What to Do If Someone Uses Your Restaurant Photos to Scam Customers Online

When someone steals your restaurant photos and uses them to trick customers into paying for fake orders, reservations, promos, or delivery slots, the problem is not just “photo stealing.” In the Philippines, this can involve copyright infringement, online impersonation, estafa or swindling, computer-related fraud, identity theft, unfair competition, and consumer deception. The fastest response is usually a mix of evidence preservation, platform takedown, customer warning, payment-channel reporting, and a formal cybercrime complaint.

Why Restaurant Photo Scams Are Legally Serious in the Philippines

A common scenario looks like this:

A scammer copies your restaurant’s food photos, menu photos, logo, customer reviews, or interiors from Facebook, Instagram, TikTok, Google Business Profile, GrabFood, Foodpanda, or your website. They create a fake page or marketplace listing that looks like your restaurant. Customers message the fake account, pay through GCash, Maya, bank transfer, or remittance, and later complain to your real business when no food arrives.

Legally, several separate wrongs may be happening at the same time:

What the scammer does Possible legal issue
Copies your food photos without permission Copyright infringement under the Intellectual Property Code
Uses your restaurant name, logo, or branding Trademark infringement, trade name violation, or unfair competition
Pretends to be your restaurant Computer-related identity theft or false representation
Collects payment for fake orders Estafa, online fraud, or financial account scamming
Uses fake bank/e-wallet accounts or money mules Possible violation of the Anti-Financial Account Scamming Act
Misleads customers about goods or services Consumer Act violations and deceptive sales practices

The practical goal is to stop the scam quickly, protect customers, preserve evidence before it disappears, and help law enforcement trace the account, payment wallet, phone number, or bank account used.

Legal Basis: What Philippine Laws May Apply

Copyright Protection for Restaurant Photos

Under the Intellectual Property Code of the Philippines, Republic Act No. 8293, photographic works are protected as original literary and artistic works. Section 172 includes “photographic works,” and Section 172.2 says works are protected from the moment of creation.

This means your food photos do not need to be registered with IPOPHL before they are protected. IPOPHL also explains in its photography and copyright guidance that registration is not required for copyright protection, although registration can help prove ownership.

Restaurant owners should still check who legally owns the photo:

  • If you personally took the photo, you generally own the copyright.
  • If your employee took the photo as part of regular assigned duties, the employer may own the copyright under Section 178.3 of RA 8293, unless there is a different agreement.
  • If you hired an independent photographer, the photographer may still own the copyright unless your contract says the copyright was assigned to you in writing. In many cases, the restaurant only has a license to use the photos.
  • Even if you do not own the copyright, you may still have rights over your restaurant name, brand, logo, trade name, and goodwill.

The scammer’s use is usually not “fair use” because they are using the photos commercially to mislead customers and obtain money.

Trade Name, Brand, and Unfair Competition

If the scammer uses your restaurant name, logo, page layout, menu design, or branding to make people believe they are dealing with your real business, RA 8293 may also apply beyond copyright.

Section 165 protects trade names or business names against unlawful third-party use, even before or without registration, when such use is likely to mislead the public. Section 168 on unfair competition protects the goodwill of a business and covers acts calculated to make customers believe that one person’s goods or services are those of another.

This matters because some scammers do not merely copy one photo. They copy the “look” of the restaurant online: same dishes, same logo, similar captions, same address, same comments, and fake “DM to order” instructions.

Cybercrime Law: Online Identity Theft and Computer-Related Fraud

The Cybercrime Prevention Act of 2012, Republic Act No. 10175, may apply when the scam is committed through Facebook, Instagram, TikTok, websites, messaging apps, online ads, or e-wallet communications.

Relevant provisions include:

  • Computer-related fraud under Section 4(b)(2), involving unauthorized computer data or system activity causing damage with fraudulent intent.
  • Computer-related identity theft under Section 4(b)(3), involving the intentional use, misuse, or possession of identifying information belonging to another, whether a natural person or juridical person, without right.
  • Section 6, which covers crimes under the Revised Penal Code and special laws when committed through information and communications technologies, with a higher penalty.
  • Section 10, which designates the NBI and PNP as law enforcement authorities responsible for cybercrime enforcement.
  • Section 21, which gives Regional Trial Courts jurisdiction over cybercrime cases.

A restaurant is a juridical person if it is a corporation, partnership, or registered entity. Even a sole proprietor can be harmed when the business name, address, photos, and customer trust are misused.

