Fastrack Logo

Fastrack Legal Solutions

Your Trusted Legal Partner

Cyber Fraud in India

Cyber fraud in India should be reported immediately by calling the National Cybercrime Helpline 1930 and filing a complaint on the National Cyber Crime Reporting Portal. Cyber fraud cases may involve offences under the Bharatiya Nyaya Sanhita, 2023, such as cheating under Section 318 and cheating by personation under Section 319, along with offences under the Information Technology Act, 2000, including identity theft under Section 66C and cheating by personation using a computer resource under Section 66D. In unauthorised electronic banking transactions, the victim should also immediately report the fraud to the bank because RBI’s customer-liability framework places the burden of proving customer liability on the bank.

Introduction

Cyber fraud has become one of the fastest-growing legal and financial threats in India. Victims lose money through UPI fraud, fake investment apps, WhatsApp impersonation, courier scams, digital arrest threats, fake customer-care numbers, KYC fraud, phishing links, OTP theft, loan-app traps, job fraud, crypto scams, fake trading platforms, matrimonial fraud and social-media impersonation.

The first few hours after cyber fraud are critical. A delayed complaint can reduce the chances of freezing funds, tracing accounts, recovering money and establishing that the victim acted diligently. The legal strategy must move on three fronts at the same time: cyber complaint, bank complaint, and criminal-law action.

This article explains the legal remedies for cyber fraud in India, how to file a complaint, what offences apply, how to seek bank refund, when FIR can be registered, what evidence should be preserved, and what victims should do immediately.

What is Cyber Fraud?

Cyber fraud is a dishonest act committed through digital means to deceive a person and cause financial, identity, reputational, data or business loss.

It may involve:

  1. Fraudulent UPI transaction.
  2. OTP theft.
  3. Phishing link.
  4. Fake customer-care number.
  5. SIM-swap fraud.
  6. Fake investment or trading platform.
  7. Fake loan app.
  8. WhatsApp or Telegram scam.
  9. Instagram/Facebook impersonation.
  10. Digital arrest threat.
  11. Fake courier or customs case.
  12. Sextortion.
  13. Malware/APK fraud.
  14. Debit/credit card fraud.
  15. Net banking fraud.
  16. QR-code fraud.
  17. Remote-access app fraud.
  18. Job or work-from-home fraud.
  19. Crypto fraud.
  20. Business email compromise.

Cyber fraud is not merely a “banking issue”. It may involve criminal offences, IT Act violations, banking-law remedies, civil recovery, freezing of recipient accounts and, in serious cases, organised crime investigation.

Immediate Steps After Cyber Fraud

Step 1: Call 1930 Immediately

For financial cyber fraud, the first practical step is to call the National Cybercrime Helpline 1930. The Indian Cybercrime Coordination Centre states that the National Cybercrime Reporting Portal helps citizens report cyber financial frauds on helpline number 1930, and that the helpline is running in all States and Union Territories.

When calling 1930, keep ready:

  1. Your name and mobile number.
  2. Bank account details.
  3. UPI ID / transaction ID.
  4. Fraud amount.
  5. Date and time of transaction.
  6. Beneficiary account details, if visible.
  7. Screenshots.
  8. Brief facts of the fraud.

The objective is to trigger rapid reporting and possible fund-freezing in the transaction chain.

Step 2: File Complaint on cybercrime.gov.in

After calling 1930, file a written complaint on the official National Cyber Crime Reporting Portal. The portal is operated under the Indian Cybercrime Coordination Centre, Ministry of Home Affairs.

The complaint should include:

  1. Complete facts.
  2. Date and time of fraud.
  3. Amount lost.
  4. Transaction IDs.
  5. UPI IDs.
  6. Bank account numbers.
  7. Mobile numbers used by fraudsters.
  8. URLs, app names, Telegram/WhatsApp IDs.
  9. Screenshots.
  10. Bank complaint reference.
  11. 1930 complaint reference.
  12. Prayer for registration of FIR and freezing of recipient accounts.

