If your Facebook account was hacked and the hacker used Messenger to ask your family for money, treat it as both a cybersecurity emergency and a possible criminal case. The first goal is to stop the scam from spreading. The second is to preserve evidence before the hacker deletes messages, changes account details, or disappears. The third is to report the incident properly so banks, e-wallets, Facebook, and Philippine law enforcement have enough information to act.
In the Philippines, this situation can involve hacking, identity theft, estafa or swindling, computer-related fraud, social engineering, and possibly money muling if the scammer used a bank or e-wallet account to receive funds. The steps below explain what to do immediately, what evidence to keep, where to report, and what Philippine laws may apply.
What Usually Happens in a Facebook Account Hacking Scam
A common pattern looks like this:
- Someone gains access to your Facebook account through a phishing link, fake login page, reused password, malware, SIM or email compromise, or social engineering.
- The hacker changes your password, recovery email, phone number, or two-factor authentication settings.
- The hacker messages your relatives or friends pretending to be you.
- The message usually says there is an emergency, hospital bill, debt, travel problem, remittance issue, or “pa-transfer muna” request.
- The hacker sends a GCash, Maya, bank account, QR code, mobile number, or crypto wallet.
- Family members send money because the request came from your real Facebook account.
- The scammer deletes messages, blocks people, changes your profile, or continues targeting your contacts.
The important point is this: you are usually a victim too, not automatically liable just because the scam came from your account. But you must act quickly and document that the account was compromised.
First 30 Minutes: Stop the Scam From Spreading
1. Warn your family and contacts immediately
Use a different channel, such as text, Viber, WhatsApp, Instagram, email, or a relative’s account. Keep the message short and clear:
My Facebook account was hacked. Do not send money to anyone messaging from my account. Any request for GCash, Maya, bank transfer, load, or emergency money is a scam. Please screenshot the messages and send them to me.
Ask close relatives to repost the warning in family group chats. If you are abroad, ask a trusted person in the Philippines to call elderly relatives directly because many victims send money before reading group messages.
2. Try Facebook’s hacked account recovery page
Meta directs hacked users to use Facebook’s hacked account recovery process, preferably from a device previously used to log in to Facebook. Use Facebook’s official hacked account page and avoid “recovery agents” who ask for payment, codes, or ID photos through chat. (Facebook)
When attempting recovery:
- Use a phone or laptop you previously used for Facebook.
- Check your email inbox for “Did you change your password?” or “Your email was removed” messages from Facebook.
- Use the “secure your account” links in legitimate Facebook emails.
- Reset your password to a new, unique password.
- Log out of all unknown sessions.
- Remove unfamiliar emails, phone numbers, linked accounts, and payment methods.
- Turn on two-factor authentication using an authenticator app if possible.
- Review Facebook Pages, Business Manager, ad accounts, and linked Instagram accounts if you use them.
3. Tell recipients not to delete the conversation
Many people instinctively delete scam messages out of fear or embarrassment. Tell them not to. Their own Messenger conversation with the hacked account is valuable evidence because it shows what was sent, when it was sent, and what payment details were used.
4. Contact the bank or e-wallet immediately if money was sent
The sender should contact the bank, GCash, Maya, or other payment provider right away and say:
- The transfer was caused by a hacked Facebook/Messenger impersonation scam.
- The recipient account may be receiving scam proceeds.
- They are requesting urgent hold, freeze, trace, reversal, or fraud investigation, if available.
- They can submit screenshots, transaction receipts, and a police/NBI/PNP report once available.
Under Republic Act No. 12010, the Anti-Financial Account Scamming Act (AFASA), Philippine law now specifically addresses financial account scamming, including schemes involving electronic communications, social media messages, e-wallets, and financial accounts. The law also defines e-wallets and financial accounts broadly, and covers social engineering schemes and money mule activity. (Lawphil)
Preserve Evidence Before Reporting
Evidence is often the biggest weakness in Facebook scam complaints. A complainant may say, “My account was hacked,” but investigators need details they can verify.
