Evidence after a fraudulent call: what to keep in 2026 | num.huhu.fr

After a fraudulent call, many people make the same mistake: they block the number, delete the call history, and move on. That reaction is understandable, but it is not ideal if you later need to report the spam, alert your operator, file a complaint, or prove that the same scenario keeps happening.

In 2026, the goal is not to collect everything at random. The useful approach is to keep the elements that answer four simple questions: who called, when, under what pretext, and what happened next. That discipline helps both individuals facing a scam and business teams documenting spoofing waves or repeated reports.

The minimum evidence to keep right away

If you remember only one rule, make it this one: save the volatile evidence first, the things that disappear quickly from a phone or call tool.

A screenshot of the call: displayed number, date, time, duration, and any caller name.
The call log: ideally a screenshot showing the call in context, before and after.
The exact scenario: the pretext used, the request made, the urgency claimed, and any callback number or link suggested.
Associated material: a text message sent before or after, a voicemail, an email follow-up, or a screenshot of the website the caller pushed you toward.

For a simple incident, that base is often enough for a report to 33700, for comparing repeated episodes, or for explaining the issue to an operator.

Screenshots: what they should actually show

A useful screenshot is not just a blurry number. It should preserve as much context as possible. On mobile, try to capture:

the incoming call screen or full call history;
the visible date and time on the device;
the displayed number or caller name, even if it may be spoofed;
any related message, such as a follow-up text or suspicious link.

If the call led to a website, also capture the visible URL, the landing page, and the urgency message shown on screen. France’s Cybermalveillance portal regularly highlights how smishing relies on urgency, impersonation of a bank, parcel service, or public body, and a fast action expected from the victim.

Timestamps and chronology matter more than people think

The exact time of a fraudulent call is more valuable than it looks. It helps you:

connect the call with a text or email received at the same time;
compare several victims or colleagues hit in the same time window;
help an operator or compliance team isolate a campaign;
reconstruct the facts if a complaint or dispute follows.

The practical move is to write down a short timeline:

time of the first call;
time of any callback;
time of the related SMS or email;
time of any sensitive action triggered afterwards, such as a click, payment, or login.

This fits well with our guide on choosing the right reporting channel between 33700, Bloctel, and J’alerte l’Arcep: the right channel works better when the facts are already structured.

Audio and voicemail: keep them carefully, without overstating their legal effect

The word audio covers very different situations:

a voicemail left on your line;
an automatic recording already available in your call tool;
a recording made by your organisation inside an existing framework;
your written notes made right after the call if no recording exists.

The key point is simple: if you already have an audio file or voicemail, keep it in its original format with its date. Do not overwrite the original, rename it casually, or keep only a typed excerpt.

At the same time, avoid broad legal claims about what a recording always proves. Depending on the context, audio may be handled under different rules. For an operational article, the sound approach is pragmatic: keep the item if you already have it, keep a written summary as well, and seek case-specific advice if litigation becomes likely.

What to prepare for your operator

When the issue repeats, your operator or telecom provider will rarely act on a vague statement like “I got a weird call”. You should be able to provide a minimal file:

displayed number;
exact date and time;
observed frequency or repetition;
screenshots or voicemails;
practical impact: fraud, spoofing, recurring nuisance, affected staff, or loss of trust.

If you manage a calling team or contact centre, add the volume, the prefixes involved, and the lines affected. That is the same logic we describe in our article on the first 24 hours after a number is blacklisted: incomplete evidence almost always slows down resolution.

Which channel should use this evidence?

33700 for operational reporting

The 33700 platform is positioned as the official French channel against unwanted SMS and calls. Your screenshots, numbers, and timestamps make the report more useful, especially when the same pattern happens again.

J’alerte l’Arcep when the problem is broader than one isolated call

J’alerte l’Arcep becomes relevant when you see a wider issue: inconsistent caller ID display, recurring malfunction, operator-side difficulty, or a wave affecting several lines.

Police or prosecutor when the call resulted in actual fraud

The Service-Public page on fraud explains that victims can file a complaint with the police, the gendarmerie, or by writing to the public prosecutor. In that context, the value of the file depends less on raw quantity than on the consistency of the evidence you kept.

The HUHU method in 5 steps

Capture the call screen, call history, and any related messages.
Note the pretext, the request, and the urgency used.
Keep any original files available: voicemail, existing recording, text message, email.
Structure a short timeline with timestamps and outcomes.
Route the file to the right channel: 33700, Arcep, operator, bank, or complaint.

This method also helps teams that want stronger internal traceability before contacting us about reputation, spoofing, or operational compliance issues.