Skip to content
ROBSLAW
Knowledge
Self-help guides

Evidence preservation checklist for fraud victims

A step-by-step checklist that materially improves the probability of recovery — regardless of whether you ultimately engage legal counsel.

Published
Last updated
min read
2 min read

Whether or not you ultimately engage a law firm, the steps you take in the first 72 hours after discovering a fraud have a disproportionate effect on what is still possible. This checklist is written to be useful before you have decided what to do.

Immediately

  • Stop further transfers. Do not send any additional funds. Ignore any "final payment to unlock" claim — this is the scam pattern continuing.
  • Do not confront the counterparty. A confrontation tips off the operator to move funds and close accounts.
  • Screenshot everything. Conversations, platform pages, account balances, withdrawal attempts. Screenshot the full browser window including the URL bar.
  • Record transaction hashes. For crypto transfers, copy each transaction hash (Tx Hash / TXID) into a plain text file. Note the source address, destination address, amount, and timestamp.
  • Keep a single chronological log. A simple dated list of events is much more useful than fragmented notes across apps.

Within 48 hours

  • File a police report and obtain a reference number. In many jurisdictions this is a pre-requisite for later civil or regulatory action. Attach the transaction log.
  • Notify your bank if funds were sent via a regulated banking channel. Fraud claims against SWIFT or card-network transactions are subject to short windows.
  • Notify any exchange involved if your account was used to send funds. Request that the destination address be flagged.
  • Preserve device state if possible. Do not reinstall, factory-reset, or update the device used to communicate with the counterparty. Metadata and app databases matter.

Evidence packaging (if you will engage counsel)

  • Full conversation export (not summaries) in the original app format.
  • Bank and exchange statements for the relevant window.
  • KYC documents you provided to the fraudulent platform, if any.
  • Any marketing material — emails, videos, websites (via WayBack or browser archive).
  • The transaction log described above.

What not to do

  • Do not post the scam publicly naming the counterparty while funds may still be traceable. It can prompt the operator to move faster.
  • Do not engage any "recovery service" that contacts you out of the blue. The recovery-scam industry is real and significant. See our fraud alert page.
  • Do not send your passport, seed phrases, or remote-access credentials to anyone — law firm, regulator, or otherwise — regardless of what they claim.

What this does not change

Following every step above does not guarantee a recovery. Many of these cases remain unrecoverable even with perfect evidence. What it changes is the probability: cases with disciplined early preservation are materially more likely to reach a freezing order or a successful law-enforcement referral. Our risk disclosure sets out the factors in detail.

ShareLinkedInEmail

If your situation relates to the topics above, we offer a free initial consultation.

Request a free consultation

Related articles