A mobile number takeover can quickly become a financial and identity-theft emergency. Once an attacker controls your SIM, eSIM, telco account, or phone, they may receive one-time passwords, reset email and social media accounts, impersonate you, or access linked bank and e-wallet accounts. The safest response is to block the number immediately, protect your financial accounts, recover your SIM through the registered telecommunications provider, preserve evidence, and report the incident to the proper Philippine authorities.
Is Your Mobile Number Really Hacked?
People commonly use “hacked number” to describe several different incidents. Identifying what happened helps you take the right steps.
SIM swap or unauthorized SIM replacement
A SIM swap happens when someone convinces or deceives a telecommunications company into transferring your number to another physical SIM or eSIM.
Warning signs include:
- Your phone suddenly shows “No Service” even though other people nearby have signal.
- Calls, texts, and mobile data stop working without explanation.
- You receive an email or notification about a SIM replacement, eSIM activation, or account change you did not request.
- One-time passwords stop arriving.
- Your email, bank, e-wallet, or social media passwords are suddenly changed.
- Friends receive messages from your number while your SIM is inactive.
SIM-swap fraud is especially dangerous because many Philippine banks, e-wallets, email services, and government platforms still use SMS verification.
Stolen phone or physical SIM
If an unlocked phone or SIM was stolen, the thief may be able to:
- Read incoming OTPs and messages.
- access applications that remain logged in;
- reset passwords using your mobile number;
- use saved cards or e-wallets; and
- impersonate you through calls, SMS, or messaging applications.
Telco account or eSIM takeover
An attacker may gain access to your GlobeOne, MySmart, DITO, email, or other account and request a SIM change or eSIM activation. This can happen even when your physical phone remains with you.
Messaging application takeover
Your SIM may still work, but someone may have accessed your Viber, WhatsApp, Telegram, Messenger, or another account through a stolen verification code or an unauthorized linked device.
Caller ID or SMS spoofing
If another person appears to be calling or texting using your number, but your SIM and accounts continue working normally, the number may have been spoofed rather than taken over. Spoofing makes a different device display your number as the sender. It does not always mean the attacker has access to your SIM or OTPs.
What to Do Immediately After a Mobile Number Takeover
Treat unexplained loss of service combined with account alerts as an emergency. Do not wait until money disappears.
1. Use a safe device and internet connection
Use another phone or computer that you believe is secure. Avoid conducting recovery through a device that may contain malware or remote-access software.
If your phone may be compromised:
- Turn off mobile data and Wi-Fi.
- Do not approve new login prompts.
- Do not install “security,” “refund,” or “support” applications sent by strangers.
- Do not continue communicating with the suspected attacker.
Do not immediately factory-reset the phone if it contains evidence. First preserve screenshots, messages, application alerts, and account records.
2. Ask your telco to bar the number immediately
Contact your telecommunications provider through an independently verified hotline, application, store, or official social media account. Do not use a telephone number or link contained in the suspicious message.
Clearly state:
“My number may be subject to an unauthorized SIM replacement or account takeover. Please immediately bar the line, cancel any pending SIM or eSIM change, and preserve the relevant account and transaction records.”
Ask the provider to:
- Temporarily suspend incoming and outgoing services.
- Cancel any pending SIM replacement, eSIM issuance, or mobile-number-porting request.
- Flag the account for possible identity theft.
- Prevent further account changes until identity verification is completed.
- Preserve logs showing when and how the disputed change was requested.
- Issue a complaint or service reference number.
Under the SIM Registration Act, Republic Act No. 11934 of 2022, telecommunications providers must maintain registered subscriber information and procedures covering changes in subscriber information, lost or stolen SIMs, and related security concerns. Its implementing rules also require providers to secure and protect subscriber data. (Lawphil)
3. Call your banks and e-wallet providers
Do this even when no unauthorized transfer has appeared yet. Ask each institution to:
- Freeze online and mobile access temporarily.
- Remove unauthorized devices.
- Suspend fund transfers and card-not-present transactions.
- Block affected cards or accounts where necessary.
- Record the incident as a suspected SIM-swap or account-takeover case.
- Dispute any unauthorized transaction.
- Initiate tracing and temporary holding of disputed funds.
- Give you a case reference number and list of required supporting documents.
Republic Act No. 12010, the Anti-Financial Account Scamming Act of 2024, and BSP Circular No. 1215 provide a process for temporarily holding funds involved in a disputed electronic transfer. The initial holding period may be up to five calendar days. When justified, it may be extended by up to 25 additional calendar days, for a total temporary holding period of up to 30 days, unless a competent court grants a further extension. Supporting documents such as a sworn complaint, affidavit, or police report may be required during the initial five-day period. (Lawphil)
Speed matters. Funds that have already been withdrawn, converted, or transferred through several accounts are harder to trace and recover.
