How to Report Online Scam in the Philippines

How to Report an Online Scam in the Philippines
A comprehensive legal‑practice guide (updated to April 2025)

1. Why a distinct procedure for online scams?

Because most internet fraud crosses borders, involves pseudonymous actors, and leaves only digital traces, Philippine lawmakers and regulators have built a multi‑layered regime:

Layer Purpose Key authority
Criminal law Punish offenders, deter future acts NBI‑Cybercrime Division; PNP‑Anti‑Cybercrime Group
Administrative law Protect specific sectors (banking, securities, consumer sales) SEC, BSP, DTI, IC, DICT‑CICC
Civil law Compensate victims Regular & special commercial courts
Preventive regulation Freeze assets, takedown content, block domains AMLC, DICT‑CICC, ISPs under RA 10175

2. Offences & statutes most frequently invoked

Conduct Principal statute(s) Penalty range*
Swindling/“Estafa” via online deception Art. 315 RPC (as amended); Sec. 6, RA 10175 (computer‑facilitated estafa) ₱40,000↓: arresto mayor (≤6 months). ₱40k‑2.4 M: prision correccional (6 mo‑6 yrs). ₱2.4 M ↑: prision mayor (6‑12 yrs) + fine up to triple the damage.
Phishing, hacking‐for‑gain, fake websites Sec. 4(b)(2), RA 10175 (computer‑related fraud) prision mayor — prision mayor max (up to 12 yrs) + ≥₱200 k fine.
Credit‑/debit‑card & e‑wallet fraud RA 8484 (Access Devices Regulation Act); Sec. 4(b)(3‑4), RA 10175 6‑20 yrs + fine twice the amount defrauded (RA 8484).
Unregistered investment, Ponzi, crypto pyramid Sec. 8, 26, 28‑30, RA 8799 (Securities Regulation Code); RA 11765 (Financial Products & Services Consumer Protection Act, 2022) 7‑21 yrs + ₱50 k‑₱5 M fine (SRC) + administrative cease‑and‑desist, disgorgement.
Money laundering of scam proceeds RA 9160 (as amended) 7‑14 yrs + ₱3‑10 M fine + asset forfeiture.

*Penalties shown are principal; courts may impose additional penalties under Art. 36 RPC (disqualification, etc.) and under RA 10175’s “one‑degree‑higher” rule when the crime is committed “through and with the use of information and communications technologies.”

3. Evidence checklist before you report

  1. Screenshots/Screen recordings
    Full URL bar visible, date–time stamp, entire conversation thread.
  2. Transaction records
    GCash/PayMaya history, bank statements, credit‑card slips, blockchain hash.
  3. Identification of the suspect (if available)
    Profile handles, email headers, IP addresses, IMEI, cellphone number.
  4. Affidavit of Complaint
    Narrative in first person, chronological, stating acts constituting the offense, identifying statutes violated, and attaching numbered annexes of the items above.
    • Notarise or swear before an in‑house prosecutor/OCP on filing day.

Tip: Law‑enforcement units accept USB flash drives or cloud‑drive links but still require printed annexes for docketing.

4. Where and how to file

Option When to choose it How to submit Typical timeline
NBI‑Cybercrime Division (NBI‑CCD) Complex tech issues, cross‑border tracing, large financial loss Walk‑in (NBI HQ Taft Ave.), any Regional NBI office, or e‑mail ccd@nbi.gov.ph 1‑2 hours docketing → 30 days initial evaluation → possible subpoena search warrant.
PNP‑Anti‑Cybercrime Group (PNP‑ACG) Urgent takedown, ongoing harassment, suspects in PH Walk‑in at Camp Crame HQ or any ACG Regional Tactical Unit; hotline 0998‑598‑8116; Facebook “PNPACG” 30 minutes intake; can endorse for hot pursuit within 24 hrs.
DICT‑CICC Hotline 1326 (formerly I‑CERT) Phishing e‑mails/sites, DDoS, malware Call, SMS, or portal <https: data-preserve-html-node="true"//cicc.gov.ph/report> Same‑day domain blocking request to NTC/ISPs.
SEC Enforcement and Investor Protection Dept. Investment/crypto scams <epd@sec.gov.ph data-preserve-html-node="true">, online complaint form, or walk‑in at SEC Main Cease‑and‑desist order possible in 24‑48 hrs.
DTI‑Fair Trade Enforcement Bureau Failed delivery, fake online shops, deceptive ads under Consumer Act Online portal e‑complaints.dti.gov.ph Mediation (15 days) → adjudication.
BSP Consumer Assistance Unauthorized bank transfers, e‑wallet debits <consumeraffairs@bsp.gov.ph data-preserve-html-node="true"> or <https: data-preserve-html-node="true"//www.bsp.gov.ph/SES/Forms> 10‑banking‑day reply period to the FI; BSP resolution within 30 days.

