A public service collaboration for safer digital banking
Home/Learn/Identity theft

Accounts & identity

Identity theft

A scammer collects personal details or identity documents to open accounts, apply for credit, or impersonate you.

10–12 minute guidelesson
Identity theft
How it works

The story behind the scam

The scammer gathers personal details, account information, selfies, or identity documents and uses them to impersonate you, open accounts, obtain credit, or take control of services.

ExampleA fake lender asks for an ID photo and selfie before approval, then uses them to apply for other financial products in your name.
Common versions

How this scam may reach you

The details change, but the underlying request usually stays the same: trust the sender, stop checking, and act through the channel they control.

01

New-account fraud

Stolen personal details are used to open bank, credit, lending, shopping, wallet, or mobile accounts in your name.

02

Account recovery abuse

Identity details help a criminal persuade support staff or automated checks to reset access to an existing account.

03

Document and selfie harvesting

A fake job, loan, prize, rental, or verification process collects IDs and face images for later impersonation.

04

Impersonation of you

A compromised account or copied profile is used to request money or information from your family, friends, or colleagues.

Warning signs

What should make you pause

  • Share ID only when necessary and through a verified channel. If it was exposed, contact the issuer and monitor your accounts.
  • You receive login, application, billing, or collection notices for activity you did not start.
  • A caller or form asks for more identity information than the stated service reasonably needs.
  • An institution contacts you about an application, account, debt, or delivery you do not recognise.
  • Your account recovery details, address, phone number, or identity information changes unexpectedly.
  • A service refuses access because another person has already used or verified your identity.
Your response

Use the three ScamProof habits

01

Pause

Do not let urgency choose for you.

02

Check

Contact the organisation yourself.

03

Protect

Never share secret account details.

Safest next move

Check

Contact the affected institution through an official channel, secure your email and financial accounts, and ask the relevant ID issuer about replacement or monitoring steps.

Verify safely

Investigate without engaging the sender

You do not need to prove that a message is fake before stepping away. Verify the claim independently and keep the suspicious sender outside that process.

  1. 01

    Leave the original channel

    Do not reply, click, call a supplied number, scan a QR code, install an app, or send a small ‘test’ payment. A legitimate issue can wait while you verify it.

  2. 02

    Find the real organisation yourself

    Use an app you already installed, a bookmarked website, the number printed on your card, or a regulator’s official directory. Search results and sponsored ads can also be impersonated, so check the domain carefully.

  3. 03

    Check the claim, not just the sender

    Caller ID, profile photos, logos, badges, documents, and even familiar voices can be faked. Ask whether the claimed problem appears inside the official account or can be confirmed by a known representative.

  4. 04

    Use a second person and a second channel

    Show the message to someone you trust. If the sender claims to be a person you know, contact that person through a different number or app that you already used before.

  5. 05

    Take pressure as a reason to stop

    A safe organisation will allow time to check. Threats, secrecy, guaranteed rewards, and warnings not to hang up are reasons to end the interaction—not reasons to hurry.

Act quickly

If you already replied, clicked, shared information, or paid

Do not let embarrassment or uncertainty delay you. Fast action gives banks, platforms, and service providers more opportunity to protect your accounts or trace a transaction.

Tell each affected institution that identity theft is suspected and ask it to freeze or investigate the account. Secure your primary email, preserve application notices and reference numbers, and ask ID issuers what replacement or monitoring options apply.
  1. 01

    Stop contact and preserve evidence

    Do not send more money to fix the problem. Save messages, usernames, phone numbers, email headers, URLs, receipts, transaction IDs, and dates before blocking or deleting anything.

  2. 02

    Contact the payment provider immediately

    Tell the bank, card issuer, wallet, transfer service, or exchange that the transaction was connected to a scam. Ask whether it can be stopped, recalled, disputed, or flagged, and record the case number.

  3. 03

    Secure the most important accounts first

    From a trusted device, protect your email and financial accounts, then other affected services. Change reused passwords, sign out unknown sessions, review recovery details, and turn on multi-factor authentication.

  4. 04

    Protect your phone number and identity

    Contact your mobile provider if service stopped unexpectedly or a SIM change is suspected. If identity documents were exposed, ask the relevant issuer what monitoring, replacement, or fraud-alert steps are available.

  5. 05

    Warn people who may be targeted next

    If an email, messaging, or social account was involved, tell contacts not to trust recent requests from it. Scammers often use a compromised account to reach family, coworkers, and customers.

  6. 06

    Report the account and the incident

    Report the profile, message, advertisement, or listing to the platform. Also report through the appropriate cybercrime, financial, securities, or consumer-protection channel and keep every reference number.

Reporting in the Philippines

Report online scams to the Cybercrime Investigation and Coordinating Center through hotline 1326. For a concern involving a BSP-supervised financial institution, report it to the institution first and keep the reference number before escalating through BSP Online Buddy.

Reduce future risk

Build defenses before the next message arrives

No single tool stops every scam. A few practical layers make it harder for a scammer to turn one mistake into a larger loss.

Use unique passwords

A password manager can create and store a different strong password for every important account, limiting damage when one service is breached.

Turn on strong MFA

Use an authenticator app, security key, or passkey where available. Never approve an unexpected prompt or give a verification code to another person.

Enable alerts and sensible limits

Turn on login and transaction notifications. Review transfer limits and saved payees so an account takeover is less useful to a criminal.

Review accounts regularly

Check financial statements, login history, recovery information, connected apps, and devices. Report unfamiliar activity instead of waiting for the next statement.

Create a family verification habit

Agree that urgent money requests will always be confirmed through a second channel. A simple family question or code phrase can help when a voice or account is impersonated.

Philippine practical guides

Take the next step with ScamProof

Stay in the ScamProof learning experience for locally relevant checking, reporting, recovery, and verification guidance.

Recover after a scamReport a scam in the Philippines
Official guidance

Sources and further reading

These official resources support the guidance in this lesson and provide current reporting and recovery information.