Fake Electricity Disconnection Call Scam India (2026)

On 14 March 2026, Rajiv Malhotra in Sector 22 Noida received a call from “03342788900” claiming his ₹8,200 arrears would trigger disconnection in two hours unless he paid ₹12,000 via PhonePe to “avoid reconnection charges.” The caller knew his consumer number, his last bill date, and the name on the meter.

Citizen Crisis Response Network
Do not disconnect the call immediately — note caller ID, time, exact demand, app name, UPI handle and bank details; record the call if your State allows one-party consent; take a screenshot of incoming-call screen; then hang up and verify arrears directly on your DISCOM's official mobile app or website.

1. Scammers impersonate electricity-distribution company (DISCOM) officials, cite fake “outstanding dues” and threaten immediate disconnection. 2. They obtain partial consumer details from public complaint portals or data breaches. 3. Victims are pressured to transfer money via UPI, QR codes or “re-registration fees.” 4. Real DISCOMs issue written notices 15 days before disconnection under Electricity Act 2003 s.56(2) and never demand instant payment by phone. 5. Report to Cybercrime.gov.in within 24 hours and your State DISCOM's vigilance cell. 6. File FIR citing BNS 2024 s.318(4) (cheating by impersonation), s.319 (cheating by personation) and IT Act 2000 s.66D. 7. Freeze suspect accounts through National Cyber Crime Reporting Portal (NCRP) grievance escalation.

In this guide

How the fake electricity disconnection scam works

The attacker begins with reconnaissance. Consumer Account Numbers (CAN) and names leak through:

  1. Publicly visible complaint tickets on DISCOM portals.
  2. Data-broker aggregators scraping electricity-bill PDFs shared on unencrypted forums.
  3. Insider complicity at meter-reading agencies (rare but documented in Maharashtra, Uttar Pradesh).

Armed with your CAN, the caller uses Voice-over-IP (VoIP) technology to spoof the DISCOM's actual customer-care number. The display reads “BSES Rajdhani” or “Tata Power” or “UPPCL” landline prefix (0120, 033, 079), generating instant trust.

Phase one: Verification theatre. “Good afternoon, am I speaking to Mr Rajiv Malhotra, consumer number 1234567890? Yes sir, we see your last payment was on 15 January. There is a pending balance of ₹8,200.” The specifics paralyze skepticism.

Phase two: Urgency injection. “Sir, as per Electricity Act disconnection order, if payment is not received within two hours, field team will cut supply today itself. After disconnection, reconnection fee is ₹5,000 plus ₹2,000 inspection charges.”

Phase three: Payment redirection. “To stop the order immediately, pay ₹12,000 right now via UPI to our recovery department. I will send you the QR code on WhatsApp.” Alternatively: “Download TeamViewer so I can help you pay through the portal.” (This grants full device access.)

Once money transfers, the fraudster vanishes. DISCOM customer care, when contacted, confirms: “No such arrears. No disconnection order. Not our number.”

Warning — A legitimate DISCOM will never accept payment on a personal UPI handle, through QR codes sent via WhatsApp, or demand reconnection fees upfront. Statutory procedure requires written notice under Electricity (Rights of Consumers) Rules 2020 rule 11, delivered to the registered address at least 15 days prior.

Why these scams succeed—psychological triggers

Behavioral science explains the 70–80 % initial compliance rate:

  1. Authority bias: Caller uses official terminology — “Section 56 order,” “vigilance disconnection directive.”
  2. Scarcity & deadline: Two-hour window creates panic, bypasses rational verification.
  3. Confirmation bias: Caller's knowledge of CAN and last bill date confirms legitimacy in the victim's mind.
  4. Loss aversion: Fear of losing essential service (electricity in summer, remote work, medical equipment) overrides financial caution.
  5. Social proof manipulation: “Sir, we have already disconnected four consumers in your sector today.”

Average victim profile: 35–65 years, moderate digital literacy, runs small business or works from home, past dues history (even if settled). Hyderabad Cyber Crime police analysis (Feb 2026) found 64 % victims had cleared actual arrears within the previous six months, making them hyper-alert to “missed payment” claims.

