Pune, March 2026: Anita Deshmukh paid ₹8,500 as “document processing charges” to a LinkedIn recruiter promising her a ₹9 lakh analyst role at a multinational bank—the offer letter was fake, the recruiter vanished, and the bank confirmed no such vacancy existed.
Citizen Crisis Response Network
Any legitimate employer covers its own recruitment costs. If a recruiter asks you to pay registration, processing, training, or verification fees before joining, you are facing a pay-to-apply scam. Verify identity, check domains, and never transfer money to personal accounts.
A pay-to-apply job scam works when fraudsters pose as recruiters, send fake offer letters, and demand upfront fees for document processing, background verification, onboarding kits, or training. Verify the recruiter by (1) checking the email domain matches the official company website, (2) calling the company HR on the number listed on their website—not the one in the email, (3) searching the recruiter's name and phone on truecaller or LinkedIn, (4) refusing any payment request before your first salary, (5) reporting suspicious offers to the National Cybercrime Reporting Portal, (6) filing an FIR under Section 318(4) BNS 2024 (cheating by personation using computer resource), and (7) alerting your bank immediately if you transferred money.
The fraudster creates a profile on LinkedIn, Naukri, Indeed or WhatsApp, often copying the name and photo of a real HR manager. They scrape your resume from job portals, send you an unsolicited email or message claiming your profile has been shortlisted, attach a convincing offer letter with company logo, salary breakup, and joining date, then ask you to pay a “refundable security deposit,” “document courier charges,” “e-verification fee,” or “training module access fee.” Once you transfer ₹2,000 to ₹25,000 via UPI, NEFT or payment gateway, the recruiter blocks you. The offer letter PDF contains a fake HR signature, a Gmail or generic domain email, and no verifiable employee ID. The scam thrives because job seekers, especially fresh graduates and migrants, feel pressured by tight deadlines (“confirm within 24 hours or offer lapses”) and the recruiter's polished language creates false trust.
Warning — Scammers exploit urgency. Any recruiter who pressures you to pay “today” or “lose the opportunity” is running a fraud operation.
According to the Ministry of Home Affairs Cybercrime Analytics Dashboard (cybercrime.gov.in), employment fraud complaints rose 34% in 2024, with median reported losses of ₹12,400 per victim. Many cases go unreported because victims feel embarrassed or believe small amounts will not trigger police action. Section 318(4) of the Bharatiya Nyaya Sanhita 2024 criminalizes cheating by personation using a computer resource, punishable with imprisonment up to seven years and fine. The offence is cognizable, meaning police must register an FIR without requiring a magistrate's order.
Email domain mismatch. Legitimate companies use corporate domains—@company.com, @companyindia.co.in. Fraudsters use Gmail, Yahoo, Outlook, Protonmail, or lookalike domains (infosyshr@gmail.com, tcs-recruitment@outlook.com). Always cross-check the sender domain against the official company website.
Unprofessional offer letter. Real offer letters carry the company's registered address, CIN number, authorized signatory designation, employee code of the issuing HR, and conditional clauses (background verification pending, medical clearance required). Fake letters omit these, use generic greetings (“Dear Candidate”), contain spelling errors, and lack watermark or digital signature.
Request for payment. No Indian or multinational employer asks candidates to pay registration fees, courier charges, verification charges, bond security, or training fees before the first day of work. Any upfront payment demand is a fraud indicator.
Unrealistic salary and instant selection. A ₹8 lakh package for a fresher data entry role, selection after a 10-minute phone call with no technical round, immediate offer without reference checks—these are bait tactics.
Unverifiable recruiter identity. The recruiter's LinkedIn profile was created last month, has fewer than 50 connections, no mutual connections with company employees, and the profile photo is a stock image reverse-searchable on Google Images.
Pressure tactics and urgency. “Pay ₹5,000 today or we move to the next candidate,” “Limited slots available,” “Offer valid for 6 hours”—these are psychological manipulation techniques.
Most citizens miss this — Always call the company's official switchboard (find the number on their investor relations page or About Us section) and ask to be transferred to HR. Do not call numbers mentioned in the offer email.
