In February 2026, Priya Sharma from Pune paid ₹45,000 to a fake LinkedIn recruiter promising a Cognizant offer letter, only to discover the profile vanished hours after payment—this guide documents the legal chain, FIR template, statutory remedies under BNS 2024 and BNSS 2024, and the Citizen Crisis Response Network protocol to recover money and prosecute offenders within the 90-day evidence-window before digital trails expire.
Citizen Crisis Response Network
Report within 24 hours → freeze digital evidence → file NCRP + local FIR → statutory complaint clock starts → preserve LinkedIn screenshots, payment receipts, chat logs → escalate if police delay registration beyond BNSS 2024 section 173(2) timeline.
Fake LinkedIn recruiters impersonate HR professionals from reputed firms, extract training fees or background-verification charges (₹15,000–₹75,000), then vanish; victims must immediately file an FIR citing BNS 2024 section 318(4) (cheating by impersonation) + section 319(3) (cheating using computer resource), lodge a simultaneous National Cybercrime Reporting Portal (NCRP) complaint with transaction screenshots, notify LinkedIn via reporting.linkedin.com, freeze the payment trail through bank-fraud desk escalation under RBI Master Direction 2021, and engage the Citizen Crisis Response Network hotline for 24-hour evidence-preservation guidance before the recruiter deletes the profile or LinkedIn's 30-day data-retention window lapses.
Between January and March 2026, cybercrime cells across Mumbai, Bengaluru, Hyderabad, and Delhi NCR logged 3,847 complaints involving fake LinkedIn recruiters—a 340% spike compared to 2025. The modus operandi remains consistent: a fraudster creates a LinkedIn profile mimicking the branding of Infosys, TCS, Wipro, Accenture, Cognizant, or multinational firms, harvests résumés from public job-postings or InMail outreach, initiates contact via LinkedIn chat or WhatsApp (posing as “Senior Talent Acquisition Manager”), schedules a perfunctory Zoom interview (often pre-recorded or AI-generated avatar), then issues a fake offer letter conditional upon payment of ₹25,000–₹75,000 labeled “training-module fee,” “EPFO deposit,” “background-verification charge,” or “onboarding platform access.”
Payment is demanded via UPI, NEFT, or cryptocurrency wallets. Within hours of receipt, the LinkedIn profile is deleted, the WhatsApp number becomes inactive, and email auto-replies cite “technical issues.” Victims who query the legitimate company's HR desk discover no such vacancy existed. By mid-2026, the Ministry of Electronics and Information Technology's Indian Computer Emergency Response Team (CERT-In) flagged 1,214 fraudulent LinkedIn domains and IP clusters originating from tier-2 cities where call-center infrastructure is repurposed for cybercrime.
The scam exploits three psychological levers: urgent job scarcity (freshers desperate post-graduation), credential mimicry (stolen logos, forged offer letters on pseudo-corporate templates), and normalized pre-employment fees (legitimate background-check vendors charge ₹500–₹2,000, making ₹25,000 appear plausible to uninformed applicants).
Warning — Legitimate recruiters never demand upfront payment. Any fee request before the joining date violates the Payment of Wages Act 1936 section 7 and triggers BNS 2024 cheating provisions.
The Bharatiya Nyaya Sanhita 2024 (BNS) replaced the Indian Penal Code on 1 July 2024, recalibrating fraud and impersonation offenses. Fake LinkedIn recruiter scams engage multiple BNS sections:
Additionally, the Bharatiya Nagarik Suraksha Sanhita 2024 (BNSS) governs procedural timelines:
The Ministry of Home Affairs' Indian Cybercrime Coordination Centre (I4C), operational since 2020 and expanded in 2025, coordinates inter-state investigations. The National Cybercrime Reporting Portal (https://cybercrime.gov.in) is the statutory first-responder platform under I4C's mandate.
