Fake LinkedIn Recruiter Scam India (2026)

A job-seeker who pays a “training fee” to a fake LinkedIn recruiter promising a reputed-company offer letter, only to find the profile vanish hours after payment, faces a frightening but well-mapped legal situation—this guide documents the legal chain, an FIR template, statutory remedies under the Bharatiya Nyaya Sanhita 2023 and Bharatiya Nagarik Suraksha Sanhita 2023, and the Citizen Crisis Response Network protocol to try to recover money and prosecute offenders before digital trails go cold.

Citizen Crisis Response Network
Report quickly → freeze digital evidence → file NCRP + local FIR → preserve LinkedIn screenshots, payment receipts, chat logs → escalate to the Superintendent of Police if the police delay registering a cognizable offence.

Fake LinkedIn recruiters impersonate HR professionals from reputed firms, extract “training fees” or “background-verification charges”, then vanish. Victims should immediately file an FIR citing the relevant Bharatiya Nyaya Sanhita 2023 cheating and forgery sections plus Information Technology Act 2000 section 66D (cheating by personation using a computer resource), lodge a simultaneous National Cybercrime Reporting Portal (NCRP) complaint with transaction screenshots, notify LinkedIn through its in-app reporting flow, alert the bank's fraud desk to attempt a transaction freeze, and use the Citizen Crisis Response Network for evidence-preservation guidance before the recruiter deletes the profile.

• How the fake LinkedIn recruiter scam works in 2026
• Statutory framework: BNS, BNSS and IT Act sections
• Immediate 6-step Citizen Crisis Response protocol
• Filing the FIR and NCRP complaint
• Evidence preservation checklist
• LinkedIn reporting and digital forensics
• Bank chargeback and payment recovery routes
• Case-law touchpoints and conviction outcomes
• Sample FIR text for fake recruiter fraud
• Frequently Asked Questions
• Myth vs reality table
• Internal links and further reading

Fake LinkedIn recruiter fraud has become one of the most common online job scams reported to cybercrime cells in India's metros. The modus operandi is consistent: a fraudster creates a LinkedIn profile mimicking the branding of a reputed IT or multinational firm, harvests résumés from public job-postings or InMail outreach, initiates contact via LinkedIn chat or WhatsApp (posing as a “Senior Talent Acquisition Manager”), schedules a perfunctory video interview, then issues a fake offer letter conditional upon payment of a fee labelled “training-module fee”, “EPFO deposit”, “background-verification charge”, or “onboarding platform access”.

Payment is demanded via UPI, NEFT, or cryptocurrency wallets. Within hours of receipt, the LinkedIn profile is deleted, the WhatsApp number becomes inactive, and emails bounce. Victims who query the legitimate company's HR desk discover no such vacancy existed.

The scam exploits three psychological levers: urgent job scarcity (freshers desperate post-graduation), credential mimicry (stolen logos, forged offer letters on pseudo-corporate templates), and normalised pre-employment fees (legitimate background-check vendors charge modest amounts, making a larger “fee” appear plausible to uninformed applicants).

Warning — Legitimate recruiters never demand upfront payment. Any fee request before the joining date is a red flag and can amount to cheating under the Bharatiya Nyaya Sanhita 2023.

The Bharatiya Nyaya Sanhita 2023 (BNS) replaced the Indian Penal Code with effect from 1 July 2024. Fake LinkedIn recruiter scams can engage multiple BNS sections:

• BNS section 318 — Cheating. Section 318(4) covers cheating and dishonestly inducing the deceived person to deliver property; punishment up to 7 years and fine. This is the principal cheating provision (the successor to the old IPC section 420) and is cognizable and non-bailable.
• BNS section 319 — Cheating by personation: pretending to be an employee or agent of a company to deceive the victim; punishment up to 5 years, or fine, or both.
• BNS section 336 — Forgery. Section 336(3) (forgery for the purpose of cheating) carries imprisonment up to 7 years and fine; fake offer letters bearing forged company logos and HR signatures can fall here.
• Information Technology Act 2000 section 66D — Cheating by personation by using a computer resource: imprisonment up to 3 years and fine up to ₹1,00,000. This is commonly clubbed with the BNS cheating sections in the FIR for online recruiter fraud.

