On 14 January 2026, a Class-12 student in Patna paid ₹49,000 to a Telegram channel that promised the CBSE physics paper “8 hours before the exam”. The PDF was a Google-search dump. On the same morning, a homemaker in Jaipur lost ₹2.18 lakh to a “₹17 per YouTube like” WhatsApp message that escalated into a UPI-AutoPay trap. Two scams, two platforms, two completely different defence playbooks. The reflex of treating Telegram and WhatsApp as “the same WhatsApp-type fraud” is exactly what the scammer wants — because every operational lever (in-app report button, MeitY blocking route, group-admin liability, evidence preservation, NCRP categorisation) is different. This guide is the 2026 decision tree: which platform is which, which red flags to read in 60 seconds, which BNS + IT Act sections apply, and the exact words for the FIR and the NCRP complaint.
Quick answer (60 seconds) — Telegram scams are channel-broadcast scams (paper-leak, part-time job, fake investment, fake government recruitment). One admin pushes content to thousands, no two-way conversation, no phone number visible. WhatsApp scams are one-to-one impersonation scams (OTP, e-challan, court summons, electricity disconnection, KYC). A “person” with a profile photo messages you directly. Report Telegram channels at telegram.org/support + NCRP. Report WhatsApp numbers in-app + NCRP + 1930.
Telegram is a channel-and-group-first platform. A “channel” is a one-way broadcast — one admin, thousands of subscribers, no member-to-member messaging. A “group” supports up to 200,000 members. The platform requires only a phone number at signup but does not require disclosure of that number to other users. Telegram's servers are outside India, and India has no Mutual Legal Assistance Treaty (MLAT)–style direct subpoena route into Telegram's Dubai/UAE registered entity.
WhatsApp is a one-to-one and small-group platform. Group size cap: 1,024 members. Every message exposes a phone number, which is the user's globally unique handle. End-to-end encryption protects content, but the phone number is always visible to the recipient, and the account is bound to a single SIM.
Scammers pick the platform that matches the scam mechanic:
| Dimension | Telegram scam | WhatsApp scam |
|---|---|---|
| Statutory base | IT Act 2000 §66D, §69A; BNS 2024 §318+§336+§340 | IT Act 2000 §66D, §66C; BNS 2024 §318+§319+§336 |
| Typical scam type | Paper leak, part-time job, fake investment, recruitment | OTP, e-challan, court summons, electricity, KYC |
| Reach model | Channel broadcast — 1 admin → 10,000-2,00,000 subs | Direct DM — 1 attacker → 1 victim at a time |
| Identity visible | Username only (e.g., @paperleakX) — phone number hidden | Phone number always visible to the recipient |
| Reporting button | In-app: Report Channel → spam / scam / fraud | In-app: Block & Report — sends last 5 messages |
| Out-of-band reporting | [email protected] + NCRP + Sahyog portal | [email protected] + NCRP + 1930 |
| MeitY blocking route | IT Rules 2021 Rule 3(1)(d) — block URL/channel | IT Rules 2021 Rule 4 — Significant Social Media |
| Group-admin liability | Indirect, mostly under BNS §61 conspiracy | Direct, under Kishor v. State of MP (2021) Bom HC |
| Bank-freeze speed | Slower — no real-time number trail | Faster — phone number is also the UPI handle |
| Best first action | Save channel link + screenshot + file NCRP | Block, screenshot, dial 1930 within 60 minutes |
A “Telegram scam” is any fraudulent scheme broadcast on a Telegram channel or public group — typically with a username like @neet2026paper or @SBIofficialjobs. The scammer collects subscribers by spam-DMing across other channels, asks for an upfront “registration fee” of ₹500–₹50,000 via UPI, and either disappears or rotates the channel name within 24-72 hours. There is no real product, no service, and no refund path inside the app.
Common Telegram-native scam patterns in 2026:
The legal basis to act:
A “WhatsApp scam” is any fraudulent message, call, or media file delivered through the WhatsApp app, almost always from an Indian or international phone number designed to impersonate a bank, court, police station, electricity board, courier company, or relative. Because WhatsApp is end-to-end encrypted, the content is not visible to law enforcement, but the phone number + IP metadata is retrievable from WhatsApp under IT Rules 2021 Rule 4(2).
Common WhatsApp-native scam patterns in 2026:
The legal basis to act:
People conflate the two platforms because:
But the evidence trail is different, the takedown lever is different, and the section of law you cite is different:
Open the channel → tap the channel name → Info. The “created on” date and subscriber count appear. A “paper-leak” channel with 80,000 subscribers and a creation date of 12 days ago is a churn-and-burn operation.