Create a folder and save the following:
| Evidence | Why it matters |
|---|---|
| Screenshots of Messenger chats | Shows the scam request, wording, dates, times, and account used |
| Screen recordings scrolling through the chat | Helps show the conversation is not a single edited screenshot |
| Facebook profile URL of the hacked account | Helps investigators and Facebook identify the exact account |
| Transaction receipts | Shows amount, date, reference number, and recipient details |
| Recipient GCash/Maya/bank name, number, QR code, or account number | Helps trace where the money went |
| Names and contact details of relatives who received messages | They may be witnesses |
| Emails from Facebook about changed password/email/phone | Helps prove unauthorized access |
| Login alerts or device/location notices | Supports the timeline of hacking |
| Barangay blotter, police report, or incident report | Helps document the date you reported the incident |
| Your own written timeline | Helps police, NBI, PNP ACG, banks, and prosecutors understand the case quickly |
Do not rely only on cropped screenshots. Keep full-screen screenshots where possible, showing the sender profile, date, time, and message context.
Under the Philippine Rules on Electronic Evidence, electronic documents may be admitted if they comply with rules on admissibility and authentication. This is why preserving complete screenshots, original conversations, transaction records, and witness statements matters. (Lawphil)
Philippine Laws That May Apply
Cybercrime Prevention Act: Hacking, Identity Theft, and Computer-Related Fraud
Republic Act No. 10175, the Cybercrime Prevention Act of 2012, is the main Philippine law for many online crimes. A hacked Facebook scam may involve several cybercrime offenses, depending on the facts.
Possible offenses include:
- Illegal access — accessing your Facebook, Messenger, email, or linked account without right.
- Computer-related identity theft — acquiring, using, misusing, transferring, or possessing identifying information belonging to another person without right.
- Computer-related fraud — using computer data or a computer system to carry out a fraudulent or dishonest scheme.
- Aiding, abetting, or attempting cybercrime — where other persons help execute the scheme.
RA 10175 also provides that crimes under the Revised Penal Code and special laws may be covered when committed through information and communications technology, with the penalty generally one degree higher. (Supreme Court E-Library)
The Supreme Court decision in Disini v. Secretary of Justice reviewed the Cybercrime Prevention Act and upheld many of its provisions while striking down or limiting others. It remains an important case when discussing the validity and scope of RA 10175. (Lawphil)
Estafa or Swindling Under the Revised Penal Code
If your family member sent money because the hacker pretended to be you, the scam may also be estafa under Article 315 of the Revised Penal Code.
In simple terms, estafa involves fraud or deceit that causes damage. Article 315 includes defrauding another by false pretenses, fraudulent acts, fictitious name, false representation, or similar deceit. (Lawphil)
For a hacked Facebook scam, the deceit is usually:
- “I am your child/sibling/cousin/friend.”
- “I urgently need money.”
- “Send it to this GCash or bank account.”
- “I will pay you later.”
- “Please do not call; I am busy/in a meeting/in the hospital.”
If the victim relied on that false representation and sent money, estafa may be considered.
Anti-Financial Account Scamming Act: Social Engineering and Money Mules
RA 12010, or AFASA, is especially relevant when the scam uses bank accounts, e-wallets, or payment service providers.
The law covers electronic communications, including social media platform-enabled messages, and defines sensitive identifying information to include usernames, passwords, bank account details, credit card and e-wallet information, electronic credentials, and other confidential or personal information. It also penalizes money muling activities, such as using, lending, selling, buying, renting, or recruiting the use of financial accounts for proceeds known to come from crimes or social engineering schemes. (Lawphil)
This matters because many Facebook scams do not end with the hacker. The money may pass through a “mule” account before being withdrawn or transferred again.
Access Devices Regulation Act
Republic Act No. 8484, the Access Devices Regulation Act of 1998, as amended by RA 11449, may apply where credit cards, debit cards, account numbers, online banking credentials, or similar access devices are fraudulently used. Lawphil’s text of RA 8484 describes it as a law regulating access devices and prohibiting fraudulent acts involving them. (Lawphil)
This may become relevant if the hacker accessed saved payment methods, used cards linked to Meta ads, or obtained bank/e-wallet credentials from the hacked account.
