How to Report a Scam: Where to File Complaints and What Evidence to Save

Overview

A good scam report does two things at once: it increases the chance of recovery or account protection, and it creates a clean record of what happened. Many people rush straight to filing a complaint and skip the steps that make the complaint useful. In practice, the strongest reporting flow is usually:

1. Stop active harm. Lock accounts, freeze cards, change passwords, revoke sessions, and alert your bank or employer if needed.
2. Preserve evidence. Save screenshots, message headers, transaction details, tracking numbers, wallet addresses, usernames, URLs, and timestamps.
3. Report to the service involved. That might be your bank, payment app, marketplace, email provider, telecom carrier, employer, or domain host.
4. File external complaints. Use the relevant consumer fraud complaint or cybercrime reporting channel in your country or region.
5. Document every step. Keep case numbers, confirmation emails, names of agents, and dates of contact.

This order matters. If you wait too long to contact a bank, employer, or platform, recovery options may narrow. If you delete the text thread, discard the package label, or forward a phishing email without headers, you may lose useful evidence. And if you file a vague complaint with no artifacts, your report may still be counted, but it will be less actionable.

Before you begin, create a simple incident note with these fields:

• Date and time you first noticed the scam
• How the contact happened: email, text, phone call, social media, marketplace, ad, QR code, app, or website
• What the scammer claimed
• What action you took
• What information you shared
• Any money sent, including amount, method, and recipient details
• Any accounts affected
• Links, phone numbers, email addresses, handles, and payment identifiers involved

Think of this as your master record. You can reuse it when you report phishing scam attempts, submit a consumer fraud complaint, notify your employer, or escalate to financial institutions. For related verification steps, readers often pair this process with How to Verify a Suspicious Email Before You Click Anything, Phone Number Scam Lookup Guide: How to Check Unknown Calls, Texts, and Voicemails, and Is This Website a Scam? A 15-Point Site Check You Can Use Before You Buy.

Checklist by scenario

Use the scenario below that best matches what happened. The exact reporting channel varies, but the evidence checklist is often the difference between a useful report and a dead end.

1. Phishing email, fake login page, or email scam

First actions:

• Do not click again, reply, or download attachments.
• If you entered credentials, change the password immediately from a trusted device and enable multifactor authentication.
• Sign out of other sessions if your account supports it.
• If this involved a work account, notify your security or IT team right away.

What to save:

• Full sender address, not just display name
• Subject line
• Original message with headers if available
• Destination URL of any links
• Screenshots of the email and landing page
• Files or attachment names without opening them further
• Timestamp and mailbox folder where it appeared

Where to report fraud:

• Your email provider's phishing reporting tool
• Your employer's IT or security queue if it touched a business account
• The impersonated brand, bank, or service through its official fraud page
• Your national cybercrime or consumer reporting channel if money, identity data, or account takeover is involved

If you need a deeper pre-report validation process, see How to Verify a Suspicious Email Before You Click Anything.

2. Text scam, smishing alert, toll text, delivery text, or fake bank alert

First actions:

• Do not tap the link or call numbers provided in the message.
• If you already interacted, secure the account the text referenced.
• Block or filter the sender after preserving evidence.

What to save:

• Full text thread screenshot
• Sender number or shortcode
• Embedded links
• Voicemail audio if the text led to a callback scam
• Any website, form, or payment page you reached

Where to report fraud:

• Your mobile carrier's spam reporting workflow
• The impersonated institution using a number from its official website or app
• Consumer protection or cybercrime channels if money or credentials were involved

For current patterns, see Current Text Scam Trends to Watch: Delivery, Toll, Bank, and Account Alerts.

3. Phone scam, callback fraud, or fake customer support

First actions:

• End the call if pressure, urgency, remote access requests, or payment demands appear.
• If you granted device access, disconnect the device from the internet and remove any remote tools you can identify.
• Change passwords from a separate trusted device if credentials may have been exposed.