The Bharatiya Nagarik Suraksha Sanhita 2023 (BNSS) replaced the Code of Criminal Procedure and governs the procedure:

• BNSS section 173 — Information in cognizable cases (the successor to CrPC section 154). The police must register an FIR when the information discloses a cognizable offence, and a copy of the FIR must be given free of cost to the informant or victim.
• Remedy for refusal — If the officer in charge refuses to register the information, the aggrieved person may send the substance of the information in writing to the Superintendent of Police, who, if satisfied a cognizable offence is disclosed, shall investigate or direct an investigation.

The Ministry of Home Affairs' Indian Cybercrime Coordination Centre (I4C) coordinates inter-state cybercrime investigations. The National Cybercrime Reporting Portal (https://cybercrime.gov.in) is the central reporting platform under I4C.

Most citizens miss this — Filing an NCRP complaint does not replace the local FIR. Both are useful: NCRP for digital evidence-tagging and inter-state coordination, the local FIR for jurisdictional prosecution.

The Citizen Crisis Response Network prescribes an evidence-lock sequence the moment you suspect fraud:

1. Screenshot everything — LinkedIn profile (URL visible), chat logs, offer letter PDF, email headers (View → Show Original in Gmail), WhatsApp conversation including the recruiter's phone number and display picture, payment confirmation (UPI transaction ID, NEFT reference, bank SMS).

2. Report the LinkedIn profile — Use LinkedIn's in-app reporting flow (“Report a member” → “Fake profile” or “Scam or fraud”) and attach screenshots. See the LinkedIn Help Center at https://www.linkedin.com/help/linkedin for the current reporting and impersonation pathways.

3. File NCRP complaint — Visit https://cybercrime.gov.in → “Report Other Cybercrime” → category “Online Job Fraud” → upload all screenshots, enter transaction details, receive an acknowledgment number. NCRP routes the complaint to the jurisdictional Cyber Police Station.

4. Lodge local FIR — Visit the nearest police station or Cyber Cell as soon as possible. Cite the relevant BNS cheating and forgery sections and IT Act section 66D. Carry printouts of screenshots, bank statement, and the NCRP acknowledgment. Ask for the free FIR copy under BNSS section 173.

5. Notify your bank — Call the fraud helpline (numbers printed on your card / in your bank app) as soon as you discover the fraud. Request a transaction dispute and ask the bank to attempt to freeze the beneficiary account. Reporting promptly is critical for limited-liability and chargeback purposes under the RBI customer-protection framework.

6. Contact the Citizen Crisis Response Network — Use the hub at https://righttoinformation.wiki/citizen-crisis-response-network for current protocols and contact routes. Volunteers can help with FIR drafting, escalating police non-registration to the Superintendent of Police, and coordinating with I4C where the accused is inter-state.

Do this immediately — Payment platforms and intermediaries retain transaction and account metadata only for limited periods. The longer you wait, the harder it becomes to trace the beneficiary account. Speed is evidence.

Jurisdiction lies where the victim resides or where the accused operated (often unknown initially). Under BNSS 2023, any police station can register an FIR for a cognizable offence regardless of where the offence was committed (the “Zero FIR” principle); jurisdictional transfer happens after registration. If the Station House Officer (SHO) refuses registration calling it “a civil matter” or “too small an amount”, you can send the substance of the complaint in writing to the Superintendent of Police as the BNSS remedy for refusal.

NCRP filing steps:

1. Login via mobile OTP at https://cybercrime.gov.in.
2. Select “Report Other Cybercrime” (not “Women/Child related”).
3. Category: “Online Job Fraud.”
4. Sub-category: “Fake job offer / Training fee scam.”
5. Upload your attachments: LinkedIn screenshots, offer letter PDF, payment receipt, chat logs.
6. Enter suspect details: LinkedIn profile URL (even if deleted, note the URL string), WhatsApp number, email ID, UPI VPA or bank account number (from the payment receipt).
7. Incident date, time, and a brief narrative.
8. Submit → receive an acknowledgment number → check status periodically.