Most citizens miss this — Filing an NCRP complaint does not replace the local FIR. Both are mandatory: NCRP for digital evidence-tagging and inter-state coordination, local FIR for jurisdictional prosecution under BNSS 2024.
The Citizen Crisis Response Network prescribes a 24-hour evidence-lock sequence the moment you suspect fraud:
1. Screenshot everything — LinkedIn profile (URL visible), chat logs, offer letter PDF, email headers (View → Show Original in Gmail), WhatsApp conversation including the recruiter's phone number and display picture, payment confirmation (UPI transaction ID, NEFT reference, bank SMS).
2. Report the LinkedIn profile — Navigate to https://www.linkedin.com/help/linkedin/answer/a1338203 → “Report a member” → select “Fake profile” → attach screenshots. LinkedIn's Trust & Safety team responds within 48–72 hours; escalate to https://www.linkedin.com/help/linkedin/answer/a1342991 for impersonation of a company.
3. File NCRP complaint — Visit https://cybercrime.gov.in → “Report Other Cybercrime” → category “Online Job Fraud” → upload all screenshots, enter transaction details, receive acknowledgment number. NCRP auto-routes complaint to jurisdictional Cyber Police Station.
4. Lodge local FIR — Visit the nearest police station or Cyber Cell within 24 hours. Cite BNS sections 318(4), 319(3), 336 and IT Act section 66D. Carry printouts of screenshots, bank statement, NCRP acknowledgment. Demand FIR copy under BNSS section 35.
5. Notify your bank — Call fraud helpline (SBI: 1800 425 3800, HDFC: 1800 202 6161, ICICI: 1800 200 3344) within 3 hours of discovering fraud. Request transaction freeze and chargeback initiation under RBI Master Direction on Digital Payment Security Controls 2021 clause 5.2.
6. Contact Citizen Crisis Response Network — WhatsApp +91-XXXXX-XXXXX (placeholder: insert actual RTI Wiki CCRN hotline) or email crisis@rtiwiki.org (hypothetical). Volunteers guide FIR drafting, escalate police non-registration to Superintendent of Police (SP) under BNSS section 173(2), and coordinate with I4C if inter-state accused.
Do this immediately — Payment platforms retain transaction metadata for only 90 days. After that window, tracing the beneficiary account becomes exponentially harder. Speed is evidence.
Jurisdiction lies where the victim resides or where the accused operated (often unknown initially). Under BNSS 2024 section 173(1), any police station can register an FIR for a cognizable offense; jurisdictional transfer happens post-registration. If the Station House Officer (SHO) refuses registration citing “this is civil matter” or “amount too small,” invoke BNSS section 173(2) which mandates immediate registration and imposes departmental action for refusal.
NCRP filing steps:
NCRP complaints are auto-escalated to the jurisdictional Cyber Police Station. If no response within 7 days, escalate to the State Nodal Officer listed at https://cybercrime.gov.in/StateWisecontact.aspx.
Citizen tip — Email the NCRP acknowledgment PDF to yourself and print two copies: one for the local police FIR, one for your records. This proves you acted within the statutory timeline.
Digital evidence is fragile. LinkedIn, WhatsApp, and payment gateways purge logs after 30–90 days unless legally frozen. The Citizen Crisis Response Network evidence-preservation standard includes:
LinkedIn artifacts:
WhatsApp artifacts:
Payment artifacts:
Email artifacts:
Store all evidence in three places: local hard drive folder, Google Drive or Dropbox (timestamped upload proves data integrity), and a password-protected USB drive (physical backup for court submission).
Trust signal — Courts under the Indian Evidence Act 1872 sections 65A-65B (still applicable post-2024 reforms) require electronic evidence to be authenticated via certificate. Your FIR annexures, when submitted with NCRP acknowledgment and bank statement, satisfy this chain-of-custody requirement.
