Single Blog Title

This is a single blog caption

Complaint and Evidence Gathering Process in Crimes Committed Over the Internet

Entrance

With the internet becoming central to daily life, methods of committing crimes have also changed significantly. Many crimes, such as defamation, threats, blackmail, fraud, violation of privacy, dissemination of personal data, creation of fake accounts, misuse of bank card information, hacking of social media accounts, and email fraud, can now be committed online.

In online crimes, the most common mistake victims make is simply taking a screenshot or deleting the account, message, or post without preserving the evidence. However, in cybercrimes and internet-related criminal cases, the most important element is the rapid, complete, and legally compliant collection of evidence.

Therefore, anyone who has been victimized by a crime committed online should immediately preserve evidence, create a chronology of events, file the necessary applications with the relevant bank, platform, or service provider, and file a criminal complaint with the Public Prosecutor's Office. Properly drafting the complaint directly influences which institutions the prosecutor's office will contact, which records will be requested, and what investigations will be conducted to identify the perpetrator.

The Turkish Penal Code specifically regulates crimes such as unauthorized access to information systems, obstructing or disrupting systems, destroying or altering data, and misuse of bank or credit cards. Articles 243, 244, and 245 of the TCK are among the fundamental provisions concerning internet and cybercrimes. In addition, classic crimes such as fraud, defamation, threats, blackmail, violation of privacy, and unlawful acquisition of personal data are also evaluated from a criminal law perspective when committed over the internet.

What are crimes committed over the internet?

Crimes committed over the internet are not limited to a single type. Sometimes the perpetrator directly attacks the victim's computer system; other times, they use the internet as a tool to commit the crime. Therefore, the correct legal classification must be made in each case.

The most common internet crimes encountered in practice include: defamation, threats, and blackmail via social media; creating fake social media accounts; hijacking Instagram, Facebook, X, TikTok, or email accounts; unauthorized sharing of private photos and videos; online shopping fraud; fraud through fake shipping or bank messages; cryptocurrency investment fraud; theft of bank or credit card information; unauthorized sharing of personal data; hijacking company emails to send fake payment instructions; and attacks on websites.

Some of these crimes are committed directly against information systems. For example, unauthorized access to a person's account or the deletion of a company database falls within this scope. In some crimes, however, the internet is merely a tool. For instance, if the perpetrator creates a fake website to deceive the victim and obtain money, this could constitute fraud.

This distinction is important because basing a complaint on the wrong type of crime can lead to an incomplete investigation. For example, if someone whose social media account has been hacked simply reports being "scammed," the possibilities of unauthorized access to information systems, theft of personal data, violation of privacy, or blackmail may not be adequately investigated.

First Steps in Cybercrime Cases

When a crime is committed online, the first thing a victim should do is securely record all evidence without destroying it. Messages sent by the perpetrator, social media profile, username, account link, URL address, phone number, IBAN information, receipt, email address, links sent, screenshots, conversation history, and any audio or video recordings should all be preserved.

Especially with social media content, simply taking a screenshot is often insufficient. The link to the post, the date and time of posting, the account username, profile URL, comments, likes, and the platform where the content was published must be clearly recorded. This is because the perpetrator may later delete the post, change the username, or close the account.

Secondly, the victim must determine whether the incident has resulted in financial loss. If money has been withdrawn from their bank account, if their card information has been used, or if they have sent money to another IBAN, they should immediately contact their bank. They should file a transaction dispute, report a suspicious transaction, and, if possible, request that the recipient's account be blocked.

Thirdly, the victim must secure their account. Passwords should be changed, two-factor authentication enabled, connected devices checked, and email and phone recovery options updated. However, evidence should not be deleted during these processes. Emails and notifications from the platform should also be saved during the account recovery process.

How to File a Criminal Complaint with the Prosecutor's Office?

The primary method of reporting crimes committed online is to file a complaint with the Public Prosecutor's Office. This complaint can be made directly to the prosecutor's office at the courthouse or through law enforcement agencies. However, in complex cybercrimes, preparing a detailed complaint is crucial for a successful investigation.

The criminal complaint should describe the events chronologically. It should clearly state what happened on what date, how contact was made with the perpetrator, which accounts or numbers were used, how the victim was deceived, what data was obtained, which money was sent to which account, what content was published, and what harm the victim suffered.

It is not sufficient to simply state "I am complaining about the suspect" in the petition. Specific requests for investigation should be made to the prosecutor's office. For example, the petition should request an investigation of the phone number's subscription information, identification of the IBAN holder, examination of bank security camera footage, investigation of accounts to which money transfers were made, IP and login records from the relevant social media platform, line and base station records from the GSM operator, IP allocation information from the internet service provider, and, if necessary, expert examination of digital materials.

If the incident occurred via a social media account, the application must include the username, profile link, post URL, message screenshots, and the date the account was accessible. If it involves online fraud, payment receipts, bank statements, the link sent, the fake website address, WhatsApp conversations, call logs, and the phone number must be provided.

What is Digital Evidence?

Digital evidence is any data created, stored, or transmitted electronically that can be used to prove a legal dispute. In internet crimes, digital evidence is often the most important piece of proof in the case.

