What to Do If You Receive Fake Criminal Case Threats via Online Messages

(Philippine context legal article)

1) Understanding the scam: what “fake criminal case threats” usually look like

Fake criminal case threats are online messages (SMS, Messenger, Viber/WhatsApp/Telegram, email, social media DMs) that claim you will be arrested, jailed, sued, or “served a warrant” unless you do something the sender demands. The sender often pretends to be from the police, NBI, prosecutor’s office, a court, a law firm, a “victim,” or a government agency.

Common patterns:

  • “You have a criminal case filed against you” (often with dramatic labels like cybercrime, estafa, RA 10175, RA 9262, child abuse, drug case, terrorism, etc.).
  • “A warrant is already issued / will be issued today” plus urgency: “Pay now,” “Send GCash,” “Click this link,” “Provide OTP,” “Send your ID,” “Join this call,” or “Meet someone.”
  • Screenshots of “complaints,” “subpoenas,” “warrants,” “court orders,” or “NBI letters” that look official but contain errors (wrong names, wrong addresses, misspellings, mismatched logos, odd formatting, or no verifiable case details).
  • Threats to contact your employer/family, public-post you, doxx you, or shame you.

Key reality check: In the Philippines, real criminal processes have identifiable paper trails (complaint, docket numbers, prosecutor’s case numbers, subpoena notices, court branch, etc.) and do not require you to “pay to stop a case” through personal accounts, wallets, or links.

2) The legal basics: how real criminal cases and warrants work in the Philippines

Knowing the normal pathway helps you spot fake threats.

A. Criminal complaints typically start at the prosecutor’s office (most offenses)

For many crimes, the complainant files a complaint-affidavit with supporting evidence. The prosecutor conducts preliminary investigation (for offenses requiring it). You may be served a subpoena and given time to submit a counter-affidavit.

Red flags for scams:

  • “You are already convicted” without any prior notice.
  • “Warrant will be issued unless you pay” without a prosecutor/court process.
  • “Settlement” demanded by someone claiming to be a government officer.

B. Warrants are issued only by judges, not by random “agents” in chat

A warrant of arrest is generally issued by a judge after determining probable cause. Police/NBI do not “issue” warrants; they serve them.

Red flags for scams:

  • “Warrant attached” as an image with no branch, no judge signature details, weird QR codes, or generic formatting.
  • “Pay to cancel the warrant.”

C. Subpoenas and notices have verifiable details

Legitimate notices typically identify:

  • Prosecutor’s office or court branch
  • Case title/case number or docket details
  • Address and contact details you can independently verify
  • Clear instructions and timelines consistent with procedure

Scammers usually avoid verifiable identifiers—or provide ones that collapse when checked.

3) Immediate first steps: what you should do the moment you receive the threat

Step 1: Do not engage emotionally or procedurally

  • Do not click links.
  • Do not download attachments (they may contain malware).
  • Do not send money, OTPs, bank details, IDs, selfies, or signatures.
  • Do not join video calls (some scammers record you or coerce you live).
  • Do not “negotiate.” Even “harmless” replies confirm your number/account is active.

Step 2: Preserve evidence properly (this matters legally)

Create a clean evidence set while the content is still available:

  • Screenshot the entire conversation showing:

    • sender profile/name/number
    • timestamps
    • the threat and the demand

  • If possible, export the chat or save message details.

  • Save any files without opening them; store them in a separate folder.

  • Write down:

    • date/time received
    • platform used
    • any payment details they gave (GCash number, bank account, wallet address)
    • any links (copy as text, don’t click)

Tip: Take screenshots that include the URL/profile link and the “About/Info” page of the account where possible.

Step 3: Secure your accounts and devices

Because some threats are paired with account takeover attempts:

  • Change passwords on email and social media (use strong, unique passwords).
  • Enable 2FA using an authenticator app where possible.
  • Check for suspicious logins and revoke unknown sessions.
  • Update phone OS and apps; run a reputable mobile/PC security scan.
  • If you clicked a link or entered credentials, treat it as compromised: change passwords immediately and secure your email first (it controls resets).

4) How to assess credibility without “playing into” the scam

You can do a non-engagement verification by focusing on verifiable details, not by arguing with the sender.

A. Ask yourself: what exactly are they claiming?

Legitimate claims should specify:

  • Your correct full name and address (not partial/incorrect)
  • Nature of accusation tied to a real transaction/event
  • A clear complainant identity that makes sense
  • Where the case is filed (prosecutor’s office/court branch)
  • Case number/docket reference

Scams are often vague: “cybercrime complaint,” “multiple complainants,” “warrant issued,” with no docket details.

