description="Fake BookMyShow, PVR and Inox lookalike sites and Telegram resellers vanish with your money. Verify domain, file NCRP 1930, recover under IT Act 66D and BNS 318." keywords="fake movie ticket scam, bookmyshow fake site, pvr inox scam, telegram ticket reseller, ncrp 1930, it act 66d, bns 318, ticket fraud india 2026"
You searched Avengers Doomsday IMAX tickets Mumbai on Friday night, clicked the top sponsored link, paid ₹2,400 for two seats on a site that looked exactly like BookMyShow, and got back a PDF that no theatre would scan on Saturday morning. The official BookMyShow URL is bookmyshow.com, the official Paytm one is insider.in, and any other domain claiming to sell that show is almost certainly a fraud you can chase under IT Act 2000 §66D, BNS 2024 §318, and IT Rules 2021 Rule 3(2)(b). This guide is the weekend-rescue version: what to do in the first ten minutes, the documents to collect, and the four parallel tracks (NCRP, payment chargeback, hosting takedown, consumer court) that actually return your money in 2026.
🟡 Tip 1: The real BookMyShow never asks for OTP on Telegram, never sells “leftover corporate seats” at 60% off, and never accepts payment to a personal UPI VPA ending in @okaxis or @ybl. Any of those three is a red flag on its own.
🟡 Tip 2: Run the suspect domain through whois.domaintools.com or who.is. Domains registered in the last 30 days with privacy guard and a registrar in Iceland or Panama are a textbook scam pattern. Save the WHOIS PDF; it goes into the NCRP attachment list.
🟡 Tip 3: Telegram “ticket reseller” channels with 40,000 members and zero negative reviews are bot-stuffed. Search the channel name on trai.gov.in/grievance and on Reddit r/india with the word “scam”; if there is even one prior complaint, walk away.
The four legitimate movie ticket aggregators in India in 2026 are bookmyshow.com, in.bookmyshow.com, insider.in (Paytm Insider), and district.in (Zomato District). PVR and INOX after their merger sell only through their own apps pvrcinemas.com and inoxmovies.com plus the four aggregators above. Anything else paytm-tickets.shop, bookmyshow-india.online, pvr-booking.in, inoxoffer.com is a lookalike. Type the URL by hand; do not trust the Google sponsored result, which scammers buy aggressively on Friday evenings.
A real BookMyShow checkout opens payments.bookmyshow.com or routes through a known PG (Razorpay, Juspay, PayU). A scam checkout shows a personal UPI handle, a static QR, or a “merchant name” that does not match (e.g. “RAHUL KUMAR ENTERPRISES” for an Avengers booking). The instant the merchant name looks wrong, abort. UPI app shows the payee name before you authorize; that one screen is your last free off ramp.
Resellers post real screenshots of real PVR seats, ask for half payment up front via UPI, share a “transferable QR” that is just a generated image, and block you. The QR is non transferable in BookMyShow's 2025 ToS update; the theatre scanner reads the booking ID, not the image. Avnish Bajaj v. State (NCT of Delhi) (2008) 150 DLT 769 is the foundational e commerce intermediary liability case in India and still cited in 2026 NCRP charge sheets when the platform (Telegram, here) ignores a takedown notice under IT Rules 2021 Rule 3(2)(b), which mandates removal of fraudulent content within 36 hours of a valid complaint.
Scam volume on fake ticket sites peaks 48 hours before a Friday tentpole release (Marvel, Pushpa, Salaar, KGF). I4C dashboard for FY 2025-26 shows a 4.2x spike in entertainment fraud reports in those 48 hour windows. If the show is sold out on the official aggregator and a “still available” listing pops up elsewhere at face value, treat it as a scam by default.
NCRP filing, bank dispute, registrar takedown, UPI app dispute. 70% of cases under ₹50,000 close at this tier when filed within 24 hours. If the bank says “we will investigate in 90 days,” push back and quote RBI circular RBI/2017-18/15 which mandates provisional credit within 10 working days for unauthorized electronic transactions where the customer is not at fault.
If the bank stalls, file a Banking Ombudsman complaint at rbi.org.in/Scripts/Complaints.aspx. If the payment app is uncooperative, NPCI dispute redressal at npci.org.in and a parallel complaint to the Reserve Bank Integrated Ombudsman Scheme 2021. If the hosting provider ignored the abuse report, escalate to CERT-In at [email protected] with the NCRP number; CERT-In has direct lines to international registrars under IT Act §70B.
District Consumer Commission under CPA 2019 §35 (pecuniary jurisdiction up to ₹50 lakh, fee ₹100 to ₹500). Parallel §156(3) BNSS application to the local Magistrate to compel FIR registration if police are sitting on the cyber cell complaint. For losses above ₹2 lakh, a writ in the High Court under Article 226 seeking direction to the bank and police is realistic; courts in 2025-26 have been issuing these freely in cyber fraud matters citing the Avnish Bajaj line of cases.
To,
The Officer in Charge,
National Cyber Crime Reporting Portal
(cybercrime.gov.in, Helpline 1930)
Subject: Online financial fraud through fake movie ticket booking website
Loss: ₹___ on [date] at [time IST]
Sir / Madam,
1. On [date] at approximately [time], I attempted to book [number]
tickets for the film "[movie name]" at [theatre, city] for the
show on [show date and time].
2. I clicked a sponsored search result that led to the domain
[fraudulent URL] which appeared visually identical to
bookmyshow.com / pvrcinemas.com / inoxmovies.com.
3. I made a payment of ₹[amount] via [UPI / debit card / net banking]
to [merchant name as it appeared / UPI VPA / card payee].
Transaction reference: [UTR / RRN / UPI ref no].