WhatsApp conversations, SMS records, email content, email header information, social media messages, screenshots, website records, IP addresses, log records, bank statements, cryptocurrency transfer hash information, camera recordings, device images, cloud records, user login activity, and server logs can all be considered digital evidence.

However, for digital evidence to be used effectively in court, it must be reliable. Information such as when the evidence was obtained, its source, whether it has been altered, whether the full URL is available, and its relevance to the case are all important. Therefore, digital evidence should be collected systematically, not haphazardly.

In criminal proceedings, searching, copying, and seizing computers, computer programs, and files are subject to a special procedure under Article 134 of the Code of Criminal Procedure (CMK). The Constitutional Court, in its decision dated February 12, 2026, annulled certain parts of CMK Article 134, and it was announced that this annulment would come into effect nine months after its publication in the Official Gazette. Therefore, procedural compliance with regard to digital evidence has become a topic requiring even greater attention in the coming period.

Can a screenshot be used as evidence?

Screenshots are a commonly used type of evidence in applications. However, they may not always be sufficient on their own, as screenshots can be altered, cropped, or taken out of context. Therefore, it is healthier to support the screenshot with a URL, date, time, username, account link, and, if possible, a video recording.

If an insult or threat occurs via social media, not only the screenshot of the message but also the profile information of the sending account, including username, profile URL, date and time the message was sent, and any conversation before or after, should be recorded. Otherwise, the other party may claim, "This screenshot is not mine," "My account was hacked," or "The message was taken out of context.".

If the content is published on a publicly accessible website or social media platform, obtaining a notarized document, expert report, or court-ordered evidence can increase the probative value of the evidence. Evidence gathering is particularly important in cases involving attacks on personal rights, disclosure, damage to commercial reputation, or serious defamation.

Can WhatsApp, Telegram, and social media messages be considered evidence?

Digital communications such as WhatsApp, Telegram, Instagram DMs, Facebook Messenger, and X messages can be considered as evidence depending on the specifics of the case. However, this evidence must have been obtained legally.

Presenting correspondence that one is a party to as evidence is not the same as obtaining correspondence by illegally accessing someone else's account. It is generally permissible for the victim to present messages containing insults, threats, or blackmail sent to them. However, correspondence obtained by illegally accessing someone else's phone, email account, or social media account may raise concerns about the validity of such evidence.

Therefore, illegal methods should not be used when collecting evidence. The victim may present messages found on their own device, emails received, receipts sent to them, and correspondence visible on their account. However, obtaining evidence by accessing the perpetrator's private account, cracking their password, or secretly recording from a third party's device weakens the validity of the evidence and may also create additional criminal risks for the victim.

Gathering Evidence in Internet Fraud Cases

Internet fraud is one of the most common crimes in practice. Examples include fake e-commerce websites, fake bank messages, fake shipping notifications, fake investment platforms, cryptocurrency promises, second-hand product scams, and product sales via social media.

When collecting evidence in such cases, the following information must be preserved: the perpetrator's phone number, WhatsApp messages, the link to the advertisement, their social media account, the IBAN number used for payment, the receipt, bank account statements, the fake link sent, the website address, shipping information, voice call recordings (if any), and screenshots of the product advertisement.

If the victim has sent money, they should contact the bank immediately. They should request the bank to identify the recipient account holder, report the suspicious transaction, file a transaction dispute, and, if possible, block the account to which the money was transferred. Then, in a criminal complaint to the prosecutor's office, they should request an investigation into all stages of the money transfer. This is because the perpetrator often quickly transfers the money from the initial account to other accounts. Therefore, it is necessary to identify not only the initial IBAN holder but also all accounts to which the money was transferred.

In internet fraud cases, various potential crimes under the Turkish Penal Code, such as aggravated fraud, misuse of bank or credit cards, instrumental use of information systems, theft of personal data, and money laundering, can be evaluated depending on the specific circumstances of the case.

Insult, Threat, and Blackmail via Social Media

Crimes such as insult, threat, and blackmail via social media are quite common. The perpetrator may send messages from a real account, a fake account, or even a compromised account. In such cases, the process of gathering evidence is crucial for identifying the perpetrator.

In defamation cases, the content of the message, to whom it is directed, the element of publicity, whether the sharing is public, and its impact on the victim's personal rights are evaluated. In threat cases, it is examined whether there is a serious intention to intimidate the victim or their close relative's life, physical integrity, property, or other values. In blackmail, the perpetrator usually uses private images, correspondence, information, or threats to reputation to force the victim to do or not to do something.

In cases of blackmail and threats to disseminate private images, swift action is necessary. Messages should be saved without deleting them, the perpetrator's account, phone number, and IBAN information (if any) should be preserved, and the prosecutor's office should be contacted immediately. If content violating the privacy of private life is published online, an application may also be made under Article 9/A of Law No. 5651 concerning the blocking of access due to the violation of the privacy of private life.

Creating Fake Accounts and Identity Impersonation

Creating a fake social media account using someone's name, photo, or personal information can involve both personal rights and criminal law. If the fake account is used to post on behalf of the victim, contact third parties, solicit money, make insults, or share private information, multiple offenses may be committed.