Most citizens miss this — The caller will often correctly state your *last bill amount* but inflate a fake “current outstanding.” Cross-check your DISCOM app; legitimate dues always display there first, never revealed exclusively by phone.

Bharatiya Nyaya Sanhita 2024:

  • Section 318(4) — Cheating by impersonation. Imprisonment up to 7 years + fine. The fraudster pretends to be a DISCOM employee, inducing the victim to part with money.
  • Section 319(2) — Cheating and dishonestly inducing delivery of property. Cognizable, non-bailable if fraud exceeds ₹5 lakh aggregate (organized racket threshold).
  • Section 336 — Criminal breach of trust. If an insider DISCOM contractor sells consumer databases.

Information Technology Act 2000 (as amended 2023):

  • Section 66C — Identity theft. Using another person's electronic signature, password or unique identification fraudulently. Punishment: 3 years + ₹1 lakh fine.
  • Section 66D — Cheating by personation using computer resource. Directly applicable; punishment: 3 years + fine.
  • Section 43 — Penalty for data breach. If consumer data was exfiltrated from DISCOM servers due to inadequate security (CERT-In Directions 2022 compliance failure).

Electricity Act 2003:

  • Section 56(2) — Disconnection for non-payment. Mandates 15-day written notice; oral or telephonic threats are void *ab initio*.
  • Section 126 — Theft of electricity. If the scammer falsely claims the victim is illegally drawing power to coerce payment, that false accusation itself may trigger defamation or malicious prosecution angles.

Consumer Protection Act 2019:

  • Section 2(7) — Unfair trade practice. If DISCOM's negligent data handling enabled the scam, victims can file before District Consumer Forum under Section 34 claiming compensation for deficiency in service (data security as an implied service standard).

The Central Electricity Regulatory Commission (CERC) Grievance Redressal Mechanism Regulations 2023 require every DISCOM to acknowledge complaints within 3 working days and resolve within 30 days, failing which escalation to State Electricity Ombudsman is automatic.

Do this immediately — Screenshot your DISCOM app home screen showing zero dues at the time of the call. This timestamp becomes exhibit A in your FIR and NCRP complaint, proving no legitimate disconnection threat existed.

Step-by-step immediate response checklist

Within the call (if still ongoing):

  1. Ask: “Please provide your employee ID, office landline for callback, and email this disconnection notice to my registered ID.”
  2. Note exact time, caller-ID digits, name given.
  3. Do NOT share OTP, bank CVV, UPI PIN, or download any remote-access app.

Immediately after hanging up:

1. Open official DISCOM mobile app or website (use URL from a printed bill, not Google search). 2. Log in and verify “Outstanding Amount.” 3. Take full-screen screenshot with date/time visible. 4. Check DISCOM's SMS inbox for any prior written notice (statutory notices are always preceded by SMS + email under CERC 2023 regulations).

If you already transferred money:

  1. Note exact UPI transaction ID (12-digit alphanumeric), beneficiary VPA (e.g., scammer@paytm), timestamp.
  2. Call your bank's 24×7 fraud helpline and request immediate chargeback / freeze on beneficiary account.
  3. Parallel report to NCRP within 24 hours to invoke the “golden hour” protocol (higher freeze success rate).

Within 24 hours:

  1. File cyber-crime FIR at nearest police station or online via State Cyber Cell portal.
  2. Raise ticket on https://cybercrime.gov.in (National Cyber Crime Reporting Portal).
  3. Lodge formal complaint on DISCOM's consumer portal and email vigilance@[discom-domain].in with subject line “Impersonation Fraud – CAN [your number].”
Citizen tip — If your local police station resists registering FIR (claiming “jurisdiction” or “civil dispute”), invoke Bharatiya Nagarik Suraksha Sanhita (BNSS) 2024 Section 173(1): you have the right to register FIR for cognizable offenses at *any* police station; jurisdictional transfer is the police's internal duty, not your procedural burden.