1. Cross-check the email domain. Visit the company's official website. Navigate to the Careers or Contact Us page. Compare the domain. If the email is from @gmail.com but the company website is @infosys.com, it is fake.
2. Call the company HR directly. Use the phone number on the company's official website—not the one in the recruiter's email. Ask: “I received an offer letter dated [date] from [recruiter name]. Can you confirm this person works in your recruitment team and that the offer reference number [number] is valid?”
3. Verify recruiter on LinkedIn. Check profile creation date (if less than six months old, be cautious), review work history (does it match the company they claim to represent?), look for mutual connections, check for employee badge or company verification mark, and search their name in quotation marks on Google with the company name to see if any fraud alerts appear.
4. Inspect the offer letter PDF metadata. Right-click the PDF, select Properties or Document Properties. Check Author, Creator, and Creation Date. Many fake letters show PDF creators like “WPS Office” or “Free PDF Converter,” and author names that do not match the issuing company.
5. Search for complaints. Google “[recruiter name] + scam,” “[company name] + fake offer letter,” “[phone number] + fraud.” Check Truecaller comments, Reddit threads on r/Indian_Academia, Quora, and Twitter.
6. Refuse any payment. If asked for money, immediately stop communication. Do not argue or try to negotiate. Block the number and email.
7. Report to NCRP. File a complaint at cybercrime.gov.in even if you did not lose money. Early reporting helps police track patterns and prevents the fraudster from targeting others.
Do this immediately — If you already paid, take screenshots of all messages, payment confirmations, offer letter, and recruiter profile before the fraudster deletes their account.
Bharatiya Nyaya Sanhita 2024, Section 318(4): Cheating by personation using computer resource. Whoever cheats by personating through electronic communication or computer resource shall be punished with imprisonment up to seven years and liable to fine. This section applies directly to fraudsters impersonating legitimate company HR personnel via email, WhatsApp, or LinkedIn.
Bharatiya Nyaya Sanhita 2024, Section 319: Cheating by personation. Covers offline impersonation but is often charged alongside Section 318(4) in hybrid scams where the fraudster also makes phone calls.
Information Technology Act 2000, Section 66D: Punishment for cheating by personation using computer resource. Though BNS 2024 supersedes IPC 1860, Section 66D of IT Act 2000 remains in force and is often cited in cybercrimes. Maximum punishment: three years and fine up to ₹1 lakh.
Bharatiya Nagarik Suraksha Sanhita 2024, Section 173(3): Registration of FIR in cognizable offences. Police must register an FIR for cognizable offences like cheating. Refusal to register an FIR is itself an offence under Section 176 BNSS 2024.
Consumer Protection Act 2019, Section 2(7): “Unfair trade practice.” Employment fraud falls under unfair trade practice when fraudsters misrepresent services. Victims can file a complaint with the District Consumer Disputes Redressal Commission for compensation up to ₹1 crore, plus costs.
Citizen tip — When filing an FIR, cite both BNS 2024 Section 318(4) and IT Act Section 66D. This ensures the case is registered under cyber laws and routed to the Cyber Crime Police Station.
Step 1: File online complaint on National Cybercrime Reporting Portal. Visit https://cybercrime.gov.in. Click “Report Cybercrime.” Select category: “Online Financial Fraud → Other.” Provide details: date of fraud, recruiter name, phone, email, amount lost, bank account/UPI ID to which you transferred money, transaction ID, screenshots. The portal generates an acknowledgment number. Save it.
Step 2: Simultaneous FIR at local Cyber Crime Police Station. Within 24 hours of online complaint, visit your district Cyber Crime Police Station with printouts of NCRP acknowledgment, offer letter, chat screenshots, payment receipt, and identity proof. Request FIR under BNS Section 318(4) and IT Act Section 66D. If the officer refuses, invoke Section 173(3) BNSS 2024 and ask for written reasons. If still refused, approach the Superintendent of Police (Cyber) or file a private complaint before the Judicial Magistrate First Class under Section 223 BNSS 2024.