In this case, the victim should gather evidence including the fake account's profile link, username, profile picture, posts, messages sent, follower list, and any statements from individuals contacted on the victim's behalf. Filing a complaint with the platform may be helpful; however, evidence should be recorded before doing so, as accessing the content may become difficult if the account is closed.

In cases involving fake accounts, the prosecutor's office should be asked to send a request to the platform for the account creation date, login IP records, associated email or phone information, and user activity data. The perpetrator's use of a VPN or foreign services may complicate the investigation; however, this does not negate the right to file a complaint.

Dissemination of Personal Data on the Internet

Sharing personal data online is also a serious legal issue. Personal information such as Turkish Republic identity numbers, addresses, phone numbers, photographs, health information, bank information, private correspondence, location information, family information, or professional information may be published without permission.

In this case, both crimes against personal data under the Turkish Penal Code and the Law No. 6698 on the Protection of Personal Data may come into play. According to the Law on the Protection of Personal Data, the data controller is obliged to take the necessary technical and administrative measures to prevent the unlawful processing of personal data and unlawful access to data. If personal data is obtained by others through unlawful means, the data controller has an obligation to notify the data subject and the Board.

If a personal data breach occurs at the hands of a company, school, hospital, e-commerce site, or other data controller, the victim can apply to the prosecutor's office, as well as to the relevant data controller and, if the conditions are met, to the Personal Data Protection Authority. According to the Authority's decision no. 2019/10, it is accepted that data breach notifications must be made without delay and within a maximum of 72 hours from the time of learning about the breach.

Content Removal and Access Blocking

In crimes committed online, the goal is not solely to punish the perpetrator. Sometimes, the most urgent need for the victim is the removal of the illegal content or the blocking of access to it. Especially in cases involving the sharing of private images, defamatory news, social media posts violating personal rights, disclosures, or the publication of personal data, the delay exacerbates the victim's suffering.

Law No. 5651 is one of the fundamental regulations regarding combating crimes committed through online publications and blocking access. However, due to the Constitutional Court's annulment decisions and subsequent changes in the content removal regime based on personal rights, the current legal situation must be checked separately in each specific case. The annulment process and new regulatory efforts regarding Article 9 of Law No. 5651 have caused the application to be variable during the 2024-2026 period.

In response, rapid application mechanisms under Article 9/A of Law No. 5651 concerning the privacy of private life may come into play. Furthermore, to protect personal rights, requests for cessation of attacks, prevention, determination, and compensation may be considered within the framework of the Turkish Civil Code and the Turkish Code of Obligations.

What should be considered when writing a complaint letter?

In complaints regarding internet crimes, the complaint letter must include both technical and legal elements. The letter should clearly state the victim's identity, the date of the incident, the perpetrator's information (if known), the digital accounts used (if unknown), the platform where the incident occurred, the amount of material damage, the amount of moral damage, the evidence, and the actions requested from the prosecutor's office.

It is important that the petition specifically includes the following requests: requesting user records from the relevant social media platform, requesting IP and log records, requesting transaction information from banks and payment institutions, obtaining line information from GSM operators, requesting IP allocation records from internet service providers, blocking suspicious accounts, sending digital materials to an expert for analysis, investigating camera recordings, tracking cash flows, and taking statements from suspects if deemed necessary.

An incomplete statement increases the risk of an incomplete investigation. Especially in internet fraud cases, simply taking the statement of the IBAN holder is insufficient. Money flow, account transactions, IP records, phone traffic, and digital communications must all be examined together.

The Role of the Lawyer

In online crime cases, a lawyer's role is not limited to writing petitions. Knowledge of both cyber law and criminal law must be used together. The lawyer must determine which types of crimes the incident falls under, organize evidence in accordance with the law, concretize the investigations to be requested from the prosecutor's office, evaluate methods of content removal or access blocking, and initiate the compensation process if necessary.

One of the most important tasks for the victim's lawyer is to act quickly before evidence is lost. For the suspect's or defendant's lawyer, it is crucial to carefully examine whether the digital evidence was obtained legally, whether the IP address alone is sufficient to identify the perpetrator, the likelihood of the account being compromised, who used the device, and the technical adequacy of the expert report.

Conclusion

In crimes committed online, the process of filing complaints and gathering evidence is more delicate and technical than in traditional criminal cases. This is because digital evidence can be easily deleted, accounts can be closed, usernames can be changed, IP records can be stored for a limited time, and money transfers can be quickly moved to different accounts.

Therefore, the victim must act correctly from the very beginning. Messages, screenshots, URLs, usernames, receipts, bank records, phone numbers, email headers, and all digital traces should be saved; bank and platform complaints should be filed; and then a detailed criminal complaint should be submitted to the prosecutor's office.

In conclusion, a successful legal process in internet-based crimes depends not only on exercising the right to complain, but also on the correct collection of evidence, the accurate characterization of the crime, and effective investigative requests to the prosecutor's office. To avoid loss of rights in the digital world, it is crucial that the process is carried out promptly and professionally.

Leave a Reply

Call Now Button