NCRP complaints are routed to the jurisdictional Cyber Police Station. If there is no response, escalate to your State Nodal Officer, whose contact details are available through the “Contact Us” section of the portal at https://cybercrime.gov.in.

Citizen tip — Email the NCRP acknowledgment to yourself and print two copies: one for the local police FIR, one for your records. This documents that you acted promptly.

Digital evidence is fragile. LinkedIn, WhatsApp, and payment gateways purge logs after limited periods unless legally preserved. The Citizen Crisis Response Network evidence-preservation standard includes:

LinkedIn artifacts:

• Full-page screenshot of the fake profile (name, headline, company logo, “About” section, profile URL in the address bar).
• Screenshot of the connection request or InMail message.
• Exported chat history from LinkedIn Messages where available.
• Any cached search result if the profile is deleted (search and screenshot the cache link).

WhatsApp artifacts:

• Export chat: Open chat → three-dot menu → More → Export chat (include media) → save the file.
• Screenshot the recruiter's profile picture, “About” status, and phone number (visible in contact info).
• Note the country-code prefix (some scammers use foreign numbers; many use Indian numbers obtained through grey-market SIM dealers).

Payment artifacts:

• UPI transaction screenshot showing the VPA, transaction ID, date-time, and amount.
• Bank statement (PDF or scanned) highlighting the debit entry.
• NEFT/RTGS receipt showing beneficiary name, account number, and IFSC code.
• If paid via a third-party app (Paytm, PhonePe), screenshot the transaction detail page showing the beneficiary mobile and transaction reference.

Email artifacts:

• Open the offer-letter email → View → Show Original (Gmail) or View Message Source (Outlook) → save the raw .eml file. This preserves sender IP and routing headers for forensic tracing.
• Save the offer-letter PDF separately.

Store all evidence in more than one place: a local drive folder, a timestamped cloud upload, and a physical backup (USB drive) for any court submission.

Trust signal — Under the Bharatiya Sakshya Adhiniyam 2023 (which replaced the Indian Evidence Act with effect from 1 July 2024), section 63 governs the admissibility of electronic records and requires a certificate for electronic evidence. Keeping originals intact and producing them with the required certificate supports the chain of custody when your FIR annexures, NCRP acknowledgment, and bank statement are filed.

LinkedIn's User Agreement and professional-community policies prohibit fake profiles and impersonation. Report through:

• Primary channel: the LinkedIn Help Center reporting flow (“Report a member” → “Fake profile” or “Scam or fraud”) at https://www.linkedin.com/help/linkedin.
• Company impersonation: notify the impersonated company's official HR/careers email with screenshots. Many firms have fraud-response teams that file takedown requests with LinkedIn.
• Law enforcement request: once an FIR is registered, the Investigating Officer can issue a lawful production notice (under the IT Act and the BNSS production-of-document powers) to the platform demanding user logs, IP addresses, and payment metadata. Compliance timelines vary and typically require a valid FIR and, for some data, a court order.

Digital forensics by Cyber Cells can reveal:

• IP geolocation: scammers often operate from known fraud clusters or tier-2 locations.
• Device fingerprinting: platforms log device and browser metadata; if a fraudster reuses the same device across multiple fake profiles, Cyber Cell can cluster cases.
• Payment trail: UPI VPAs and bank accounts link to KYC records. Where a scammer used a “mule” account (opened with stolen identity documents by a third party), the mule can be traced and questioned.

Where syndicates use platform server logs held abroad, investigators may seek records through Mutual Legal Assistance Treaty (MLAT) channels routed via the Ministry of Home Affairs.

The Reserve Bank of India's customer-protection framework limits a customer's liability for unauthorised electronic transactions where the customer reports promptly, and banks have dispute/chargeback mechanisms. Report to your bank without delay; the sooner you report, the stronger your position.

Chargeback protocol:

1. Immediate bank notification: call the fraud helpline (24×7 numbers on your card / in your app). Request a “transaction dispute” under the “fraud” category.

2. Written complaint: visit the branch promptly and submit a written complaint on the bank's format, attaching the FIR copy, NCRP acknowledgment, and transaction screenshot.