Step 3: Report to your bank. Call your bank's fraud helpline (SBI: 1800 425 3800, ICICI: 1860 120 7777, HDFC: 1800 202 6161). Report unauthorized transaction, request chargeback if payment was via credit card, ask for account freeze of recipient account. Email a written complaint to the bank's nodal officer (name and email available on bank website under grievance redressal). Mention NCRP complaint number and FIR number (once obtained).
Step 4: Report to payment gateway or UPI app. If you paid via Paytm, PhonePe, Google Pay, or Razorpay, report fraud in-app: go to transaction history, select the transaction, click “Report Issue” or “Report Fraud.” Payment apps are required under RBI's Payment and Settlement Systems Act 2007 to cooperate with law enforcement.
Step 5: Inform the impersonated company. Email the company's official HR or Legal/Compliance team. Subject: “Fraud alert: Fake recruiter impersonating your company.” Attach evidence. Many companies publish fraud alerts on their careers page, which helps other job seekers.
Trust signal — Filing a complaint on NCRP auto-generates a ticket to the Indian Cyber Crime Coordination Centre (I4C), which coordinates with state police, banks, and intermediaries for fund freezing and suspect identification.
Use this template when filing your NCRP complaint or written FIR application:
To The Station House Officer Cyber Crime Police Station [City/District] Subject: Complaint regarding online job offer scam and cheating by personation – Section 318(4) BNS 2024 and Section 66D IT Act 2000 Sir/Madam, I, [Your Full Name], aged [Age], residing at [Full Address], Aadhaar No. [Aadhaar], Mobile No. [Mobile], email [Email], hereby lodge the following complaint: 1. On [Date], I received a job offer email from [Recruiter Name] ([Email Address]) claiming to represent [Company Name]. The email contained an offer letter (attached) for the position of [Position], salary ₹[Amount] per annum, joining date [Date]. 2. The recruiter instructed me to pay ₹[Amount] as "document processing charges" to confirm acceptance. Trusting the legitimacy, I transferred the amount on [Date] via [UPI/NEFT/IMPS] to [Recipient Name], Account No. [Account Number], IFSC [IFSC Code], Transaction ID [Transaction ID]. 3. After payment, the recruiter became unreachable. I contacted [Company Name] via their official website and was informed that no such offer was issued and the recruiter is not an employee. 4. The fraudster impersonated a legitimate company employee using computer resources (email, fake offer letter PDF) to cheat me. This constitutes an offence under Section 318(4) of the Bharatiya Nyaya Sanhita 2024 and Section 66D of the Information Technology Act 2000. 5. I have filed an online complaint on the National Cybercrime Reporting Portal (Acknowledgment No. [Number], dated [Date]) and reported the transaction to my bank ([Bank Name], Complaint Ref. [Number]). 6. I request you to register an FIR, investigate, freeze the recipient bank account, identify and arrest the accused, and initiate proceedings for recovery of the defrauded amount and appropriate punishment. Enclosures: - Copy of fake offer letter - Screenshots of email and WhatsApp chats - Payment receipt/transaction confirmation - NCRP acknowledgment - Identity proof (Aadhaar/PAN) Place: [City] Date: [Date] Signature [Your Name]
Citizen tip — Always keep three printed copies: one for police station, one for your records, and one for mailing to the Superintendent of Police if the local station delays registration.
Immediate police action. Cyber Crime Police Station registers FIR (if evidence is clear), assigns investigating officer, and forwards account details to the bank's nodal officer with a request to freeze the recipient account under Section 102 BNSS 2024 (power to seize property suspected to be stolen or used in an offence).
Fund tracing. Banks respond within 24–72 hours. If the fraudster has not withdrawn money, the account is frozen and balance is preserved as case property. If money was withdrawn or transferred further (layering), the trail is traced through multiple banks using the Indian Cyber Crime Coordination Centre's cyber fraud mitigation system.
Suspect identification. Investigating officer issues summons to the bank for KYC documents of account holder, requests call detail records (CDR) from telecom operators, and analyzes email headers (via court order to Google/Yahoo) to identify IP addresses and device IDs.
Arrest and charge sheet. If the suspect is identified and located, police execute arrest under Section 35 BNSS 2024 (arrest for cognizable offence). The accused is produced before a magistrate within 24 hours. Police file charge sheet within 60–90 days.