Estafa or Swindling

Article 315 of the Revised Penal Code punishes estafa, commonly called swindling. In online restaurant scams, the fraud usually involves false pretenses: the scammer pretends to be the real restaurant, claims they can deliver food or accept reservations, and induces customers to send money.

For estafa by deceit, the usual practical elements are:

  1. The scammer made a false representation or used fraudulent means.
  2. The false representation was made before or at the same time the customer paid.
  3. The customer relied on it.
  4. The customer suffered damage.

The restaurant itself may not be the person who paid money, but the restaurant can still be a complainant or witness for impersonation, copyright infringement, unfair competition, and damage to goodwill. The paying customers are important complainants for estafa because they suffered the direct financial loss.

Anti-Financial Account Scamming Act

The Anti-Financial Account Scamming Act, Republic Act No. 12010, is relevant when the scam uses bank accounts, e-wallets, or other financial accounts to receive or move proceeds.

RA 12010 covers money muling activities and social engineering schemes involving financial accounts. A “money mule” situation may exist when someone lends, sells, rents, opens, or allows the use of a financial account to receive proceeds from scams.

For restaurants and victims, this is important because reporting the payment account quickly may help the bank, e-wallet provider, BSP-supervised institution, or law enforcement flag the account and preserve transaction records.

Consumer Protection and DTI Complaints

The Consumer Act of the Philippines, Republic Act No. 7394, protects consumers against deceptive, unfair, and unconscionable sales acts or practices. Article 50 treats a sales act as deceptive when false representation or fraudulent manipulation induces a consumer to enter into a transaction.

For online seller complaints, the DTI E-Commerce Office says consumers may file complaints with the DTI Fair-Trade Enforcement Bureau through the channels listed in the DTI e-commerce FAQs. In practice, however, if the “seller” is not a real registered business and the facts point to a scam, the matter is usually referred to cybercrime authorities such as the PNP Anti-Cybercrime Group or NBI Cybercrime Division.

What to Do Immediately

1. Preserve Evidence Before Reporting the Page

Do not rely only on ordinary screenshots. Social media pages can be deleted, renamed, blocked, or edited within minutes after the scammer realizes they have been discovered.

Collect:

  • Full-page screenshots showing the fake account name, profile photo, cover photo, posts, captions, comments, and message buttons.
  • The exact URL of the fake page, profile, post, ad, or marketplace listing.
  • Screen recordings showing how the fake page appears on the platform.
  • Screenshots of conversations with the fake seller.
  • Payment instructions given by the scammer.
  • GCash, Maya, bank, or remittance account name and number.
  • Transaction receipts from victims.
  • Dates and times of posts, messages, and payments.
  • Names or usernames of people complaining that they were scammed.
  • Your original photos, source files, upload dates, camera metadata, content calendar, or old posts showing prior use.

For your own photos, keep the highest-resolution originals, not just social media copies. If you hired a photographer, keep the contract, invoice, email exchange, or written permission showing your right to use the photos.

2. Make a Clear Public Warning Without Overstating Facts

Post a short warning on your official channels. Keep it factual and avoid naming private individuals unless verified by law enforcement or clearly shown by public platform data.

A safe warning usually says:

  • Your only official ordering channels.
  • The fake page or account URL, if needed for identification.
  • A reminder not to send payments to unverified accounts.
  • A request for affected customers to preserve screenshots and receipts.
  • A statement that the matter has been reported or is being reported.

Avoid statements like “this person is a criminal” unless there is already a clear legal basis. Public accusations can create unnecessary cyberlibel risk if the wrong person is identified or if a hacked account was used.

3. Report the Fake Page to the Platform

Use the platform’s internal tools first because they can sometimes remove impersonation or copyright violations faster than government action.

Choose the strongest category available:

  • Impersonation of a business
  • Fraud or scam
  • Intellectual property or copyright infringement
  • Trademark infringement
  • Fake page pretending to be another business
  • Misleading ads or unauthorized use of images

If the scammer is running paid ads, report the ad itself, not just the page. Ads may have separate ad IDs and review systems.

For stronger takedown requests, attach:

  • Your DTI business name certificate, SEC certificate, Mayor’s Permit, BIR registration, or barangay business clearance.
  • Trademark registration certificate, if any.
  • Proof of official website or verified social media page.
  • Original photo files or links to earlier posts.
  • Screenshots showing the scammer copied your images and used them to collect payments.

