If you received a suspicious text message in the Philippines—especially one asking you to click a link, “verify” your SIM, claim a prize, redeem points, apply for a job, pay a delivery fee, or move money—treat it as a possible smishing attempt. Smishing is phishing done through SMS or text messages. The right place to report depends on what happened: report the scam number to the NTC or your telco for blocking, report online fraud to CICC, PNP-ACG, or NBI, report bank or e-wallet losses to your bank/e-money issuer and BSP, and report misuse of your personal data to the National Privacy Commission.
Quick Answer: Where to Report Smishing and Text Scams in the Philippines
| Situation | Report to | Best for |
|---|---|---|
| You received a scam or spam text but did not click or lose money | NTC and your telco | Blocking, deactivation, telecom action |
| You clicked a link or shared personal information | NTC, telco, CICC, and affected account provider | Incident documentation and account protection |
| Money was taken from your bank, card, or e-wallet | Bank/e-wallet first, then BSP if unresolved, plus PNP-ACG or NBI | Freezing/holding funds, investigation, possible recovery |
| The scam involved online fraud, identity theft, fake accounts, or criminal activity | PNP Anti-Cybercrime Group or NBI Cybercrime Division | Criminal investigation and cybercrime complaint |
| The text used your name or shows possible data leakage | National Privacy Commission | Data privacy complaint or breach concern |
| The text promotes an investment, crypto, lending, or “guaranteed income” scheme | SEC, plus PNP-ACG/NBI if money was lost | Investment scam reporting |
| The text impersonates a government agency | The impersonated agency, CICC, PNP-ACG/NBI | Warnings, investigation, and takedown coordination |
The National Telecommunications Commission (NTC) receives text scam/spam complaints and may endorse them to public telecommunications entities or other agencies for blocking or appropriate action. Its listed requirements include a copy of a valid ID and an image or screenshot of the scam/spam text showing the cellphone number. The NTC also identifies CICC’s report page and hotline 1326 as additional reporting channels. (www.foi.gov.ph)
What Counts as Smishing or a Text Scam?
A text scam is not limited to obvious “You won ₱1,000,000” messages. Many current Philippine smishing messages are designed to look urgent, official, or personal. Common examples include:
- “Your SIM will expire today. Click here to verify.”
- “You have unclaimed ayuda/cash assistance.”
- “Your parcel is on hold. Pay ₱17 delivery fee.”
- “Your bank account is locked. Confirm your OTP.”
- “Your rewards points expire today.”
- “Part-time job, earn ₱3,000 daily.”
- “You have a traffic violation. Pay online.”
- “Your GCash/Maya/bank account has suspicious activity.”
- “Hello, is this [your name]?” followed by a wrong-number or investment pitch.
A message can still be a scam even if it appears in the same SMS thread as a familiar sender name. Some scams use spoofing, fake sender IDs, compromised systems, or malicious links that imitate official websites. Globe, for example, warns that it does not send text messages with links and encourages customers to report suspicious messages through its Stop Spam channels. (Globe Telecom)
Legal Basis: Why These Reports Matter
SIM Registration Act: RA 11934 of 2022
The Subscriber Identity Module (SIM) Registration Act, Republic Act No. 11934, requires SIM registration and gives authorities tools to trace SIMs used in crimes. It also requires public telecommunications entities to provide user-friendly reporting mechanisms when end-users receive potentially fraudulent texts or calls, and to deactivate SIMs used for fraudulent texts or calls after due investigation. (Supreme Court E-Library)
RA 11934 also penalizes spoofing—transmitting misleading or inaccurate information about the source of a phone call or text message with intent to defraud, cause harm, or wrongfully obtain value. The law provides imprisonment of no less than six years, a ₱200,000 fine, or both for spoofing a registered SIM. (Supreme Court E-Library)
For foreigners, RA 11934 is also relevant because tourists and foreign residents must register Philippine SIMs using specific documents. Tourists generally need a passport, proof of Philippine address, and a return or onward ticket; tourist SIM registration is valid temporarily for 30 days. Foreign nationals with other visas may need documents such as an ACR I-Card, Alien Employment Permit, school registration/ID, or other applicable proof. (Supreme Court E-Library)
Cybercrime Prevention Act: RA 10175 of 2012
The Cybercrime Prevention Act of 2012, Republic Act No. 10175, covers computer-related fraud, computer-related identity theft, illegal access, and other cybercrime offenses. It expressly covers mobile phones and similar devices as computer systems. It also provides that crimes under the Revised Penal Code or special laws committed through information and communications technology may be penalized one degree higher. (Supreme Court E-Library)