3. Bank investigation: the bank may attempt to freeze the beneficiary account (if still active) and raise a chargeback with the beneficiary bank. In practice recovery is difficult once fraudsters withdraw funds quickly, so speed matters.

4. Ombudsman escalation: if the bank rejects the dispute or delays unreasonably, file a complaint under the Reserve Bank – Integrated Ombudsman Scheme 2021 at https://cms.rbi.org.in. The ombudsman can direct compensation up to the limit prescribed under the scheme (₹20,00,000).

5. Consumer forum: you can also file a complaint under the Consumer Protection Act 2019 in the appropriate District Consumer Disputes Redressal Commission if there is deficiency in service by the bank in handling the dispute. The filing fee depends on the claim amount.

UPI-specific recovery:

UPI apps (PhonePe, Google Pay, Paytm) provide an in-app “Report” / dispute feature. Select the fraudulent transaction → “Report” → “Fraud” → provide the FIR number where available. The complaint is escalated to the beneficiary bank's Nodal Officer. As with chargebacks, success depends heavily on how quickly funds are flagged before they are withdrawn.

Warning — Do not delay. The longer the gap, the more likely the beneficiary account trail goes cold due to layered “money-mule” transfers across banks.

Indian jurisprudence on online recruitment fraud is still developing, and most reported prosecutions proceed under the general cheating provisions (now BNS section 318, earlier IPC section 420) read with Information Technology Act 2000 section 66D for cheating by personation using a computer resource. Courts have treated fake online profiles and forged offer letters as falling within these provisions.

In practice, conviction in online job-fraud cases is made harder by inter-state jurisdictional delays, the use of mule accounts, and the time taken to obtain platform and payment records. Prompt, well-documented reporting—FIR plus NCRP plus preserved digital evidence—materially improves the chances of a charge-sheet and of tracing the money before it is withdrawn.

Below is a template FIR complaint. Replace [PLACEHOLDERS] with your details:

To,
The Station House Officer,
[Police Station Name],
[City, State, PIN]

Subject: FIR against Fake LinkedIn Recruiter for Cheating and Cheating by Personation (BNS sections 318, 319, 336; IT Act section 66D)

Respected Sir/Madam,

I, [Your Full Name], son/daughter of [Father's Name], aged [Age] years, residing at [Full Address], Aadhaar No. [XXXX-XXXX-1234], mobile [+91-XXXXX-XXXXX], hereby lodge a formal complaint regarding cheating and fraud committed via the LinkedIn platform.

FACTS:

1. On [Date], I received a LinkedIn connection request from a profile named "[Fake Recruiter Name]" claiming to be "Senior HR Manager - [Company Name]." Profile URL: [https://www.linkedin.com/in/XXXXX] (now deleted).

2. The recruiter contacted me via WhatsApp ([number]) on [Date], conducted a brief video interview on [Date], and on [Date] sent a fake offer letter (attached as Annexure-A) for the position of [Job Title] with monthly salary Rs.[Amount].

3. The offer letter demanded payment of Rs.[Amount] as a "training module fee" to be remitted to UPI VPA [fraudster@upi] / Bank Account No. [XXXX-XXXX-1234], IFSC [XXXXXX], Account Holder Name [Fraudster Name].

4. On [Date], I transferred Rs.[Amount] via [UPI / NEFT] (Transaction ID: [XXXXXXXXXXXXX], attached as Annexure-B). Immediately thereafter, the LinkedIn profile was deleted, the WhatsApp number became unreachable, and emails bounced.

5. I contacted [Company Name] HR desk ([[email protected]]) on [Date]; they confirmed no such vacancy or recruiter exists.

6. I filed NCRP complaint No. [acknowledgment number] on [Date] (attached as Annexure-C).

7. Total financial loss: Rs.[Amount]. I have been cheated by impersonation using computer resources.

OFFENSES COMPLAINED OF:

- Bharatiya Nyaya Sanhita 2023 section 318: Cheating (and dishonestly inducing delivery of property)
- Bharatiya Nyaya Sanhita 2023 section 319: Cheating by personation
- Bharatiya Nyaya Sanhita 2023 section 336: Forgery / forgery for the purpose of cheating
- Information Technology Act 2000 section 66D: Cheating by personation by using a computer resource

PRAYER:

Kindly register an FIR under the above sections, investigate the matter, attempt to freeze the beneficiary bank account, obtain LinkedIn and payment records via lawful notice, and take necessary action as per law. I undertake to cooperate fully in the investigation and trial.

