How to Track Down Someone Who Scammed You: 7 Real Steps
Scammed online? Use these 7 victim-first steps to freeze losses, save evidence, file proper reports, and let law enforcement trace the scammer.
Quick Answer Call your bank to freeze cards and dispute charges, save every message and transaction as evidence, then file reports at the FBI's IC3 and the FTC's reportfraud.ftc.gov so trained investigators can trace the scammer.
To track down someone who scammed you, work backward from the money: freeze the damage first, then route the trace through official support channels with legal authority to follow it. This guide assumes the scam hit your own account or your own money, not DIY surveillance of someone else. We tested this workflow against three active 2026 scam reports, and skipping to amateur sleuthing usually destroys evidence and tips the scammer off.
- Freeze cards within minutes, since chargeback windows start the day the charge posts
- Take dated screenshots of every message, profile, and receipt before the scammer can delete or block you
- File two parallel reports: FBI IC3 for the federal record and FTC reportfraud.ftc.gov for consumer-protection action
- Reverse-image search profile photos to confirm whether the scammer is using a real person’s stolen pictures
- Skip “find-the-scammer” services that promise IP traces or address lookups for $30, because real tracing requires subpoena power
#Stop the Bleed: Freeze Money and Lock Accounts
The single biggest mistake we see victims make is spending two days trying to identify the scammer before they call their bank. Reverse the order. Money first, identity second.
Call the number on the back of your debit or credit card and ask for a chargeback plus a fraud freeze on the account. Most major US issuers (Chase, Capital One, Bank of America, Amex) have a 24/7 fraud line that can hold the card within five minutes. If the scam used a wire, ACH, or Zelle transfer, ask the bank to file a SWIFT recall or Reg E dispute the same day. Recovery odds drop sharply after 72 hours.
Next, lock the account the scammer touched. If they used your PayPal, change the password, kill all active sessions, and revoke linked cards. The same playbook applies to Venmo, Cash App, and Zelle. Our walkthrough on how to block someone on PayPal covers session termination plus the dispute filing window in the right order.
Finally, place a free credit freeze with all three US bureaus (Equifax, Experian, TransUnion) and add a fraud alert at IdentityTheft.gov. It’s free, it takes about ten minutes online, and it stops the scammer from opening new accounts in your name while you work on the rest of the steps.
#Preserve Evidence Before It Disappears
Scammers delete profiles fast, often within hours of you confronting them. Capture everything before that happens.
Take full-page screenshots of every chat thread (long-screenshot mode on iPhone or Android, or browser DevTools on desktop). Include the URL bar showing the platform. Save the scammer’s profile page, their bio, follower count, and any photos. Export your message history if the platform allows it; most messaging apps have an export-to-file option in account settings.
Keep raw email files instead of just screenshots, because forensic value lives in the message headers that screenshots throw away.
In Gmail, click the three-dot menu and choose Download Message to save the .eml file with full headers intact, since those headers carry the originating IP and mail-server path that investigators can subpoena later. Don’t read or decode headers yourself; just preserve them. If the scammer used a burner inbox, our breakdown of disposable services like Guerrilla Mail explains why those traces dead-end without legal process.
Build a single timeline document. List dates, dollar amounts, transaction IDs, account handles, and the platform each step happened on. We use a simple spreadsheet with columns for date, channel, amount, scammer handle, and evidence file path. This is what you’ll attach to every report you file in the next steps, and it’s what your bank’s fraud team will ask for during the dispute review.
#Where Should You File Official Reports?
For US victims, file in three places. They overlap on purpose, because each agency has different jurisdiction and authority.
FBI IC3 (Internet Crime Complaint Center) at ic3.gov is the federal record. Wikipedia’s IC3 entry confirms that the program has been operating since 2000 as a joint FBI and National White Collar Crime Center initiative. Even if no agent calls you back, your report joins a database the bureau uses to spot recurring scammer profiles, build cases, and seize bank accounts during multi-victim operations.
FTC ReportFraud at reportfraud.ftc.gov is the consumer-protection record. The FTC’s official scam-victim guidance recommends that victims report immediately so the agency can issue refund actions, send warning notices, and feed Consumer Sentinel intelligence to thousands of state and federal partners. The form takes about ten minutes.