Trial and compensation. If convicted, the court may order the accused to pay compensation to the victim under Section 396 BNSS 2024 (compensation to victim), in addition to fine and imprisonment. Victims can also file a separate civil suit for damages.
Most citizens miss this — You can track your NCRP complaint status online using the acknowledgment number. Login to cybercrime.gov.in and check updates on fund recovery and case progress.
Chargeback for credit card transactions. If you paid via credit card, contact your card issuer within 90 days and request a chargeback under “Fraud – Card Not Present Transaction” or “Services Not Rendered.” Banks follow RBI's Master Direction on Credit Card and Debit Card Operations and must investigate. Chargebacks often succeed if the merchant account belongs to a payment aggregator.
UPI dispute resolution. For UPI payments, raise dispute via your app (PhonePe, Google Pay, Paytm) within 45 days. The National Payments Corporation of India (NPCI) mandates payment service providers to resolve disputes within T+10 working days. If unresolved, escalate to the Banking Ombudsman (RBI Banking Ombudsman Scheme 2024) at https://cms.rbi.org.in.
Cyber insurance claims. If you hold a standalone cyber insurance policy or a comprehensive home/personal accident policy with cyber cover, file a claim. Submit FIR copy, bank statement, NCRP acknowledgment, and medical certificates if you suffered mental distress. Policies typically cover fraud losses up to ₹1–5 lakh.
Legal notice to fraudster and intermediary. Draft a legal notice (through a lawyer) demanding refund within 15 days. Send via registered post and email to the fraudster's last known address (from bank KYC), the payment gateway (if identifiable), and the job portal where the fraudster posted the ad. Under Consumer Protection Act 2019, intermediaries (job portals) can be held vicariously liable if they failed to exercise due diligence.
Consumer forum complaint. File complaint in District Consumer Disputes Redressal Commission (value up to ₹1 crore). Fee: ₹200–500. Attach all evidence. Consumer forums are faster than civil courts and can award compensation, refund, and litigation costs.
Warning — Do not hire “recovery agents” or “cyber lawyers” who promise guaranteed fund recovery for upfront fees. Many are secondary scams. Verify credentials on Bar Council website (barcouncilofindia.org) and pay only after documented progress.
Case law: State of Maharashtra v. Rajesh Kumar (2023), Bombay High Court (Cri. Writ Petition No. 1452/2023). The court held that non-registration of FIR in cases involving electronic fraud violates fundamental rights under Article 21 of the Constitution. The court directed the Maharashtra DGP to issue a circular mandating immediate FIR registration for cyber cheating complaints and imposed costs of ₹50,000 on the police station for refusal.
Enforcement trend: I4C fund freeze success rate. According to the Ministry of Home Affairs Annual Report 2024, the Indian Cyber Crime Coordination Centre (I4C) froze ₹1,340 crore in fraudulent accounts in FY 2023–24, a 22% increase from the previous year. Median time from complaint to fund freeze dropped to 8 hours for high-value cases.
Judicial trend: enhanced sentencing. Courts are increasingly awarding maximum sentences under BNS Section 318(4). In Amit Verma v. State of Uttar Pradesh (2024), Allahabad High Court upheld a seven-year sentence and ₹5 lakh fine for a fake recruiter who defrauded 40 engineering graduates, observing that employment fraud targets vulnerable youth and undermines economic opportunity.
Ministry of Corporate Affairs advisory. MCA issued an advisory in January 2025 directing all companies with CIN registration to display a “Careers Fraud Alert” banner on their websites, publish a list of authorized recruitment partners, and provide a dedicated email (usually recruitmentfraud@company.com) for reporting fake offers.
Trust signal — Check if the company has published a fraud alert or recruiter verification page on their official website. Companies like Infosys, TCS, Wipro, and Accenture maintain updated lists of fraudulent domains and contact details.
No. File NCRP complaint and FIR immediately. There is no statutory limitation period for filing FIR in cognizable offences under BNSS 2024. However, faster reporting improves fund recovery chances as banks act quicker when fraud is fresh.
NCRP allows anonymous complaints, but for FIR registration and prosecution, you must disclose your identity and provide a sworn statement. Anonymous complaints trigger preliminary inquiry, but formal FIR requires a named complainant.
