A practical legal guide for consumers, businesses, and counsel

1) What counts as an “online scam”?

“Online scam” is not a single offense in Philippine law. It usually falls under a mix of statutes, depending on the facts:

Estafa (Swindling) under the Revised Penal Code (RPC), often aggravated by use of information and communications technologies (ICT) under the Cybercrime Prevention Act of 2012 (RA 10175).
Access Devices Regulation Act (RA 8484) for unauthorized use of credit/debit cards and account takeovers.
E-Commerce Act (RA 8792) and the Rules on Electronic Evidence (A.M. No. 01-7-01-SC) for admissibility and evidentiary treatment of digital records.
Data Privacy Act (RA 10173) for unlawful processing/unauthorized disclosure when personal data are misused.
SIM Registration Act (RA 11934) for SIM-related abuse and coordination with telcos.
Financial Consumer Protection Act (RA 11765) for remedies against supervised financial institutions (banks, e-wallets, lenders).
Anti-Financial Account Scamming Act (RA 11967) targeting mule accounts and coordinated fund-diversion schemes.
Other special laws may apply (e.g., Anti-Photo and Video Voyeurism Act, Anti-Child Pornography Act, Anti-Carnapping, Intellectual Property Code) when the scam’s modality overlaps with those offenses.

Practical takeaway: you don’t need to pin the exact statute before reporting. Agencies below will triage based on your facts.

2) Immediate actions within the first hour

Secure your money trail
- Contact your bank/e-wallet right away via official channels. Report unauthorized transfers/transactions, request a temporary freeze/hold on beneficiary accounts, and ask for transaction tracing.
- Change passwords/PINs; revoke app sessions; enable 2FA.
Preserve evidence
- Do not delete messages, chats, emails, call logs, posts, or account notifications.
- Screenshot the conversation, offers, seller profile/URL, payment confirmations, and account numbers.
- Export raw files (e.g., .eml email with headers, chat exports, CSV statements).
- Note date/time, device used, IP (if known), and any delivery riders/meet-ups involved.
Document losses
- Make a quick timeline and loss table (amount, time, payment channel, reference number, counterparty account).

3) Where to report (by scenario)

A. Criminal complaints & investigations

PNP Anti-Cybercrime Group (PNP-ACG) Primary police unit for cyber-enabled crimes (phishing, online selling fraud, account takeovers). You may file an incident report or complaint; they can preserve digital evidence and coordinate with service providers.
NBI Cybercrime Division Handles complex investigations, including syndicates and cross-border elements. Either PNP-ACG or NBI can take lead; choose the office most accessible to you.
Department of Justice – Office of Cybercrime (DOJ-OOC) Policy and international cooperation hub (e.g., MLAT requests). While the OOC itself does not take walk-in complaints for prosecution, matters are filed with the Office of the City/Provincial Prosecutor after police/NBI investigation or through your counsel via complaint-affidavit.
Cybercrime Investigation and Coordinating Center (CICC) under DICT Receives reports, coordinates takedowns and inter-agency responses, and may route your complaint to the proper enforcers.

Venue/Jurisdiction tip: Because RA 10175 recognizes the transitory nature of cybercrimes, you may file where any essential element occurred (e.g., where the victim accessed the fraudulent post, where money was sent, or where the offender’s acts were executed).

B. Financial and consumer channels (often parallel to criminal reporting)

Your Bank or E-Wallet (e.g., InstaPay/PESONet participants) Trigger their fraud operations workflow, request a hold/fund recovery, and obtain a case/reference number. Banks/e-wallets must keep records and respond under their regulatory consumer protection rules.
Bangko Sentral ng Pilipinas (BSP) – for banks, EMI/e-wallets, and other supervised institutions File a financial consumer complaint if you believe your provider mishandled your case (e.g., refused to investigate, delayed response, denied redress without basis).
Securities and Exchange Commission (SEC) – for investment scams, “crypto/forex” solicitations, unregistered offerings, boiler rooms Report to the Enforcement and Investor Protection Department (EIPD). SEC can issue advisories, show-cause orders, cease-and-desist, and cooperate with prosecutors.
Department of Trade and Industry (DTI) – online retail/after-sales issues For consumer product/service disputes, non-delivery, misrepresentation by legitimate sellers, and breaches of price tag/No Return No Exchange rules, file a consumer complaint (mediation/adjudication). DTI also acts against unfair or deceptive sales acts or practices.
National Privacy Commission (NPC) – for phishing, identity theft involving personal data If a controller/processor mishandled your data (lax security leading to breach or unlawful processing), file a complaint or breach report (for covered entities).
National Telecommunications Commission (NTC) – for scam calls/SMS, spoofing, illegal SIMs File complaints for spam/fraud texts/calls and request SIM/account deactivation via your telco; NTC regulates carriers.

C. Platforms & marketplaces

Social media & messaging apps (Facebook, Instagram, X, TikTok, WhatsApp, Viber, Telegram, etc.) Use in-app reporting: impersonation, fraud, counterfeit goods, and intellectual property violations. Request content removal and account suspension.
E-commerce platforms (Shopee, Lazada, etc.) File a platform dispute (non-delivery/defective item/refund). Keep all platform chat logs and transaction IDs.

4) How to file a criminal case (nutshell)

File an incident report/complaint with PNP-ACG or NBI. Provide your evidence bundle.
Investigation: preservation requests, subpoenas to banks/platforms, digital forensics.
Complaint-Affidavit: Draft with counsel (or assisted by investigators), stating facts, elements, and damages, attaching certified copies/printouts.
Inquest (if the suspect is arrested) or preliminary investigation (if at large).
Filing in court: Prosecutor files Information in a designated cybercrime court.
Trial: Present evidence under the Rules on Electronic Evidence (authenticity, integrity, best evidence via originals or acceptable duplicates, chain of custody for devices).

