If you have been scammed, hacked, threatened, impersonated, sexually extorted, or harassed online in the Philippines, you may report the incident to either the National Bureau of Investigation Cybercrime Division (NBI-CCD) or the Philippine National Police Anti-Cybercrime Group (PNP-ACG). Both agencies have legal authority to investigate cybercrime. The right choice usually depends on how urgent the situation is, where you are located, and whether the case requires immediate police action, digital forensics, financial tracing, or coordination across several regions or countries.
Where to Report Cybercrime in the Philippines
Under Section 10 of the Cybercrime Prevention Act of 2012, Republic Act No. 10175, the NBI and PNP are the principal law-enforcement agencies responsible for investigating cybercrime. The law requires both agencies to maintain specialized units staffed by investigators trained to handle digital evidence. (Lawphil)
| Reporting option | Where and how to report | Usually suitable for |
|---|---|---|
| PNP Anti-Cybercrime Group | Use the PNP-ACG e-Complaint portal, visit the ACG headquarters at Camp Crame, contact the nearest Regional Anti-Cybercrime Unit, or report to a local police station for immediate assistance and referral | Active threats, sextortion, online harassment, ongoing scams, cases requiring an entrapment operation, and incidents where the suspect’s location may be known |
| NBI Cybercrime Division | Use the NBI online complaint page, email ccd@nbi.gov.ph, or visit the NBI main or regional office | Complex fraud, hacking, corporate intrusions, significant financial losses, organized schemes, digital-forensic examination, and cases involving several cities, regions, or countries |
| Local police station | Go to the nearest station, especially if there is an immediate threat to life, safety, or property | Emergency protection, police blotter documentation, initial response, and referral to the PNP-ACG |
| CICC National Anti-Scam Hotline | Call 1326, email 1326@dict.gov.ph, or use the reporting feature in the eGovPH app | Initial scam reporting, coordination, referral, and situations where the victim is unsure which agency should handle the complaint |
The PNP-ACG’s official public channels currently identify its website and national assistance numbers as reporting options, while regional units maintain separate contact details. Because hotlines and office assignments can change, check the official PNP-ACG page before travelling. (Facebook)
The NBI’s current main office is at Filinvest Cyberzone Bay, Diosdado Macapagal Boulevard, Pasay City. Its official website lists the NBI hotline as (02) 8523-8231, while the Cybercrime Division’s official email is ccd@nbi.gov.ph. Victims outside Metro Manila may use the NBI regional and district office directory. (National Bureau of Investigation)
Should You Report to the NBI or PNP?
There is no rule that all online scams must go to the NBI or that all cyber-harassment complaints must go to the PNP. Their legal authority overlaps.
Choose the PNP-ACG when immediate police action may be needed
The PNP-ACG is often the practical first choice when:
- The offender is still messaging, threatening, or demanding money.
- You are being blackmailed with private photos or videos.
- Someone is threatening to visit your home, workplace, or school.
- The scammer proposes a meeting, pickup, or additional payment that may allow a lawful entrapment operation.
- You need help from a regional cybercrime unit outside Metro Manila.
- You first need a police blotter or incident report for your bank, e-wallet provider, employer, school, or insurance company.
Do not arrange your own confrontation or entrapment. Continue communicating only when instructed by investigators. An improperly planned meeting can place you in danger, alert the suspect, or compromise the operation.
Choose the NBI when the case is complex or extends beyond one locality
The NBI-CCD is often suitable when:
- A large amount of money or several victims are involved.
- The scheme uses multiple bank accounts, e-wallets, websites, companies, or identities.
- The incident involves unauthorized access to a corporate system, database, email server, or business account.
- Digital-forensic examination of a phone, computer, server, or storage device may be necessary.
- The suspects operate in different provinces or countries.
- The case involves an organized investment scam, phishing network, fake trading platform, business email compromise, or coordinated identity theft.
The NBI has regional cybercrime facilities, and its current Citizen’s Charter states that complaints intended for regional cybercrime centers follow substantially the same intake procedure as complaints filed with the central Cybercrime Division. (National Bureau of Investigation)
Filing with both agencies is not usually necessary
Submitting duplicate complaints without telling the investigators can create conflicting case records and duplicate requests to banks or platforms.
Start with the agency that is most accessible or best suited to the urgency of the incident. If another agency becomes involved, disclose:
- The agency where you first reported;
- The investigator’s name and unit;
- The complaint, blotter, or reference number; and
- Any preservation request, subpoena, warrant application, or prosecutor filing already made.