Step 3: Inform the Bank Immediately

The victim must immediately notify the bank. RBI’s customer-protection framework for unauthorised electronic banking transactions states that the burden of proving customer liability lies on the bank. RBI also states that banks must have customer-protection policies and mechanisms for compensation and grievance handling.

Send complaint to:

  1. Branch manager.
  2. Bank customer care.
  3. Bank fraud reporting email.
  4. Nodal officer.
  5. Principal nodal officer, if unresolved.

Keep acknowledgement. RBI’s public awareness material also states that if money is fraudulently withdrawn, the customer should inform the bank immediately and take acknowledgement; the bank has to resolve the complaint within 90 days from receipt.

Step 4: File Police Complaint / FIR Request

If the amount is substantial, the fraud is organised, or bank accounts need freezing, file a written complaint before:

  1. Cyber Crime Police Station.
  2. Local Police Station.
  3. District Cyber Cell.
  4. State Cyber Cell.
  5. Magistrate, if FIR is not registered despite cognizable offence.

The complaint should clearly request registration of FIR, preservation of digital evidence, freezing of beneficiary accounts, bank-nodal coordination, and investigation of mobile numbers, IP logs, device details, UPI handles and mule accounts.

Legal Provisions Applicable to Cyber Fraud

1. BNS Section 318: Cheating

Section 318 of the Bharatiya Nyaya Sanhita, 2023 deals with cheating. It covers dishonest or fraudulent deception inducing a person to deliver property or do/omit an act causing harm.

Cyber fraud cases commonly invoke cheating where a victim is induced to transfer money through deception.

Examples:

  1. Fake investment scheme.
  2. Fake loan approval.
  3. Fake job offer.
  4. Fake courier/customs threat.
  5. Fake customer-care refund link.
  6. Fake trading app.
  7. Fake matrimonial promise used to extract money.

2. BNS Section 319: Cheating by Personation

Section 319 BNS deals with cheating by personation. The official BNS text describes cheating by personation as cheating by pretending to be some other person, knowingly substituting one person for another, or representing that a person is someone else.

This is relevant where fraudsters impersonate:

  1. Bank officials.
  2. Police officers.
  3. CBI/ED officials.
  4. Courier company staff.
  5. Army officers.
  6. Company HR managers.
  7. Friends or relatives on WhatsApp.
  8. Customer-care executives.
  9. Government officials.
  10. Trading/investment advisors.

3. IT Act Section 66C: Identity Theft

Section 66C of the Information Technology Act, 2000 punishes fraudulent or dishonest use of another person’s electronic signature, password or other unique identification feature, with imprisonment up to three years and fine up to ₹1 lakh.

This is relevant in cases involving:

  1. Password misuse.
  2. OTP misuse.
  3. Digital signature misuse.
  4. Login credential theft.
  5. KYC identity misuse.
  6. Aadhaar/PAN-based impersonation.
  7. Social-media account takeover.

4. IT Act Section 66D: Cheating by Personation Using Computer Resource

Section 66D punishes cheating by personation using a communication device or computer resource, with imprisonment up to three years and fine up to ₹1 lakh.

This is one of the most important provisions for cyber fraud because many scams are committed using phones, computers, apps, websites, social-media accounts or messaging platforms.

5. Other Possible Offences

Depending on facts, cyber fraud may also involve:

  1. Criminal breach of trust.
  2. Forgery.
  3. Use of forged electronic records.
  4. Criminal conspiracy.
  5. Extortion.
  6. Threats.
  7. Voyeurism or privacy offences.
  8. Obscene or sexually explicit electronic material offences.
  9. Organised crime provisions, where applicable.
  10. Money-laundering investigation in larger cases.

The FIR should not be mechanically drafted. The correct provisions depend on the factual ingredients.

People Also Ask: What Should I Do First After Online Fraud?

The first step is to call 1930 and file a complaint on the National Cyber Crime Reporting Portal. Then immediately inform your bank and obtain written acknowledgement. Delay can weaken recovery chances because cyber fraud funds often move across multiple mule accounts within minutes or hours.

People Also Ask: Can I Get My Money Back After Cyber Fraud?

