Romance scams: how to certify the evidence before you report it

You almost always realise it too late: after the last transfer, after months of conversation with someone who never existed. The first instinct is to open the chat and save everything. That is where the second injury starts. The number no longer answers, the profile has been deleted, and the screenshots taken weeks earlier can be challenged in court.

Anyone who has been through an online dating scam faces two problems at once. One is timing, because the scammer erases their tracks within hours. One is form, because whatever is left does not prove on its own when it was captured or that it stayed intact. Certifying the evidence at the source, while chats, profiles and receipts are still online, solves both in a single move.

What a romance scam is and how it works in 2026

A romance scam is a fraud in which someone builds an affectionate relationship online using a false identity, feeds the victim's trust for weeks or months, then induces them to transfer money under emergency pretexts. The emotional bond is the instrument, the money is the objective. Photos, name and biography are stolen or generated.

The FBI Internet Crime Complaint Center, which files these cases under confidence fraud, recorded 23,159 such complaints in 2025, with reported losses of $929,287,469, inside a total of 1,008,597 complaints and $20.877 billion lost to internet crime, a 26% rise on 2024 (IC3 2025 Annual Report). The Federal Trade Commission reports the same direction of travel from the consumer side: romance scam losses rose 22% in 2025, working out at roughly $2,020 per person (FTC). The individual amounts are ordinary. The aggregate is enormous. That gap is why sweetheart scams rarely attract the investigative attention their volume would justify, and why the burden of preserving proof lands on the victim.

The typical stages of a romance scam

A romance scam follows a script that barely changes from case to case. Contact arrives from an attractive profile on a social network or dating app, followed by relentless attention, the love bombing: messages from morning to night, life plans after a fortnight, a request to move to a private channel. The point is isolation: keeping the victim away from anyone who might notice the inconsistencies.

Then comes the biography, almost always a person who is far away for noble reasons: a soldier on deployment, a surgeon in a crisis zone. The distance explains why you cannot meet and why money is needed. The first request is small and urgent, a customs fee to release a parcel or a flight to bring forward, and if it works the amounts grow. Sometimes intimate photos turn into blackmail, then the contact vanishes.

Anyone wondering how to unmask a romance scammer usually starts with the photos, and a reverse image search often shows they belong to somebody else, the oldest tell in catfishing. That is a clue, though, not proof.

Why a video call no longer proves identity

Accepting a video call no longer demonstrates that the person on the other side is who they claim to be. In the Arup case an employee joined a video call with what appeared to be the chief financial officer and other colleagues, and authorised transfers worth $25 million. Every participant except the victim was a synthetic reconstruction (CNN). If a deepfake holds up in a corporate meeting with several participants, it holds up across ten minutes of an affectionate video call in low light. The same applies to audio, where synthetic voices make a voice message a fragile point of confirmation.

The evidential consequence is the one that matters here: chasing the fake is a race you lose, guaranteeing the authentic is not. That is the logic of certification at the source rather than detection.

A video call no longer proves who is on the other side, but certifying it with TrueScreen proves that the call happened, on that date and with that content.

Why romance scam evidence disappears and gets challenged

Romance scam evidence is fragile twice over: it vanishes quickly and, when it survives, it is in the wrong form. The scammer controls the content and deletes it at will; the victim controls only images of that content, and images get contested.

Profiles and conversations deleted by the scammer

Whoever runs a love scam is not improvising. When the job is done, or when they realise they have been rumbled, they close the account and change the number. It is the same dynamic as content deleted by its author in online defamation cases, and worse, because stories and disappearing messages are ephemeral content that erases itself on a timer. The useful window is measured in hours: the ones between the first suspicion and the other side's reaction.

The evidentiary limits of a plain screenshot

A screenshot proves less than people assume. Under Federal Rule of Evidence 901(a), the party producing an item must "produce evidence sufficient to support a finding that the item is what the proponent claims it is" (Rule 901). A picture of a screen does not do that by itself: it carries no reliable record of when it was taken, no proof the content was left unmodified, and nothing tying what you see to the account it came from.

Rule 902 points at what does work. Subsection (14) treats data copied from an electronic device as self-authenticating when it is "authenticated by a process of digital identification", which the Advisory Committee notes describe as ordinarily meaning a hash value (Rule 902). The rule was written around exactly the property a plain screenshot lacks. Across EU proceedings the mechanism differs but the direction is the same: under the eIDAS Regulation a qualified electronic time stamp "shall enjoy the presumption of the accuracy of the date and the time it indicates and the integrity of the data to which the date and time are bound" (Article 41), and a qualified electronic seal carries a presumption of integrity and correctness of origin (Article 35) (Regulation (EU) 910/2014).

