Being scammed by a website is upsetting because the damage usually happens fast: money is transferred, the website disappears, the seller stops replying, or your bank/e-wallet details may already be compromised. In the Philippines, a website scam can be treated as a consumer complaint, civil claim, financial transaction dispute, cybercrime, or criminal estafa, depending on what happened. The right next step is not just “report it everywhere,” but to preserve evidence, move quickly with your bank or e-wallet, and file with the agency that can actually act on your specific problem.
First Things to Do Within the First 24 Hours
If the scam involved payment through a bank, e-wallet, card, cryptocurrency platform, or payment gateway, time matters. The first few hours may determine whether the funds can still be held, traced, or recalled.
Stop all communication and further payments. Scammers often ask for “verification fees,” “tax clearance,” “unlocking fees,” “customs charges,” or “withdrawal fees.” These are usually part of the same fraud.
Do not delete the website, messages, receipts, or emails. Take screenshots first. Include the full URL, dates, timestamps, usernames, email addresses, phone numbers, order numbers, tracking numbers, QR codes, account names, and transaction reference numbers.
Report the transaction immediately to your bank, card issuer, or e-wallet. Use the official fraud hotline or in-app help center. Ask for:
- a fraud case or ticket number;
- temporary hold, blocking, or recall of the transaction if possible;
- blocking of your compromised account, card, or wallet;
- written confirmation of your report.
Change your passwords and enable multi-factor authentication. If you typed your login details, OTP, MPIN, card number, CVV, or banking credentials into the fake website, treat your account as compromised.
File an initial cybercrime report. You may report to the PNP Anti-Cybercrime Group, the NBI Cybercrime Division, or the Cybercrime Investigation and Coordinating Center (CICC). If the scam is ongoing, early reporting helps investigators preserve digital traces.
Report the website or seller to the platform, host, or marketplace. If the scam happened through Shopee, Lazada, Facebook, Instagram, TikTok Shop, a booking platform, or a payment gateway, use the platform’s internal complaint mechanism and save the ticket number.
Is a Website Scam a Crime in the Philippines?
Often, yes. But not every failed online transaction is automatically a criminal case.
A website scam becomes criminal when there is deceit from the beginning. For example:
- the website pretended to sell goods that never existed;
- the seller used a fake identity, fake business name, or fake tracking number;
- the site copied a legitimate brand or government agency;
- the seller induced you to pay by using false promises;
- the website collected your banking details through phishing;
- the scammer used a mule bank account or e-wallet to receive stolen funds.
If there was a real seller, a real product, and a genuine dispute about delay, defect, refund, or warranty, the case may start as a consumer complaint or civil claim. If the facts show that the seller never intended to deliver, it may also become estafa or cybercrime.
Main Philippine Laws That May Apply
Estafa under Article 315 of the Revised Penal Code
The most common criminal charge for scam-related loss is estafa, also called swindling, under Article 315 of the Revised Penal Code.
For website scams, the usual theory is estafa by deceit: the scammer made a false representation before or at the time you paid, you relied on it, you parted with money or property, and you suffered damage. The Supreme Court has repeatedly explained these elements in estafa-by-deceit cases, including the requirement that the false pretense must have induced the victim to part with money.
In practical terms, prosecutors will look for proof that the scammer’s deception happened before or during payment, not merely after a normal transaction went bad.
Useful evidence includes:
- fake product listings;
- fake company profiles;
- fake delivery receipts;
- fake government IDs;
- false “authorized dealer” claims;
- screenshots of promises made before payment;
- proof that the same website or account scammed other victims.
Cybercrime Prevention Act of 2012, RA 10175
The Cybercrime Prevention Act of 2012 applies when a computer system, website, app, email, social media account, or digital network is used to commit the offense.
Relevant cybercrime issues may include:
- computer-related fraud, such as using a website or online system to defraud victims;
- computer-related identity theft, such as using another person’s identity, credentials, photos, or business name;
- unauthorized access or misuse of credentials;
- phishing websites designed to obtain passwords, OTPs, MPINs, card details, or e-wallet access.
Cybercrime cases often require technical evidence. This is why screenshots alone may not be enough. Investigators may need URLs, email headers, IP-related data, transaction logs, device information, and preservation requests to platforms or service providers.
Anti-Financial Account Scamming Act, RA 12010
The Anti-Financial Account Scamming Act, or AFASA, is especially important when the scam used bank accounts, e-wallets, payment accounts, or money mule accounts.
