  • Check photo ownership before filing copyright claims, especially for freelance or commissioned shoots.
  • Restaurants should maintain clear official ordering channels, written photographer agreements, and a prepared scam response process.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.