Yes, recovery is possible in some cases, but not guaranteed. Recovery depends on:

  1. How quickly the fraud is reported.
  2. Whether funds are frozen in beneficiary accounts.
  3. Whether banks cooperate promptly.
  4. Whether the disputed transaction is unauthorised.
  5. Whether customer negligence is alleged.
  6. Whether mule accounts are traceable.
  7. Whether court orders are obtained for release.
  8. Whether RBI customer-liability rules apply.

In unauthorised electronic banking transactions, RBI’s framework states that the burden of proving customer liability is on the bank.

People Also Ask: Is FIR Necessary in Cyber Fraud?

FIR is necessary where the facts disclose a cognizable offence, substantial financial loss, organised fraud, identity theft, cheating, account takeover, forged documents, extortion, or where investigation is needed to trace accused and freeze accounts.

For small unauthorised transactions, the first steps are still 1930, cyber portal and bank complaint. But where police investigation is required, a formal FIR should be pursued.

People Also Ask: Where to File Cyber Fraud Complaint?

A victim can file cyber fraud complaint through:

  1. 1930 helpline for financial cyber fraud.
  2. National Cyber Crime Reporting Portal.
  3. Local police station.
  4. Cyber Crime Police Station.
  5. District cyber cell.
  6. State cyber cell.
  7. Magistrate, if police refuse FIR.
  8. Bank grievance channel.
  9. RBI Ombudsman, where bank fails to resolve unauthorised transaction complaint.

The official I4C FAQ states that complaints related to financial cyber fraud can be reported by calling 1930 and that complaints must later be completed on the portal.

Types of Cyber Fraud in India

1. UPI Fraud

UPI fraud may occur through:

  1. Collect request scams.
  2. Fake QR code.
  3. Screen-sharing app.
  4. Fake refund link.
  5. Payment reversal trap.
  6. PIN sharing.
  7. Fraudulent merchant.
  8. Fake customer care.

Important point: A QR code is generally for receiving payment, not sending money. If someone asks you to scan a QR code and enter UPI PIN to receive money, it is likely fraud.

Fraudsters send links appearing to be from banks, delivery companies, government portals, wallets, telecom companies or e-commerce platforms. The link may collect passwords, OTPs, card details or install malware.

Legal provisions may include IT Act Sections 66C and 66D where identity theft or personation through computer resource is involved.

3. Fake Customer-Care Fraud

Victims search online for customer-care numbers and call fake numbers planted by fraudsters. The fraudster then asks the victim to install an app, share OTP, enter UPI PIN or provide card details.

These cases typically involve cheating, personation and IT Act provisions.

4. Digital Arrest Scam

Fraudsters impersonate police, CBI, ED, customs, courier companies or court officials and tell the victim that their Aadhaar, parcel, bank account or phone number is linked to crime. The victim is threatened with arrest and forced to transfer money.

These cases may involve cheating by personation, extortion, criminal intimidation and IT Act offences, depending on facts.

5. Fake Investment or Trading App Fraud

Fraudsters lure victims through WhatsApp, Telegram, YouTube ads, fake celebrity videos, fake apps and manipulated dashboards showing artificial profits. The victim is asked to deposit more money to withdraw earlier profits.

Such cases often involve cheating, personation, forgery, fake platforms, mule accounts and money trail investigation.

6. Loan App Fraud

Fraudulent loan apps collect contact data, photos, documents and then use harassment, threats, morphed images or illegal recovery tactics. Victims may face extortion, privacy violation and data misuse.

Legal remedies may involve cyber complaint, police complaint, RBI/regulated-entity complaint where applicable, and removal/reporting of abusive content.

7. SIM Swap Fraud

Fraudsters obtain duplicate SIM or control over the victim’s mobile number and then access OTPs, banking apps or email accounts. RBI’s unauthorised electronic transaction framework becomes important where the customer promptly reports the fraud and disputes negligence.

8. Business Email Compromise

Companies are tricked into transferring money to fake vendor accounts after email compromise or spoofing. This requires immediate bank recall, FIR, cyber portal complaint, domain/email forensic preservation, and account-freezing request.