Joint or coordinated investigations are possible, especially in large financial-fraud, exploitation, and transnational cases.
What Incidents Can Be Reported as Cybercrime?
Republic Act No. 10175 covers offenses that directly target computer systems as well as traditional crimes committed through information and communications technology.
Common reportable incidents include:
- Unauthorized access to an email, social-media, bank, business, or cloud account;
- Hacking, malware, ransomware, or deletion and alteration of data;
- Computer-related fraud, forgery, and identity theft;
- Phishing, spoofed websites, fake customer-service accounts, and fraudulent payment links;
- Online selling, investment, romance, employment, and impersonation scams;
- Cyberlibel and certain forms of online defamation;
- Online threats, stalking, sexual harassment, and gender-based harassment;
- Non-consensual recording or distribution of intimate images;
- Sextortion and sexual blackmail;
- Online sexual abuse or exploitation of children;
- Fraudulent use of credit cards, account credentials, SIMs, e-wallets, or other access devices; and
- Money-mule activity, in which an account is knowingly used to receive or transfer criminal proceeds.
Depending on the facts, additional laws may apply:
- Article 315 of the Revised Penal Code for estafa or swindling;
- Republic Act No. 12010, the Anti-Financial Account Scamming Act of 2024, for social-engineering schemes, money-mule activity, and financial-account scamming;
- Republic Act No. 8484, as amended by RA 11449, for fraudulent access-device activity;
- Republic Act No. 9995, the Anti-Photo and Video Voyeurism Act of 2009;
- Republic Act No. 11313, the Safe Spaces Act, for certain forms of gender-based online sexual harassment;
- Republic Act No. 11930, covering online sexual abuse or exploitation of children and child sexual abuse or exploitation materials; and
- Republic Act No. 10173, the Data Privacy Act, where personal information was unlawfully processed, exposed, or misused. (Lawphil)
Not every online disagreement is automatically a cybercrime. A seller’s delayed delivery, an unpaid personal debt, a failed business arrangement, or a harsh review may be a civil or consumer dispute unless there is evidence of fraud, threats, unlawful access, defamatory publication, or another criminal act.
What to Do Immediately After a Cybercrime Incident
The first few hours can determine whether money, accounts, and digital evidence can still be recovered.
1. Secure your money and accounts
For bank, credit-card, or e-wallet fraud:
- Call the institution using the number in its official app, website, or the back of the card.
- Request an immediate account freeze, transaction hold, card block, or fraud investigation.
- Give the exact transaction reference numbers and receiving-account details.
- Change passwords from a device you believe is secure.
- Log out other sessions and activate multi-factor authentication.
- Inform your mobile network if your SIM may have been hijacked or replaced.
Reporting to the police does not automatically freeze a financial account. Contact the bank or e-wallet separately and immediately.
2. Preserve the evidence before blocking or deleting anything
Save:
- Complete conversations, not only selected messages;
- Profile names, usernames, account numbers, phone numbers, email addresses, and URLs;
- Payment confirmations and transaction reference numbers;
- Original photos, videos, audio files, documents, and email attachments;
- Email headers, where available;
- Dates and times, including the time zone;
- Website addresses and domain names;
- Caller IDs, call logs, voice messages, and SMS messages;
- Password-reset notices and login alerts;
- Names of witnesses; and
- Copies of reports submitted to the platform, bank, employer, or school.
Take screenshots showing the full screen, account name, date, time, and URL when possible. Also make a screen recording that opens the profile, conversation, post, or listing from its original location.
Do not edit, annotate, crop, compress, or repeatedly forward the only copy of an important file. Keep the original file and create a separate working copy.
3. Do not reset the affected device
A factory reset, app reinstallation, or deletion of accounts may destroy logs and metadata. If the device appears compromised:
- Disconnect it from unnecessary networks.
- Stop using it for sensitive transactions.
- Photograph any warnings or unusual activity.
- Ask the investigator whether the device should be submitted or forensically examined.
4. Prepare a short chronology
Write a clear timeline containing:
- How you first encountered the suspect;
- What the suspect represented or promised;
- What information, money, or access you provided;
- When you discovered the fraud or intrusion;
- What happened afterward;
- The total loss or threatened harm; and
- The steps you have already taken.