B. Watch for coercion techniques

Scammers commonly use:

  • urgency (“today,” “within 1 hour”)
  • authority (“NBI/PNP agent,” “fiscal,” “judge clerk”)
  • fear + shame (“we’ll post you,” “we’ll visit your office”)
  • isolation (“don’t tell anyone,” “this is confidential”)

These are hallmarks of social engineering.

C. Never “verify” by giving them information

A classic trap is asking you to “confirm” your birthday, address, employer, or ID photo. That information can be used for deeper fraud or identity theft.

5) What Philippine laws may apply against the scammer

Several laws may potentially cover fake criminal case threats, depending on the exact act:

A. Grave threats / other threats under the Revised Penal Code

If someone threatens you with a wrong (especially involving a crime, harm, or intimidation) to compel you to do something, threat provisions may apply. When threats are used to force payment or an act, it can become more serious.

B. Robbery/Extortion concepts (depending on facts)

If the threat is used to obtain money or property, it may fall under extortion-type conduct (often charged under robbery or related provisions depending on circumstances and how the intimidation was used). The precise label depends on facts and prosecutor evaluation.

C. Computer-related offenses (RA 10175 – Cybercrime Prevention Act of 2012)

If the act is done through ICT (online platforms, electronic messages), offenses may be prosecuted as cyber-related or with corresponding provisions. Online harassment, fraud, identity misuse, and related acts can implicate RA 10175, often in conjunction with the Revised Penal Code or special laws.

D. Identity-related misuse

Impersonating an officer, using fake credentials, or forging documents can trigger other criminal liabilities (e.g., falsification-related offenses, usurpation of authority or official functions depending on conduct). If they use fake subpoenas/warrants, that raises document falsification concerns.

Important: The exact charge is not for the victim to “pick” on their own; you document facts and evidence, and law enforcement/prosecutors determine the proper offense(s).

6) Reporting: where and how to file in the Philippines

A. If you are being threatened, coerced, or extorted

You generally have options to report to:

  • PNP Anti-Cybercrime Group (ACG)
  • NBI Cybercrime Division
  • Your local police station (often can refer/endorse to cyber units)

What to prepare:

  • Printed screenshots and a digital copy of evidence (USB/cloud folder)
  • Your narrative chronology (simple timeline)
  • Any transaction proof (if money was sent)
  • Identifiers: phone numbers, account handles, profile links, bank/GCash details provided, emails, device info

B. If money was sent or accounts were compromised

  • Preserve proof of transfers, reference numbers, receipts, and chat demands.
  • Immediately notify your bank/e-wallet provider through official channels; ask about fraud dispute steps and account security measures.
  • Report to cybercrime units with full transaction details; time is critical for possible tracing.

C. Platform reporting (not a legal remedy but helpful)

Report the account/message inside the platform:

  • Impersonation
  • Scam show
  • Harassment/threats
  • Fraud/extortion

Also block the account after preserving evidence.

7) If the scammer claims “settlement” or “pakiusap” to stop the case

A frequent angle is “pay and we withdraw the complaint.” Treat this as a major red flag.

In legitimate disputes, settlements (if legally permissible) are handled through proper legal channels, documented agreements, and in some cases, court/prosecutor acknowledgment. A random demand for payment to a personal wallet to “cancel a warrant” is not a lawful process.

Also note:

  • Some crimes cannot be privately “settled away” in a manner that ends criminal liability, and withdrawals do not automatically erase state action once a case proceeds.
  • Even where amicable settlement is possible, it should be done with careful legal advice and documentation, not under threats.

8) If they send a “subpoena,” “warrant,” or “court order” screenshot

A. Do not assume it is real

Images are easy to fake. Common tells include:

  • wrong seals/logos, inconsistent fonts, missing docket details
  • generic or wrong court/prosecutor address
  • suspicious QR codes or “verification” links
  • mismatched names, wrong gender pronouns, wrong locations
  • “immediate arrest” language tied to payment demands

B. Focus on verifiable details

A real document would usually indicate:

  • Court branch and location, judge, case number
  • Or for prosecutor matters: office, case/docket, subpoena date, receiving section You can verify by contacting the office through independently obtained official contact information (not numbers provided by the scammer).

9) If you’re worried it might be connected to a real dispute

Sometimes scammers piggyback on real events (e.g., a loan, marketplace transaction, breakup, workplace conflict). Even then, the threat message can still be fraudulent.