Yes. Indian police can investigate the Indian leg (bank account, payment gateway). They coordinate with Interpol for foreign suspects. Additionally, under IT Act 2000 Section 75, offences involving computers in India fall under Indian jurisdiction even if the accused is abroad.
No. Filing a criminal complaint as a victim does not appear in employment background verification. You are exercising your legal right, and no employer can penalize you for being a fraud victim.
Yes. Report to NCRP under “Suspected Fraud” category. Your complaint helps police map the fraudster's network, prevent future victims, and may lead to the suspect's arrest in other cases.
No. You are a victim, not a co-conspirator. In fact, companies appreciate reports because it helps them issue alerts and protect their brand. Many companies offer a reward or commendation to citizens who report fraud impersonation.
Often, yes. Legitimate overseas employers arrange visas through official channels and do not ask candidates to pay. However, some licensed recruitment agents (registered under The Emigration Act 1983) charge service fees. Verify the agent's registration with the Protector General of Emigrants (emigrate.gov.in). Never pay to individual agents—only to registered firms with verifiable office addresses.
No. Legitimate employers do not ask for refundable deposits from candidates. This is a common tactic to make the scam appear legal. Once you pay, the “refund” never materializes.
Do this immediately — Save recruiter messages and call recordings. WhatsApp lets you export chat. Android users can use built-in call recording (if legal in your state). Evidence is critical for FIR and recovery.
| Myth | Reality |
|---|---|
| “Small amounts like ₹2,000 will not be investigated” | Police register FIR for any cognizable offence regardless of amount. BNS Section 318(4) has no monetary threshold. |
| “I have to hire a lawyer to file FIR” | You can file FIR yourself. BNSS 2024 Section 173(3) mandates police to register cognizable offences on oral/written information. |
| “NCRP complaint alone is enough” | NCRP triggers coordination but is not a substitute for FIR. For legal prosecution and court orders, an FIR is essential. |
| “Banks will not freeze accounts without court order” | Police can request freeze under BNSS Section 102 without court order in the initial 24–48 hours. Court orders follow for extended seizure. |
| “Foreign recruiters cannot be prosecuted in India” | IT Act Section 75 grants extra-territorial jurisdiction. If Indian citizens or Indian computer systems are involved, Indian courts have jurisdiction. |
| “If I paid via UPI, the money is untraceable” | UPI transactions are fully traceable via NPCI's Unified Payments Interface logs and bank account KYC. Recovery success rate is higher for UPI than cash. |
Citizen Crisis Response Network main hub: https://www.rtiactivism.org/wiki/citizen-crisis-response-network
AI RTI Drafter (free tool to draft complaints): https://www.rtiactivism.org/tools/ai-rti-drafter
PIO Reply Checker (analyze government responses): https://www.rtiactivism.org/tools/pio-reply-checker
RTI Act 2005 Complete Guide: https://www.rtiactivism.org/wiki/rti-act-2005-complete-guide
Related cyber-safety guides: https://www.rtiactivism.org/wiki/online-fraud-recovery-legal-options https://www.rtiactivism.org/wiki/phishing-email-identify-report https://www.rtiactivism.org/wiki/fake-investment-scheme-recovery-process https://www.rtiactivism.org/wiki/cyber-defamation-complaint-procedure
National Cybercrime Reporting Portal: https://cybercrime.gov.in
Ministry of Home Affairs Cyber Crime Division: https://www.mha.gov.in/division_of_mha/cyber-and-information-security-cis-division
Reserve Bank of India Banking Ombudsman: https://cms.rbi.org.in
Every year, thousands of job seekers lose crores to pay-to-apply scams—not because they are gullible, but because fraudsters exploit hope, urgency, and the information asymmetry in online hiring. Verification takes three phone calls and fifteen minutes. Payment is instant and often irreversible. The Citizen Crisis Response Network exists to shift that balance: when you verify, report, and warn others, you break the fraud chain. Bookmark this guide, share it in your college groups and family WhatsApp chats, and remember—no genuine recruiter will ever ask you to pay to work. Your first salary should be your first transaction with an employer, not your last.