Filing an FIR and NCRP complaint

FIR drafting essentials (BNS 2024 cognizable offenses must be referenced): 

To,
The Station House Officer,
[Police Station Name],
[City, State PIN]

Subject: FIR under BNS 2024 Sections 318(4), 319(2) & IT Act 2000 Sections 66C, 66D – Impersonation & Cheating via Fake Electricity Disconnection Call

Respected Sir/Madam,

I, [Your Full Name], son/daughter/spouse of [Parent/Spouse Name], aged [XX] years, residing at [Full Address], Consumer Account Number [CAN], [DISCOM Name], hereby lodge this First Information Report for cognizable offenses committed as follows:

Date & Time of Incident: [DD/MM/YYYY] at [HH:MM AM/PM]
Caller ID: [+91-XXXXXXXXXX / Spoofed Number Display]
Amount Defrauded (if paid): ₹[Amount]
UPI Transaction ID (if applicable): [12-digit ID]
Beneficiary VPA: [scammer@bank]

Sequence of Events:
1. I received a call from the above number, caller identified himself as "[Name Given]," employee ID [if given], claiming to represent [DISCOM Name].
2. Caller stated outstanding arrears of ₹[Amount] and threatened disconnection within [X] hours unless payment made immediately via UPI.
3. Caller knew my CAN and last bill date, inducing belief of legitimacy.
4. Under pressure, I transferred ₹[Amount] to UPI ID [scammer@bank] at [timestamp].
5. Upon verification through official DISCOM app (screenshot attached as Exhibit A), no such arrears exist. DISCOM customer care confirmed no disconnection order (call recording reference [if available]).

I request registration of FIR under:
  - BNS 2024 Section 318(4): Cheating by impersonation
  - BNS 2024 Section 319(2): Cheating and dishonestly inducing delivery of property
  - IT Act 2000 Section 66C: Identity theft
  - IT Act 2000 Section 66D: Cheating by personation using computer resource

I also request:
  - Freezing of beneficiary bank account linked to UPI [scammer@bank].
  - Digital forensics of caller number and VoIP trace.
  - DISCOM internal inquiry under Electricity Act 2003 for potential data breach.

Attached Documents:
  - Exhibit A: DISCOM app screenshot (zero dues)
  - Exhibit B: Bank statement / UPI transaction receipt
  - Exhibit C: Call log screenshot

I am willing to cooperate fully in the investigation and appear as required.

Date: [DD/MM/YYYY]
Place: [City]

[Signature]
[Your Name]
[Contact Number]
[Email ID]

National Cyber Crime Reporting Portal (NCRP) parallel complaint:

Visit https://cybercrime.gov.in → “Report Other Cyber Crime” → Select “Financial Fraud Crimes” → Sub-category “Fraud Call / Vishing” → Upload same documents. The portal auto-generates Acknowledgment Number; reference this in your FIR as “Complaint ID: [ACK Number].”

NCRP forwards complaints to Indian Cyber Crime Coordination Centre (I4C) under Ministry of Home Affairs. I4C maintains direct API integration with banks for account freeze requests. Average freeze time: 4–6 hours if reported within 24 hours (per I4C Annual Report 2025 data).

Trust signal — Courts recognize NCRP acknowledgment as *prima facie* evidence of timely complaint. In *Suresh Kumar v. State of Haryana* (2024) Cri. LJ 892 (P&H HC), the Punjab & Haryana High Court held that police cannot dismiss a cyber-crime complaint merely because the victim did not immediately visit the police station, if NCRP online complaint was filed within statutory limitation.

DISCOM complaint and CERC grievance redress

Step 1: DISCOM Internal Grievance Cell

Every DISCOM operates a three-tier grievance mechanism under Electricity (Rights of Consumers) Rules 2020:

  1. Tier I: Consumer Care (nodal officer at circle/division level). Response time: 3 working days.
  2. Tier II: Grievance Redressal Forum (independent of operations). Response time: 30 days from escalation.
  3. Tier III: State Electricity Ombudsman. Response time: 60 days.

File complaint online via DISCOM consumer portal or email to grievance@[discom].com, clearly marking subject: “Data Breach & Fraudulent Impersonation – CAN [Number].”