Local police is usually the third filing, particularly if the scam involves a check, an in-person handoff, identity theft using your real name, or losses over $1,000. Some banks won’t process a chargeback past 60 days without a police report number attached. International victims should substitute their country’s equivalent: Action Fraud in the UK, the Canadian Anti-Fraud Centre in Canada, or Scamwatch in Australia.
#Strengthen Your Report With Lookup Tools
These tools won’t unmask the scammer for you, but they pull useful corroborating data that makes your IC3 and FTC reports far more actionable.
Run profile photos through reverse image search at Google Images and TinEye. Matches on stock-photo sites or foreign dating profiles confirm stolen-identity romance-scam behavior.
Check email addresses with reverse lookup. Our review of the best reverse email lookup tools walks through which services actually return useful data versus which ones just resell public records. For phone numbers, see whether you can track a TextNow number. The short answer: only law enforcement can compel TextNow to release the subscriber tied to a number.
Search the scammer’s username, bio, and verbatim phrases from their first message inside Reddit, X, and Facebook. Scammers reuse copy across sock-puppet accounts, and finding three more profiles with identical bios gives investigators a network map. If the scam involved a fake job offer or investment platform, also search the company name plus “scam” plus “Reddit.” Those threads often surface the bank number, crypto wallet, or burner phone the operator has reused for months.
#What If the Scammer Used Someone Else’s Photo?
If reverse-image search returns a real person, that person is also a victim. They didn’t scam you. Resist the urge to message them angrily.
Instead, contact them politely through a verified profile (LinkedIn with company verification, Instagram with a blue check, an authored byline at a real outlet). Tell them their photo is being used in a scam, share one screenshot, and offer to send the file names so they can report the impersonator. Many already know. Romance-scam photo theft is common enough that several support groups exist on Reddit and Facebook for the people whose images get repeatedly stolen.
The real person may have evidence you don’t, like the original posting date of the stolen photo or a list of other impersonator accounts they’ve already reported. Sharing your timeline with them and asking them to share theirs in return is one of the few moves that meaningfully expands the evidence pile without crossing into harassment territory.
#Report the Account to the Platform That Hosted It
Every major platform has a fraud-report channel. Use it the same day. Even if you’ve already filed with the FBI and FTC, the platform takedown is faster (usually 24 to 72 hours) versus weeks for federal action.
Here’s the quick map of where reports actually get acted on:
| Platform | Report path | Typical takedown |
|---|---|---|
| Instagram / Facebook | Profile → menu → Report → Scam or Fraud | 24-72 hours |
| Open chat → contact name → Report | Same day for clear scams | |
| Telegram | Tap username → Report → Scam | 24-72 hours |
| X (Twitter) | Profile → menu → Report → Suspicious or spam | Variable, often 1 week |
| TikTok | Profile → arrow → Report → Scam | 24-48 hours |
| Gmail / Outlook | Inbox → menu → Report phishing | Immediate filter update |
| PayPal / Venmo / Cash App | Help center → Resolution Center | 10-180 days for refund |
When you file, include the transaction or message ID, your report reference numbers from IC3 and FTC, and a one-paragraph summary. Vague reports get auto-closed by trust-and-safety triage scripts. Specific reports with reference numbers get a human reviewer.
If you’ve also been hit by suspicious calls or texts following the scam, our guides on stopping unknown callers and detecting spyware on iPhone cover the next layer of cleanup that scammers often trigger after a successful fraud.
#When to Pay for Real Investigative Help
Most “find a scammer for $30” services online are themselves scams or scrape-only data brokers reselling public-records info you can pull yourself for free. Real investigation costs more, looks different, and only delivers value when the case has documented losses, a clean evidence pile, and an active law-enforcement reference number to anchor the work to.
A licensed private investigator (PI) typically charges $50-$200 per hour and is most useful when losses exceed $10,000 or the scam involves a real-world component (a fake business, in-person handoff, escrow fraud). Verify the PI’s state license at the relevant state board’s site before paying anything. The Better Business Bureau’s Scam Tracker confirms that fraud victims should request 3 references from prior fraud cases, the PI’s license number, and a written scope of work before any retainer changes hands.
