A smishing message can look harmless—a delivery notice, bank warning, raffle prize, government aid announcement, or request to “verify” your SIM—but one click may expose your passwords, one-time PINs, personal data, or money. In the Philippines, the correct place to report a text scam depends on what happened: the Cybercrime Investigation and Coordinating Center (CICC) receives and coordinates scam reports, the National Telecommunications Commission (NTC) handles abusive numbers and telecommunications concerns, banks and e-wallets handle disputed transactions, and the PNP Anti-Cybercrime Group or NBI Cybercrime Division investigates possible crimes.
The most important practical rule is simple: if money has already been transferred, contact your bank or e-wallet before doing anything else. A prompt report may allow participating financial institutions to trace and temporarily hold disputed funds before they are withdrawn or moved through several accounts.
Where to report smishing and text scams in the Philippines
| What happened | Report first to | Other useful reports |
|---|---|---|
| You received a suspicious text but did not click or lose money | CICC through 1326, eGovPH, NTC, and your mobile provider | Block the sender and preserve a screenshot |
| You clicked the link but did not provide information | Your mobile provider and CICC | Secure the phone, scan for malware, and report the number to NTC |
| You entered a password, PIN, card details, or personal information | The affected bank, e-wallet, email provider, or online account immediately | CICC, NTC, and your mobile provider |
| Money was transferred or an unauthorized transaction appeared | The bank or e-wallet’s official 24/7 fraud channel | CICC, PNP Anti-Cybercrime Group, or NBI Cybercrime Division |
| Your identity or personal data was unlawfully used or disclosed | National Privacy Commission | CICC or law enforcement if fraud was also committed |
| The message contains threats, extortion, blackmail, or sexual exploitation | PNP Anti-Cybercrime Group or the nearest police station | NBI Cybercrime Division and CICC |
These agencies perform different functions. Reporting a number to the NTC may help with blocking or telecommunications enforcement, but it does not automatically recover stolen money or start a criminal prosecution. Similarly, reporting to a bank may protect the financial account, but it does not replace a report to cybercrime investigators when a crime appears to have occurred.
What is smishing?
Smishing is phishing carried out through SMS or another text-messaging service. The scammer sends a deceptive message designed to make the recipient:
- Click a fraudulent link;
- Download a malicious application;
- Call a fake customer-service number;
- Reveal a password, one-time PIN, card number, or account credential;
- Transfer money to a supposed bank, government agency, seller, employer, relative, or investment platform; or
- Provide personal information that can later be used for identity theft.
Common smishing messages in the Philippines include:
- “Your bank account will be suspended unless you verify now.”
- “Your parcel cannot be delivered because of an unpaid ₱17.50 fee.”
- “You have unclaimed ayuda, cash assistance, or a government benefit.”
- “Your SIM will be deactivated today.”
- “You won a prize. Pay a processing fee to claim it.”
- “I accidentally sent money to your account. Please return it to this number.”
- “Your GCash, Maya, or online banking account has been compromised.”
- Messages impersonating a relative, employer, police officer, courier, utility company, or government office.
A message is not safe merely because it appears under an existing bank or company conversation thread. Scammers may use spoofed sender names, compromised messaging systems, malicious links, or illegal telecommunications equipment that makes a fraudulent message appear more credible.
Report the scam to the CICC
The CICC, an attached agency of the Department of Information and Communications Technology, operates the government’s 1326 National Anti-Scam Hotline. It serves as a central reporting and coordination point for online scams, suspicious messages, phishing, impersonation, and related cyber incidents. Reports may be referred to the appropriate telecommunications provider, financial institution, regulator, or law-enforcement unit. (Dictionary of the Filipino Language)
CICC reporting channels
Call 1326.
Email report@cicc.gov.ph.
Use the reporting function in the eGovPH application.