AFASA covers financial account scamming, including:
- money muling, such as allowing one’s bank or e-wallet account to receive scam proceeds;
- social engineering schemes, where deception is used to obtain sensitive financial information;
- misuse of financial accounts to move scam proceeds.
Under AFASA and BSP rules, banks and financial institutions have obligations involving fraud management, multi-factor authentication, temporary holding of disputed funds, and coordinated verification of disputed transactions. This does not guarantee automatic refund, but it gives victims a clearer basis to report immediately and insist that the financial institution process the fraud report properly.
Internet Transactions Act of 2023, RA 11967
The Internet Transactions Act of 2023 is a key law for online buying and selling in the Philippines.
It gives online consumers remedies such as repair, replacement, refund, and other remedies under consumer law. It also requires online merchants and e-retailers to provide truthful information, proper contact details, receipts or invoices, complaint mechanisms, and goods or services that match what was advertised.
Important points for scam victims:
- Online merchants are primarily liable to consumers for internet transactions.
- E-marketplaces and digital platforms may become liable in certain situations, especially if they fail to exercise ordinary diligence or fail to act after proper notice.
- Before filing with a court or agency, the law generally requires using the platform’s internal redress mechanism first. This is considered exhausted if unresolved after 7 calendar days from filing the complaint.
- A consumer claim for damages under the law must be filed within 2 years from the time the cause of action arose.
Electronic Commerce Act of 2000, RA 8792
The Electronic Commerce Act recognizes electronic documents, electronic data messages, and electronic signatures in commercial and non-commercial transactions.
This matters because your evidence may be digital:
- screenshots;
- emails;
- chat logs;
- electronic receipts;
- order confirmations;
- payment confirmations;
- website pages;
- digital invoices.
For court or agency proceedings, organize digital evidence carefully. Keep original files when possible, not just compressed screenshots sent through messaging apps.
Consumer Act, Civil Code, and Data Privacy Act
A website scam may also involve:
- RA 7394, the Consumer Act of the Philippines, for deceptive, unfair, or unconscionable sales acts;
- Civil Code Article 1170, where persons guilty of fraud, negligence, delay, or breach of obligation may be liable for damages;
- Civil Code Articles 19, 20, and 21, for abuse of rights, acts contrary to law, or acts contrary to morals, good customs, or public policy;
- Civil Code Article 22, on unjust enrichment, where no one should unjustly enrich themselves at another’s expense;
- RA 10173, the Data Privacy Act, if the website collected, exposed, misused, or unlawfully processed your personal information.
If the scam involved credit cards, access codes, account numbers, or similar tools, the Access Devices Regulation Act, RA 8484, may also be relevant.
Where to Report a Website Scam in the Philippines
Different agencies handle different parts of the problem. Filing with the correct office saves time.
| Situation | Where to Report | What They Can Help With |
|---|---|---|
| Fake website, phishing, online fraud, identity theft | PNP Anti-Cybercrime Group or NBI Cybercrime Division | Cybercrime investigation, digital evidence handling, possible referral for prosecution |
| Bank transfer, e-wallet transfer, card fraud, unauthorized transaction | Your bank/e-wallet first, then BSP if unresolved | Transaction dispute, fraud ticket, possible hold/verification, escalation |
| Online seller did not deliver, refused refund, misleading listing | DTI Consumer CARe or DTI Fair Trade Enforcement Bureau | Mediation, consumer complaint, refund/replacement issues |
| Scam investment website, crypto-style investment, Ponzi, “guaranteed returns” | SEC | Unregistered investment solicitation, advisories, enforcement referral |
| Misuse or exposure of personal data | National Privacy Commission | Privacy complaint, data misuse, breach-related issues |
| Need to recover a specific sum from an identifiable person or business | Small Claims Court or regular civil action | Civil recovery of money |
| Criminal prosecution | City or Provincial Prosecutor, often after PNP/NBI investigation | Preliminary investigation and filing of criminal case in court |
Official online resources include the DTI Consumer CARe System, DTI guidance for online seller complaints, BSP Consumer Assistance Channels, NBI Cybercrime Division citizen’s charter, SEC iMessage complaint portal, and the National Privacy Commission complaint page.
Step-by-Step: How to Build a Strong Website Scam Complaint
1. Write a clear timeline
Create a simple chronology:
- Date and time you found the website.
- Exact URL and name of the website.
- What the website promised.
- How you communicated with the seller or website operator.