4. Secure your primary email account
Your email is often the recovery channel for every other account. From a safe device:
- Change the email password.
- Sign out all other sessions.
- Remove unfamiliar devices, recovery numbers, and recovery email addresses.
- Review forwarding rules and filters.
- Replace SMS-based authentication with an authenticator application, security key, or passkey where available.
- Save backup codes offline.
Use a new, unique password that has not been used on any other website.
5. Secure other linked accounts
After securing your email, review:
- Online banking and e-wallets
- Facebook, Instagram, TikTok, X, and LinkedIn
- WhatsApp, Viber, Telegram, and Messenger
- Apple ID or Google Account
- Shopping and delivery applications
- Cryptocurrency platforms
- Government accounts
- Employer systems
- Cloud storage
- Loan and credit applications
Check each account for unauthorized sessions, changed recovery information, new beneficiaries, saved payment methods, and unfamiliar transactions.
6. Warn your contacts
Tell close contacts that your number may be compromised. Ask them not to:
- Send money or load.
- Share OTPs or identification documents.
- Follow payment instructions.
- Click links supposedly sent by you.
- Give the caller information about your family, work, or accounts.
Use another verified communication channel. Avoid publicly revealing sensitive details that could help the attacker answer identity-verification questions.
How to Recover or Replace Your SIM
The registered SIM owner will normally need to complete identity verification. Requirements differ by provider, account type, and the circumstances of the loss.
| Provider | Immediate reporting channels | Common recovery requirements |
|---|---|---|
| Smart or TNT | Call *888 from a Smart number or (02) 8888-1111, use Smart’s official online channels, or visit a Smart Store |
Smart’s published replacement procedure generally requires the registered owner to appear and present one valid government-issued ID. Additional verification may be requested if records do not match. |
| Globe or TM | Call 211 from Globe, 808 from TM, (02) 7730-1000 from a landline, use GlobeOne or Globe’s verified Messenger account, or visit a Globe Store |
Depending on the account and channel, Globe may require an original government-issued ID, selfie verification, SIM bed, GCash card or eSIM voucher if available, and a notarized affidavit or other supporting documents where identity verification raises issues. |
| DITO | Submit a help ticket through the DITO application or Help Center, or visit a DITO Experience Store | Ask for immediate temporary disconnection and the current procedure for transferring the registered number to another DITO SIM or recovering an eSIM. Identity and account verification are required. |
Official instructions are available through Smart’s SIM replacement guide, Globe’s SIM replacement page, and the DITO Help Center. (Smart Help)
Barring the number may be completed quickly after successful verification. Replacement can take longer when:
- The SIM registration details do not match the identification presented.
- The number is registered under another person.
- The account belongs to a company.
- The subscriber is abroad.
- The SIM bed, receipt, or eSIM records are unavailable.
- The provider detects a disputed prior replacement.
- A notarized document or further investigation is required.
Do not rely on a person claiming to be an “inside contact” who asks for payment, an OTP, or a photograph of your identification through an unofficial account.
Evidence You Should Preserve
Good evidence improves the chances of recovering accounts, tracing money, and proving that transactions were unauthorized.
Create a chronological incident file containing:
- The affected mobile number.
- Date and time when service stopped.
- Screenshots showing “No Service” or SIM errors.
- Messages or emails about a SIM replacement, eSIM activation, password reset, or mobile-number-porting request.
- Bank and e-wallet alerts.
- Transaction reference numbers, amounts, recipient details, and timestamps.
- Screenshots of unauthorized logins or changed account details.
- Telco, bank, and e-wallet complaint reference numbers.
- Copies of suspicious messages and links.
- Names or identifiers used by the attacker.
- Your phone’s IMEI, serial number, SIM serial number or ICCID, if available.
- Purchase receipt, SIM bed, eSIM voucher, load records, and billing statements.
- Names of witnesses or contacts who received fraudulent messages.
Preserve the original files whenever possible. Screenshots are useful, but original emails, exported account logs, electronic statements, and transaction records generally provide stronger technical details.
Do not edit screenshots in a way that removes timestamps, sender information, or application details. Store copies in at least two secure locations.
Where to Report a Hacked Mobile Number in the Philippines
Different agencies handle different parts of the incident. Reporting to one agency does not automatically notify all the others.