Alternative CICC mobile numbers listed in official government materials include:
- Smart: 0947-714-7105
- Globe: 0966-976-5971
- DITO: 0991-481-4225
The hotline is intended to operate as a round-the-clock reporting channel. A report may receive an initial acknowledgment or referral quickly, but a complete investigation can take substantially longer, especially when investigators must obtain subscriber records, trace several financial accounts, preserve electronic evidence, or coordinate with foreign platforms. (Philippine News Agency)
When reporting, provide:
- The sender’s number or displayed sender name;
- The complete wording of the message;
- The date and time received;
- The fraudulent link, written or copied without opening it;
- Screenshots showing the full screen and message details;
- The name of the company or government agency being impersonated;
- Whether you clicked, downloaded anything, disclosed information, or transferred money; and
- Reference numbers from your bank, e-wallet, telco, or other agency reports.
People who merely received a scam message may also use eGovPH’s reporting feature. Government agencies can use submitted data to identify recurring scam campaigns and refer numbers for investigation or blocking. (Philippine Information Agency)
Report the number to the NTC
The NTC accepts reports concerning text scams, spam, and abusive mobile numbers through its official Text Scam/Spam Report page.
The NTC’s role generally includes receiving the complaint, checking the information provided, and referring the number or incident to the telecommunications provider or another government agency for appropriate action. It may help cause a number to be investigated or blocked, but it does not decide criminal guilt or order a bank to return stolen funds. (www.foi.gov.ph)
What the NTC normally requires
Prepare the following:
- A clear screenshot or photograph of the scam text;
- The sender’s mobile number, when visible;
- The date and time of the message;
- Your active contact information;
- A government-issued identification card; and
- Any additional facts requested by the online form.
According to the NTC’s official public guidance, a student identification card may be accepted. A birth certificate or NBI clearance may be considered when the complainant has no standard government-issued ID. The report may also be sent to consumer@ntc.gov.ph, brought to the NTC’s Consumer Welfare and Protection Division, or filed through the appropriate NTC regional office. The NTC hotline is 1682. (www.foi.gov.ph)
Do not assume that the NTC can immediately disclose the registered owner of a SIM. Under the SIM Registration Act, Republic Act No. 11934 of 2022, subscriber information is confidential and may be disclosed only on legally recognized grounds, such as compliance with a court order, subpoena, or lawful investigation. A registered subscriber’s name is also not conclusive proof that the person personally sent the message: the SIM may have been stolen, registered using another person’s identity, controlled by a money mule, or used through illegal telecommunications equipment. (Lawphil)
Report the text to your mobile provider
Reporting the message to the telecommunications company may allow the provider to investigate, block the number, identify similar messages sent across its network, or preserve records for a lawful investigation.
Globe
Globe subscribers may use the Globe StopSPAM reporting page or open the GlobeOne application and select Essentials → Do More → StopSpam. (Globe Telecom)
Smart and TNT
Smart and TNT subscribers may report suspicious messages through Smart’s verified customer-support channels, call *888, or use the HuliScam reporting portal. (Smart Help)
DITO
DITO subscribers may use the 24/7 chat function in the DITO application or call 185 free of charge from a DITO number. (DITO)
A telco report is useful even when the scammer uses a number from another network. Provide the full message instead of sending only the number because the wording, link, sender name, and timing can help identify a wider campaign.
Contact the bank or e-wallet immediately if money or account information is involved
When a scammer obtains an OTP, password, mobile PIN, card credential, or account access—or persuades the victim to transfer money—the first urgent report should be made to the official fraud channel of the bank, e-wallet, or financial institution.
Do not call a telephone number contained in the suspicious text. Use the number printed on the bank card, the institution’s official application, its authenticated website, or a previously verified customer-service channel.
Tell the institution clearly:
“I am reporting a disputed or fraud-related transaction. Please secure my account, preserve the records, and initiate the applicable fund-tracing and temporary holding process.”