This matters because a text scam may not be “just a text.” If the message leads to a fake website, stolen OTP, unauthorized transfer, account takeover, or identity theft, it may become a cybercrime case. RA 10175 designates the NBI and PNP as law enforcement authorities responsible for cybercrime enforcement. (Supreme Court E-Library)
Anti-Financial Account Scamming Act: RA 12010 of 2024
Republic Act No. 12010, the Anti-Financial Account Scamming Act (AFASA), specifically targets financial account scams. It covers banks, non-bank financial institutions, payment service providers, e-wallets, and similar accounts. It defines “electronic communications” to include SMS, phone calls, email, social media messages, and instant messaging. (Supreme Court E-Library)
AFASA is important when smishing leads to bank or e-wallet losses. It penalizes money muling—using, lending, selling, renting, or opening financial accounts to move proceeds of crimes or social engineering schemes. BSP rules issued in 2025 under AFASA also create procedures for inquiry into financial accounts and temporary holding of disputed funds, which is why reporting quickly to your bank or e-wallet provider can make a practical difference. (Bureau of the Treasury)
Revised Penal Code Estafa and Other Laws
Many text scams may also fall under estafa under Article 315 of the Revised Penal Code when a person is defrauded through deceit and suffers damage. Depending on the facts, other laws may apply, including:
- RA 8484, the Access Devices Regulation Act, as amended by RA 11449, for card, online banking, or access device fraud;
- RA 10173, the Data Privacy Act of 2012, for misuse, unauthorized processing, or improper disclosure of personal data;
- RA 11765, the Financial Products and Services Consumer Protection Act, for complaints involving financial products and supervised financial institutions.
Step-by-Step Guide: What to Do Immediately
1. Do not click, reply, or call the number in the text
Do not test the link. Do not reply “STOP.” Do not call the number provided in the message. A reply may confirm that your number is active.
If the text claims to be from a bank, e-wallet, courier, telco, or government agency, use the official website, app, hotline, or verified social media account you already know—not the link or number in the message.
2. Preserve evidence before blocking or deleting
Take screenshots showing:
- the sender number or sender ID;
- the full message;
- date and time received;
- the suspicious link;
- the full SMS thread if it appeared in an official-looking conversation;
- your telco network;
- any follow-up messages;
- any transaction reference number if money was sent.
For serious cases, also write a short timeline while details are fresh:
- Date and time you received the text.
- Whether you clicked the link.
- What information you entered.
- Whether you gave an OTP, MPIN, password, or card details.
- Amount lost, if any.
- Destination account, e-wallet number, bank account, QR code, or merchant name.
- Steps already taken with your bank, e-wallet, telco, or law enforcement.
3. Report the scam text to NTC
For scam or spam SMS, report to the NTC Text Spam/Spam Report page: NTC Text Spam/Spam Report.
Based on NTC guidance, prepare:
- valid government ID, school ID, birth certificate, or NBI Clearance if no ID is available;
- screenshot or image of the text scam/spam showing the cellphone number;
- your contact details;
- a short explanation of the complaint. (www.foi.gov.ph)
NTC reporting is especially useful when your goal is to help authorities and telcos identify, block, or deactivate numbers used for smishing. It is not the same as a criminal complaint for recovery of money.
4. Report to your telco
Report to your own mobile provider because telcos can help detect patterns and block similar scam messages.
Common official channels include:
- Globe: Globe Stop Spam or GlobeOne app;
- Smart: Smart HuliScam or official Smart cybersecurity reporting channels;
- DITO: DITO app live chat, official DITO help channels, or official social media pages.
If you use GOMO, report through the GOMO app or official support channels. Because GOMO operates digitally, keep screenshots and support ticket references.
5. If money or account access is involved, contact your bank or e-wallet first
When money is at risk, minutes matter. Contact your bank, credit card issuer, or e-money issuer immediately through official channels. Ask them to:
- block or freeze the affected account, card, or wallet;
- reverse, hold, or investigate the transaction if still possible;
- disable online banking or reset credentials;
- issue a case or ticket number;
- tell you what documents they need for a dispute.