Bank Refunds in Cyber Fraud Cases

RBI Customer Liability Framework

RBI’s 2017 customer-protection circular on unauthorised electronic banking transactions requires banks to have transparent customer-protection policies and states that the burden of proving customer liability lies on the bank.

A victim should immediately:

  1. Report the unauthorised transaction to the bank.
  2. Take written acknowledgement.
  3. Preserve complaint number.
  4. Ask for chargeback/reversal investigation.
  5. Escalate to nodal officer.
  6. File RBI Ombudsman complaint if unresolved.

RBI’s public material specifically advises customers to inform the bank immediately if money has been fraudulently withdrawn and to take acknowledgement.

When Can Customer Have Zero Liability?

RBI’s Integrated Ombudsman FAQ states that under the 2017 circular, zero liability may arise in unauthorised electronic banking transactions in specified cases, including where the customer reports promptly under the circular’s framework.

The exact liability depends on:

  1. Whether bank negligence occurred.
  2. Whether third-party breach occurred.
  3. Whether customer reported promptly.
  4. Whether customer shared OTP/PIN/password.
  5. Whether customer delayed complaint.
  6. Whether transaction was authorised or unauthorised.
  7. Whether bank can prove customer liability.

This is why the first written bank complaint is critical.

Police Investigation in Cyber Fraud

A proper cyber fraud investigation may involve:

  1. Bank account trail.
  2. UPI handle trace.
  3. Mobile number KYC.
  4. IP logs.
  5. Device identifiers.
  6. SIM ownership.
  7. Beneficiary bank accounts.
  8. Mule account holders.
  9. Wallet details.
  10. App/website/domain information.
  11. CCTV at ATM withdrawal points.
  12. IMEI and device data.
  13. Platform data from WhatsApp/Telegram/social media.
  14. Freezing of suspect accounts.
  15. Arrest and recovery.

The victim’s complaint should help the investigation by giving exact transaction details.

Account Freezing in Cyber Fraud Cases

In cyber fraud cases, police often freeze recipient accounts and mule accounts. This usually happens under Section 106 BNSS, which permits seizure of property suspected to be stolen or connected with an offence and requires reporting to the Magistrate.

Victims should request the IO to:

  1. Freeze recipient accounts.
  2. Mark lien on disputed amount.
  3. Trace onward transfers.
  4. Seek bank nodal responses.
  5. File report before Magistrate.
  6. Support release of frozen victim funds through court process.

Where money is frozen in a beneficiary account, the victim may require a Magistrate order for release.

Documents Required for Cyber Fraud Complaint

Prepare the following:

  1. Written complaint.
  2. ID proof of victim.
  3. Bank statement.
  4. Transaction screenshot.
  5. UPI transaction ID.
  6. Reference number/UTR.
  7. SMS alerts.
  8. Email alerts.
  9. Screenshots of chats.
  10. Phone numbers used by fraudsters.
  11. Links/URLs/apps downloaded.
  12. Website/domain details.
  13. Telegram/WhatsApp/Instagram handles.
  14. Bank complaint acknowledgement.
  15. 1930 complaint acknowledgement.
  16. Cyber portal acknowledgement.
  17. Any call recordings, where lawfully available.
  18. Timeline of events.

A clean, chronological complaint increases the chances of proper FIR registration and investigation.

Legal Notice to Bank in Cyber Fraud Cases

A legal notice may be appropriate where:

  1. Bank refuses to register complaint.
  2. Bank delays action.
  3. Bank fails to provide complaint acknowledgement.
  4. Bank alleges customer negligence without proof.
  5. Bank does not share transaction trail.
  6. Bank fails to act despite prompt reporting.
  7. Bank rejects refund claim mechanically.
  8. Bank violates RBI customer-protection norms.

The notice should rely on RBI’s customer-protection framework and demand investigation, provisional credit where applicable, written findings, and escalation to the nodal officer.

RBI Ombudsman Remedy

If the bank does not resolve the complaint, the victim may approach the RBI Integrated Ombudsman mechanism. RBI’s FAQ links unauthorised electronic banking transaction complaints with the 2017 limited-liability framework and emphasises prompt reporting by customers.