Ask for:
- A case or ticket number;
- Confirmation that the affected account has been secured;
- The status of any password reset, device unlinking, or session termination;
- The disputed-transaction form or fraud affidavit;
- Confirmation that the receiving institution has been contacted, when applicable; and
- A written list of additional documents required.
Temporary holding of disputed funds under the Anti-Financial Account Scamming Act
The Anti-Financial Account Scamming Act, Republic Act No. 12010 of 2024, or AFASA, created procedures that allow financial institutions to temporarily hold funds involved in a disputed electronic transaction while verification is conducted.
Under the implementing rules, an initial hold may last up to five days. It may be extended for up to 25 additional days, for a total maximum of 30 days, unless a court issues a further order. The originating institution’s 24/7 fraud-reporting channel may trigger the complaint-initiated holding process when the required conditions are present. (Lawphil)
The victim should cooperate promptly by providing transaction details, account information, screenshots, affidavits, and other requested evidence. The bank may contact receiving institutions, trace the movement of funds, and preserve relevant accounts. (Bureau of the Treasury)
A temporary hold is not the same as a guaranteed refund. Recovery becomes harder when the money has already been withdrawn, converted to cryptocurrency, used to purchase goods, or transferred through multiple mule accounts. The bank must also determine whether the transaction falls within AFASA and applicable Bangko Sentral ng Pilipinas rules.
AFASA’s special holding process generally concerns disputed electronic fund transfers. An ordinary transfer sent to the wrong account by mistake is not automatically treated as a scam transaction, and credit-card disputes may follow separate chargeback or card-network procedures. (Bureau of the Treasury)
Escalate an unresolved bank or e-wallet complaint to the BSP
A consumer should ordinarily complain first through the financial institution’s Financial Consumer Protection Assistance Mechanism, meaning its internal customer-service and complaint-resolution system.
If the institution does not resolve the complaint adequately, the consumer may escalate it to the Bangko Sentral ng Pilipinas through:
- The BSP Online Buddy, or BOB, available through the official BSP website and verified BSP Facebook page; or
- A completed Consumer Inquiry or Request form sent with proof of the prior complaint to consumeraffairs@bsp.gov.ph.
The BSP supervises covered banks, e-money issuers, and other BSP-supervised financial institutions. It does not replace the police or NBI in investigating the scammer. (Bureau of the Treasury)
When communicating with the BSP, do not send your full password, PIN, OTP, card security code, or online-banking credentials. Provide only the account and transaction information reasonably required by the complaint process.
File a criminal complaint with the PNP or NBI
Report to law enforcement when:
- Money was stolen;
- An account was taken over;
- The scammer used your identity;
- The message involved extortion, threats, blackmail, or sexual exploitation;
- A malicious application was installed;
- The scam is organized, repeated, or involves several victims; or
- You need a formal investigation that may require subpoenas, cybercrime warrants, subscriber records, or financial-account records.
PNP Anti-Cybercrime Group
The PNP Anti-Cybercrime Group may be contacted through acg@pnp.gov.ph. Official government consumer materials also list 0998-598-8116 and (02) 414-1560 as contact numbers. Contact details can change, so confirm them through the PNP’s verified website or social-media pages before sending sensitive documents.
A victim may also go to the nearest police station. Ask that the incident be referred to the appropriate cybercrime unit when digital evidence, online accounts, or electronic fund transfers are involved.
NBI Cybercrime Division
The NBI Cybercrime Division may be contacted through ccd@nbi.gov.ph. The NBI also maintains an online complaint facility and accepts complaints through its offices. (National Bureau of Investigation)
During an initial NBI complaint, the complainant may be asked to:
- Complete a complaint or investigation-data form;
- Explain the incident during an interview;
- Execute a sworn statement or submit a prepared complaint-affidavit;
- Provide screenshots, transaction records, URLs, account names, telephone numbers, and witness information; and
- Allow investigators to examine a relevant device when technically necessary.