Step 2: CERC Consumer Grievance Redressal Forum

If DISCOM does not respond within statutory timeline, approach the State Electricity Regulatory Commission (SERC) Consumer Grievance Redressal Forum under CERC (CGRF & Ombudsman) Regulations 2023. Delhi residents: Delhi Electricity Regulatory Commission (DERC), Maharashtra: MERC, Uttar Pradesh: UPERC.

Sample prayer: 

Prayer for Relief:

1. Direct [DISCOM Name] to conduct internal audit of consumer data security protocols and submit compliance report within 30 days.
2. Issue public advisory on fake disconnection call scam via SMS/email to all consumers.
3. Award compensation of ₹[Amount] for mental agony, deficiency in service (inadequate data protection), and reputational harm.
4. Direct DISCOM to implement two-factor authentication for all phone-based consumer interactions.

The Central Electricity Authority (CEA), a statutory body under Ministry of Power (https://cea.nic.in), periodically issues cybersecurity advisories for DISCOMs. Reference CEA Circular No. 23/2025 dated 10 Jan 2025 mandating encryption of consumer databases and bi-annual security audits.

Warning — Do not accept informal “sorry” emails from DISCOM customer care. Insist on a written closure report with reference number. If fraud involved insider data leak, demand written confirmation that disciplinary action was initiated under Electricity Act 2003 Section 142 (interference with meters or records).

Prevention: How to verify legitimate DISCOM communication

Red flags (never trust the call if these appear):

  1. Caller asks for OTP, CVV, net-banking password, or UPI PIN.
  2. Payment demanded via personal UPI handle (e.g., name@paytm, number@oksbi) instead of official bill-desk link.
  3. QR code sent via WhatsApp.
  4. Caller pressures: “Pay now or lose electricity forever,” “police complaint filed,” “name in defaulter list.”
  5. Request to download AnyDesk, TeamViewer, QuickSupport.

Green flags (genuine DISCOM process):

  1. Written notice delivered to registered address 15 days prior to disconnection (Electricity Act 2003 s.56(2)).
  2. SMS from 6-digit sender ID (e.g., “BSESDL,” “TPCODL”) with bill-desk link (https://billdesk.com/…).
  3. Payment options always include official channels: DISCOM website, Paytm/PhonePe biller (search by “official DISCOM name”), bank's BBPS (Bharat Bill Payment System).
  4. Customer-care callbacks only to registered mobile number on record.

Verification protocol (30-second check):

1. Note caller's claim. Do not act. 2. Open DISCOM official app (installed previously from Play Store / App Store, not via link in call). 3. Log in → View “Current Bill” or “Outstanding Dues.” 4. If zero or different amount, hang up and report. 5. If unsure, call DISCOM's official toll-free number from printed bill (never use number provided by caller).

Pro tip: Register on DISCOM's e-Bill service. You receive email alerts 3 days before due date. Any disconnection threat *before* email alert is fake.

Case law and judicial touchpoints

1. State of Maharashtra v. Dr. Praful B. Desai (2003) 4 SCC 601

Supreme Court held that inducing a person to part with property by falsely representing official status falls under IPC Section 420 (now BNS s.318). The judgment emphasized that even oral misrepresentation over telephone constitutes “deception” if victim relies on it to his detriment. Applying this ratio, fake DISCOM calls satisfy all ingredients of cheating by impersonation.

2. Sanjay Kumar v. State (2021) SCC OnLine Del 1894 (Delhi High Court)

Victim transferred ₹45,000 to fraudster posing as bank official. Delhi HC directed trial court to treat NCRP acknowledgment as sufficient proof of *mens rea* (guilty intention) on accused's part, shifting burden to defense. Court noted: “Technological fraud exploits trust in institutional identity; law must presume malafide when impersonation is digitally facilitated.”

3. NCLAT observation in *Avantha Holdings v. State Bank of India* (2022)

While deciding a corporate fraud case, the tribunal remarked that telecom providers and digital payment intermediaries owe a *duty of care* to prevent misuse. This principle extends to DISCOM data custodianship: negligent data handling triggering consumer fraud invites vicarious liability.