BSP guidance is practical: if account or personal information has been compromised, immediately contact the bank or e-money issuer through official channels; if the complaint is not adequately addressed, escalate through BSP Online Buddy or BOB. (Philippine Information Agency)
6. Report online scam incidents to CICC
The Cybercrime Investigation and Coordinating Center (CICC) operates the national anti-scam hotline 1326. DICT has described 1326 as the National Anti-Scam Hotline, and government advisories also identify CICC’s report channel for scams. (Goverment Dictionary)
You can use:
- CICC Report page;
- hotline 1326;
- official DICT/CICC complaint channels.
CICC is useful when the scam involves multiple agencies, cybercrime, bank/e-wallet coordination, fake websites, fake accounts, or broader fraud patterns.
7. File a criminal complaint with PNP-ACG or NBI if there is fraud, loss, identity theft, or harassment
If you lost money, gave sensitive credentials, suffered identity theft, or want a criminal investigation, report to:
A PNP FOI response has directed cyber-related complaints to the PNP-ACG eComplaint channel or acg@pnp.gov.ph. (www.foi.gov.ph) NBI’s Citizen’s Charter for computer crime complaints states that the general public may proceed to the Cybercrime Division to file a complaint or request investigation, with no listed fee and a frontline processing time of around 1 hour and 10 minutes for initial assistance. (National Bureau of Investigation)
For fraud cases that are not purely technical cybercrime, the NBI Anti-Fraud Division may also be relevant. Its Citizen’s Charter lists commercial documents, evidence, demand letters, and similar documents as requirements, with no listed fee for the investigation assistance transaction. (National Bureau of Investigation)
What Documents and Evidence Should You Prepare?
| Evidence | Why it matters |
|---|---|
| Screenshot of the scam text | Shows sender, message, link, and date/time |
| Screenshot of the full message thread | Useful if the message appeared in an official-looking sender thread |
| Your valid ID | Usually required for formal complaints |
| Your mobile number and telco | Helps telco and NTC trace the complaint |
| URL or domain in the text | Helps takedown and cybercrime investigation |
| Bank/e-wallet transaction receipts | Needed for disputes and fund tracing |
| Account numbers, wallet numbers, QR codes, merchant names | Helps identify recipient accounts or money mules |
| Police blotter/report or cybercrime complaint receipt | Often requested by banks or e-wallets for fraud claims |
| Sworn affidavit or complaint-affidavit | Needed for formal law enforcement or prosecutor action |
| Support ticket numbers from bank/telco/e-wallet | Shows you reported promptly |
Do not edit screenshots except to make separate redacted copies for your own sharing. For official complaints, keep the original screenshots and files intact.
Which Agency Should You Prioritize?
If you only received a scam text
Report to:
- NTC;
- your telco;
- CICC if the message appears part of a wider online scam campaign.
You usually do not need to go immediately to PNP or NBI if you did not click, did not share information, and did not lose money. But if the message contains threats, extortion, sexual blackmail, identity theft, or repeated harassment, report to PNP-ACG or NBI.
If you clicked the link but did not send money
Do these immediately:
- Disconnect from the site and do not enter more information.
- Change passwords for affected accounts.
- Enable or reset two-factor authentication.
- Contact your bank/e-wallet if financial information, OTP, MPIN, card data, or login details were entered.
- Report to NTC, telco, and CICC.
- Consider PNP-ACG or NBI if identity theft occurred.
If you gave an OTP, MPIN, password, or card details
Treat it as urgent. OTPs and MPINs are often enough to drain an account.
Report first to:
- bank, card issuer, or e-wallet;
- CICC hotline 1326 or report page;
- PNP-ACG or NBI;
- BSP if your bank/e-wallet does not adequately address the complaint.
If money was transferred
Take action in this order:
- Contact your bank or e-wallet immediately.
- Ask for a fraud case number and whether a temporary hold, reversal, or trace is possible.
- Preserve the transaction receipt and recipient account details.
- File a cybercrime report with PNP-ACG or NBI.
- Report to CICC.
- Escalate to BSP if the financial institution fails to act properly on your complaint.