Genuine institutional channels carry vanity usernames (e.g., @CBSEofficial). @neet_papers_2026_xyz123 is fraud signature.
+84 (Vietnam), +66 (Thailand), +880 (Bangladesh), +60 (Malaysia), +62 (Indonesia) are the 2025-26 cyber-slavery compound footprint for India-targeted scams. Indian banks, courts, and police never message you from a foreign number.
WhatsApp Business verified accounts carry a green tick badge beside the name. A “Mumbai Police” or “SBI” account without the green tick + a logo as DP is impersonation under BNS §319 + IT Act §66C.
A “court fine” payable to rohit.kumar@okhdfcbank or shivani9876@ybl is fraud. Government and bank settlements use merchant VPAs with prefix “pay” or “merchant” routed through verified PSPs.
Genuine recruitment / education channels do not run subscription tiers. Tiered packages (₹999 / ₹4,999 / ₹14,999) signal a pay-walled fraud funnel.
Phishing kits schedule bulk dispatches at round-clock times. A “Delhi Police summons” PDF arriving at 09:00:01 IST to 4,200 numbers in the same minute is not a real summons.
CBI does not contact citizens on WhatsApp. Non-bailable warrants are not delivered by social messaging. The phrase itself is the tell.
Tip — In 2026, any unsolicited “your case is being escalated to CBI / ED / NIA” message on Telegram or WhatsApp is a scam by definition. Real investigation summons follow BNSS 2023 §94 (production of document) or §35 (arrest without warrant) — both require a paper notice with a dispatch number, delivered to the address on record by a uniformed officer or registered post, not a PDF on a messaging app.
For amounts above ₹50,000 or for ongoing fraud, file a paper FIR under BNS §318 + §336 + §340 + IT Act §66C + §66D at the nearest cyber-crime police station. For Telegram channels still operating, request MeitY blocking under IT Rules 2021 Rule 3(1)(d) through the Sahyog portal route.
Bengaluru paper-leak channel takedown — March 2025
The case became the operational template for paper-leak channel takedowns in 2025-26: channel-info screenshot → NCRP filing within 4 hours → MeitY blocking within 72 hours → bank-account freeze under RBI golden-hour direction.
Use this as the Description of incident field on cybercrime.gov.in. Adapt to your facts.
On [DATE] at [HH:MM IST], I received a [TELEGRAM CHANNEL POST / WHATSAPP MESSAGE]
from the handle [@USERNAME / +91-XXXXXXXXXX] claiming to be
[CBSE / Mumbai Police / SBI / Delhi High Court / BSES / etc.].
The message demanded ₹[AMOUNT] be paid to UPI VPA [vpa@bank] /
bank account [XXXX XXXX XXXX] [IFSC XXXX0XXXXXX] within [TIME-LIMIT].
I made the payment via [GPay / PhonePe / Paytm / BHIM / netbanking] at
[HH:MM IST] on [DATE], transaction reference [UTR / RRN].
Subsequent verification on the official portal of [CBSE / Parivahan /
eCourts / RBI Sachet / DISCOM consumer portal] confirmed no such
case / fine / order / vacancy exists.
I request:
1. Immediate freeze of the destination account under the RBI Master
Direction on Limited Liability dated 6 July 2017.
2. Registration of FIR under BNS 2024 §318, §319, §336(3), §340(2)
read with IT Act 2000 §66C, §66D.
3. For Telegram channels: blocking direction under IT Act §69A read
with IT Rules 2021 Rule 3(1)(d) via MeitY / Sahyog portal.
Evidence attached:
- Screenshot of the channel/profile (creation date + subscriber count
visible for Telegram).
- Chat export (.txt) for WhatsApp.
- UPI transaction screenshot.
- Bank statement entry.
- Phone CDR (if available).
Place: [CITY]
Date: [DD-MM-YYYY]
Signature: [NAME]
PAN: [PAN]
Aadhaar masked: XXXX XXXX [last 4]
Mobile: +91 [XXXX-XXXXXX]
No. Telegram is a legal communications platform in India. What is illegal is the content — a paper-leak channel violates BNS §318 + IT Act §66D, but the app is not banned. MeitY can issue content-level blocking orders under IT Act §69A; an app-wide ban requires a separate Section 69A / Section 79 procedure that has not been invoked for Telegram (as of 2026).
Yes. If the same accused runs both a Telegram broadcast funnel and individual WhatsApp impersonation DMs, the FIR can be one consolidated complaint under BNS §61 (criminal conspiracy) read with §318 + §336 + §340 + IT Act §66C + §66D. Attach both evidence sets — channel URL + WhatsApp numbers — separately labelled.