Your telecommunications provider
The provider is the first agency capable of barring and recovering the number. Obtain a written acknowledgment, email, ticket number, or stamped copy of your complaint.
Ask the provider in writing to investigate:
- Any SIM replacement or eSIM issuance.
- Changes to subscriber information.
- Account logins or recovery requests.
- Mobile-number-porting activity.
- The identity-verification process used.
- The location, channel, date, and time of the disputed request.
- Whether employees, agents, retailers, or third-party systems were involved.
Some information may be withheld while an investigation is pending, but the written request helps preserve the record.
PNP Anti-Cybercrime Group, NBI Cybercrime Division, or CICC
Report the incident when there is identity theft, unauthorized access, impersonation, extortion, financial loss, or attempted fraud.
You may approach:
- The PNP Anti-Cybercrime Group or a local police cybercrime unit.
- The NBI Cybercrime Division or NBI online complaint facility.
- The Cybercrime Investigation and Coordinating Center, including hotline
1326and its official reporting channels.
Current government guidance also lists acg@pnp.gov.ph, ccd@nbi.gov.ph, and report@cicc.gov.ph as reporting addresses for fraud and cybercrime concerns. Contact details can change, so verify them through the agencies’ official government pages before sending sensitive documents. (National Bureau of Investigation)
Bring or attach:
- A valid government-issued ID.
- A written incident narrative.
- Proof that you own or use the number.
- Telco and financial institution reference numbers.
- Screenshots and electronic records.
- Bank or e-wallet statements.
- A list of unauthorized transactions.
- Device and SIM information.
- An affidavit, when requested.
Ask for a receiving copy, police report, complaint reference, or other proof of filing. A barangay blotter may help document a local incident, but it is not a substitute for reporting an active cybercrime to the PNP, NBI, or CICC.
National Telecommunications Commission
File a complaint with the National Telecommunications Commission when the provider fails to address an unauthorized SIM replacement, refuses reasonable account recovery, mishandles a consumer complaint, or does not provide an adequate response.
NTC consumer-protection guidelines generally contemplate notifying the provider first and keeping proof of that complaint. Complaints may be submitted through the NTC’s One Stop Public Assistance Center or the appropriate regional office. Older NTC guidelines allow escalation when a service provider fails to address a complaint within 30 days, but a subscriber facing active fraud should not wait 30 days before requesting immediate barring, contacting financial institutions, or reporting the crime. (Region 7 NTC)
Include:
- Your complete name and contact information.
- The affected number and provider.
- A concise chronology.
- Copies of identification and proof of ownership.
- The provider’s complaint reference.
- Copies of correspondence.
- The specific action you want, such as account correction, investigation, or number restoration.
National Privacy Commission
A complaint with the National Privacy Commission may be appropriate when the incident suggests that a telco, platform, financial institution, retailer, or other entity improperly disclosed, processed, or failed to protect your personal information.
Examples include:
- A SIM replacement approved using obviously mismatched identification.
- Subscriber information disclosed to an unauthorized person.
- Failure to use reasonable identity-verification measures.
- Failure to respond appropriately to a reported privacy violation.
- Unauthorized alteration of registered subscriber data.
Under the amended NPC Rules of Procedure, the complainant should ordinarily first inform the concerned entity in writing and give it an opportunity to act. A formal complaint may proceed when the entity does not take timely and appropriate action or does not respond within 15 calendar days, subject to recognized exceptions.
The NPC generally requires a verified complaint, supporting evidence, correspondence with the respondent, a certification against forum shopping, and proper notarization. The current NPC complaint page provides the Complaints-Assisted Form and filing instructions. Complaints may be submitted in person, by courier, or by scanning and emailing the notarized form to the official complaints address. (National Privacy Commission)
Bangko Sentral ng Pilipinas
For unauthorized bank or e-wallet transactions, first complain to the institution’s Financial Consumer Protection Assistance Mechanism, or FCPAM. This is the bank or e-wallet provider’s first-level consumer complaint process and should be free.
