Romance scams: how to certify the evidence before you report it
You almost always realise it too late: after the last transfer, after months of conversation with someone who never existed. The first instinct is to open the chat and save everything. That is where the second injury starts. The number no longer answers, the profile has been deleted, and the screenshots taken weeks earlier can be challenged in court.
Anyone who has been through an online dating scam faces two problems at once. One is timing, because the scammer erases their tracks within hours. One is form, because whatever is left does not prove on its own when it was captured or that it stayed intact. Certifying the evidence at the source, while chats, profiles and receipts are still online, solves both in a single move.
What a romance scam is and how it works in 2026
A romance scam is a fraud in which someone builds an affectionate relationship online using a false identity, feeds the victim's trust for weeks or months, then induces them to transfer money under emergency pretexts. The emotional bond is the instrument, the money is the objective. Photos, name and biography are stolen or generated.
The FBI Internet Crime Complaint Center, which files these cases under confidence fraud, recorded 23,159 such complaints in 2025, with reported losses of $929,287,469, inside a total of 1,008,597 complaints and $20.877 billion lost to internet crime, a 26% rise on 2024 (IC3 2025 Annual Report). The Federal Trade Commission reports the same direction of travel from the consumer side: romance scam losses rose 22% in 2025, working out at roughly $2,020 per person (FTC). The individual amounts are ordinary. The aggregate is enormous. That gap is why sweetheart scams rarely attract the investigative attention their volume would justify, and why the burden of preserving proof lands on the victim.
The typical stages of a romance scam
A romance scam follows a script that barely changes from case to case. Contact arrives from an attractive profile on a social network or dating app, followed by relentless attention, the love bombing: messages from morning to night, life plans after a fortnight, a request to move to a private channel. The point is isolation: keeping the victim away from anyone who might notice the inconsistencies.
Then comes the biography, almost always a person who is far away for noble reasons: a soldier on deployment, a surgeon in a crisis zone. The distance explains why you cannot meet and why money is needed. The first request is small and urgent, a customs fee to release a parcel or a flight to bring forward, and if it works the amounts grow. Sometimes intimate photos turn into blackmail, then the contact vanishes.
Anyone wondering how to unmask a romance scammer usually starts with the photos, and a reverse image search often shows they belong to somebody else, the oldest tell in catfishing. That is a clue, though, not proof.
Why a video call no longer proves identity
Accepting a video call no longer demonstrates that the person on the other side is who they claim to be. In the Arup case an employee joined a video call with what appeared to be the chief financial officer and other colleagues, and authorised transfers worth $25 million. Every participant except the victim was a synthetic reconstruction (CNN). If a deepfake holds up in a corporate meeting with several participants, it holds up across ten minutes of an affectionate video call in low light. The same applies to audio, where synthetic voices make a voice message a fragile point of confirmation.
The evidential consequence is the one that matters here: chasing the fake is a race you lose, guaranteeing the authentic is not. That is the logic of certification at the source rather than detection.
A video call no longer proves who is on the other side, but certifying it with TrueScreen proves that the call happened, on that date and with that content.
Why romance scam evidence disappears and gets challenged
Romance scam evidence is fragile twice over: it vanishes quickly and, when it survives, it is in the wrong form. The scammer controls the content and deletes it at will; the victim controls only images of that content, and images get contested.
Profiles and conversations deleted by the scammer
Whoever runs a love scam is not improvising. When the job is done, or when they realise they have been rumbled, they close the account and change the number. It is the same dynamic as content deleted by its author in online defamation cases, and worse, because stories and disappearing messages are ephemeral content that erases itself on a timer. The useful window is measured in hours: the ones between the first suspicion and the other side's reaction.
The evidentiary limits of a plain screenshot
A screenshot proves less than people assume. Under Federal Rule of Evidence 901(a), the party producing an item must "produce evidence sufficient to support a finding that the item is what the proponent claims it is" (Rule 901). A picture of a screen does not do that by itself: it carries no reliable record of when it was taken, no proof the content was left unmodified, and nothing tying what you see to the account it came from.
Rule 902 points at what does work. Subsection (14) treats data copied from an electronic device as self-authenticating when it is "authenticated by a process of digital identification", which the Advisory Committee notes describe as ordinarily meaning a hash value (Rule 902). The rule was written around exactly the property a plain screenshot lacks. Across EU proceedings the mechanism differs but the direction is the same: under the eIDAS Regulation a qualified electronic time stamp "shall enjoy the presumption of the accuracy of the date and the time it indicates and the integrity of the data to which the date and time are bound" (Article 41), and a qualified electronic seal carries a presumption of integrity and correctness of origin (Article 35) (Regulation (EU) 910/2014).
The objections raised against screenshots in court are few and always the same, and they work because producing edited screenshots is within anyone's reach. This is why the evidentiary weight of WhatsApp chats depends less on what they say than on how they were captured.
| Aspect | Plain screenshot | Certified acquisition |
|---|---|---|
| Integrity | Not attested: the file can be altered without leaving a trace | Attested by the hash of the captured content |
| Trusted date | Absent: the device date applies, and it can be changed | Qualified timestamp issued by a QTSP integrated via API |
| Admissibility | Rests on the producing party's word under FRE 901(a) | Supported by a technical attestation of the kind FRE 902(14) contemplates |
| Chain of custody | None: who captured it, when and how cannot be reconstructed | Documented from acquisition through to the report |
Romance scam victims use TrueScreen to capture chats and profile pages before the scammer deletes them, obtaining a document with a trusted date to attach to their report.