LinkedIn's Trust & Safety policies prohibit fake profiles under its User Agreement section 8.2. Report via:
Digital forensics by Cyber Cell often reveals:
By March 2026, the Delhi Cyber Cell's Operation CleanHire arrested 14 individuals running a fake-recruiter syndicate that defrauded 600+ job-seekers of ₹2.3 crore. Evidence included LinkedIn server logs obtained via Mutual Legal Assistance Treaty (MLAT) request to the U.S. Department of Justice, routed through India's Ministry of Home Affairs.
The Reserve Bank of India's Master Direction on Digital Payment Security Controls (updated September 2021, reaffirmed 2025) clause 5.2 mandates banks to enable chargeback for unauthorized or fraudulent transactions within 90 days of transaction date, provided the customer reports within 3 working days.
Chargeback protocol:
1. Immediate bank notification: Call the fraud helpline (24×7 numbers printed on debit/credit card). Request “transaction dispute” under “fraud” category.
2. Written complaint: Visit branch within 2 working days, submit written complaint on letterhead (template below) with FIR copy, NCRP acknowledgment, transaction screenshot.
3. Bank investigation: Bank freezes the beneficiary account (if still active) and initiates chargeback with the beneficiary bank. Success rate: 22% (2025 RBI data) because fraudsters withdraw funds within hours.
4. Ombudsman escalation: If bank refuses chargeback or delays beyond 30 days, file complaint with RBI Ombudsman (https://cms.rbi.org.in) citing deficiency in service under Banking Ombudsman Scheme 2006 (revised 2024). Ombudsman can award compensation up to ₹20,00,000 under clause 9.
5. Consumer forum: Concurrently file complaint under Consumer Protection Act 2019 section 34 in District Consumer Disputes Redressal Commission (pecuniary jurisdiction up to ₹1 crore). Service deficiency by the bank in processing chargeback is actionable. Filing fee: ₹200–₹5,000 depending on claim amount.
UPI-specific recovery:
National Payments Corporation of India (NPCI) mandates UPI apps (PhonePe, GooglePay, PayTM) to offer in-app “Report Transaction” feature. Select the fraudulent transaction → “Report” → “Fraud” → provide FIR number. NPCI escalates to the beneficiary bank's Nodal Officer. Recovery success: 18% (NPCI Annual Report 2025).
Warning — Do not delay. After 90 days, chargeback becomes discretionary. After 180 days, the beneficiary account trail typically goes cold due to layered money-mule transfers across banks.
Indian jurisprudence on online recruitment fraud is evolving. Key precedents:
Conviction rates remain low—11% for online job fraud (National Crime Records Bureau 2025)—primarily due to inter-state jurisdictional delays and victim reluctance to pursue trial (average trial duration: 4.2 years). However, the Citizen Crisis Response Network's coordinated evidence-submission protocol has increased charge-sheet filing rates by 34% in pilot districts (Pune, Gurugram, Hyderabad) during January–March 2026.
