How to Document Online Fraud: A Step-by-Step Guide

Online fraud takes many forms — investment scams, fake online stores, identity fraud, romance scams, phishing campaigns, marketplace deception, and more. What they have in common is that the evidence is digital, often fleeting, and almost always harder to recover after the fact than it would have been to capture at the time.

Whether you are a victim, a private investigator working a case, a fraud analyst at a financial institution, or a law enforcement officer conducting preliminary research — the principles of documenting online fraud are the same. This guide walks through each step.

Step 1: Capture Everything Before You Do Anything Else

The first and most critical step is preservation. Before you contact the fraudster, report to a platform, alert your bank, or consult a solicitor — capture the evidence.

What to capture immediately:

• The website or platform where the fraud occurred — full page, not just the visible area. Capture the URL clearly.
• The fraudster's profile or listing — name, username, profile photo, contact details, any identifying information
• All communications — messages, emails, chat logs, voice message transcripts
• Product listings, investment offerings, or solicitations — exactly as they appeared
• Payment pages or instructions — account numbers, wallet addresses, payment references
• Any receipts, confirmations, or tracking information you received

Capture with a tool that records the timestamp, URL, and generates a cryptographic hash. A regular screenshot is not enough — it can be easily challenged. Use forensic-grade evidence capture software that creates a verifiable record. Read more about what legal-grade evidence requires.

Step 2: Create a Case and Organise From the Start

Fraud investigations often expand. What starts as a single fraudulent listing may connect to a network of fake accounts, multiple victims, or a sophisticated organised scheme. If you haven't organised your evidence from the beginning, reconstructing the investigation later is painful and often incomplete.

Create a named investigation case before you continue gathering evidence. Every screenshot, PDF, and piece of documentation should be filed against that case with a clear reference. If you're a professional investigator, use your case management system. If you're an individual, at minimum create a clearly named folder with a log of what you captured, when, and from where.

Investigation software like WebInvestigator handles this automatically — creating a timestamped timeline of your investigation activity and organising all evidence by case.

Step 3: Document the Pattern, Not Just the Incident

A single screenshot of a fake product listing tells one story. A documented pattern — multiple listings, similar phrasings across different platforms, a network of connected accounts, a consistent payment method — tells a much more compelling one.

Invest time in the following research before reporting:

Search for other victims

Look for complaints, reviews, or warnings about the same scheme on consumer forums, Reddit, Scamwatch (Australia), Action Fraud (UK), or the FTC complaint portal (USA). If others have reported the same operation, note this and capture the relevant pages as evidence.

Research the account or website

How old is the account? Does the profile photo appear on other accounts? Is the website a recent registration? Does the business have a verifiable physical address or ABN/ACN? OSINT research can quickly reveal whether you're dealing with an established fraudulent operation. See our guide to OSINT investigation tools for how to approach this research.

Capture associated accounts and linked infrastructure

The same fraudster often operates multiple accounts across different platforms. If you can identify linked accounts, capture them all — even if they don't appear directly relevant. Relationships between accounts can become significant later.

Step 4: Preserve Communications With Full Context

Email and message threads are often the strongest evidence in a fraud case — they show intent, promises made, and the sequence of events. But capturing them correctly matters:

• Do not delete or alter any communications. Even messages from the fraudster that feel embarrassing or that reveal you almost detected the scam should be preserved.
• Capture full headers on emails. Email headers contain routing information that helps trace the true origin of a message. Forward suspicious emails to yourself and capture the full header view, not just the displayed message.
• Screenshot messaging apps with metadata visible. Capture the sender's name, profile, timestamp, and platform in frame — not just the message text.
• Export logs where the platform allows. Some platforms allow you to export full message history as a file. Do this as a backup alongside screenshots.

Step 5: Record Your Financial Trail

For financial fraud, your bank records and transaction history are critical evidence. Preserve:

• Bank statements showing the disputed transaction(s)
• Payment confirmations and receipts
• Cryptocurrency wallet addresses and transaction IDs if relevant
• Any promised returns, invoices, or contracts
• Evidence of funds or goods never delivered

Contact your bank or payment provider immediately. Many have fraud dispute processes with time limits — typically 30–120 days from the transaction, depending on the jurisdiction and payment method. Acting quickly improves the chances of recovery.

Step 6: Report to the Right Authorities

Reporting online fraud serves two purposes: it may help recover your losses, and it contributes to the intelligence pool that law enforcement uses to identify patterns and prosecute organised fraud operations.

Australia

• Scamwatch (ACCC) — scamwatch.gov.au — primary reporting portal for scams
• ReportCyber (Australian Federal Police) — for cybercrime including online fraud
• Your state police — for local fraud matters, particularly if significant funds are involved
• ASIC — for investment fraud and financial services misconduct

United Kingdom

• Action Fraud — actionfraud.police.uk — national reporting centre for fraud and cybercrime
• FCA — for investment scams and financial fraud

United States

• FTC — reportfraud.ftc.gov
• IC3 (FBI) — ic3.gov — for internet crime complaints

Step 7: If You're Working a Fraud Investigation Professionally

For private investigators, insurance investigators, corporate fraud teams, and law enforcement officers investigating fraud on behalf of a client or employer, the above steps apply equally — but the standards are higher and the stakes of evidence failure are greater.

Additional considerations for professional investigations:

• Maintain a complete, unbroken chain of custody. Every piece of evidence needs a clear record from capture to production.
• Use dedicated investigation software. Personal email, standard screenshot tools, and consumer cloud storage are not appropriate for professional investigation evidence.
• Keep investigation and personal browsing strictly separate. Use a dedicated browser profile or device for investigation work.
• Export a complete evidence package at key milestones. Don't rely on a single device or software installation as your only copy of the investigation record.