The NBI’s citizen’s charter lists no fee for initial complaint assistance. It describes an initial intake process lasting roughly an hour under ordinary conditions, but evidence gathering and the actual investigation may take weeks or months. Cross-border requests, anonymous accounts, incomplete records, multiple financial institutions, and delayed preservation requests commonly cause longer delays. (National Bureau of Investigation)
You can report even when the scammer’s legal name is unknown. Identify the respondent using the available mobile number, account name, username, bank account, e-wallet number, website, email address, or “John Doe” description. Investigators can determine whether legal process should be used to identify the person behind those records.
Report personal-data misuse to the National Privacy Commission
The National Privacy Commission (NPC) is appropriate when the incident involves unlawful collection, disclosure, sale, exposure, or misuse of personal data. Examples include:
- A scammer possesses a copy of your ID;
- Your contact information came from a suspected data breach;
- A company improperly disclosed your account information;
- Your name, photograph, or identity was used without authority;
- A loan application or online account was created using your personal data; or
- Personal information was published to threaten, shame, or extort you.
The NPC is not normally the first agency for blocking a SIM or tracing stolen funds. Report the financial or criminal aspects separately to the bank, CICC, PNP, or NBI.
A formal NPC complaint generally requires a verified or notarized complaint form, supporting evidence, and available witness affidavits. It may be filed personally, by registered mail or courier, or through an authorized electronic filing method. Consult the NPC’s official complaints page for the current form, filing instructions, and fee schedule. (National Privacy Commission)
Philippine laws that may apply to text scams
The exact offense depends on what the scammer did, what information was obtained, and whether loss or unauthorized access occurred.
Republic Act No. 10175: Cybercrime Prevention Act of 2012
RA 10175 penalizes offenses such as computer-related fraud and computer-related identity theft. These provisions may apply when electronic systems, online accounts, mobile devices, or digital data are used to obtain money, impersonate another person, or cause unauthorized loss. (Lawphil)
Article 315 of the Revised Penal Code: Estafa
A completed scam may constitute estafa, commonly called swindling, when deceit causes another person to part with money or property and suffer damage. The precise classification depends on the scammer’s representations, the victim’s reliance, the transfer of property, and the resulting loss. (Lawphil)
Republic Act No. 12010: Anti-Financial Account Scamming Act
AFASA addresses financial-account scams, money-mule activity, social-engineering schemes, and misuse of financial accounts. It defines electronic communications broadly enough to include SMS and other digital messages.
The law covers schemes in which a person misrepresents themselves as a financial institution, government entity, utility, company, or another person to obtain sensitive identifying information and gain unauthorized access to or control over a financial account. It also imposes obligations on covered institutions relating to fraud controls, coordinated verification, temporary holding, and consumer protection. (Lawphil)
Republic Act No. 11934: SIM Registration Act
RA 11934 requires SIM registration and permits lawful access to subscriber information under specified conditions. Registration can assist attribution, but it does not make every scam number immediately identifiable to the public, nor does it eliminate spoofing, stolen identities, illegally registered SIMs, or unauthorized use. (Lawphil)
Republic Act No. 10173: Data Privacy Act of 2012
The Data Privacy Act may apply when personal information is unlawfully processed, disclosed, accessed, or used as part of the scam. (Lawphil)
Republic Act No. 8484, as amended
The Access Devices Regulation Act, as amended by RA 11449, may apply to fraudulent use of cards, account numbers, access devices, or related credentials. (Lawphil)
Step-by-step: what to do after receiving a scam text
Do not click the link, reply, or call the number in the message. Open the company’s official application or type its verified website address yourself.
Preserve the original message. Take screenshots showing the sender, date, time, full text, and link. Do not crop out details that may assist investigators.
Copy the link without opening it, when this can be done safely. Paste it into a note as plain text. Do not forward a clickable scam link to family or friends.