4. The confirmation PDF received by email (attached) was rejected at
the theatre box office on [date]. The theatre confirmed that no
such booking exists in their system.
5. Subsequent attempts to contact [seller / Telegram channel /
helpline number on the fake site] failed; the chat was deleted
and the number is unreachable.
6. The conduct constitutes an offence under:
(a) Section 66D, Information Technology Act 2000
(cheating by personation using a computer resource);
(b) Section 318, Bharatiya Nyaya Sanhita 2024 (cheating);
(c) Rule 3(2)(b), IT (Intermediary Guidelines and Digital Media
Ethics Code) Rules 2021, against the hosting intermediary;
(d) Section 17, Consumer Protection Act 2019, for unfair trade
practice and deficiency in service.
7. I request:
(a) registration of an FIR / cyber complaint;
(b) freezing of the beneficiary account / UPI VPA;
(c) takedown notice to the registrar and hosting provider of the
fraudulent domain;
(d) refund of ₹[amount] with interest and compensation.
8. Documents attached: screenshots, payment proof, WHOIS extract,
chat logs, ID proof, address proof.
I confirm the above is true to the best of my knowledge.
Yours faithfully,
[Name]
[Mobile, Email]
[Date, Place]
To,
The Central Public Information Officer
Indian Cyber Crime Coordination Centre (I4C)
Ministry of Home Affairs
Government of India
North Block, New Delhi 110001
Application under Section 6, Right to Information Act 2005
1. Please provide the status of NCRP complaint number ______ filed on
[date] regarding online financial fraud through a fake movie ticket
booking website.
2. Please provide:
(a) the name and designation of the investigating officer;
(b) the date on which the complaint was forwarded to the
jurisdictional state cyber cell and the reference number;
(c) action taken on freezing / lien marking of the beneficiary
account;
(d) status of takedown notice issued under IT Rules 2021 Rule 3(2)
to the hosting and registrar entity, with copies of the notices
issued and replies received;
(e) aggregated FY 2025-26 data on entertainment / ticket booking
fraud complaints, total reported loss, and recovery rate.
3. I enclose the prescribed fee of ₹10 by IPO / DD / online challan.
4. I am a citizen of India.
[Name]
[Address, Mobile, Email]
[Date, Place]
File the same RTI in parallel with the state cyber cell PIO (state police HQ) and with CERT-In when the takedown is delayed beyond 72 hours.
Where the merchant is identifiable (some fake sites are run by lazy fraudsters using their real GSTIN or a registered private limited shell), a parallel Consumer Protection Act 2019 complaint is the highest yield civil track. District Commission has jurisdiction up to ₹50 lakh in pecuniary value (post 2021 amendment), filing fee is ₹100 for claims up to ₹5 lakh. Sections to plead: §2(11) deficiency, §2(47) unfair trade practice, and §39 for the relief menu (refund, compensation, punitive damages, costs). National Insurance Co Ltd v. Hindustan Safety Glass Works Ltd principles on burden of proof against the service provider apply. Add the payment gateway as a co opposite party where it processed the transaction without due diligence; Amazon Seller Services v. Modicare lineage holds intermediaries to the standard of care under §2(17).
No. The genuine platform is the victim too of trademark abuse. Its only obligation is to act on a takedown notice under IT Rules 2021 Rule 3(2) when you formally serve one through your lawyer or via the NCRP. Liability sits with the operator of the fake domain and, secondarily, with the hosting and registrar if they ignore a valid notice.
Yes, if you raise the dispute within 3 days under NPCI's UPI dispute resolution rules. Provisional credit is mandated by RBI within 10 working days where the customer is not at fault. The bank will lien the beneficiary account if NCRP has flagged it.
IT Act 2000 §75 is extraterritorial: any offence involving a computer or network located in India is triable in India regardless of the offender's location. Telegram has been responding to MeitY notices in 2025-26 after the precedent set in pan India enforcement actions; persistent non compliance triggers safe harbour loss under §79 read with Rule 3(1)(b).
Partially. The theatre is correct that they cannot honour a fake QR. But the theatre's legitimate URL is your evidence anchor: ask the manager to email a one line confirmation that “no booking exists in our system against ID [booking ID]” on letterhead. That one email closes the chargeback in your favour.
Yes. The aggregate enables the takedown. I4C combines low value reports against the same domain or VPA into a single investigation; your ₹600 plus 4,000 others becomes a ₹24 lakh case that gets prosecuted. Reporting is also the only way the fake site gets de indexed from Google.
Yes, with the highest success rate. Card disputes under reason code 13.1 “services not provided” are mandated by Visa and Mastercard rules; the issuing bank must raise the chargeback and the merchant has 45 days to defend. Most fake merchants do not respond, so the chargeback wins by default.
No. Complainant identity is protected under IT Act §72 (privacy of electronic records). The FIR, if registered, becomes part of the public record but redaction is available on request to the SHO citing the privacy provision and Puttaswamy privacy doctrine.
File an RTI to CERT-In asking for the registrar disclosure and to the state cyber cell for the Section 91 BNSS notice issued to the payment processor. The KYC of the beneficiary account, even if mule, gives the police the entry point. Avnish Bajaj established that intermediaries must preserve logs; that preservation is your evidence.
Movie tickets are an emotional purchase: a Friday night, a friend in town, a kid who saw the trailer. Scammers know that and price the fake listings just below the real ones to bait the rushed click. The defence is boring and effective: type the URL, check the merchant name, save every screen, and file all four tracks the same evening. If you are reading this at 11 pm on a Saturday after a denied entry, you are not alone. The Citizen Crisis Response Network (CCRN) at righttoinformation.wiki/help/citizen-crisis-response-network has the weekend roster of cyber cell SHOs, ombudsman duty officers, and consumer helpline supervisors who actually pick up the phone. Use it.