What to save:

• Incoming number and call time
• Voicemail recordings
• Notes on what was said and demanded
• Names or employee IDs claimed by the caller
• Remote access software names, session IDs, or install prompts
• Any payment instructions given

Where to report fraud:

• Your phone carrier's spam or nuisance call process
• The brand or institution the caller impersonated
• Your financial provider if payment details were shared
• Your internal IT team if a work device was touched

To research suspicious numbers, use Phone Number Scam Lookup Guide: How to Check Unknown Calls, Texts, and Voicemails.

4. Marketplace scam, fake seller, non-delivery, or off-platform payment fraud

First actions:

• Stop communication inside and outside the platform.
• Do not send additional deposits to “unlock” shipping, refunds, or verification.
• If payment was sent by bank transfer, card, or app, contact the provider immediately.

What to save:

• Listing URL and item screenshots
• Seller or buyer profile link and username
• Chat logs
• Invoice, payment request, and payment confirmation
• Tracking numbers, shipping labels, and package photos
• Serial numbers or item descriptions if counterfeit goods were involved

Where to report fraud:

• The marketplace's dispute or abuse reporting tool
• Your payment provider's unauthorized or goods-not-received channel
• Consumer protection channels if losses are significant or the seller used deception across multiple platforms

Related reading: Facebook Marketplace Scam Checklist for Buyers and Sellers.

5. Peer-to-peer payment scam, Zelle scam, Cash App scam, or transfer fraud

First actions:

• Contact the payment provider immediately through the app or official support path.
• If linked bank accounts or cards are exposed, alert the bank and review recent authorizations.
• Document whether the transfer was authorized, tricked, or unauthorized, since that distinction may affect the response path.

What to save:

• Payment handle, cashtag, phone number, email, or recipient ID
• Transaction ID and exact amount
• Chat history or invoice text that led to payment
• Account funding source used for the transfer
• Screenshots showing pending, completed, or reversed status

Where to report fraud:

• The payment app's fraud or dispute process
• The linked bank or card issuer
• Law enforcement or consumer reporting channels if the scam involved impersonation, extortion, or coordinated fraud

See Zelle, Cash App, and Peer-to-Peer Payment Scams: A Current Warning Guide.

6. Business email compromise, fake invoice scam, or vendor impersonation

First actions:

• Notify finance, security, legal, and the affected vendor immediately.
• Pause wire transfers or payment changes tied to the incident.
• Preserve mailboxes, logs, approval chains, and invoice files.

What to save:

• Email headers and forwarding history
• Invoice copies and any revised banking instructions
• Approval messages, purchase orders, and payment confirmations
• Mailbox audit logs or sign-in events if available
• Known-good vendor contact details used for out-of-band verification

Where to report fraud:

• Your bank's fraud team immediately if funds moved
• Your internal incident response process
• The affected vendor or customer through verified contacts
• Relevant cybercrime reporting channels in your jurisdiction

Related guides: Business Email Compromise Checklist: How to Prevent BEC in Finance and Operations Teams and Fake Invoice Scam Red Flags: How Businesses Can Spot Payment Fraud Early.

7. Scam website, fake store, or fraudulent checkout page

First actions:

• Stop entering data and close the page.
• If you submitted card details, contact your card issuer and monitor for unauthorized transactions.
• If you created an account, change that password anywhere it was reused.

What to save:

• Website URL and specific page URLs
• Checkout page screenshots
• Order number, invoice, and confirmation email
• Domain name and contact details shown on the site
• Ads, search results, or social posts that led you there

Where to report fraud:

• The hosting platform, registrar, ad platform, or marketplace if applicable
• Your payment provider or card issuer
• Consumer reporting channels for broader fraud complaints

Use Is This Website a Scam? A 15-Point Site Check You Can Use Before You Buy to document red flags.

8. QR code scam

First actions:

• Do not scan again or continue on the destination site.
• If the scan led to a login or payment page and you completed it, secure the related account or card immediately.

What to save:

• Photo of the QR code in its physical or digital context
• Destination URL after scanning
• Location where you encountered it
• Any stickers, overlays, or tampering signs

Where to report fraud:

• The venue, business, or service where the code appeared
• The payment provider or account provider affected
• Consumer or cybercrime reporting channels if losses occurred

For prevention details, see QR Code Scams Explained: How to Check a QR Code Before You Scan.