4. Tell Affected Customers to Report Payments Immediately

The restaurant should not promise that victims will recover their money. Instead, give practical instructions:

  • Contact the bank or e-wallet provider immediately.
  • Use the provider’s fraud or unauthorized transaction reporting channel.
  • Save the ticket number or case reference number.
  • Call the government anti-scam hotline if available.
  • File a cybercrime complaint if money was lost.

Victims should report quickly because e-wallet and bank records, device logs, SIM details, and account movement are time-sensitive. Funds may be withdrawn, transferred, or converted through mule accounts.

5. File a Cybercrime Complaint

For formal investigation, complaints may be brought to the PNP Anti-Cybercrime Group or the NBI Cybercrime Division. The NBI’s Citizen’s Charter page for investigative assistance for victims of computer crimes describes the intake process, including filing a complaint sheet, preliminary interview, sworn statements, and collection of supporting documents.

A practical complaint package should include:

Document or evidence Why it matters
Government-issued ID of complainant Establishes identity of the person filing
Business registration documents Shows authority to act for the restaurant
Secretary’s Certificate or SPA, if corporation/representative Shows authority to file for the company
Sworn affidavit or complaint-affidavit Formal narrative of facts under oath
Screenshots and screen recordings Shows the fake page, posts, and messages
Fake account URLs and usernames Helps trace the account
Original photos and proof of first use Supports copyright or brand misuse
Victim receipts and chat logs Supports estafa and financial fraud
Payment account details Helps trace bank/e-wallet movement
Platform takedown reports and ticket numbers Shows prior action and preserves timeline

Bring both printed copies and digital copies. Some investigators will ask for files on a USB drive or email, but the preferred format can vary by office.

6. Ask for Preservation of Digital Evidence

Under RA 10175 and the Supreme Court’s Rule on Cybercrime Warrants, A.M. No. 17-11-03-SC, law enforcement can use legal processes involving preservation, disclosure, search, seizure, examination, and custody of computer data.

Ordinary complainants cannot directly force Facebook, TikTok, Google, a bank, or an e-wallet provider to disclose subscriber data. That usually requires law enforcement action, proper requests, or court-issued cybercrime warrants. What you can do is provide enough facts for investigators to identify what data should be preserved and from which platform or financial institution.

Should You File With the Barangay?

A barangay blotter may help document that you reported the incident locally, especially if angry customers are visiting the restaurant or if staff need a record of harassment. But barangay officials generally cannot investigate anonymous cybercriminals, compel social media platforms to disclose account data, freeze e-wallets, or issue cybercrime warrants.

Barangay conciliation under the Katarungang Pambarangay system is usually useful only when the parties are known, are within the proper local jurisdiction, and the dispute is legally covered by barangay conciliation. For fake pages, unknown scammers, cross-city victims, or cybercrime involving online platforms, go directly to cybercrime authorities.

If You Are a Foreigner or Abroad

Foreign restaurant owners, foreign investors, overseas Filipinos, and franchisors abroad often face extra documentation issues.

If you cannot personally appear in the Philippines, you may need:

  • A Special Power of Attorney authorizing a local manager, partner, or lawyer to file complaints and sign documents.
  • A notarized affidavit explaining the ownership and authorized use of the photos, brand, and social media accounts.
  • Business documents from abroad, if the foreign entity owns the brand or photos.
  • Apostille or consular authentication, depending on where the document was executed.

For documents from Apostille Convention countries, the DFA explains the process through its Philippine Apostille information portal. For documents signed before a Philippine embassy or consulate, consular notarization may be used for affidavits, SPAs, and similar private documents.

Foreigners should also remember that Philippine business, immigration, tax, and ownership rules may affect who is authorized to represent the restaurant locally. The person filing the complaint should have clear written authority.

Common Mistakes That Make the Case Harder

Deleting or Editing Evidence

Do not delete customer comments, angry messages, or suspicious posts before saving them. Even hostile messages can help show how the scam affected your restaurant’s reputation.

Only Reporting “Copyright” When the Bigger Issue Is Fraud

A copyright takedown may remove copied photos, but it may not preserve payment records or identify the scammer. If customers paid money, treat it as a possible cybercrime and financial scam, not just an IP issue.

Posting Emotional Accusations Online

It is understandable to be angry. But public posts should be controlled and factual. Focus on warning customers and identifying official channels.

Waiting Too Long

Online evidence is fragile. Scammers change usernames, delete posts, hide comments, block complainants, and move money quickly. Report the fake page and payment account as soon as possible.

Assuming a Verified-Looking Page Is Real

Fake pages may buy ads, copy reviews, use professional photos, and display a real restaurant address. Customers should verify through the restaurant’s official website, official phone number, verified page, or physical branch.