5. Step‑by‑step criminal filing (NBI or PNP)

  1. Prepare 3 hard copies of your affidavit + annexes.
  2. Personal appearance by complainant (or representative with SPA).
  3. Verification & docketing – officer stamps case number (“NBI‑CC‑DD‑YYYY‑xxx”).
  4. Preliminary investigation
    • Subpoena duces tecum on telcos/banks for account holder data.
    • Digital forensic imaging (writing your device in a write‑block environment).
  5. Inquest or regular PI
    • Inquest if suspect arrested within 36 hrs.
    • Regular PI otherwise: 10 days for respondent to file Counter‑Affidavit, 10 days for complainant’s Reply.
  6. Resolution – prosecutor issues:
    • Information (probable cause found) → filed with court; or
    • Dismissal (lack of PC) → you may file a Petition for Review with DoJ.

6. Asset freezing & restitution

Tool Trigger Authority
AMLC Immediate Freeze Order Probable cause of money‑laundering; petition by NBI/PNP Anti‑Money Laundering Council
Court‑issued Preservation Order Pending criminal action; Sec. 13, RA 10175 RTC Cybercrime Court
Temporary Restraining Order vs. Websites “Egmont” Mutual Legal Assistance or Sec. 55, RA 10175 RTC; implemented by DICT‑CICC & NTC
Chargeback / Dispute Credit‑card or debit‑card fraud Issuing bank under BSP‑Instapay/Pesonet rules; 15‑day filing window

7. Civil & administrative remedies

Even if prosecutors decline criminal action, you may still recover losses:

  • Civil Action for Damages (Art. 1157 ff., Civil Code)—file where you (or defendant) reside or where the scam happened online (deemed where you first accessed the deceptive representation).
  • Small Claims (A.M. 08‑8‑7‑SC, as amended) for sums ≤ ₱400,000—no lawyer needed.
  • Class Suit under Rule 3, Sec. 12 if multiple victims share identical cause (common in pyramid schemes).
  • DTI administrative fine (up to ₱300,000 per act; triple for repeat offenders) + suspension of business name.
  • SEC disgorgement & revocation of corporate registration for entities formed to defraud.

8. Cross‑border cooperation

Under Sec. 21, RA 10175 the Philippines may:

  1. Directly request data preservation (up to 90 days) from foreign service providers.
  2. Use MLATs (e.g., US‑PH MLAT 1994) for subpoena or extradition.
  3. Issue Red Notice via Interpol for fugitive scammers.
  4. Rely on Budapest Convention on Cybercrime (effective for PH since 2022) for expedited preservation and mutual assistance.

9. Common pitfalls that cause dismissals

  1. Incomplete chain of custody of screenshots (edited images, missing metadata).
  2. Late bank‑dispute filing (beyond 15‑calendar‑day window for e‑wallets).
  3. Wrong venue—estafa filed in local prosecutor’s office although all elements occurred online outside that territorial jurisdiction.
  4. Failure to identify deceit element—mere breach of promise ≠ estafa unless deceit existed at inception.
  5. Using “PM me proof” text instead of an affidavit—prosecutors require sworn statements.

10. Frequently asked practical questions

Q A
Can I file anonymously? No. Philippine criminal procedure requires a sworn complainant. You may request witness‑protection if you fear retaliation (RA 6981).
Is a Facebook chat admissible? Yes, if authenticated: printout + metadata header + testimony on how it was captured.
Does the “₱500‑threshold” still matter? Only for aforementioned minor estafa under Art. 315 (2)(d). Under RA 10175’s “one‑degree higher” rule, the enhanced penalty often overrides threshold breakpoints.
Do screenshots of deleted posts suffice? Prefer server‑level evidence: use “Download Your Information” (Facebook) or subpoena thru NBI/PNP.
How long do I have to file? Estafa: 15 yrs prescription if > ₱40 k. Computer‑related fraud: 15 yrs (RA 10175, Sec. 2). Consumer suits: 2 yrs from discovery (Art. 169, Consumer Act).

11. Preventive tips for clients & companies

  1. Know‑Your‑Customer (KYC) and enhanced due diligence for high‑risk transactions.
  2. Two‑factor authentication for e‑wallets and admin dashboards.
  3. Employee phishing‑simulation training every 6 months.
  4. Escrow services for high‑value marketplace deals (see BSP Circular 1055).
  5. Cybersecurity insurance riders now mandated for BSP‑supervised financial institutions (BSP Memo M‑2023‑033).

12. Conclusion

Reporting an online scam in the Philippines is no longer a shot in the dark; it is a structured, statute‑anchored process that combines rapid cyber‑forensic tools with traditional doctrines of estafa and fraud. Victims who (a) gather contemporaneous digital evidence, (b) file promptly with the correct agency, and (c) understand the overlapping criminal, civil, and administrative tracks stand the best chance of seeing both justice and restitution.

(This guide is for general informational purposes and is not a substitute for individualized legal advice. Statutory citations reflect amendments up to April 17 2025. For matters involving substantial sums or international elements, consult counsel accredited to practice before the cybercrime courts.)

Disclaimer: This content is not legal advice and may involve AI assistance. Information may be inaccurate.

Privacy Policy

Terms of Use

Lawyer Login

 
 
Privacy Policy         Terms of Use         Lawyer Login