Data Privacy Act
Republic Act No. 10173, the Data Privacy Act of 2012, may be relevant if the hacker obtained, used, disclosed, or misused personal information, ID photos, addresses, phone numbers, private messages, or sensitive personal information from your account. Unauthorized processing of personal information is penalized under the law. (Lawphil)
A personal Facebook hack is not automatically a “data breach report” to the National Privacy Commission in the same way a company breach would be. But if a business page, employer account, customer list, employee data, client documents, or sensitive personal information was exposed, the National Privacy Commission’s breach and complaint procedures may become important. The NPC explains that personal information controllers and processors must document security incidents and personal data breaches, including those not covered by mandatory notification. (National Privacy Commission)
Civil Liability and Recovery of Money
Aside from criminal liability, the scammer may be civilly liable for damages. The Civil Code provides that a person who, contrary to law, willfully or negligently causes damage to another must indemnify the injured person, and a person who willfully causes loss or injury contrary to morals, good customs, or public policy must compensate the injured party. (Lawphil)
In practice, however, recovering money is difficult if the scammer used fake identities, mule accounts, or quickly withdrew funds. This is why immediate reporting to the bank or e-wallet is critical.
Where to Report a Hacked Facebook Scam in the Philippines
You may report to more than one office because each has a different role.
| Office or channel | Best for | Practical notes |
|---|---|---|
| Facebook/Meta hacked account recovery | Regaining access and reporting the compromised account | Use official Facebook recovery pages only |
| Bank, GCash, Maya, or payment provider | Freezing, tracing, investigating, or possibly reversing funds | Report immediately; provide transaction reference numbers |
| CICC / I-ARC Hotline 1326 | Centralized cyber scam reporting | Scam Watch Pilipinas states that the 1326 hotline centralizes online scam reporting to government through the Inter-Agency Response Center. (ScamWatch Pilipinas) |
| NBI Cybercrime Division | Investigation of computer crimes | NBI’s Citizen’s Charter lists investigative assistance for victims of computer crimes through its CyberCrime Division. (National Bureau of Investigation) |
| PNP Anti-Cybercrime Group | Cybercrime investigation and police assistance | Useful for complainants needing police investigation, blotter, or referral |
| DOJ Office of Cybercrime | Cybercrime complaints, coordination, and prosecution support | DOJ states that its Office of Cybercrime acts on complaints and referrals involving cybercrimes. (Department of Justice) |
| BSP Consumer Assistance Mechanism | Escalating unresolved complaints against banks or BSP-supervised financial institutions | BSP says consumers may use BSP Online Buddy, email, mail, phone, or walk-in channels after raising the concern with the supervised institution. (BSP) |
| Barangay or local police blotter | Creating an incident record | Helpful for timestamping, but not a substitute for cybercrime investigation |
Step-by-Step Guide: What to Do If Your Account Was Used to Scam Family
Step 1: Secure your email first
Many Facebook recoveries fail because the hacker also accessed the email connected to Facebook.
Do this immediately:
- Change your email password.
- Turn on two-factor authentication.
- Check forwarding rules, filters, and recovery emails.
- Remove unfamiliar devices.
- Review security alerts.
- Save emails showing suspicious login or password changes.
If your email remains compromised, the hacker may regain Facebook access even after you recover it.
Step 2: Recover and lock down your Facebook account
After using Facebook’s recovery process:
- Change your Facebook password.
- Log out of all devices.
- Remove unknown emails and phone numbers.
- Check “Where you’re logged in.”
- Turn on two-factor authentication.
- Review connected apps and websites.
- Check Meta Pay, ad accounts, business pages, and admin roles.
- Post a clear warning that the account was hacked.
- Message people who may have received scam requests.
Do not simply post “hacked ako.” Include payment warnings: “Do not send money, load, GCash, Maya, bank transfer, or codes.”
Step 3: Collect statements from affected relatives
Ask each affected person to write down:
- When they received the message
- What the hacker said
- Whether they sent money
- How much they sent
- The transaction reference number
- The recipient account name and number
- Whether they called or verified before sending
- Whether the hacker deleted or changed messages
For relatives who lost money, their statement matters because they are the direct financial victims.