A chronological summary helps the investigator identify the possible offense and determine which records must be preserved.
Evidence Checklist for a Cybercrime Complaint
| Evidence | What to provide |
|---|---|
| Identity document | Government-issued ID; foreigners may use a passport and, when available, an ACR I-Card |
| Written narration | One- to three-page chronological account of the incident |
| Screenshots | Printed copies and original digital files |
| Conversations | Exported chats, emails, text messages, or screen recordings |
| Account information | Profile URLs, usernames, email addresses, phone numbers, account IDs, and receiving-account details |
| Financial evidence | Receipts, transaction histories, bank statements, payment confirmations, QR codes, and reference numbers |
| Proof of account ownership | Registration email, billing record, recovery details, or previous account activity |
| Device evidence | Phone, computer, storage device, logs, or forensic image when requested |
| Witness evidence | Names, contact details, affidavits, and copies of relevant communications |
| Platform reports | Confirmation emails or ticket numbers from Facebook, Google, TikTok, Telegram, banks, e-wallets, or marketplaces |
| Business authority | Secretary’s certificate, board resolution, or authorization letter if filing for a company |
Screenshots are useful, but they may not be sufficient by themselves. Investigators often need the original account, device, electronic file, transaction record, or platform data to establish authenticity and identify the person behind the account.
How to File a Cybercrime Complaint with the NBI
1. Submit an initial report
You may use the NBI online complaint page, email the Cybercrime Division at ccd@nbi.gov.ph, or proceed directly to the NBI main office or an appropriate regional office.
An online submission is generally an initial report. You may still be required to appear personally to confirm your identity, execute a sworn statement, identify evidence, or allow examination of a device.
2. Complete the complaint sheet
The NBI Citizen’s Charter states that Cybercrime Division personnel assist the complainant in completing a complaint sheet. The formal checklist lists no mandatory document for initial access to the service, but bringing organized evidence will significantly improve the usefulness of the first interview. (National Bureau of Investigation)
3. Execute a sworn statement or submit a complaint-affidavit
You and any relevant witnesses may be asked to:
- Execute sworn statements;
- Submit prepared affidavits;
- Identify the suspect’s accounts and communications;
- Explain each transaction or item of evidence; and
- Permit examination of a relevant device.
Follow the investigator’s instructions on where the affidavit must be signed and sworn. Do not sign blank pages or affidavits containing facts you did not personally verify.
4. Obtain your reference details
Before leaving, ask for:
- The investigator’s full name and unit;
- The complaint or case reference number;
- The official contact channel for follow-up;
- Any additional evidence required; and
- Instructions concerning your device or original records.
The NBI Citizen’s Charter estimates approximately one hour and ten minutes for the listed frontline intake and approval steps. This is not the expected duration of the investigation. The investigation itself may take weeks or months. (National Bureau of Investigation)
How to File a Cybercrime Complaint with the PNP-ACG
1. Report online or visit the proper office
You may:
- Use the PNP-ACG e-Complaint portal;
- Visit the PNP-ACG headquarters at Camp Crame;
- Contact the nearest Regional Anti-Cybercrime Unit; or
- Go to the nearest police station if the incident is urgent.
The PNP has officially directed cybercrime complainants to its e-Complaint portal and official ACG contact channels. (www.foi.gov.ph)
2. Request immediate protection when necessary
Clearly tell the desk officer if the case involves:
- A credible threat of physical harm;
- A child victim;
- Ongoing sexual extortion;
- A planned meeting with the offender;
- A compromised bank or financial account;
- A suspect who may flee; or
- Evidence that is about to be deleted.
For immediate danger, call 911 or go to the nearest police station rather than waiting for an email response.
3. Execute your statement and submit the evidence
The investigator may ask you to provide a sworn narration, identify each screenshot or transaction, and make the affected device available for inspection.
If an entrapment or controlled payment is being considered, follow the investigator’s instructions exactly. Do not send additional money merely to “keep the suspect interested” unless the operation is being lawfully supervised.
4. Keep the blotter and complaint details
A police blotter documents that an incident was reported, but it is not the same as a completed criminal investigation or a prosecutor’s finding of probable cause.
Keep copies of:
- The blotter extract or incident record;
- The investigator’s contact information;
- Referral documents to the ACG or another unit;
- Evidence-receipt forms; and
- Any instructions for follow-up.
What Happens After You File the Complaint?