What evidence to collect before reporting a romance scam
The evidence to collect before reporting a romance scam falls into four categories:
- Complete conversations: chats, emails, voice notes, documents sent
- Profile and social pages of the scammer, with URL and date
- Receipts for every transfer, card top-up or crypto payment
- Recordings of video calls and audio messages received
| Evidence type | Where it lives | Risk if not certified | How to certify it |
|---|---|---|---|
| Conversations and chats | WhatsApp, Telegram, Messenger, email, dating apps | Unilateral deletion, challenge to authenticity | Certified acquisition of the chat from the smartphone |
| Profiles and social pages | Facebook, Instagram, dating sites | Account removed within hours | Web page acquisition with URL and trusted date |
| Video calls and voice messages | Live calls, audio notes | Ephemeral content, doubt over authenticity | Certification of the recording at the moment of capture |
| Money transfers | Bank transfers, top-ups, wallets, receipts | Scattered documents, hard to tie to a person | Certification of the files and receipts |
Conversations and chats
The chats hold the fraud itself: the promise, the emergency, the request. They need capturing in full, with the number, the account name, the dates and anything the scammer sent inside them, such as a photographed passport or an invoice for a customs fee that never existed. A conversation trimmed down to the three messages where the other person asks for money is the first thing a defence attacks. Stripped of context, a fraudulent request looks like a loan between acquaintances.
Profiles and social pages
The fake profile is the proof of the deception, and it is the element that disappears first. You need the full URL, the page content as it appeared, and the date of capture. None of that lives inside a photograph of a screen. Certifying a web page pins all three together, and saving a profile page as evidence takes a few minutes while the account is still up.
Video calls and voice messages
Video calls and voice notes establish that the relationship existed and that the other party said certain things on certain dates. Recordings used as evidence are generally usable where the person recording took part in the conversation, subject to local consent rules. Certifying a video at the moment of capture avoids arguing months later about whether the file is the original.
Money transfers and receipts
Every payment leaves a trail: transfers with account details and a reference, prepaid card top-ups, crypto transfers with a wallet address. The bank keeps its own records, but you also need the screens showing the instructions received in chat: those are what tie the payment to the person. Certifying a file such as a payment confirmation anchors it to a verifiable date and content.
What certifying evidence at the source means
Certifying evidence at the source means capturing it with forensic methodology while it still exists, attesting its integrity and its date at that same moment rather than trying to demonstrate both afterwards. The difference is not technical, it is the order of operations: a screenshot photographs content and leaves every question about when and how wide open, while a certified acquisition answers those questions as it performs them.
The acquisition produces a digital fingerprint of the content, the hash, which makes any later modification apparent, and a qualified timestamp that fixes the moment with the evidentiary presumption eIDAS attaches to it. Alongside these sits the document describing what was acquired, from where, and by what procedure: the chain of custody that a private individual cannot construct alone. It is the forensic copy principle applied to a single piece of content. In a romance scam it is the difference between having a memory and having a document.
How do you certify romance scam evidence before it disappears?
TrueScreen, the Data Authenticity Platform, lets you certify conversations, social profiles and payment receipts while they are still online, applying an electronic seal that attests their integrity and a trusted date. The seal and the timestamp are issued by third-party qualified QTSPs integrated via API: TrueScreen does not issue certificates, it acquires the content with forensic methodology and binds the qualified attestation to it. For someone who has been defrauded, the advantage is timing. The acquisition takes minutes, using the phone already in your hand, before the other party closes the accounts.
The tools cover the four evidence categories. The TrueScreen App certifies screenshots of chats and profiles from a smartphone; the Chrome Extension captures profiles and social pages from the browser; the Forensic Browser acquires complete web pages; certification of video and recordings covers calls and voice messages.
A woman discovers after eight months that the surgeon on an overseas mission she speaks to every day does not exist. She has sent 14,000 euros across five transfers. She opens WhatsApp to save the conversations: the number is unreachable, the Instagram profile deleted. All she has left are screenshots taken months earlier to show a friend, which the other side can challenge in court. Had she certified the conversations and the profile while they were still online, she would have had a document with a trusted date to attach to her report.
Is a romance scam a crime? What the law says
Yes. Dressing fraud up as affection does not change what it is underneath. In the United States a scheme to obtain money "by means of false or fraudulent pretenses, representations, or promises" carried out through electronic communications in interstate or foreign commerce falls within federal wire fraud, punishable by fine and imprisonment (18 U.S.C. § 1343). The false identity and the simulated relationship are the fraudulent pretences; the money sent is the object. Most jurisdictions also treat assuming another person's identity to obtain an advantage as an offence in its own right, which matters because a fake profile can be a criminal act even where no money changed hands.
The practical obstacle is rarely the legal characterisation. It is proof. An investigation that opens on a deleted profile and a dead number starts from nothing. A court will never ask you whether romance scammers exist; it will ask whether this particular item is what you say it is, and that question only has an answer if the content was captured with an attestation of integrity and date behind it.
How and where to report a romance scam
Report a romance scam as soon as you understand what has happened, because the traces disappear long before any limitation period does. In the United States, complaints go to the FBI Internet Crime Complaint Center at ic3.gov and to the FTC at reportfraud.ftc.gov. Elsewhere, report to your national police or cybercrime unit. Tell your bank at the same time, whatever else you do.
Set out the facts in chronological order: how the contact began, what was requested, when and how much was sent. Attach the evidence you have gathered, ideally already certified. The same rules apply to marketplace scams: the pretext changes, the problem with the form of the evidence does not.
On getting the money back, the honest answer is the unwelcome one. Reporting to the bank straight away can sometimes stop a transfer that has just left; beyond that window the route is civil litigation and it is a matter for a lawyer. Be wary of recovery scams: anyone promising to recover your funds in exchange for an upfront fee is almost always the second act of the same fraud.