Practical approach:

  • Identify whether there is a real underlying issue.
  • If yes, consult a lawyer with the facts and your evidence.
  • Avoid direct engagement with the threatening account; handle through counsel or formal channels.

10) What not to do (common mistakes that worsen the situation)

  • Do not pay “to make it go away.” Payment often triggers repeat extortion.
  • Do not send your ID/selfie/signature. This can be used for identity fraud.
  • Do not share OTPs or reset codes. That’s how accounts get stolen.
  • Do not allow remote access apps (AnyDesk/TeamViewer-type).
  • Do not post the scammer’s allegations publicly with personal data; you may accidentally create defamation/privacy risks or escalate the harassment.
  • Do not delete the conversation immediately before saving evidence.

11) Privacy, defamation, and counter-risk for victims

Victims sometimes want to “expose” the scammer by posting names/phones online. Be cautious:

  • Publicly posting accusations with identifying details can create legal exposure if you misidentify a person or share personal data.
  • Safer: report to platforms and authorities; share evidence directly with investigators, not broadly online.

If you want to warn others, consider a generalized warning without personal identifiers, or blur sensitive details.

12) Special scenarios and tailored actions

A. Romance or sextortion-style threats

If the threat involves intimate images, “we’ll send this to your family,” or “we recorded you,” do:

  • Stop engagement; preserve evidence.
  • Lock down accounts.
  • Report immediately to cybercrime units.
  • Avoid sending further content or money; it increases leverage.

B. Fake “loan” or “collection” threats

Scammers may claim you owe money and threaten criminal cases. In the Philippines, many debt issues are civil in nature; “immediate arrest for utang” threats are commonly used to scare victims. Preserve evidence and report if there is harassment, threats, or extortion.

C. Fake law firm or “attorney” messages

A real law office will have verifiable business details and will not typically demand immediate payment to a personal wallet under arrest threats. Do not rely on logos or letterheads alone.

D. Threats to visit your home or workplace

Take this seriously as a safety issue:

  • Inform trusted people in your household/workplace security.
  • Keep evidence.
  • Consider a police blotter report if there is a credible threat of physical harm.
  • Review personal information exposure (public social media, addresses, posts).

13) Building a clean evidence package for counsel or investigators

A useful “case folder” includes:

  1. Timeline narrative (1–2 pages): when it started, what was said, what was demanded, what you did (or did not do).
  2. Screenshots in chronological order with filenames like 2026-02-05_ThreatMessage1.png.
  3. Account identifiers: profile URLs, usernames, numbers, emails.
  4. Transaction records: receipts, reference numbers, bank/GCash details.
  5. Device/account security notes: suspicious login alerts, password changes, 2FA enabled.
  6. Witnesses: anyone who saw threats, received messages, or joined calls.

This organization speeds up evaluation and improves the chance of effective action.

14) Preventive measures: reducing your risk going forward

  • Tighten social media privacy settings; limit who can message you.
  • Avoid posting personal identifiers (address, school, workplace, routine locations).
  • Use unique passwords and 2FA across accounts.
  • Be cautious with public Wi-Fi; keep devices updated.
  • Treat “verification links” and “case documents” as hostile until confirmed.
  • Educate family members, especially those who may be targeted as pressure points.

15) When to consult a lawyer urgently

Consult counsel promptly if:

  • You received documents that appear detailed and specific (case number, office, branch) and you cannot verify authenticity.
  • There is a real underlying dispute that could realistically lead to legal action.
  • You have already sent money or sensitive data.
  • The threat involves physical harm, doxxing, or harassment against family.
  • Your accounts are compromised or identity theft is suspected.

A lawyer can assess exposure, advise on reporting strategy, and communicate formally if needed—without feeding the scam.

16) Practical checklist

Do now (in order):

  1. Stop engagement; don’t click links or send anything.
  2. Screenshot and save evidence with timestamps and identifiers.
  3. Secure accounts: change passwords, enable 2FA, check logins.
  4. Block/report the account after saving evidence.
  5. If money or data was given: notify your bank/e-wallet; report to cybercrime units.
  6. If there’s physical threat: inform household/work, consider police blotter.
  7. Organize evidence folder and consider legal consultation if warranted.

17) Key takeaways

Fake criminal case threats thrive on panic, urgency, and confusion about legal procedure. Your best defense is to (1) avoid engagement and payments, (2) preserve evidence, (3) secure your accounts, and (4) report through appropriate channels. Understanding that real cases and warrants are formal, verifiable, and not “fixed” through chat payments helps you spot the scam quickly and respond safely.

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login