Practical Timelines and Costs

Action Typical practical timeline Usual cost
Saving screenshots and screen recordings Same day None
Public warning on official pages Same day None
Platform report or takedown request Hours to several days, sometimes longer None
Bank/e-wallet fraud report by victim Same day recommended None
NBI/PNP cybercrime complaint intake Often same day, depending on queue and completeness No filing fee for complaint intake
Notarized affidavit Same day to a few days Private notarial fee varies
Investigation, subpoenas, warrants, coordination Weeks to months Varies
Prosecutor preliminary investigation Months, depending on docket and evidence Usually no prosecutor filing fee for criminal complaint
Civil/IP case Months to years Filing fees and professional costs vary

The biggest bottlenecks are usually incomplete evidence, unknown suspects, fake or mule financial accounts, slow platform responses, and customers who do not want to execute affidavits after being scammed.

Frequently Asked Questions

Can I sue someone for using my restaurant photos in the Philippines?

Yes, if you own the copyright or have the legal right to enforce it. Restaurant photos may be protected under RA 8293 from the moment they are created. If the photos were taken by an independent photographer, check whether your contract transferred copyright to you. If not, you may still have claims based on trade name, trademark, unfair competition, impersonation, or damage to business goodwill.

Is using my food photos on a fake Facebook page a crime?

It can be. The act may involve copyright infringement, computer-related identity theft, computer-related fraud, estafa, unfair competition, or deceptive sales practices, depending on the facts. If the fake page collects payments from customers, it should be treated as a possible cybercrime and online scam.

What if the scammer says “credits to the owner”?

That does not automatically make the use legal. Crediting the owner is not the same as getting permission, especially if the photo is used to mislead customers and collect payments.

Should I report to Facebook first or to the police first?

Do both, but preserve evidence before reporting. Platform reports may remove the fake page quickly, while police or NBI complaints help with investigation and possible prosecution. If money was paid, the affected customer should also report immediately to the bank, e-wallet, or remittance provider.

Can the restaurant file the complaint even if customers were the ones who lost money?

Yes, the restaurant can report impersonation, copyright misuse, trade name misuse, unfair competition, and damage to reputation. However, customers who actually paid the scammer are important witnesses or complainants for estafa and payment-related fraud.

Can I ask GCash, Maya, or a bank to reveal the scammer’s identity?

A private person usually cannot compel disclosure of another account holder’s information. Report the account through the provider’s fraud channel and give the same information to cybercrime investigators. Formal disclosure usually requires lawful process, investigation, or court order.

What if the scammer is outside the Philippines?

RA 10175 has jurisdictional provisions that may apply when elements of the offense occur in the Philippines, when a Philippine computer system is involved, or when damage is caused to a person or entity in the Philippines. Cross-border enforcement is harder and often requires coordination through law enforcement channels, but it should still be reported.

Is a DTI complaint enough?

Not always. DTI complaints are useful for consumer transactions and deceptive online selling, especially when the seller is identifiable. But when the seller is fake, anonymous, or using stolen identity and mule accounts, the case is usually more appropriate for cybercrime authorities and financial fraud reporting.

Do I need to register my photos with IPOPHL before filing a complaint?

No. Copyright exists from creation. Still, IPOPHL copyright registration or deposit can help create a formal record of ownership. For urgent scams, do not wait for registration before preserving evidence, warning customers, and reporting the fake account.

How can I prevent this from happening again?

Use visible watermarks on public food photos, maintain verified official pages, publish official payment channels, monitor duplicate pages, use consistent branding, register trademarks where appropriate, and train staff to respond quickly to customer reports of suspicious pages.

Key Takeaways

  • Stolen restaurant photos used for fake online orders can involve both intellectual property violations and cybercrime.
  • Preserve evidence before reporting the fake page because online content can disappear quickly.
  • Restaurant owners should report impersonation and IP misuse, while paying customers should report financial loss and execute affidavits when needed.
  • RA 8293 protects photos, trade names, goodwill, and unfair competition rights; RA 10175 covers cybercrime; Article 315 of the Revised Penal Code may apply to estafa; RA 12010 may apply to financial account scams.
  • Platform takedown is useful, but it is not a substitute for a cybercrime complaint when money was stolen.
  • Avoid emotional public accusations; issue clear factual warnings and direct customers to official ordering and payment channels.
  • Foreign owners or persons abroad may need a notarized and apostilled or consularized SPA or affidavit to authorize someone in the Philippines to act for them.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.