Key evidentiary points

Keep original devices/storage unaltered when possible; use forensic images for examination.
For emails, preserve full headers; for web pages, capture URL + date/time + hash if available.
Obtain certifications from custodians (banks, telcos, platforms) when you can.

5) Civil remedies & administrative options

Civil action for damages (RPC offenses can give rise to civil liability). You may file separately or jointly with the criminal case.
Small Claims (for purely monetary disputes within the prevailing small claims threshold) when the issue is contractual rather than criminal.
DTI adjudication for consumer disputes; SEC administrative actions for unregistered investment solicitations.
Take-down/notice procedures against infringing or fraudulent content via platform policies.

6) Timelines, prescription, and strategy

File early. Cyber-incidents are time-sensitive: funds move fast and data retention by private entities is limited by policy.
Prescription depends on the offense and penalty (as amended by RA 10951). When in doubt, treat as urgent and consult counsel.
Parallel tracks help: Report to law enforcement and your financial provider simultaneously; also lodge BSP/DTI/SEC/NPC complaints where applicable.

7) Special scenarios

Phishing leading to unauthorized transfers: (a) Report to bank/e-wallet; request freeze and trace. (b) File with PNP-ACG/NBI. (c) If you believe the provider’s controls were deficient or response inadequate, escalate under the FCPA to BSP (banks/e-wallets) or the relevant regulator.
Investment pitches (guaranteed returns, unregistered coins/tokens/forex): (a) Capture ads, whitepapers, wallet addresses. (b) Report to SEC-EIPD and PNP-ACG/NBI. (c) Warn contacts and preserve group chats.
Marketplace fraud (no delivery/fake proofs): (a) Use platform dispute channels. (b) File DTI consumer complaint if a seller is operating as a business. (c) Consider estafa if there was deceit + damage.
Identity takeover/data leak: (a) Change credentials; enable 2FA; place fraud alerts with your bank/e-wallet. (b) Report to NPC and PNP-ACG/NBI. (c) Ask platforms for account recovery logs and login histories.
Money muling (recipient account owner): RA 11967 penalizes knowingly allowing accounts to be used for scams; report mule accounts to PNP-ACG/NBI and the bank/e-wallet. Victims should give the beneficiary account details to trigger holds and KYC reviews.

8) What to include in your report (checklist)

Your full name, contact information, and IDs.
Incident timeline with exact dates/times and time zone.
Narrative of deceit (who promised what, where you saw it, how you were induced).
Proof of payment/attempted payment (receipts, reference numbers, account names/numbers, wallet addresses, QR codes).
Device and channel details (app versions, phone/PC, browser, email addresses, chat handles, URLs).
Screenshots/recordings (labeled and dated).
Loss computation (principal, fees, consequential losses if any).
Any witnesses or co-victims, and previous complaints filed.

9) Sample complaint-affidavit structure (criminal)

Affiant’s identity and authority
Jurisdiction/Venue (why filed in that office)
Facts in chronological order
Modus operandi and how deceit occurred
Elements of offenses (estafa; use of ICT; access device fraud, etc.) matched to facts
Damages suffered and amounts
Evidence list (Annex “A” to “Z”) with short descriptions
Prayer (investigation, prosecution, restitution, preservation orders)
Verification and Certification against Forum Shopping (when applicable)
Signature and notarization

10) Common pitfalls to avoid

Delaying bank/e-wallet notification. Every minute counts for fund recovery.
Editing or forwarding screenshots without originals. Keep the raw files; make copies for annotation.
Communicating with the scammer after reporting. It risks spoliation and harassment.
Using unofficial “fixers.” Deal only with agencies and counsel.
Paying “verification fees/refunds.” Classic second-wave scam.

11) Practical Q&A

Can I recover my money? Possible, especially if the beneficiary account is promptly frozen and funds remain. Success rates drop as time passes or when funds are layered through mule accounts or converted to cash/crypto.
Do I need a lawyer? Not strictly to report, but counsel helps align criminal, civil, and regulatory tracks and prepares a strong evidentiary package.
Do screenshots suffice? They’re helpful, but original electronic evidence (email with full headers, exported chats, bank logs) is stronger. Use the Rules on Electronic Evidence to authenticate.
Where do I report if the seller is abroad? Still file locally with PNP-ACG/NBI and the relevant regulators. They can use inter-agency and international cooperation. Also use platform reporting for swift takedowns.

12) One-page action plan (you can copy/paste this)

Now: Call/message your bank or e-wallet → report fraud → request freeze/trace → change credentials → enable 2FA.
Today: File with PNP-ACG or NBI; submit evidence bundle.
Parallel:
- BSP complaint (if provider mishandled your case).
- SEC for investment schemes; DTI for consumer sales fraud; NPC for data misuse; NTC/telco for scam calls/SMS.
- Platform report for takedown and account suspension.
Within the week: Prepare a complaint-affidavit with counsel; consider civil remedies.
Ongoing: Track case numbers, follow up in writing, and keep a case file.

Final note

You can—and should—pursue multiple avenues at once: law enforcement for prosecution, your financial provider and BSP for fund recovery and institutional redress, and sector regulators (SEC/DTI/NPC/NTC) to stop the scheme and protect others. Fast, well-documented reporting gives you the best shot at results.