Step 4: Report to the payment provider
The person who sent money should report to the payment provider immediately. A useful report includes:
- Full name and contact details of sender
- Date and time of transfer
- Amount
- Reference number
- Recipient account name, number, mobile number, or QR code
- Screenshots of the scam conversation
- Statement that the transfer was induced by hacked-account impersonation
- Request for urgent fraud handling, hold, freeze, investigation, or reversal
If the provider does not act or the response is inadequate, the sender may escalate to BSP if the provider is a BSP-supervised financial institution. BSP’s consumer assistance page explains that the complaint should generally be raised first with the financial institution’s consumer assistance mechanism, and unresolved concerns may then be filed through BSP channels. (BSP)
Step 5: File a cybercrime complaint
For NBI or PNP cybercrime reporting, prepare a clean evidence packet:
- Valid government ID of complainant
- Printed screenshots and digital copies
- Transaction receipts
- Facebook profile URL
- Messenger thread screenshots
- Account recovery emails or login alerts
- List of witnesses
- Written timeline
- Contact information of affected relatives
- Affidavit or sworn statement, if required
The NBI Citizen’s Charter for computer crime victims indicates that complainants proceed to the CyberCrime Division, undergo preliminary interview and initial investigation, and may execute sworn statements or submit affidavits and supporting documents. (National Bureau of Investigation)
Step 6: Use barangay or local police blotter only as supporting documentation
A barangay blotter can help show that you reported the incident on a certain date. It may also help if relatives ask for proof that your account was hacked.
But for hacked Facebook scams, the barangay usually cannot investigate digital traces, freeze accounts, issue cyber warrants, or compel platforms to disclose records. Cybercrime complaints are better handled by PNP ACG, NBI Cybercrime Division, or appropriate cybercrime channels.
Step 7: Keep following up in writing
When following up with banks, e-wallets, law enforcement, or Facebook, use written channels when possible. Keep copies of:
- Complaint reference numbers
- Email acknowledgments
- Ticket numbers
- Names of officers or customer service agents
- Dates and times of calls
- Copies of all submitted documents
A simple follow-up log prevents confusion later, especially if several relatives sent money to different accounts.
Common Mistakes That Hurt Facebook Scam Cases
Deleting messages after warning people
Do not delete the hacked account messages, even if they are embarrassing. Deleting messages can make it harder to prove the scam.
Sending more messages to the hacker
Avoid negotiating, threatening, or insulting the hacker. This may cause them to delete evidence, block witnesses, or target more relatives.
Paying “Facebook recovery experts”
Many “account recovery” services are scams. They may ask for your ID, selfie, password reset codes, or payment. Use only official Facebook recovery channels.
Reporting only to Facebook and not to financial providers
Facebook may help with account recovery, but it will not freeze a GCash, Maya, or bank account. If money was sent, report to the payment provider immediately.
Filing a vague police complaint
A complaint saying “my Facebook was hacked” is weaker than a complaint with dates, screenshots, URLs, transaction numbers, recipient details, and witness names.
Assuming the named e-wallet owner is always the mastermind
The recipient account may be a mule, stolen account, fake-registered account, or person recruited online. Still, the account details are crucial because they may lead investigators to the flow of funds.
What If You Are an OFW or Abroad?
If you are a Filipino abroad and your Facebook account is hacked while relatives in the Philippines are scammed, you can still help preserve and submit evidence.
Practical steps:
- Recover your Facebook and email accounts from abroad.
- Ask relatives in the Philippines to preserve their Messenger threads.
- Ask the person who sent money to report directly to the bank or e-wallet.
- Prepare a written timeline and send digital evidence to your relatives.
- Contact Philippine cybercrime reporting channels online or by email where available.
- If an affidavit is needed abroad, ask the receiving office whether it must be notarized locally, consularized, or apostilled.
For documents executed abroad, Philippine offices may require notarization and, depending on the country and purpose, an apostille or Philippine consular acknowledgment. Requirements vary by office and document type, so it is best to confirm with the specific agency handling the complaint.
What If a Foreigner’s Account Was Hacked and Filipino Relatives or Contacts Were Scammed?
Foreigners can also be complainants or witnesses if the scam affected people in the Philippines or used Philippine financial accounts.
Useful details to provide include:
- Passport or government ID
- Philippine address or contact person, if any
- Proof of relationship with affected Filipino contacts
- Screenshots showing the hacked account and scam messages
- Payment details involving Philippine banks or e-wallets
- A written statement explaining the timeline
If the foreigner is abroad, Philippine investigators may still prioritize evidence from the Filipino money sender because that person suffered the direct financial loss and can provide local transaction records.
