When something criminal happens online — a scam, a hacked account, harassment, stolen money — reporting it well is its own skill. There is no single place to report; there is a hierarchy, and how you package what you hand over decides whether it gets acted on or set aside. This guide walks who to report to, in what order, and how to prepare the evidence so it survives.
Read this first: this is educational, not legal advice. If you are in immediate danger, call 911. Preserve your evidence before you do anything else — the steps below assume you still have the originals.
The reporting hierarchy — where to file, in order
- Your local police (get a report number). File a report with your local department and ask for the case or report number in writing. That number is what banks, insurers, and other agencies will ask for, and it opens the door to any local investigation.
- FBI IC3 (ic3.gov) for internet crime. The Internet Crime Complaint Center is the federal intake for online fraud and cybercrime. Describe what happened and do not attach files — keep your originals and provide them if an investigator asks. For a wire or bank transfer, filing fast lets the FBI Recovery Asset Team try to freeze the funds.
- FTC at ReportFraud.ftc.gov for fraud. The FTC feeds the Consumer Sentinel network that law enforcement across the country searches. It does not open your individual case, but it builds the pattern that gets a scammer investigated.
- IdentityTheft.gov if your identity was used. If accounts were opened or your identity misused, this FTC site generates a recovery plan and an identity-theft affidavit you can give to police and creditors.
Not every case needs all four. A romance scam with a wire loss goes to police, IC3, and the FTC; a hacked account with no financial loss may be police plus a platform report. Start local, then add the federal channels that match what happened.
What to hand over: packaging a report police accept
Officers act on what is clear and complete. Bring:
- A short, dated timeline. One page: what happened, when, and in what order — the single most useful thing you can provide.
- The preserved originals. Exported messages and backups, not just screenshots — and never your only copy.
- Full message headers and identifiers. Complete email headers, phone numbers, usernames, and profile links — the details that let an investigator trace a source.
- The financial trail. Amounts, dates, reference numbers, account or wallet addresses, and any receipts, in one list.
- Everything in one place. A single labeled folder (digital or paper) with an index, so nothing has to be reconstructed from memory.
Common mistakes that get evidence ignored
- Handing over screenshots only. A metadata-stripped image is a weak, easily challenged record; see screenshots versus forensic evidence.
- Breaking the chain of custody. No record of where evidence came from or who handled it invites the argument that it was altered.
- Modifying the device.Continued use, a factory reset, or a “cleanup” overwrites data and can destroy what an examiner could have recovered.
- Deleting the offending messages. Removing the very evidence you are reporting looks like spoliation and leaves nothing to investigate.
- Leaving out headers and timestamps. Without them, a message cannot be tied to a sender or a time, and its value drops sharply.
When to bring in a forensic examiner
Reporting is often enough on its own. Consider a credentialed examiner when the matter is contested, when the device cannot be safely preserved by hand, when you need deleted data recovered, or when a screenshot clearly will not survive a challenge. An examiner collects and documents the evidence to a standard that stands up — see private digital forensics for individuals and, once you are ready to organize a handoff, how to organize evidence for a lawyer or the police. If a scam is involved, our honest scam-recovery guide walks the first steps.

