- Amount paid and payment method.
- Account name, account number, wallet number, QR code, or payment link used.
- What happened after payment.
- When the website disappeared, blocked you, or refused refund.
- Reports already made to bank, platform, PNP, NBI, DTI, BSP, SEC, or NPC.
A timeline helps investigators and complaint officers understand the case quickly.
2. Preserve the digital evidence properly
Save the following:
- full-page screenshots of the website;
- screenshots showing the URL bar;
- product or service listing;
- terms, refund policy, and contact page;
- seller profile and account name;
- chat messages from beginning to end;
- email confirmations with full headers if possible;
- payment receipts and reference numbers;
- bank or e-wallet transaction history;
- delivery or tracking information;
- proof of follow-up and refund demand;
- platform complaint ticket numbers.
Do not rely only on cropped screenshots. A cropped image may hide the URL, date, account name, or surrounding context.
3. Report to the bank or e-wallet first if money was transferred
For bank or e-wallet scams, report through official channels immediately. Include:
- your full name and account or wallet number;
- transaction date and time;
- amount;
- reference number;
- recipient account name and number;
- screenshots of the scam website and conversation;
- statement that you are reporting a suspected scam or unauthorized/fraudulent transaction;
- request for temporary hold, recall, or coordinated verification if still possible.
If the bank or e-wallet does not resolve the issue, you may escalate to the BSP through its consumer assistance channels. BSP generally expects that you first raised the concern with the bank or BSP-supervised financial institution.
4. Use the platform’s complaint mechanism
If the transaction happened through an online marketplace or digital platform, file an internal complaint immediately.
Under the Internet Transactions Act, the internal redress mechanism is important. Save:
- complaint ticket number;
- date filed;
- platform responses;
- seller responses;
- refund decision;
- proof if the complaint remained unresolved after 7 calendar days.
This record helps if you later file with DTI or in court.
5. File with DTI for online consumer complaints
For non-delivery, defective goods, fake listings, misleading ads, refusal to refund, or seller misconduct, file with DTI.
A good DTI complaint includes:
- your name, address, contact number, and email;
- seller’s name, store name, website, page, address, email, and phone number if known;
- short timeline;
- amount paid;
- remedy requested, such as refund, replacement, cancellation, or damages;
- screenshots and receipts;
- platform complaint ticket, if any.
DTI complaints often begin with mediation. If the seller is a real business, this can be faster than a criminal case. If the seller is fake, unregistered, or unreachable, DTI action may be limited, and a cybercrime or criminal complaint becomes more important.
6. File a cybercrime complaint with PNP or NBI
For phishing, fake websites, identity theft, account takeover, website impersonation, or organized online fraud, prepare a complaint package.
Usually, you should bring or prepare:
- valid government ID;
- printed complaint narrative or complaint-affidavit;
- screenshots and printouts;
- digital copies in USB or cloud link, if accepted;
- payment receipts;
- bank/e-wallet report;
- device used, if investigators need to examine it;
- names and contact details of witnesses, if any.
The NBI Cybercrime Division’s citizen’s charter indicates that complainants undergo an interview, fill out complaint forms, execute sworn statements or submit affidavits, and submit supporting documents. In practice, expect an initial interview first, then further instructions on affidavits, evidence formatting, and follow-up.
7. File with SEC if it was an investment website
Report to the SEC if the website involved:
- guaranteed returns;
- crypto, forex, trading, staking, or mining packages;
- “tasking” or “recharge” investments;
- referral commissions;
- pooled funds;
- profit-sharing;
- fake stockbroker or fake investment app;
- use of a company name to solicit investments.
A company’s SEC registration is not the same as authority to solicit investments. Many scams use real or fake corporate registration details to appear legitimate. For investment solicitation, check whether the entity has the proper authority for the specific activity.
8. Consider small claims or civil action if the scammer is identifiable
If you know the real person or business behind the website, and your goal is to recover money, a civil case may be practical.
Small claims may apply if:
- the claim is for payment or reimbursement of money;
- the amount does not exceed the current small claims threshold under the Supreme Court’s Rules on Expedited Procedures in the First Level Courts;
- the defendant can be identified and served with court papers.
Small claims are designed to be faster and simpler than ordinary civil cases. Lawyers are generally not allowed to appear for parties during small claims hearings, except in limited situations allowed by the rules. However, small claims are not useful if the scammer is unknown, hiding behind fake accounts, or located abroad with no reachable Philippine address.