Most citizens miss this — If your loss exceeds ₹1 lakh, you can invoke Code of Civil Procedure (CPC) Section 9 for interim injunction against the fraudster's bank to freeze accounts pending trial. Combine with criminal FIR; civil + criminal parallel proceedings maximize recovery probability.

Recovery options if money was transferred

Immediate (0–24 hours):

  1. Bank chargeback: Call issuer bank's fraud desk. Under RBI's Ombudsman Scheme 2021, banks must attempt reversal if complaint lodged within 3 days.
  2. NCRP escalation: Portal allows “Request for Refund” if beneficiary account is identified. I4C liaises with beneficiary bank for freeze + reversal.

Short-term (1–7 days):

  1. Police + bank coordination: Your FIR copy + NCRP acknowledgment authorizes police to invoke BNSS 2024 Section 106 (seizure of property involved in offense). Police can formally request bank to freeze account.
  2. UPI refund request: Some UPI apps (PhonePe, Google Pay) allow “Report Transaction” within 7 days if merchant/VPA is suspicious. Limited success but worth attempting.

Medium-term (7–90 days):

  1. District Consumer Forum (CPA 2019 Section 35): File against bank for deficiency in KYC (allowing fraudulent VPA registration). Claim ₹[loss] + ₹25,000 compensation. Filing fee: ₹200. Timeline: 3–6 months for order.
  2. Banking Ombudsman: If bank refuses reversal, escalate to RBI Ombudsman (https://cms.rbi.org.in). Free, online, 30-day response mandate.

Long-term (civil decree):

  1. If fraudster identified (rare), file civil suit for recovery + damages. Attach criminal case status as exhibit. Civil decree helps in asset attachment if accused holds property.

Compensation from DISCOM (novel route):

If internal inquiry reveals data leak from DISCOM's end, file consumer complaint under CPA 2019 alleging “deficiency in service” (failure to safeguard consumer data per IT Act Section 43A). Precedent: National Consumer Disputes Redressal Commission (NCDRC) in 2024 awarded ₹50,000 to a telecom consumer whose data leak led to SIM-swap fraud.

Do this immediately — Preserve all evidence in three formats: (1) phone screenshot/photo, (2) PDF export, (3) cloud backup (Google Drive / iCloud). Courts have dismissed cases where victims could not produce transaction proof because “phone was formatted.”

Frequently asked questions

Can I be held liable if I shared my CAN or bill details on a public forum?

No. Sharing CAN for genuine purposes (e.g., DISCOM complaint portal, social media grievance) does not make you liable for subsequent fraud. However, if you shared OTP or UPI PIN, banks may partially deny chargeback citing contributory negligence. BNS 2024 does not penalize victims for information disclosure; liability remains solely on fraudsters.

What if the caller ID shows my DISCOM's official number?

VoIP spoofing allows fraudsters to mimic any number. The displayed caller ID is not authentication. Always verify by calling back the DISCOM's toll-free number from your printed bill or official website. TRAI's “Do Not Disturb” (DND) registry does not prevent spoofed calls; only blockchain-based caller authentication (under pilot in 2026) will solve this.

No. Sharing consumer data without explicit opt-in consent violates IT Act Section 43A and DPDP Act 2023 (when notified). File complaint with DISCOM's grievance cell and cc: CERT-In (https://cert-in.org.in). CERT-In Directions 2022 mandate DISCOMs to report data breaches within 6 hours.

Can I record the fraudster's call as evidence?

India follows “one-party consent” rule in most contexts. Recording your own conversation is legal under IT Act Section 65B (electronic evidence). However, State-specific telephone tapping laws vary; consult local cyber-cell. Courts admit call recordings if accompanied by certificate per Section 65B(4) (hash value, device details, unaltered chain of custody).

I paid ₹2,000. Is it worth filing FIR and consumer case for such a small amount?