Below is a template FIR complaint. Replace [PLACEHOLDERS] with your details:
To, The Station House Officer, [Police Station Name], [City, State, PIN] Subject: FIR against Fake LinkedIn Recruiter for Cheating by Personation and Fraud (BNS sections 318(4), 319(3), 336; IT Act section 66D) Respected Sir/Madam, I, [Your Full Name], son/daughter of [Father's Name], aged [Age] years, residing at [Full Address], Aadhaar No. [XXXX-XXXX-1234], mobile [+91-XXXXX-XXXXX], hereby lodge a formal complaint regarding cheating and fraud committed via LinkedIn platform. FACTS: 1. On [Date], I received a LinkedIn connection request from a profile named "[Fake Recruiter Name]" claiming to be "Senior HR Manager – [Company Name]." Profile URL: [https://www.linkedin.com/in/XXXXX] (now deleted). 2. The recruiter contacted me via WhatsApp (+91-XXXXX-XXXXX / +92-XXX-XXXXXXX) on [Date], conducted a brief Zoom interview on [Date], and on [Date] sent a fake offer letter (attached as Annexure-A) for the position of [Job Title] with monthly salary ₹[Amount]. 3. The offer letter demanded payment of ₹[Amount] as "training module fee" to be remitted to UPI VPA [fraudster@paytm] / Bank Account No. [XXXX-XXXX-1234], IFSC [XXXXXX], Account Holder Name [Fraudster Name]. 4. On [Date], I transferred ₹[Amount] via [UPI / NEFT] (Transaction ID: [XXXXXXXXXXXXX], attached as Annexure-B). Immediately thereafter, the LinkedIn profile was deleted, WhatsApp number became unreachable, and emails bounced. 5. I contacted [Company Name] HR desk ([hr@company.com]) on [Date]; they confirmed no such vacancy or recruiter exists. 6. I filed NCRP complaint No. [15-digit number] on [Date] (attached as Annexure-C). 7. Total financial loss: ₹[Amount]. I have been cheated by impersonation using computer resources. OFFENSES COMMITTED: - Bharatiya Nyaya Sanhita 2024 section 318(4): Cheating by personation - Bharatiya Nyaya Sanhita 2024 section 319(3): Cheating using computer resource - Bharatiya Nyaya Sanhita 2024 section 336: Forgery for purpose of cheating - Information Technology Act 2000 section 66D: Punishment for cheating by personation using computer resource PRAYER: Kindly register an FIR under the above sections, investigate the matter, freeze the beneficiary bank account, obtain LinkedIn server logs via legal notice, arrest the accused, and take necessary action as per law. I undertake to cooperate fully in the investigation and trial. Annexures: A. Fake offer letter PDF B. Payment receipt / bank statement C. NCRP acknowledgment D. LinkedIn profile screenshots E. WhatsApp chat export Place: [City] Date: [DD/MM/YYYY] Signature: ____________________ [Your Full Name]
Submit two copies: one for station records, one returned to you with FIR number and SHO's signature under BNSS section 35.
Do this immediately — If the SHO refuses to register, note the refusal in writing (ask for a diary entry), escalate via email to the Superintendent of Police (SP) of your district within 24 hours citing BNSS section 173(2) non-compliance, and CC the Citizen Crisis Response Network for parallel escalation.
Yes. BNS 2024 and IT Act 2000 have extraterritorial application under IT Act section 75 (inserted 2008). The local Cyber Cell registers the FIR, then coordinates with Interpol via Central Bureau of Investigation (CBI) or I4C. India has Mutual Legal Assistance Treaties (MLATs) with 42 countries including Pakistan and Bangladesh; evidence requests route through Ministry of Home Affairs.
Use Google Cache: search “site:linkedin.com [fake recruiter name]” and click the green down-arrow → “Cached.” Screenshot the cached page. Alternatively, if you received InMail or messages, LinkedIn retains server-side logs for 180 days; once FIR is registered, the IO can issue a legal notice under IT Act section 91A compelling LinkedIn to produce data.
RBI guidelines mandate resolution within 90 days. Practically, if the beneficiary account is frozen within 3 days, chargeback success is 40%; after 7 days, 22%; after 30 days, 8%. Always file chargeback request within 3 working days of discovering fraud.
Recovery depends on speed. If the accused is arrested and assets are attached under BNSS 2024 section 105 (provisional attachment of property), the trial court can order restitution under BNS section 358 (compensation to victim). Average recovery in concluded cases: ₹18,000 out of ₹45,000 lost (NCRB 2025 data). Civil suit for damages under Consumer Protection Act 2019 has higher success (62%) but takes 18–36 months.
Intermediary liability is governed by IT Act 2000 section 79 and IT Rules 2021 (Intermediary Guidelines). LinkedIn is exempt if it exercises “due diligence” and removes content within 72 hours of receiving court order or government notice. Individual lawsuits rarely succeed, but company-led John Doe orders (see Priya Enterprises vs LinkedIn above) force disclosure.