The objections raised against screenshots in court are few and always the same, and they work because producing edited screenshots is within anyone's reach. This is why the evidentiary weight of WhatsApp chats depends less on what they say than on how they were captured.

AspectPlain screenshotCertified acquisition
IntegrityNot attested: the file can be altered without leaving a traceAttested by the hash of the captured content
Trusted dateAbsent: the device date applies, and it can be changedQualified timestamp issued by a QTSP integrated via API
AdmissibilityRests on the producing party's word under FRE 901(a)Supported by a technical attestation of the kind FRE 902(14) contemplates
Chain of custodyNone: who captured it, when and how cannot be reconstructedDocumented from acquisition through to the report

Romance scam victims use TrueScreen to capture chats and profile pages before the scammer deletes them, obtaining a document with a trusted date to attach to their report.

What evidence to collect before reporting a romance scam

The evidence to collect before reporting a romance scam falls into four categories:

  • Complete conversations: chats, emails, voice notes, documents sent
  • Profile and social pages of the scammer, with URL and date
  • Receipts for every transfer, card top-up or crypto payment
  • Recordings of video calls and audio messages received
Evidence typeWhere it livesRisk if not certifiedHow to certify it
Conversations and chatsWhatsApp, Telegram, Messenger, email, dating appsUnilateral deletion, challenge to authenticityCertified acquisition of the chat from the smartphone
Profiles and social pagesFacebook, Instagram, dating sitesAccount removed within hoursWeb page acquisition with URL and trusted date
Video calls and voice messagesLive calls, audio notesEphemeral content, doubt over authenticityCertification of the recording at the moment of capture
Money transfersBank transfers, top-ups, wallets, receiptsScattered documents, hard to tie to a personCertification of the files and receipts

Conversations and chats

The chats hold the fraud itself: the promise, the emergency, the request. They need capturing in full, with the number, the account name, the dates and anything the scammer sent inside them, such as a photographed passport or an invoice for a customs fee that never existed. A conversation trimmed down to the three messages where the other person asks for money is the first thing a defence attacks. Stripped of context, a fraudulent request looks like a loan between acquaintances.

Profiles and social pages

The fake profile is the proof of the deception, and it is the element that disappears first. You need the full URL, the page content as it appeared, and the date of capture. None of that lives inside a photograph of a screen. Certifying a web page pins all three together, and saving a profile page as evidence takes a few minutes while the account is still up.

Video calls and voice messages

Video calls and voice notes establish that the relationship existed and that the other party said certain things on certain dates. Recordings used as evidence are generally usable where the person recording took part in the conversation, subject to local consent rules. Certifying a video at the moment of capture avoids arguing months later about whether the file is the original.

Money transfers and receipts

Every payment leaves a trail: transfers with account details and a reference, prepaid card top-ups, crypto transfers with a wallet address. The bank keeps its own records, but you also need the screens showing the instructions received in chat: those are what tie the payment to the person. Certifying a file such as a payment confirmation anchors it to a verifiable date and content.

What certifying evidence at the source means

Certifying evidence at the source means capturing it with forensic methodology while it still exists, attesting its integrity and its date at that same moment rather than trying to demonstrate both afterwards. The difference is not technical, it is the order of operations: a screenshot photographs content and leaves every question about when and how wide open, while a certified acquisition answers those questions as it performs them.

The acquisition produces a digital fingerprint of the content, the hash, which makes any later modification apparent, and a qualified timestamp that fixes the moment with the evidentiary presumption eIDAS attaches to it. Alongside these sits the document describing what was acquired, from where, and by what procedure: the chain of custody that a private individual cannot construct alone. It is the forensic copy principle applied to a single piece of content. In a romance scam it is the difference between having a memory and having a document.

TrueScreen

TrueScreen

TrueScreen, the forensic acquisition and certification platform

Acquire and certify digital content with legal value, right from the source.

Discover more →

How do you certify romance scam evidence before it disappears?

TrueScreen, the Data Authenticity Platform, lets you certify conversations, social profiles and payment receipts while they are still online, applying an electronic seal that attests their integrity and a trusted date. The seal and the timestamp are issued by third-party qualified QTSPs integrated via API: TrueScreen does not issue certificates, it acquires the content with forensic methodology and binds the qualified attestation to it. For someone who has been defrauded, the advantage is timing. The acquisition takes minutes, using the phone already in your hand, before the other party closes the accounts.

The tools cover the four evidence categories. The TrueScreen App certifies screenshots of chats and profiles from a smartphone; the Chrome Extension captures profiles and social pages from the browser; the Forensic Browser acquires complete web pages; certification of video and recordings covers calls and voice messages.