If the institution’s response is unsatisfactory, escalate the matter through the BSP Consumer Assistance Mechanism, including the BSP Online Buddy or other official BSP channels. The BSP guide for filing financial consumer complaints explains the escalation process. (Bangko Sentral ng Pilipinas)
A complaint does not guarantee an automatic refund. Liability depends on the evidence, the circumstances of the transaction, the institution’s security measures, and whether it exercised the required degree of diligence. Under the Anti-Financial Account Scamming Act, conviction of the scammer is not necessarily required before restitution may be ordered when an institution failed to employ adequate controls or exercise the legally required diligence. (Lawphil)
Philippine Laws That May Apply
| Law | How it may apply |
|---|---|
| Republic Act No. 11934, SIM Registration Act of 2022 | Governs SIM registration, registered subscriber information, provider responsibilities, confidentiality, and procedures relating to registered SIMs. |
| Republic Act No. 10175, Cybercrime Prevention Act of 2012 | Penalizes illegal access, computer-related fraud, computer-related forgery, and computer-related identity theft. Mobile phones and smartphones can fall within the law’s concept of a computer system. |
| Republic Act No. 10173, Data Privacy Act of 2012 | Applies when personal data is accessed, disclosed, altered, or processed without authority, or when an organization fails to use reasonable security measures. |
| Republic Act No. 12010, Anti-Financial Account Scamming Act of 2024 | Penalizes social-engineering schemes, money-mule activities, and related financial-account offenses. It also establishes responsibilities for financial institutions and procedures for disputed funds. |
| Republic Act No. 8484, Access Devices Regulation Act of 1998 | May apply when account numbers, PINs, telecommunications identifiers, cards, or other access devices are fraudulently used. Section 15 emphasizes prompt reporting of a lost access device to its issuer. |
| Republic Act No. 11765, Financial Products and Services Consumer Protection Act of 2022 | Gives financial consumers complaint and redress mechanisms and imposes consumer-protection duties on financial service providers. |
| Article 315 of the Revised Penal Code | Estafa may apply when deceit is used to obtain money, property, or another economic benefit, depending on the facts and evidence. |
The Cybercrime Prevention Act expressly covers the intentional acquisition, use, misuse, transfer, possession, alteration, or deletion of another person’s identifying information without right. (Lawphil)
The Access Devices Regulation Act broadly includes account numbers, codes, PINs, electronic serial numbers, and telecommunications service or equipment identifiers used to obtain value or initiate fund transfers. It also provides that proper notification of loss may protect the holder from liability for fraudulent use occurring after the loss is reported, subject to the law’s requirements and the facts of the case. (Lawphil)
Documents, Fees, and Expected Timelines
| Action | Documents commonly needed | Likely cost or timing |
|---|---|---|
| Temporary SIM barring | Identity verification, account details, affected number | Often processed as an emergency request after verification |
| SIM replacement or number recovery | Government ID, SIM bed or eSIM record if available, proof of ownership, selfie, affidavit where required | Provider charges and processing times vary |
| Bank or e-wallet dispute | ID, transaction details, account statement, incident narrative, complaint reference | Institution’s FCPAM should be free |
| Initial AFASA fund hold | Verified complaint details and disputed transaction information | Up to five calendar days |
| Extended AFASA fund hold | Sworn complaint, affidavit, police report, or other supporting documents | Up to 25 additional calendar days when justified |
| Police, NBI, or CICC report | ID, evidence file, proof of number ownership, financial records | Government complaint intake generally does not require a filing fee |
| Notarized affidavit | Draft affidavit and valid IDs | Notarial fees vary by notary and location |
| NPC formal complaint | Notarized complaint form, ID, evidence, prior written complaint to respondent, certification against forum shopping | NPC filing fees and exemptions are governed by its current schedule |
| NTC consumer complaint | Written complaint, provider reference, correspondence, ID, proof of ownership | Administrative processing time varies by office and case complexity |
An affidavit of unauthorized SIM replacement or account takeover should state:
- Your complete name, citizenship, and address.
- The affected mobile number.
- Your relationship to the number.
- When you discovered the loss of control.
- What alerts or unauthorized transactions appeared.
- The steps you took to report the incident.
- The accounts affected.
- The fact that you did not authorize the disputed SIM change or transactions.
- A list of attached evidence.
Do not sign an affidavit until you are before the notary or other authorized officer administering the oath.
Common Mistakes That Make the Situation Worse
Waiting for the signal to return
A sudden loss of signal may be a network problem, but when it coincides with password resets or transaction alerts, assume a possible takeover until the telco confirms otherwise.
Calling the number in the suspicious message
Attackers often provide fake “support” numbers. Use only contact information from the provider’s official application, website, billing statement, or verified store.
Sharing an OTP to reverse the hack
A legitimate agent should not ask you to disclose an OTP authorizing a transfer, password reset, device enrollment, or SIM change. An OTP is an authorization credential, not merely a tracking number.
Changing only the social media password
If the attacker controls your email or mobile number, the account can be taken again. Secure the email, recovery channels, linked devices, and telco account first.
Deleting messages or resetting the device too early
Deleting evidence can make it harder to prove when the takeover occurred and which transactions were unauthorized.