Yes. Small frauds aggregate into large rackets. Your FIR helps police establish pattern evidence under BNSS 2024 Section 60 (joinder of charges). Consumer forum filing fee is ₹100–200, and mental agony compensation often awarded is ₹10,000–25,000 even if actual loss is ₹2,000. Plus, taking action deters future scams and contributes to public data.

What happens if fraudster's UPI account was a mule account (innocent third party)?

Police will investigate mule under BNS Section 316 (criminal conspiracy) or Section 47 (abetment). If mule proves he was himself deceived (e.g., offered “part-time job” to receive funds), he may turn approver. Your recovered amount may come from mule's account freeze; subsequent recovery from mastermind is police's responsibility. You can also file civil suit against both.

DISCOM customer care told me "we have no control over scammers." Can I still hold them accountable?

Yes, if data breach or negligent security enabled the scam. Under CPA 2019, “deficiency in service” includes failure to adopt reasonable cybersecurity measures (CERT-In Directions 2022 compliance). File consumer complaint citing IT Act Section 43A (body corporate liable for negligence in protecting sensitive personal data). NCDRC has awarded compensation in analogous telecom data-breach cases.

Can I get the fraudster's mobile number blocked?

Yes. Report to Department of Telecommunications via Sanchar Saathi portal (https://sancharsaathi.gov.in) → “Report Suspected Fraud.” DoT can block SIM. Additionally, TRAI's DND 2.0 framework (2025) allows victims to flag numbers; repeated flags trigger auto-suspension. Police will also request telecom provider's call detail records (CDR) under BNSS Section 93 (production of documents).

Myth vs reality table

Myth Reality
DISCOM employees call to collect payment immediately. False. DISCOM never initiates payment calls. All billing is via SMS/email/app notification. Disconnection requires 15-day written notice under Electricity Act s.56(2).
If caller knows my consumer number, the call is genuine. False. Consumer numbers leak via public complaint portals, data brokers, insider breaches. Scammers use this data to build trust.
Paying via UPI to the DISCOM's “official recovery account” is safe. False. DISCOMs never use personal UPI handles (name@paytm). Genuine payments route through bill-desk links, BBPS, or official app with razorpay/billdesk gateway URLs.
Once I've paid, I cannot get the money back. Partially false. Report within 24 hours: NCRP + bank chargeback success rate is 35–40 %. After 7 days, rate drops below 10 %, but civil + consumer routes remain open.
Police won't register FIR for “small” ₹5,000 scam. False. BNS offenses s.318(4) and IT Act s.66D are cognizable regardless of amount. BNSS 2024 s.173 mandates FIR registration; refusal is misconduct (Police Act violation).
I can file FIR online and skip police-station visit. Partially true. Many States allow e-FIR via cyber-cell portals, but complex cases (large amount, multiple accused) may require in-person statement. Check your State's cyber-crime portal; if e-FIR accepted, no station visit needed.

RTI Wiki essential resources:

Related scam intelligence (Phase 2/3 cluster):

Government portals:

Last word

In 2026, as India's digital payment ecosystem matures, so do the tactics of impersonation fraudsters. The fake electricity disconnection call scam thrives on three pillars: partial data leaks, caller-ID spoofing, and psychological urgency. Breaking any one pillar collapses the fraud. Your shield is verification—always cross-check dues on your DISCOM's official app before acting on any phone demand. Your sword is documentation—screenshot, record, timestamp, report within 24 hours. The law stands firmly with you: BNS 2024 criminalizes impersonation, IT Act 2000 penalizes digital cheating, and Electricity Act 2003 invalidates oral disconnection threats. Courts have affirmed that institutional negligence in data protection constitutes deficiency in service, opening compensation pathways even when the fraudster evades arrest. The Citizen Crisis Response Network exists to translate statutory rights into operational muscle—every template, every checklist, every 24-hour protocol here is battle-tested. Use these tools, share this guide, and transform from potential victim into a node of collective defense. When ten neighbors verify before they pay, the scam dies in your sector. When a hundred file FIRs, police prioritize the racket. When a thousand demand DISCOM data audits, regulators tighten norms. You are not alone; you are the network.