This remedy is useful where the core dispute is between customer and bank regarding unauthorised transaction, negligence, refund, chargeback or failure of grievance redressal.

Magistrate Remedy if FIR Is Not Registered

If police do not register FIR despite a cognizable cyber fraud, the complainant may consider legal remedies under the BNSS framework, including approaching the senior police authority and then the Magistrate for directions, depending on the facts and forum practice.

The complaint should clearly show:

  1. Cognizable offence.
  2. Financial loss.
  3. Digital evidence.
  4. Accused identifiers.
  5. Bank trail.
  6. Need for police investigation.
  7. Need for freezing accounts.
  8. Urgency.

A vague grievance may be treated as a bank dispute. A properly drafted complaint should show cheating, personation, identity theft, unauthorised access or other offence ingredients.

Civil Recovery Alongside Criminal Complaint

Cyber fraud victims may also consider civil recovery where the beneficiary is identifiable.

Civil remedies may include:

  1. Suit for recovery.
  2. Injunction against withdrawal of funds.
  3. Attachment before judgment, where legally sustainable.
  4. Claim against identifiable mule account holder.
  5. Consumer/banking remedy.
  6. Company/business recovery action.

Criminal complaint helps investigation, but recovery may require separate strategy.

Common Mistakes by Cyber Fraud Victims

  1. Waiting for the bank to “reverse automatically”.
  2. Not calling 1930 immediately.
  3. Filing vague cyber portal complaint.
  4. Not preserving transaction ID.
  5. Deleting chats or call logs.
  6. Not informing bank in writing.
  7. Not taking complaint acknowledgement.
  8. Not following up with cyber cell.
  9. Not requesting account freeze.
  10. Sharing more information with fraudster.
  11. Paying more money for “refund release”.
  12. Installing remote-access apps.
  13. Not escalating to nodal officer/RBI Ombudsman.
  14. Not pursuing FIR in serious cases.

The biggest mistake is delay. Cyber fraud money moves fast.

Do’s After Cyber Fraud

  1. Call 1930 immediately.
  2. File complaint on cybercrime.gov.in.
  3. Inform bank immediately in writing.
  4. Take acknowledgement from bank.
  5. Freeze cards/net banking if needed.
  6. Change passwords.
  7. Preserve screenshots and messages.
  8. Note transaction IDs.
  9. File police complaint/FIR request.
  10. Follow up with cyber cell.
  11. Ask for freezing of beneficiary accounts.
  12. Escalate bank complaint if refund is denied.

Don’ts After Cyber Fraud

  1. Do not delete evidence.
  2. Do not contact fraudster aggressively.
  3. Do not pay “release fee” to recover money.
  4. Do not install any app suggested by unknown caller.
  5. Do not share OTP, PIN, password or screen.
  6. Do not ignore small deductions.
  7. Do not wait for days before reporting.
  8. Do not file incomplete complaint.
  9. Do not rely only on oral bank assurance.
  10. Do not assume police cannot help

Also read Who is Advocate Govind Bali | Fastrack Legal Solutions LLP

Search-Optimised Quick Answers

What is cyber fraud?

Cyber fraud is deception committed through digital means such as UPI, banking apps, websites, social media, fake links, phone calls, messaging apps or computer resources to cause financial or identity loss.

What is the cyber fraud helpline in India?

The national helpline for financial cyber fraud is 1930. It is part of the National Cybercrime Reporting Portal ecosystem.

Where can I file cyber fraud complaint online?

A complaint can be filed on the National Cyber Crime Reporting Portal, operated under I4C, Ministry of Home Affairs.

Which law applies to cyber fraud?

Cyber fraud may attract the Bharatiya Nyaya Sanhita, 2023, including cheating and personation, and the Information Technology Act, 2000, including Sections 66C and 66D.

Can bank refund cyber fraud money?

In unauthorised electronic banking transactions, refund depends on RBI customer-liability rules, prompt reporting, negligence analysis, bank investigation and facts. The burden of proving customer liability lies on the bank.