Reporting only to the police
Police reporting is important, but the police cannot directly block your SIM, freeze your e-wallet, or secure your email. Report simultaneously to the telco and affected financial institutions.
Paying a fixer for faster recovery
A person who promises to recover your number through an employee or “back-end access” may be part of the scam. Use official channels and insist on reference numbers.
Special Considerations for Foreigners and Filipinos Abroad
Foreign nationals generally follow the same emergency process, but the telco may require the passport and documents used during SIM registration.
A foreign subscriber should prepare:
- Original passport.
- Current visa or immigration document where relevant.
- Proof of Philippine address used during registration.
- SIM purchase or eSIM records.
- Telco account information.
- A written explanation of the incident.
Filipinos and foreigners who are outside the Philippines may encounter difficulty because some providers require the registered owner’s personal appearance for SIM replacement.
Before preparing an overseas affidavit or special power of attorney, ask the telco whether a representative is allowed and exactly what wording and authentication it requires. Under the NPC’s amended procedural rules, a privacy complaint notarized abroad must generally be notarized through the Philippine embassy or consulate or accompanied by an apostille from the country of origin.
Where an apostille is unavailable because the country is not part of the Apostille Convention, Philippine consular authentication may be necessary. Internal telco requirements may still differ, so authentication should not be obtained until the provider confirms what it will accept.
Frequently Asked Questions
Can a hacker access my bank account using only my mobile number?
Usually, the number alone is not enough. The risk becomes serious when the attacker can receive your OTPs, reset your email, access your device, or already knows account information obtained through phishing or a data leak.
What should I do if my SIM suddenly has no signal?
Restart the phone and test the SIM in another device only if it is safe. If there are also password resets, account alerts, or unauthorized transactions, contact the telco immediately and ask whether a SIM replacement, eSIM activation, or porting request occurred.
Can I keep the same number after a SIM swap?
Often, yes, once the provider verifies that you are the registered owner and restores the number to a replacement SIM or eSIM. Recovery may be delayed when registration records or identification documents do not match.
Is an affidavit of loss always required?
Not in every case. Requirements vary by provider and account. A notarized affidavit is more likely to be required for a lost or stolen SIM, disputed identity verification, missing proof of ownership, or an account with conflicting records.
Can the bank recover money stolen through a SIM swap?
Recovery is possible when the transaction is reported quickly and funds remain within the financial system. The bank or e-wallet should be asked to trace the transfer and use the AFASA temporary-holding process. Recovery is not guaranteed when funds have already been withdrawn or moved beyond traceable accounts.
Should I file a police report even if no money was stolen?
Yes, when there was unauthorized SIM replacement, identity theft, impersonation, extortion, attempted account access, or fraudulent communication. The report creates an official record and may help obtain information that private individuals cannot access.
Can I sue the telco for approving an unauthorized SIM replacement?
Potential civil, administrative, privacy, or regulatory remedies may exist when evidence shows that the provider failed to follow reasonable verification and security procedures. The result depends on the facts, the provider’s records, causation, and the damage suffered. Complaints may be brought to the NTC or NPC, while civil claims are filed in the appropriate court.
Is the registered SIM owner automatically responsible for crimes committed using the number?
No. SIM registration may help identify the registered subscriber, but it does not automatically prove that the subscriber personally committed an offense. Evidence of the takeover, prompt reporting, device records, transaction logs, and witness statements can help establish that another person controlled the number.
What if the SIM is registered under my parent, spouse, employer, or another person?
The registered owner will usually need to participate in the recovery process. Using a number registered under someone else can cause delays because the telco must verify the person reflected in its registration records.
Should I change my mobile number permanently?
Consider changing it when the number remains exposed, is repeatedly targeted, or cannot be securely recovered. Before abandoning it, remove the old number from banks, e-wallets, email, government accounts, social media, and password-recovery settings. Do not assume deactivation automatically removes it from linked services.
Key Takeaways
- Ask the telco to bar the number immediately and cancel unauthorized SIM, eSIM, or porting requests.
- Contact banks and e-wallet providers at once, even before unauthorized transfers appear.
- Request tracing and temporary holding of disputed funds under the Anti-Financial Account Scamming Act and BSP rules.
- Secure your email before recovering less important accounts.
- Preserve messages, alerts, transaction records, timestamps, and complaint reference numbers.
- Report identity theft or financial fraud to the PNP Anti-Cybercrime Group, NBI Cybercrime Division, or CICC.
- Escalate unresolved telco concerns to the NTC and possible personal-data violations to the NPC.
- Use only official recovery channels and never disclose OTPs to anyone claiming they can reverse the takeover.