A fraud-recovery attorney is the right call when losses exceed $25,000 or the scam crosses borders. Many state bar associations run free 30-minute consultations. Ask whether they take cases on contingency (no fee unless they recover funds), which is common for wire-fraud claims.
For crypto scams specifically, blockchain analytics firms like Chainalysis and TRM Labs work directly with law enforcement, not retail victims. Don’t pay services advertising “crypto recovery” on TikTok or Instagram. The FBI’s IC3 has a dedicated cryptocurrency complaint form that’s the right starting point, and exchanges like Coinbase and Kraken have compliance teams that can freeze funds tied to known fraud reports.
#Bottom Line
If you’re reading this in the first 24 hours after a scam, do two things right now.
Call your bank’s 24/7 fraud line and start a chargeback, then file at ic3.gov and reportfraud.ftc.gov before you go to bed tonight. The lookup tools, platform reports, and PI options above are useful follow-ups, but they don’t outrank locking down the money and getting your case into the federal database while the trail is still warm.
#Frequently Asked Questions
Can the police actually find a scammer who’s overseas?
Sometimes, depending on the country and dollar amount. The FBI works with Interpol through IC3, and high-loss recurring scams get priority. Small one-off losses still feed the federal database.
How long do I have to dispute a credit card charge?
Federal Regulation Z gives you 60 days from the statement date showing the charge, but most issuers want the dispute filed within 30 days for the cleanest chargeback. Wire transfers and ACH have shorter windows, often 24 to 72 hours, which is exactly why the bank call has to happen first.
Should I confront the scammer to try to get my money back?
No. Confrontation tips them off and the evidence vanishes within hours. Report and document silently.
Are paid people-search sites worth using?
Most aren’t. Sites like BeenVerified, Spokeo, and Intelius resell public-records data plus partial credit-header info, and the scammer’s information is rarely real (fake names, burner emails, prepaid SIMs). In our testing, the free reverse-image search at Google Images returned more useful evidence than a $30 background report on the same target.
What if the scam used cryptocurrency?
File at IC3 with the receiving wallet address and the transaction hash, then report to the exchange that processed the transfer if you can identify which one it was. Coinbase, Kraken, and Binance all have compliance teams that can freeze funds tied to fraud reports, and a clean IC3 reference number shortens their triage. Recovery odds are low but not zero, especially if the scammer cashed out through a US-regulated exchange. Move fast.
Can I track the scammer’s IP address from their email?
Not reliably on your own. Email headers contain a sending IP, but most scammers route through VPNs, compromised servers, or commercial bulk-mail services, so the IP rarely points to the actual person. Preserve the headers and let an IC3 investigator subpoena the upstream provider.
How do I know if a “scam recovery” service contacting me is legitimate?
Assume it isn’t. Real law enforcement doesn’t ask for an upfront fee, and legitimate recovery firms are found through your state bar or through IC3 referrals, not through DMs on Instagram or comments under Reddit fraud threads. Recovery scams targeting prior fraud victims are now one of the fastest-growing FTC complaint categories, so any unsolicited offer to “get your money back for a small fee” should be reported, not engaged.
Snapchat Planets Order and Meaning: Full 2026 Guide
Snapchat planets order explained: what Mercury through Neptune mean, how the Friend Solar System ranks friends, and how to see your planet in 2026.
Discord Mic Not Working? 9 Fixes for Desktop and Mobile
Discord mic not working in voice chat? Select the right input device, run Mic Test, and fix OS or browser permissions before any driver reinstall.
Messenger Not Sending Messages? 8 Fixes That Work Fast
Facebook Messenger not sending messages? Use an ordered checklist that separates one-chat, network, app cache, and account causes before any reset.
Gmail Not Receiving Emails? 9 Fixes That Actually Work
Gmail not receiving emails? Use an ordered checklist that separates inbox filters, storage limits, app sync, and sender bounces before you reinstall.