Evidence preservation
Section 13 of RA 10175 requires service providers to preserve traffic data and subscriber information for at least six months from the transaction. Content data may be preserved for six months after a law-enforcement preservation order, with a one-time extension for another six months. This is one reason prompt reporting matters. (Lawphil)
A preservation request does not automatically reveal the account holder’s identity. It is intended to prevent relevant data from being deleted while legal process is pursued.
Applications for cybercrime warrants
Investigators may need a court-issued warrant to obtain subscriber information, traffic data, stored content, bank-related computer data, or evidence from a device.
The procedures are governed by the Rule on Cybercrime Warrants, A.M. No. 17-11-03-SC, which covers warrants for disclosure, interception, search, seizure, examination, and related forms of digital evidence. (Office of the Court Administrator)
In EastWest Rural Bank v. PNP Anti-Cybercrime Group Regional Anti-Cybercrime Unit 1, G.R. No. 273720, July 29, 2025, the Supreme Court explained that a valid cybercrime warrant may authorize disclosure of basic identifying information connected with a digital banking account. The ruling helps explain why investigators normally need a formally docketed complaint and proper court process before a bank or service provider can release protected information. (Supreme Court of the Philippines)
Referral to the prosecutor
When the investigator believes sufficient evidence exists, the complaint may be referred to the appropriate city, provincial, or DOJ prosecutor.
During preliminary investigation:
- The complainant submits the complaint-affidavit and supporting evidence.
- The respondent may be required to submit a counter-affidavit.
- The prosecutor determines whether probable cause exists.
- If probable cause is found, an Information may be filed in the proper court.
- The court determines whether to issue an arrest warrant.
Filing a complaint does not normally cause an immediate arrest. A warrantless arrest is lawful only under specific circumstances, such as when the offense is committed in the officer’s presence or other conditions under the Rules of Criminal Procedure are met.
Typical Fees and Timelines
| Stage | Practical expectation |
|---|---|
| Initial reporting | Often completed on the same day if filed in person |
| Complaint intake | Free; NBI’s listed frontline process is approximately one hour and ten minutes |
| Bank or e-wallet fraud response | May begin within hours, but recovery depends on whether funds remain traceable or frozen |
| Initial investigation | Commonly several weeks, depending on evidence and cooperation from platforms or institutions |
| Warrants and data requests | May take weeks or longer because court approval and service-provider compliance are required |
| Cross-border records | Often take several months because international legal assistance may be necessary |
| Preliminary investigation | Varies by prosecutor’s workload, number of respondents, and completeness of evidence |
| Court proceedings | May take months or years depending on complexity, hearings, motions, and appeals |
There is normally no filing fee for reporting a crime to the NBI or PNP. A complainant may still spend money on printing, notarization, travel, certified bank records, translations, apostilles, or professional forensic services.
Reporting Cybercrime from Abroad or as a Foreigner
A foreign national may report a cybercrime committed in the Philippines or causing damage in the Philippines. The NBI’s cybercrime assistance service is available to the general public and is not limited to Filipino citizens. (National Bureau of Investigation)
Bring or submit:
- A passport or other government-issued identification;
- Your Philippine address or local contact, if any;
- The suspect’s connection to the Philippines;
- Evidence that the account, transaction, victim, computer system, or damage is connected to the Philippines; and
- Certified translations of important foreign-language documents when requested.
A person filing from overseas may initially communicate by email or online portal. For a formal affidavit or special power of attorney, the agency or prosecutor may require a document that has been:
- Signed before a Philippine consular officer;
- Notarized in the foreign country and apostilled if that country is a party to the Apostille Convention; or
- Authenticated through the appropriate diplomatic process if an apostille is unavailable.
The DOJ Office of Cybercrime serves as the Philippine central authority for international cooperation and mutual legal assistance in cybercrime matters. Cases requiring records from foreign platforms, overseas banks, or foreign suspects generally take longer because Philippine investigators cannot compel a foreign entity solely through a local request. (Cybercrime Division)
Common Mistakes That Can Weaken a Cybercrime Complaint
Waiting too long
Accounts, temporary posts, IP logs, CCTV recordings, and transaction trails may disappear. Report promptly even if you have not yet identified the offender.
Deleting or blocking before saving evidence
Blocking may be necessary for safety, but first preserve the complete account information and conversation when it is safe to do so.
Submitting only cropped screenshots
Cropped images may omit usernames, URLs, timestamps, and context. Preserve original digital files and complete conversations.