9. Identity theft or account takeover

First actions:

• Change passwords, revoke sessions, and enable multifactor authentication.
• Review account recovery options, linked emails, phone numbers, and trusted devices.
• Monitor bank, card, payroll, marketplace, and cloud accounts for suspicious changes.

What to save:

• Login alerts and sign-in history
• Password reset emails or texts
• Profile changes such as email, phone, payout method, or shipping address
• Unauthorized purchases, transfers, or messages

Where to report fraud:

• The affected account provider first
• Your bank or card issuer if payments were involved
• Relevant identity theft and consumer reporting channels in your region

What to double-check

Before you submit any report, slow down long enough to verify the basics. This avoids sending evidence to the wrong party or accidentally interacting with the scam again.

• Use official contact paths. Do not call numbers or click links from the suspicious message. Open the provider's website or app directly.
• Preserve original artifacts. A screenshot is helpful, but the original email, message thread, and transaction detail are often better.
• Capture timestamps. Time of contact, payment, login, and account change can be critical for fraud review.
• Record exact identifiers. Usernames, wallet addresses, order numbers, phone numbers, domain names, and transaction IDs are more useful than general descriptions.
• Separate facts from assumptions. In your complaint, state what you observed, what you clicked, and what you paid. Avoid padding the report with guesses.
• Check for broader exposure. If you reused a password, used the same email on multiple accounts, or installed software, the incident may be larger than the first symptom.
• Ask whether this is also a workplace issue. Personal and business channels often overlap, especially with payroll updates, fake invoices, and vendor impersonation.

A practical rule: if the scam touched money, identity data, or a work system, treat it as both a reporting problem and a containment problem.

Common mistakes

Most reporting failures are not about effort. They are about sequence, missing evidence, or contacting the wrong party first.

• Deleting the message too soon. People often remove the text, email, or listing before saving the details needed for a scam evidence checklist.
• Calling the number in the scam itself. That can lead to more social engineering or confirmation that your number is active.
• Waiting to contact the payment provider. If money moved, speed matters.
• Forwarding phishing emails in a way that strips technical details. If possible, use your provider's phishing report tool or preserve the original message.
• Reporting only to social media. Public posts may warn others, but they rarely replace platform, bank, telecom, or consumer complaint channels.
• Assuming a small loss is not worth reporting. A low-dollar scam can still be part of a larger pattern and may help link cases.
• Using one vague report everywhere. Tailor each submission. Your bank needs transaction details; a marketplace needs listing and account details; an email provider needs message data.
• Ignoring account hygiene after the report. Filing a complaint does not secure your inbox, phone, bank app, or cloud accounts.

If you are supporting a team, turn these mistakes into a short internal runbook. A one-page checklist can prevent the usual delays during vendor fraud, payroll diversion, or fake customer support incidents.

When to revisit

This topic is worth revisiting any time your tools, reporting workflows, or risk exposure change. Use the list below as a maintenance schedule rather than a one-time read.

• Before seasonal planning cycles. Fraud patterns often spike around holidays, tax periods, major shopping events, and annual billing windows.
• When workflows or tools change. New payment methods, new marketplaces, new support channels, or new AI-assisted messaging workflows can change both exposure and reporting paths.
• When your organization changes approval processes. Payment, invoice, and account recovery procedures should be rechecked after staffing or system changes.
• After any real incident. Update your saved checklist with the exact evidence that proved useful and the contact points that worked.
• When platforms update abuse reporting tools. Reporting menus, evidence requirements, and appeal flows can change over time.

To make this article practical, build your own reporting kit today:

1. Create a folder called Scam Reporting Kit.
2. Save a blank incident note template with fields for date, channel, losses, identifiers, and actions taken.
3. Bookmark the official fraud pages for your bank, email provider, payment apps, main marketplaces, and employer help desk.
4. Store links to your most-used verification guides, including suspicious email, phone lookup, text scam patterns, and website checks.
5. Review the kit before travel, major purchases, seasonal sales periods, or finance workflow changes.

The goal is simple: when a scam happens, you should not have to improvise. You should know where to report fraud, what evidence to save, and what to secure first. That makes your report more useful, your response faster, and your recovery path clearer.