Cyber Fraud — Digital Crisis Desk (India 2026)

This is the cyber-fraud command desk for India 2026. You will find 40+ citizen-tested guides spanning UPI / AEPS / QR / SIM-swap fraud, WhatsApp-OTP and deepfake attacks, fake APKs and fake KYC, “digital arrest” calls, sextortion and revenge porn, account-hack recovery, and the National Cybercrime Reporting Portal route. Every guide is free, no login, no payment. The legal spine is the IT Act 2000 Sections 66C (identity theft) and 66D (cheating by personation using a computer resource), the BNS 2023 Section 318 for cheating, the RBI Limited Liability Circular for unauthorised electronic transactions, and the NCRP at cybercrime.gov.in / helpline 1930 as the central freezing channel.

Quick Answer — the 4-minute citizen drill if you have just been scammed online: (1) Dial 1930 within 30 minutes — this triggers the NCRP “money-mule” freeze across banks. (2) File a complaint at cybercrime.gov.in with screenshots of UPI ID / URL / chat / SMS. (3) Email your bank within 3 working days under the RBI Limited Liability Circular to reset your liability to zero. (4) FIR + IT Act 66D + BNS 318 — under Lalita Kumari (2014) the police cannot refuse. Never share OTPs, never run a screen-share app on a stranger's instruction.

In this hub

  • UPI and payment fraud
  • OTP, SIM-swap and Aadhaar-linked attacks
  • AEPS, fingerprint and biometric fraud
  • QR code, fake-app and APK attacks
  • Fake KYC, fake customer care and impersonation
  • Deepfake, AI voice and “digital arrest”
  • Social-media account hack and online harassment
  • Online-payment, e-commerce and OTP-refund scams
  • Report and recover — the NCRP playbook

UPI and payment fraud

UPI scams are IT Act 66D + BNS 318 + RBI Limited Liability Circular — the trifecta lets you trigger NCRP freeze, criminal action, and a bank refund within 10 working days.

OTP, SIM-swap and Aadhaar-linked attacks

SIM-swap exploits TRAI's portability rules. The Sanchar Saathi portal (sancharsaathi.gov.in) lets you check active SIMs against your Aadhaar — a 3-minute audit every citizen should run.

AEPS, fingerprint and biometric fraud

UIDAI's biometric-locking feature (mAadhaar) is the single most effective citizen defence; lock by default, unlock only for live transactions.

QR code, fake-app and APK attacks

Never scan a QR to “receive” money — the QR carries a debit request, not a credit. Section 66C IT Act covers the resulting identity theft.

Fake KYC, fake customer care and impersonation

The single most effective rule: no bank, telco or UIDAI will ever ask for an OTP or screen-share. Anything claiming otherwise is IT Act 66D.

Deepfake, AI voice and "digital arrest"

“Digital arrest” is not a legal concept in BNSS. Any caller demanding cash to “clear a parcel” or “release a relative” is committing IT Act 66D + BNS 308 (extortion).

Social-media account hack and online harassment

Online-payment, e-commerce and OTP-refund

Report and recover — the NCRP playbook

Run the tools

Last reviewed: 12 May 2026 — RTI Wiki editorial team.

, , , , , , , , ,

Reader signal

Was this article useful?

Tap once if it helped you. These counters show other citizens which pages are worth reading.

- views