Under AFASA and BSP’s 2025 implementing framework, disputed funds and financial account inquiries are now more specifically regulated, but early reporting remains crucial because scam proceeds are often moved quickly through multiple mule accounts. (Bureau of the Treasury)
If your name appears in the scam text
This may indicate a data privacy issue, especially if the message includes your full name, recent transaction details, loan information, delivery information, or other personal data not publicly known.
Report to:
- NTC and telco for the scam text;
- NPC if you suspect misuse or leakage of your personal data;
- the company or agency that may have handled the data;
- PNP-ACG/NBI if identity theft or fraud occurred.
The National Privacy Commission states that a person may file a complaint if personal information has been misused, maliciously disclosed, improperly disposed, or if data privacy rights have been violated. (National Privacy Commission) Formal NPC complaints generally require a specific format, supporting evidence, and notarization. (National Privacy Commission)
Special Situations
Scam texts pretending to be from banks or e-wallets
Do not trust the link. Open the official app manually or call the number printed on your card or listed on the official website.
Report to:
- your bank or e-money issuer;
- BSP Online Buddy if unresolved;
- PNP-ACG or NBI if there is unauthorized transfer;
- CICC for scam coordination;
- NTC/telco for the sending number.
Fake parcel, customs, or delivery texts
These often ask for a small “redelivery” or “customs” fee, but the real goal is to steal card or e-wallet details. Report to:
- courier’s official customer service;
- bank/card issuer if payment details were entered;
- NTC/telco;
- PNP-ACG/NBI if money was taken.
Fake government ayuda, SSS, PhilHealth, LTO, BIR, or traffic violation texts
Report to the impersonated government agency and to CICC. If you paid money or submitted personal data, also report to PNP-ACG/NBI and NPC where appropriate.
Government agencies generally do not ask people to claim benefits by clicking random shortened links in SMS. Always verify through official .gov.ph websites or official apps.
Investment, crypto, or “task job” text scams
Report suspected investment solicitations to the Securities and Exchange Commission (SEC) through its official complaint/ticketing channels, such as the SEC iMessage system, especially if the scheme involves securities, investment contracts, crypto-style “trading,” guaranteed returns, or recruitment commissions. SEC’s public ticketing page accepts complaints and reports. (iMessage)
Also report to PNP-ACG or NBI if you paid money, recruited others, or were instructed to transfer funds to personal accounts.
Foreigners and OFWs outside the Philippines
You can still preserve evidence, report online, and contact your bank/e-wallet or telco. If a Philippine criminal complaint requires a sworn affidavit executed abroad, you may need consular notarization or an apostilled notarized document, depending on where the affidavit is executed and what the receiving office requires. Philippine embassies can notarize affidavits and similar private documents for use in the Philippines. (Philippine Embassy)
If you are abroad and your Philippine SIM is still active, immediately secure accounts linked to that SIM, especially banks, e-wallets, email, social media, and government portals.
Common Pitfalls That Delay Reports
Deleting the message too soon
Blocking is fine, but preserve screenshots first. Law enforcement and telcos need the sender number, timestamp, and full text.
Reporting only to social media
Posting screenshots on Facebook may warn friends, but it does not create an official report. Use NTC, telco, CICC, PNP-ACG, NBI, BSP, NPC, or SEC depending on the case.
Waiting for the bank to “investigate” before filing a cybercrime report
For unauthorized transfers, file with the bank immediately, but do not wait weeks before reporting to PNP-ACG, NBI, or CICC. Cybercrime data, account movement, and logs are time-sensitive.
Sending incomplete screenshots
A cropped screenshot that hides the sender number, date, or full link is weaker. Capture the entire screen and keep originals.
Assuming SIM registration means scammers can always be identified quickly
SIM registration helps accountability, but scammers may use fake documents, mules, stolen SIMs, spoofed sender IDs, foreign infrastructure, fake cell towers, compromised accounts, or layered transfers. Reporting still matters because it creates data points for blocking, investigation, and pattern detection.
Giving your ID to unofficial pages
Be careful when reporting. NTC and agencies may require ID for formal complaints, but you should upload documents only through official government websites, verified agency channels, or in-person offices. Avoid sending IDs to random pages claiming to “help report scammers.”