If you installed an application, disconnect the device from the internet. Use another trusted device to change important passwords. Remove unknown applications, revoke suspicious permissions, and obtain qualified technical assistance when necessary.
Secure affected accounts. Change reused passwords, activate multi-factor authentication, terminate other logged-in sessions, and notify the relevant bank, e-wallet, email provider, or social-media platform.
Report financial transactions immediately. Call the bank or e-wallet’s official fraud channel and request fund tracing, account protection, and the applicable temporary holding process.
Report the message to the CICC, NTC, and your telecommunications provider.
File a PNP or NBI complaint when a crime or financial loss occurred.
Keep every reference number. Maintain a simple log showing the agency, date reported, person or channel contacted, case number, and next follow-up date.
Preserve the phone and electronic records. Do not factory-reset a device that may contain important evidence until investigators or a qualified forensic professional advise that the needed data has been preserved.
Evidence and documents to prepare
| Evidence or document | Why it matters |
|---|---|
| Full screenshots of the text | Shows the sender, wording, link, date, and time |
| Original message on the phone | May contain metadata not visible in a cropped image |
| Government-issued ID | Commonly required to verify the complainant |
| Written chronology | Helps investigators understand the sequence of events |
| Bank or e-wallet transaction record | Identifies the amount, time, reference number, and destination |
| Account statements or receipts | Proves the financial loss |
| Fraudulent website URL | Helps investigators and platforms identify the infrastructure |
| Screenshots of the fraudulent webpage | Preserves content that may later disappear |
| Call logs, emails, and chat records | Connects the SMS to the wider scheme |
| Recipient account, number, or username | Assists fund tracing and suspect identification |
| Bank, telco, CICC, or NTC reference numbers | Shows prior reports and allows coordination |
| Complaint-affidavit or sworn statement | Commonly required for a formal criminal complaint |
| Witness affidavits | Corroborate conversations, payments, or identity misuse |
Prepare a chronological narrative while your memory is fresh. Include exactly what the scammer said, what you believed, what you did in response, and what loss followed.
Do not post unredacted IDs, account numbers, transaction receipts, OTPs, or addresses on public social-media pages. Send evidence only through verified official channels.
Common mistakes that make scam reports harder to act on
Waiting for the transaction to “settle”
A victim may hesitate because the banking application labels the transaction as pending. Report it immediately. A few hours can determine whether the funds remain in the recipient account.
Deleting the text after taking one cropped screenshot
Keep the original message whenever possible. Investigators may need the exact sender display, timestamp, URL, or surrounding messages.
Reporting only on Facebook
A social-media post may warn other people, but it is not a substitute for an official bank fraud report, CICC report, NTC submission, or sworn law-enforcement complaint.
Sending credentials to a fake recovery agent
Scammers sometimes contact victims again while pretending to be police officers, lawyers, bank investigators, or “fund recovery specialists.” No legitimate investigator needs your OTP, PIN, or password.
Assuming SIM registration guarantees immediate identification
Subscriber information requires lawful access, and the registered person may not be the actual operator. Criminal groups commonly use stolen identities, mule accounts, compromised phones, or layered transfers.
Treating an accidental transfer as a proven scam
A mistaken transfer and a fraud-induced transfer are legally and procedurally different. Tell the bank exactly what happened. Deliberately giving false information to trigger an AFASA hold may itself carry legal consequences. (Lawphil)
Paying a supposed “release fee” to recover stolen money
Government investigators and legitimate banks do not require a victim to transfer cryptocurrency, pay a private “unlocking fee,” or send an OTP to release recovered funds.
Reporting from abroad or as a foreign national
A Filipino overseas or a foreign national may use the same CICC, NTC, bank, telco, PNP, NBI, and NPC reporting channels. The important issue is the Philippine connection—for example, the victim or account is in the Philippines, the recipient account is maintained by a Philippine institution, the message used a Philippine number, or a material part of the offense occurred in the country.