Documents to Prepare
| Document or Evidence | Why It Matters |
|---|---|
| Valid government ID or passport | Proves your identity as complainant |
| Complaint narrative or affidavit | Gives investigators or agencies a sworn, organized account |
| Website screenshots with URL | Shows the exact scam page and representations |
| Chat logs and emails | Proves what was promised and when |
| Payment receipts and reference numbers | Connects your loss to a specific transaction |
| Recipient account or wallet details | Helps trace funds and identify possible mule accounts |
| Bank/e-wallet fraud ticket | Shows immediate reporting and escalation |
| Platform complaint ticket | Shows use of internal redress mechanism |
| Demand for refund or cancellation | Useful for consumer and civil claims |
| SEC, DTI, or business name search results | Helps show whether the seller’s claimed identity is real |
| Proof of other victims, if available | May support pattern, scheme, or organized fraud |
If you are abroad, affidavits may need proper notarization. For Philippine proceedings, documents executed abroad are commonly notarized before a Philippine Embassy or Consulate, or notarized locally and apostilled if the country is part of the Apostille Convention. If documents are in a language other than English or Filipino, a certified translation may be required.
Practical Timelines and Bottlenecks
| Process | Typical Practical Timeline | Common Bottlenecks |
|---|---|---|
| Bank/e-wallet fraud report | Same day to several weeks | Funds already withdrawn, incomplete reference numbers, wrong fraud channel |
| Platform complaint | 1–14 days, depending on platform | Seller disappears, platform asks for more proof |
| DTI mediation | Several weeks to a few months | Seller is fake, has no address, or ignores notices |
| PNP/NBI cybercrime intake | Same day intake may be possible; investigation varies | Heavy caseload, need for platform/bank records, foreign-hosted website |
| Prosecutor preliminary investigation | Several months or longer | Need to identify respondent, subpoena issues, counter-affidavits |
| Small claims | Often faster than ordinary civil cases | Defendant must be identifiable and served |
The biggest practical problem in website scams is not the law itself. It is identification and recovery. Scammers often use fake names, mule accounts, prepaid SIMs, foreign hosting, and quickly withdrawn funds. That is why immediate reporting and complete evidence are critical.
Common Mistakes That Hurt Website Scam Cases
Deleting messages out of anger or embarrassment
Many victims delete conversations because they feel ashamed. Do not do this. Even embarrassing messages can prove deceit, inducement, payment, and identity.
Sending more money to “unlock” your funds
This is common in investment, crypto, job, romance, and parcel scams. Once a website asks for extra fees before withdrawal, release, refund, or delivery, assume the risk is very high.
Posting accusations without preserving evidence first
Public warnings can help others, but careless posts may create defamation or privacy issues, especially if you name a person without proof. Preserve evidence and report through official channels first.
Reporting only to social media
Reporting a fake Facebook page, Instagram account, or TikTok seller may remove the page, but it does not automatically create a police, DTI, BSP, or SEC complaint. Keep the platform report, but do not stop there.
Waiting too long to contact the bank or e-wallet
Transfers through InstaPay, PESONet, e-wallets, cards, and QR payments can move quickly. The receiving account may be emptied within minutes. Late reports are much harder to recover.
Assuming DTI registration means the seller is safe
A business name registration is not proof that a seller is honest, solvent, licensed for regulated activities, or authorized to solicit investments. For investments, lending, financing, securities, or financial products, other regulators may be involved.
Special Situations
If the website pretended to be a bank, government agency, or known company
Report both to law enforcement and the impersonated entity. Fake government, bank, telco, courier, and utility websites are often phishing operations. Change passwords and notify your bank immediately if you entered credentials.
If you gave your OTP, MPIN, or password
Banks and e-wallets often treat OTP/MPIN disclosure seriously because these are security credentials. Still report immediately. Explain exactly how the website deceived you and whether the transaction was authorized, induced by fraud, or performed after account takeover.
If the scam involved cryptocurrency
Crypto transactions are difficult to reverse. Still preserve wallet addresses, transaction hashes, exchange names, screenshots, and chat logs. Report to cybercrime authorities and, if an exchange was involved, notify the exchange’s compliance or fraud team. If the scheme involved investment solicitation to the public, also consider SEC reporting.
If the scammer is outside the Philippines
You may still report in the Philippines if you are in the Philippines, the victim is Filipino, the payment came from a Philippine account, the website targeted Philippine consumers, or Philippine financial accounts were used. Cross-border investigation is slower and may require cooperation through platforms, banks, foreign law enforcement, or the DOJ Office of Cybercrime.