Practical Timeline: What Usually Happens After Reporting
| Report filed with | What may happen | Practical timeline |
|---|---|---|
| Telco | Scam number/link is reviewed, blocked, filtered, or referred | Sometimes quick, but depends on verification and volume |
| NTC | Complaint is received and may be endorsed to telco or agency | Usually administrative; not a money recovery process |
| CICC | Incident may be logged, coordinated, or referred | Useful for urgent scam coordination |
| Bank/e-wallet | Account may be locked, transaction disputed, recipient traced, documents requested | Report immediately; disputes may take days to weeks |
| BSP | Reviews unresolved complaint against BSP-supervised institution | Usually after you first complain to the institution |
| PNP-ACG/NBI | Complaint intake, sworn statement, evidence review, investigation | Initial intake may be same day; full investigation can take weeks or months |
| NPC | Privacy complaint evaluation, possible conferences/orders | Formal process; notarized documents may be required |
| SEC | Investment scam report, advisory, investigation, possible enforcement | Depends on evidence and scope |
Frequently Asked Questions
Where do I report scam text messages in the Philippines?
Report scam texts to the NTC through its Text Spam/Spam Report page, your telco’s official spam/scam reporting channel, and CICC if it appears to be part of an online scam. If you lost money or gave sensitive credentials, also report to PNP-ACG or NBI.
What is the NTC text scam report link?
The NTC text spam/scam report page is: https://ntc.gov.ph/text-spam-spam-report/. Prepare a valid ID and a screenshot of the scam text showing the sender number.
Should I report to NTC or PNP?
Report to NTC for telecom action such as blocking or deactivation of scam numbers. Report to PNP-ACG or NBI if there is fraud, financial loss, identity theft, harassment, extortion, account takeover, or you want a criminal investigation.
Can I recover money lost to a text scam?
Possibly, but it depends on how quickly you report, whether the funds are still traceable, and whether the recipient account can be held or investigated. Contact your bank or e-wallet first, then file reports with CICC and PNP-ACG or NBI. Escalate to BSP if your financial institution does not properly handle your complaint.
Do I need a police report for GCash, Maya, or bank fraud?
Many banks and e-wallets may ask for a police report, cybercrime complaint receipt, affidavit, or similar document for serious fraud claims. Ask your provider for its exact requirements, but do not delay the initial fraud report while waiting for documents.
What if the scam text uses my full name?
Report the scam to NTC and your telco. If the message suggests your personal data was misused, leaked, or improperly disclosed, file a concern or complaint with the National Privacy Commission and notify the company or agency that may have handled the data.
Can foreigners report smishing in the Philippines?
Yes. Foreigners can report scam texts affecting a Philippine SIM, Philippine bank/e-wallet, or Philippine transaction. If a sworn complaint or affidavit is required and the person is abroad, the document may need consular notarization or apostille depending on how it is executed and where it will be submitted.
Is it safe to send my ID when reporting a text scam?
Send your ID only through official government or telco reporting channels. Do not send IDs to unknown Facebook pages, random “reporting assistants,” or links sent by strangers. Keep a copy of what you submitted and when.
What if the scammer used a registered SIM?
Report it anyway. RA 11934 allows action against registered SIMs used for fraud, including investigation and deactivation after due process. A registered SIM does not mean the scammer is automatically the true identity shown in the registration, but it gives authorities a starting point.
Can I file directly with the prosecutor?
In some cases, yes, but cybercrime complaints usually benefit from investigation by PNP-ACG or NBI first because technical evidence, subscriber information, financial account tracing, and cybercrime warrants may be needed. For ordinary victims, the practical first step is usually bank/e-wallet report, CICC, PNP-ACG or NBI, and NTC/telco.
Key Takeaways
- Report simple scam texts to NTC and your telco.
- Report online fraud, identity theft, account takeover, or money loss to CICC, PNP-ACG, or NBI.
- If money was taken from a bank, card, or e-wallet, contact the bank/e-money issuer immediately before anything else.
- Escalate unresolved bank or e-wallet complaints to BSP Online Buddy.
- Report suspected data misuse or leakage to the National Privacy Commission.
- Report investment or “guaranteed income” text scams to the SEC.
- Preserve screenshots, links, transaction receipts, sender numbers, timestamps, and support ticket numbers.
- Do not click links, do not share OTPs or MPINs, and do not send IDs to unofficial reporting pages.
- Early reporting matters because scam proceeds can move through mule accounts within minutes.