Frequently Asked Questions

1. What should I do immediately after cyber fraud?

Call 1930, file a complaint on the National Cyber Crime Reporting Portal, inform your bank in writing, preserve transaction details and file a police complaint where a cognizable offence is involved.

2. What is the official cyber fraud helpline in India?

The official national helpline for financial cyber fraud is 1930. I4C states that complaints related to financial cyber fraud can be reported by calling 1930 and later completed on the portal.

3. Which portal is used for cyber crime complaint?

The National Cyber Crime Reporting Portal is the official portal for reporting cybercrime complaints in India.

4. Which sections apply to cyber fraud?

Cyber fraud may involve BNS Section 318 for cheating, BNS Section 319 for cheating by personation, IT Act Section 66C for identity theft, and IT Act Section 66D for cheating by personation using computer resource.

5. Can I get refund from bank after UPI fraud?

Refund depends on whether the transaction was unauthorised, how quickly you reported it, whether negligence is alleged, and whether the bank can prove customer liability. RBI states that the burden of proving customer liability lies on the bank in unauthorised electronic banking transactions.

6. Is FIR compulsory in cyber fraud?

FIR should be pursued where the facts disclose a cognizable offence such as cheating, personation, identity theft, extortion, unauthorised access, forgery or organised financial fraud.

7. Can cyber police freeze fraudster’s bank account?

Police can seek freezing of accounts connected with suspected offence or stolen property under the seizure framework. Under Section 106 BNSS, seizure must be reported to the Magistrate.

8. What evidence is needed for cyber fraud complaint?

Bank statement, transaction ID, UPI reference, screenshots, phone numbers, URLs, app details, emails, SMS alerts, cyber portal acknowledgement and bank complaint acknowledgement should be preserved.

9. What if the bank refuses refund?

Escalate to the bank’s nodal officer and then to the RBI Ombudsman mechanism, while also pursuing cyber complaint and FIR where criminal offences are involved. RBI’s Ombudsman FAQ refers to the limited-liability framework for unauthorised electronic banking transactions.

10. What is the biggest mistake after cyber fraud?

The biggest mistake is delay. Victims should immediately call 1930, notify the bank, preserve evidence and file a proper complaint because fund-freezing and recovery chances reduce with time.

Conclusion

Cyber fraud cases require speed, documentation and legal strategy. The victim should not treat cyber fraud as only a bank complaint or only a police complaint. Both tracks must move together.

The correct first response is: call 1930, file complaint on the National Cyber Crime Reporting Portal, notify the bank in writing, preserve evidence, and pursue FIR or court remedy where required. Legal provisions under the BNS and IT Act allow action against cheating, personation, identity theft and digital fraud. RBI’s customer-protection framework also becomes important where unauthorised electronic banking transactions are involved.

The law can help, but delay helps fraudsters. In cyber fraud, the first 24 hours are often decisive.

Disclaimer

This article is intended for general legal awareness and educational purposes only. It does not constitute legal advice, solicitation, advertisement or creation of an advocate-client relationship. Cyber fraud remedies depend on transaction type, reporting timeline, bank response, FIR status, evidence, customer conduct, police investigation, RBI guidelines, account-freezing status and facts of each case.

Cyber fraud in India should be reported immediately by calling 1930 and filing a complaint on the National Cyber Crime Reporting Portal at cybercrime.gov.in. Victims should also inform their bank in writing, take acknowledgement, preserve transaction IDs, screenshots, UPI references, bank statements, phone numbers, URLs and chat records. Cyber fraud may attract Bharatiya Nyaya Sanhita provisions such as Section 318 for cheating and Section 319 for cheating by personation, and Information Technology Act provisions such as Section 66C for identity theft and Section 66D for cheating by personation using computer resource. In unauthorised electronic banking transactions, RBI’s customer-liability framework places the burden of proving customer liability on the bank, making prompt reporting essential for refund or liability protection.
Cyber fraud in india
Freezing of Bank Account by Police in India: Legal Remedy, De-Freezing Procedure and Account Holder’s Rights

Leave a Comment

Your email address will not be published. Required fields are marked *