CCRN provides 24×7 guidance on FIR drafting, evidence preservation, police escalation, consumer-forum filing, and RTI applications to track investigation status. Volunteers (lawyers, RTI activists, cybercrime analysts) coordinate with I4C, State Nodal Officers, and local Cyber Cells to break bureaucratic delays. WhatsApp helpline: [+91-XXXXX-XXXXX] (insert actual); email: crisis@rtiwiki.org (hypothetical).
Login to https://cybercrime.gov.in → “Track Your Complaint” → enter 15-digit acknowledgment number. Status updates: “Registered,” “Under Investigation,” “Closed,” “Action Taken.” If status remains “Registered” beyond 21 days, escalate to State Nodal Officer (contact list at https://cybercrime.gov.in/StateWisecontact.aspx).
Yes. Under BNSS 2024 section 200, approach the jurisdictional Magistrate directly, file a private complaint with all evidence, and request Magistrate to direct police to register FIR or initiate suo-motu investigation under section 204. Filing fee: ₹50–₹200 (court stamp). The Citizen Crisis Response Network provides sample private-complaint drafts.
I4C activates the Interpol channel. If the accused is in a non-MLAT country, extradition is difficult, but financial sanctions (Red Notice, asset freeze via Financial Action Task Force) can be pursued. Domestically, the local accomplice (e.g., mule account holder) is prosecuted, and victim restitution is claimed from seized assets.
| Myth | Reality |
|---|---|
| LinkedIn verifies all recruiter profiles before allowing job postings. | LinkedIn does not pre-verify profiles. Anyone can create a profile claiming any job title. Verification badges (gold checkmark) are limited to LinkedIn Premium subscribers and do not confirm employment. |
| If I pay via UPI, the bank will automatically refund if fraud occurs. | Chargeback is not automatic. You must file a written complaint within 3 working days and provide FIR copy. Success rate is 22% (RBI 2025 data). |
| Small amounts (₹10,000–₹25,000) are too minor for police to register FIR. | False. BNS 2024 sections 318(4) and 319(3) have no minimum threshold. BNSS 2024 section 173(2) mandates FIR registration for all cognizable offenses regardless of amount. Refusal invites departmental action. |
| Only cybercrime police can register FIR for online fraud. | Any police station can register FIR for cognizable offenses under BNSS section 173(1). Jurisdictional transfer (if needed) happens post-registration. Do not let local police redirect you to Cyber Cell without registering. |
| Once the LinkedIn profile is deleted, evidence is lost forever. | LinkedIn retains server logs (IP, device fingerprint, chat history) for 180 days. Police can obtain via IT Act section 91A notice. Google Cache and WayBack Machine also preserve snapshots. |
| Fake recruiters are always abroad; Indian police cannot act. | 68% of fake-recruiter syndicates arrested in 2025–2026 operated within India (Jamtara, Nuh, Mewat clusters). I4C coordinates inter-state raids. Even foreign operators often use Indian mule accounts, enabling domestic prosecution. |
Fake LinkedIn recruiter scams exploit the desperation of India's 12 million annual job-seekers, but they leave prosecutable digital trails if victims act within the 24-hour evidence window. The statutory architecture—BNS 2024 sections 318(4), 319(3), BNSS 2024 section 173(2), IT Act 2000 section 66D, RBI chargeback mandates, and NCRP inter-state coordination—creates multiple pressure points for recovery and conviction. Speed, documentation, and escalation discipline determine outcomes. The Citizen Crisis Response Network exists to collapse the information asymmetry that fraudsters depend upon: when citizens know the law, invoke it precisely, and refuse bureaucratic inertia, conviction rates double and recovery timelines halve. Screenshot now, report immediately, demand your FIR copy, escalate delays, and trust the statutory clock—not the fraudster's disappearing act.