A woman discovers after eight months that the surgeon on an overseas mission she speaks to every day does not exist. She has sent 14,000 euros across five transfers. She opens WhatsApp to save the conversations: the number is unreachable, the Instagram profile deleted. All she has left are screenshots taken months earlier to show a friend, which the other side can challenge in court. Had she certified the conversations and the profile while they were still online, she would have had a document with a trusted date to attach to her report.

Is a romance scam a crime? What the law says

Yes. Dressing fraud up as affection does not change what it is underneath. In the United States a scheme to obtain money "by means of false or fraudulent pretenses, representations, or promises" carried out through electronic communications in interstate or foreign commerce falls within federal wire fraud, punishable by fine and imprisonment (18 U.S.C. § 1343). The false identity and the simulated relationship are the fraudulent pretences; the money sent is the object. Most jurisdictions also treat assuming another person's identity to obtain an advantage as an offence in its own right, which matters because a fake profile can be a criminal act even where no money changed hands.

The practical obstacle is rarely the legal characterisation. It is proof. An investigation that opens on a deleted profile and a dead number starts from nothing. A court will never ask you whether romance scammers exist; it will ask whether this particular item is what you say it is, and that question only has an answer if the content was captured with an attestation of integrity and date behind it.

How and where to report a romance scam

Report a romance scam as soon as you understand what has happened, because the traces disappear long before any limitation period does. In the United States, complaints go to the FBI Internet Crime Complaint Center at ic3.gov and to the FTC at reportfraud.ftc.gov. Elsewhere, report to your national police or cybercrime unit. Tell your bank at the same time, whatever else you do.

Set out the facts in chronological order: how the contact began, what was requested, when and how much was sent. Attach the evidence you have gathered, ideally already certified. The same rules apply to marketplace scams: the pretext changes, the problem with the form of the evidence does not.

On getting the money back, the honest answer is the unwelcome one. Reporting to the bank straight away can sometimes stop a transfer that has just left; beyond that window the route is civil litigation and it is a matter for a lawyer. Be wary of recovery scams: anyone promising to recover your funds in exchange for an upfront fee is almost always the second act of the same fraud.

FAQ: romance scam evidence and reporting

What evidence do I need to report a romance scam?
You need the complete conversations, the social profile the contact came from, receipts for every payment, and recordings of video calls or voice notes. Collecting romance scam evidence can be handled with TrueScreen, which certifies screenshots, web pages and recordings at the source rather than after the fact.
Do I need evidence to report someone?
No. A report can be filed without it, because what you bring to the authorities is notice of a possible offence, and they assess whether to proceed. But without verifiable material, an investigation into a romance scam begins with a deleted profile and an inactive number, and closing the file is the likeliest outcome.
Does a screenshot of a chat have legal value?
Limited value. Under FRE 901(a) the party producing an item must show it is what they claim it is, and a screenshot carries no proof of its own date or integrity. Rule 902(14) treats copied data as self-authenticating when authenticated through a process of digital identification, ordinarily a hash value, which is precisely what a plain screenshot lacks.
How do I report a romance scam?
In the United States, file with the FBI Internet Crime Complaint Center at ic3.gov and with the FTC at reportfraud.ftc.gov; elsewhere, contact your national police or cybercrime unit. Set out the facts chronologically and attach chats, profiles, receipts and recordings. Tell your bank at the same time.
What should I do if the scammer has deleted the profile and the chats?
Recover what remains: phone backups, notifications, system emails, bank statements. It is usable material but weaker, because the other side can dispute it and you cannot show when it was captured. In a romance scam, certification needs to happen at the first suspicion.
Is a video call enough to verify that the person is real?
No. The Arup case, where a video call with synthetically reconstructed participants led to transfers of $25 million, demonstrates the opposite. Certified, though, a video call documents that the conversation took place, on that date and with that content.
Is a romance scam a crime?
Yes. In the United States, obtaining money through false pretences over electronic communications in interstate or foreign commerce falls within federal wire fraud under 18 U.S.C. § 1343. Assuming a false identity to gain an advantage is separately an offence in many jurisdictions, so a fake profile can be actionable even with no money sent.
How long do I have to report it?
Limitation periods vary by jurisdiction and by offence, and for wire fraud in the United States they run to years rather than months. Digital evidence lasts nowhere near as long. The deadline that actually binds you is much shorter: the hours between your first suspicion and the moment the scammer closes the accounts.

Certify the evidence before it disappears

Chats, profiles and receipts from a romance scam stay online for hours. With TrueScreen you capture them with a trusted date and attested integrity, ready to attach to your report.

mockup app