AFASA expressly recognizes Philippine jurisdiction in several situations involving a Philippine victim, a financial account maintained by an institution operating in the Philippines, or relevant computer systems and infrastructure located in the country. (Lawphil)
For a formal complaint executed abroad, the investigator or prosecutor may require a properly notarized affidavit. Depending on the country and receiving office, the document may need an apostille or notarization before a Philippine embassy or consulate. Confirm the format with the handling agency before sending original documents. The Department of Foreign Affairs explains that documents originating in Apostille Convention countries are ordinarily authenticated through an apostille, while consular notarization remains available in appropriate cases. (Philippine Embassy New Delhi)
Frequently Asked Questions
Where should I report a scam text if I did not lose money?
Report it to the CICC through 1326 or eGovPH, the NTC through its text-scam reporting page, and your mobile provider. Preserve the screenshot and original message before blocking the sender.
Can I report an attempted scam even if I did not click the link?
Yes. Attempted scams are still useful to report because agencies and telecommunications companies can compare numbers, links, sender names, and message patterns across multiple complaints.
Should I go to the barangay first?
A barangay report is generally not required before reporting an unknown text scammer to the CICC, NTC, PNP, or NBI. Cybercrime investigation often requires records and technical powers that barangay officials do not possess. A barangay blotter may still be useful when a known local person is involved, but it should not delay an urgent bank or law-enforcement report.
Can the NTC tell me who owns the scam number?
Not merely upon request. SIM-registration information is confidential and normally requires lawful investigative authority, a subpoena, a court order, or another legal ground. The registered subscriber may also be different from the person who operated the scam.
Can my bank freeze the scammer’s account?
A financial institution may temporarily hold disputed funds under AFASA and BSP rules when the legal and procedural conditions are met. The standard period may reach 30 days without a further court order. The process is more effective when reported immediately and while the funds remain traceable.
Will I automatically get my money back?
No. Recovery depends on whether the funds can still be located, whether the transaction qualifies for the applicable dispute process, the evidence available, and whether the financial institutions complied with their legal duties. A temporary hold preserves funds while the dispute is verified; it does not automatically decide ownership.
Is a screenshot enough to file a report?
A screenshot is a good starting point, especially for an NTC or CICC report. For a criminal or financial complaint, also prepare the original message, transaction records, a chronology, identification, URLs, account details, and any related calls or chats.
What should I do if I clicked the link but entered nothing?
Close the page, clear the browser data, check the device for unknown downloads or applications, and update the operating system and security software. Change important passwords from a trusted device if the page may have captured credentials or browser data. Report the message to your telco, NTC, and CICC.
What if the sender name appears to be my bank?
Do not use the link or contact details in the message. Open the bank’s official application or call the number printed on your card. A familiar sender name or placement within a legitimate message thread does not prove that the message came from the bank.
Can I report a scammer whose identity is unknown?
Yes. Provide every available identifier, including the mobile number, sender name, recipient bank or e-wallet account, username, email address, website, and transaction reference. Law enforcement may use lawful process to request records and identify the person or network involved.
Key Takeaways
- For a suspicious message with no financial loss, report to CICC 1326, eGovPH, the NTC, and your mobile provider.
- When money or account access is involved, contact the bank or e-wallet’s official fraud channel first.
- Ask for a case number, account protection, fund tracing, and the applicable AFASA temporary holding process.
- Report completed fraud, identity theft, threats, or account takeover to the PNP Anti-Cybercrime Group or NBI Cybercrime Division.
- Use the National Privacy Commission process when personal information was unlawfully disclosed or misused.
- Preserve the original message, screenshots, URLs, transaction records, and a clear chronology.
- Never provide an OTP, password, PIN, or card security code to anyone claiming they need it to investigate or recover funds.
- Fast reporting improves the chance of blocking the number, preserving digital records, and tracing money before it is withdrawn or transferred again.