No. Under §173 BNSS 2023 (the FIR section that replaces §154 CrPC), a cognizable offence under BNS §318 or IT Act §66D is registrable on receipt of information — attempt to cheat is itself an offence under BNS §61(2). Cite Lalita Kumari v. Government of UP (2014) 2 SCC 1 — Supreme Court Constitution-Bench mandate that FIR must be registered when a cognizable offence is disclosed.
Forwarding alone is not an offence unless coupled with knowledge that the content is fraudulent + an intent to enable the cheating. Under Kishor Tarone (Bom HC 2021), mere admin status does not impose vicarious liability. If you discover you forwarded fraud content, delete the message + post a correction in the group — that establishes good-faith and ends any §61 conspiracy theory.
Yes. The MeitY Cyber Law and e-Security Division issues blocking directions under IT Act §69A + IT Rules 2009 (Blocking Rules). Telegram's grievance officer in India (mandated under IT Rules 2021 Rule 4) is required to act within 36 hours of an authorised blocking order. The Sahyog portal (launched 2024) coordinates LEA + intermediary takedowns; success rate for paper-leak / financial-fraud channels is reported at ~92% within 72 hours (MHA / I4C internal data).
No. WhatsApp messages are end-to-end encrypted; even WhatsApp cannot read content. What is retrievable from WhatsApp under IT Rules 2021 Rule 4(2) is metadata — phone number, IP at login, device fingerprint, group membership, timestamps. That is enough to trace the scammer. The Supreme Court in K.S. Puttaswamy (2017) requires this disclosure to satisfy the proportionality test — usually fulfilled by an LEA notice under IT Act §69 or a court order under BNSS §94.
Not automatically. Kishor Tarone v. State of Maharashtra (Bom HC 2021) and the Telangana HC's similar 2022 ruling held that mere admin status does not attract criminal liability. The prosecution must show common intention under BNS §3(5) or conspiracy under BNS §61. Best practice: pin the group rules, remove obviously fraudulent posts within a reasonable time, and document removals.
The RBI Master Direction dated 6 July 2017 gives zero customer liability for unauthorised transactions reported within 3 working days of the SMS alert; limited liability (₹5,000–₹25,000 depending on account type) for reports between 4 and 7 working days; and full liability beyond 7 working days. For a scam where you authorised the UPI (typed your PIN), the standard is “contributory negligence” — you have a weaker but still arguable case under State Bank of India v. P.V. George (2018 Kerala HC) where the bank's failure to flag a fast-velocity drain led to partial refund.
The UAE and India have an extradition treaty in force since 2000; mutual legal-assistance for IT Act + BNS economic offences is operational. In practice, most arrests happen inside India — channel admins are usually Indian citizens running channels from Bihar, Jharkhand, West Bengal, Haryana NCR, or Andhra. The Karnataka CID + Bengaluru CCB cyber units have completed several such arrests in 2024-25 under coordinated multi-state operations.
No. Do not delete anything. The chat export, screenshots, and the actual messages are admissible only if you can produce a §63 Bharatiya Sakshya Adhiniyam 2023 certificate (the new §65B Indian Evidence Act) — and the original device-level chat is the source. Keep the device, the SIM, and the chat intact until the cyber-cell takes a certified extract.
| Myth | Reality |
|---|---|
| “Telegram is anonymous, so I can never trace the admin.” | Bank account + UPI VPA + phone number on signup all leave a trace; admins are mostly Indian. |
| “WhatsApp encryption means police can't help me.” | Encryption protects content; metadata (number, IP, device, group) is fully retrievable. |
| “Forwarding a scam link makes me liable.” | Not without knowledge + intent; correct + delete + document is the safe-harbour. |
| “Cyber-cell will not investigate amounts below ₹10,000.” | NCRP + 1930 process every amount; bank-freeze under RBI Master Direction applies regardless. |
| “I can self-block the scammer's UPI from my bank app.” | You can dispute the transaction; only RBI's golden-hour freeze actually holds the money. |
| “If the scammer is in Cambodia / Dubai, India can do nothing.” | India has MLAT routes; most field arrests happen domestically against the local money mules. |
Both platforms are legal. The scam mechanic is what is illegal — and each mechanic has its own forensic anchor: channel URL on Telegram, phone number on WhatsApp. Save the right anchor, report on the right portal within 60 minutes, and the system already in place — NCRP + 1930 + RBI golden hour + MeitY blocking + Sahyog coordination — recovers money in a measurable share of cases. The single biggest mistake citizens make in 2026 is treating both as “one WhatsApp problem”. They are not. Use the side-by-side table on this page as your default checklist.
More comparisons: browse every RTI-vs-alternative side-by-side in RTI vs Alternatives: the full comparison hub <!– rti-wiki-comparisons-hub-2026-vs-start –>