If you are a foreigner scammed by a Philippine website
Foreigners may file complaints in the Philippines. Bring your passport, proof of payment, communications, and Philippine contact details if available. If you are abroad, prepare properly notarized or apostilled documents and keep original digital evidence. If payment went to a Philippine bank or e-wallet, report to that financial institution immediately.
Frequently Asked Questions
Can I get my money back if I was scammed by a website in the Philippines?
Possibly, but it depends on how fast you report, whether the funds are still in the receiving account, whether the bank or e-wallet can hold or trace the transaction, and whether the scammer can be identified. Report to your financial institution immediately and get a case number. Recovery is harder once funds are withdrawn or transferred through multiple accounts.
Should I report a website scam to PNP or NBI?
Report to PNP Anti-Cybercrime Group or NBI Cybercrime Division if the case involves a fake website, phishing, identity theft, online fraud, account takeover, or organized scam. For simple non-delivery by an identifiable online seller, DTI or the platform complaint process may also be appropriate.
Is non-delivery of an online order automatically estafa?
Not always. Non-delivery may be a consumer dispute, breach of contract, or refund issue. It becomes stronger as estafa when there is proof that the seller deceived you from the start, such as fake identity, fake product, fake tracking number, repeated scam pattern, or immediate disappearance after payment.
Can I file a DTI complaint against an online seller without a physical store?
Yes. DTI states that complaints may be filed against online sellers, even if the seller is not on a major e-commerce platform. Provide all available seller details, screenshots, receipts, and communications. If the seller is fake or unreachable, DTI remedies may be limited, and cybercrime reporting may be needed.
What if I only know the scammer’s bank account or e-wallet number?
Report it to your bank or e-wallet immediately and include the recipient details. Also include the account or wallet information in your cybercrime complaint. The account holder may be the scammer or a money mule. Do not assume the displayed account name is the mastermind.
Do I need a lawyer to report an online scam?
You do not need a lawyer to file initial reports with your bank, e-wallet, DTI, BSP, PNP, NBI, SEC, or NPC. For large losses, complex investment scams, business-related losses, or cases moving into prosecutor or court proceedings, legal assistance may help organize evidence and choose the right remedies.
Can I file a small claims case for a website scam?
Yes, if your claim is for money, the amount falls within the small claims limit, and you can identify and serve the defendant. Small claims are not effective when the scammer uses a fake name, has no known address, or is outside the reach of Philippine court processes.
How long do I have to file a complaint?
Report immediately, even if legal prescription periods may be longer. Under the Internet Transactions Act, consumer claims for damages must be filed within 2 years from the time the cause of action arose. Criminal prescription periods depend on the offense and penalty, but delay can destroy digital trails and reduce the chance of fund recovery.
Can the website be taken down?
Possibly. Platforms, hosting providers, domain registrars, DTI, law enforcement, and other regulators may act depending on the nature of the website. For dangerous, fraudulent, or unlawful online transactions, takedown mechanisms may be available under relevant laws and agency powers. Provide the exact URL and evidence of the scam.
Should I still report if the amount is small?
Yes. Small reports help establish patterns. A ₱1,000 scam may be part of a larger operation involving hundreds of victims. Even if recovery is uncertain, reporting helps authorities, platforms, banks, and regulators connect accounts, websites, phone numbers, and repeated methods.
Key Takeaways
- Act within the first 24 hours: report to your bank or e-wallet, preserve evidence, and secure your accounts.
- A website scam may involve estafa, cybercrime, consumer law, financial account scamming, data privacy violations, or civil liability.
- Use the right channel: PNP/NBI for cybercrime, DTI for online consumer disputes, BSP for unresolved bank/e-wallet issues, SEC for investment scams, and NPC for data privacy concerns.
- Keep complete evidence: URLs, screenshots, receipts, reference numbers, chat logs, emails, account details, and complaint tickets.
- Non-delivery is not always estafa, but deceit from the beginning can make it a criminal case.
- Recovery is hardest when funds are withdrawn quickly, the scammer is unidentified, or the website is foreign-hosted.
- For civil recovery, small claims may help only when the person or business behind the scam is identifiable and reachable.
- Do not send more money for “unlocking,” “tax,” “verification,” “customs,” or “withdrawal” fees after a suspicious transaction.