Can You Be Blamed If Your Hacked Account Was Used?
Generally, being hacked does not automatically make you criminally liable for the scam. Criminal liability requires proof of participation, intent, conspiracy, negligence where legally relevant, or another basis under law.
However, practical problems can arise if:
- You ignore reports and allow the scam to continue.
- You previously lent your account or allowed someone else to use it.
- You gave your password to another person.
- You participated in receiving or transferring funds.
- Your bank or e-wallet account was used to receive scam proceeds.
- You refuse to cooperate with investigators.
If you are innocent, your best protection is early reporting, clear documentation, and consistent communication with affected relatives.
Frequently Asked Questions
What should I do first if my Facebook account was hacked and used to ask for GCash?
Warn your contacts immediately using another channel, recover your Facebook and email accounts, tell recipients not to delete messages, and ask anyone who sent money to report the transaction to GCash or the relevant provider right away.
Is a hacked Facebook scam considered cybercrime in the Philippines?
Yes, it may be treated as cybercrime if there was unauthorized access, identity theft, computer-related fraud, or use of ICT to commit another offense. RA 10175 is the main cybercrime law for these situations. (Supreme Court E-Library)
Can my family recover money sent to a scammer?
Recovery is possible but not guaranteed. It depends on how quickly the transfer is reported, whether the funds remain in the recipient account, the provider’s fraud process, and whether investigators can trace or freeze the account. Report immediately and keep all reference numbers.
Should I file with NBI or PNP Anti-Cybercrime Group?
Either may be appropriate. NBI Cybercrime Division and PNP Anti-Cybercrime Group both handle cybercrime matters. Choose the office that is accessible, responsive, and appropriate for your location. For urgent scam reporting, the CICC/I-ARC hotline 1326 may also help centralize the report. (ScamWatch Pilipinas)
Do screenshots count as evidence in the Philippines?
Screenshots may help, but they should be preserved properly and supported by other evidence such as full conversation records, screen recordings, transaction receipts, witness statements, account URLs, and login alerts. Electronic evidence must still be authenticated under Philippine rules. (Lawphil)
Is a barangay blotter enough for a Facebook hacking scam?
No. A barangay blotter can help document the incident, but it is not a full cybercrime investigation. You should still report to Facebook, the payment provider, and appropriate cybercrime authorities if money was involved.
What if the scammer used my name but a different Facebook account?
That may be an impersonation scam rather than a hacked-account scam. Report the fake profile to Facebook, warn your contacts, preserve screenshots, and report to authorities if money was requested or sent.
What if the hacker also accessed my Facebook Page or business account?
Secure your email, Facebook, Business Manager, ad accounts, payment methods, admins, and connected Instagram accounts. If customer data, employee data, order records, IDs, or private business messages were exposed, consider whether Data Privacy Act obligations or NPC reporting issues may arise.
Can I post the scammer’s name and account number online?
Be careful. Posting details may warn others, but it can also create defamation, privacy, or mistaken-identity issues, especially if the account is a mule or stolen identity. A safer approach is to warn people about the scam, share limited identifying details necessary to prevent further transfers, and submit the full details to the bank, e-wallet, and investigators.
Key Takeaways
- A hacked Facebook account used to scam relatives may involve cybercrime, estafa, identity theft, computer-related fraud, social engineering, and money muling.
- Warn family and contacts immediately through channels outside Facebook.
- Preserve full evidence: screenshots, screen recordings, profile URLs, transaction receipts, login alerts, and witness details.
- Report money transfers immediately to the bank, GCash, Maya, or payment provider and request urgent fraud handling.
- Use Facebook’s official hacked account recovery process and secure your email first.
- File a cybercrime complaint with appropriate authorities such as NBI Cybercrime Division, PNP Anti-Cybercrime Group, DOJ Office of Cybercrime, or CICC/I-ARC 1326 when appropriate.
- A barangay blotter can support your timeline but does not replace cybercrime reporting.
- The faster you act, the better the chance of stopping further scams, preserving evidence, and tracing the money.