Publicly accusing or doxxing the suspected offender
Posting a person’s private information or making an unverified public accusation can create privacy, harassment, or defamation issues. Give the information to investigators instead.
Paying a “recovery agent”
Victims are frequently targeted a second time by people claiming they can hack the scammer, recover cryptocurrency, or bribe an insider. Do not provide additional money, passwords, identification documents, or remote access to your device.
Assuming a barangay report is enough
A barangay blotter or mediation record is not a substitute for cybercrime investigation, digital-evidence preservation, or a police complaint.
Some disputes between residents of the same city or municipality may be subject to barangay conciliation under Sections 408 to 412 of the Local Government Code, RA 7160. However, urgent reporting to the NBI or PNP should not be delayed when evidence may disappear, funds may be transferred, or the incident involves threats, exploitation, serious offenses, or parties outside the barangay’s jurisdiction. (Lawphil)
Filing several complaints without disclosure
Tell every investigator about earlier filings. Duplicate and inconsistent affidavits can cause confusion and may damage credibility.
Frequently Asked Questions
Which is better for cybercrime, the NBI or PNP?
Both have authority under RA 10175. The PNP-ACG is often more accessible for urgent incidents and regional police action. The NBI-CCD is often suitable for complex, organized, high-value, or multi-jurisdictional cases.
Can I report cybercrime online?
Yes. Both agencies have online reporting channels. However, an online report may be treated only as an initial complaint or lead. You may still need to appear personally, execute an affidavit, identify evidence, or submit a device for examination.
Can I report a scammer even if I do not know the real name?
Yes. Provide every available identifier, including usernames, profile links, email addresses, phone numbers, bank or e-wallet accounts, transaction references, website domains, and delivery details. Identifying the person behind an account is part of the investigation.
Are screenshots enough to file a complaint?
They are enough to begin reporting, but they may not be enough to prove the entire case. Preserve the original conversation, account, device, files, emails, transaction records, URLs, and platform-report confirmations.
What should I do if money was sent through a bank or e-wallet?
Contact the bank or e-wallet immediately and request a fraud hold or account freeze. Then report to the NBI or PNP and provide the receiving-account details, amount, exact date and time, and transaction reference number.
Can I report cyberlibel to the NBI or PNP?
Yes. Cyberlibel may be investigated by either agency. The Supreme Court in Disini v. Secretary of Justice upheld the core offense of cyberlibel while invalidating certain other provisions of RA 10175. Whether a post is criminally defamatory depends on its exact language, publication, identification of the offended person, malice, defenses, and other circumstances. (Supreme Court E-Library)
Can the police immediately reveal who owns a fake account?
Usually not. Investigators may need a court-issued cybercrime warrant and cooperation from the platform, telecommunications company, bank, or other service provider. Foreign platforms may require international legal procedures.
Can an OFW file a cybercrime complaint from abroad?
Yes. An OFW may submit an initial online or email report and coordinate with the NBI, PNP-ACG, or a Philippine embassy or consulate. A properly notarized, consularized, or apostilled affidavit or special power of attorney may later be required.
Is there a fee for filing a cybercrime complaint?
Law-enforcement complaint intake is generally free. The complainant may have incidental expenses for notarization, certified records, printing, transportation, translation, apostille, or document authentication.
How long does a cybercrime investigation take?
There is no single fixed period. A straightforward complaint with complete evidence may progress within weeks. Cases involving anonymous accounts, several financial institutions, warrants, foreign platforms, cryptocurrency, or multiple suspects commonly take several months or longer.
Key Takeaways
- Both the NBI Cybercrime Division and PNP Anti-Cybercrime Group may investigate cybercrime under RA 10175.
- Use the PNP for urgent threats, active extortion, immediate police protection, and accessible regional assistance.
- Consider the NBI for complex fraud, hacking, digital forensics, organized schemes, and multi-region or international cases.
- Contact the bank, e-wallet, platform, or telecommunications provider immediately; a police report alone does not automatically secure your account or freeze funds.
- Preserve complete, original digital evidence before deleting, blocking, resetting, or publicly posting about the incident.
- An online complaint may start the process, but a sworn statement and personal appearance are often still required.
- Report promptly even when the offender’s real identity is unknown.
- Keep every complaint number, blotter entry, investigator contact, evidence receipt, and platform or bank reference number.