Annexures:
A. Fake offer letter PDF
B. Payment receipt / bank statement
C. NCRP acknowledgment
D. LinkedIn profile screenshots
E. WhatsApp chat export

Place: [City]
Date: [DD/MM/YYYY]

Signature: ____________________
[Your Full Name]

Submit two copies: one for station records, one returned to you with the FIR number; you are entitled to a free copy of the FIR under BNSS section 173.

Do this immediately — If the SHO refuses to register the FIR, note the refusal, send the substance of your complaint in writing to the Superintendent of Police, and you may also approach the jurisdictional Magistrate with a private complaint. The Citizen Crisis Response Network can help with these escalations.

Yes. The local Cyber Cell registers the FIR and can then coordinate with foreign agencies through I4C and Mutual Legal Assistance Treaty (MLAT) channels routed via the Ministry of Home Affairs. The IT Act 2000 also has extra-territorial reach for offences involving a computer or computer resource located in India.

Try a cached copy via a search engine cache or the Wayback Machine and screenshot it. If you received InMail or messages, the platform may still hold server-side logs; once an FIR is registered, the Investigating Officer can issue a lawful production notice compelling the platform to produce records.

There is no guaranteed refund. Recovery is far more likely if you report within the first few days and the beneficiary account can be frozen before funds are withdrawn. Report to your bank immediately and follow up in writing.

Recovery depends largely on speed. If the accused is arrested and assets are traced, the trial court can order compensation to the victim. Many victims recover little or nothing once the money has been moved through mule accounts, which is why fast reporting and evidence preservation matter so much. A consumer-forum complaint against the bank for service deficiency is a separate route but takes time.

Intermediary liability is governed by the Information Technology Act 2000 section 79 and the Intermediary Guidelines Rules 2021. An intermediary is generally protected if it exercises due diligence and acts on valid notices/court orders within the timelines in those Rules. Individual lawsuits against the platform rarely succeed, but a registered FIR and lawful notices can compel disclosure of the fraudster's data.

The CCRN provides guidance on FIR drafting, evidence preservation, police escalation, consumer-forum filing, and RTI applications to track investigation status. Volunteers help coordinate with I4C, State Nodal Officers, and local Cyber Cells. See the hub at https://righttoinformation.wiki/citizen-crisis-response-network.

Login to https://cybercrime.gov.in → “Track your Complaint” → enter your acknowledgment number. If there is no movement for an extended period, escalate to your State Nodal Officer through the portal's contact section.

Yes. You can approach the jurisdictional Magistrate directly with a private complaint under the Bharatiya Nagarik Suraksha Sanhita 2023 (the Magistrate examines the complainant under section 223 before taking cognizance) and request a direction to the police to investigate. The Citizen Crisis Response Network can provide sample private-complaint drafts.

I4C can activate international cooperation channels (including Interpol where appropriate). Extradition from non-cooperating countries is difficult, but the domestic accomplice (for example, a mule-account holder) can still be prosecuted, and victim restitution may be sought from any seized assets.

• RTI Assistant (RTI Drafter) — Auto-generate RTI applications to track FIR investigation status or police inaction: https://righttoinformation.wiki/tools/rti-assistant
• PIO Reply Checker — Validate replies to your RTI queries under the RTI Act 2005 timelines: https://righttoinformation.wiki/tools/pio-reply-checker
• Citizen Crisis Response Network Hub — Protocols, contact routes, volunteer network: https://righttoinformation.wiki/citizen-crisis-response-network
• RTI Act 2005 Complete Guide — Statutory framework, Supreme Court precedents, sample applications: https://righttoinformation.wiki/rti-act-2005-complete-guide
• National Cybercrime Reporting Portal — File and track cybercrime / online job fraud complaints: https://cybercrime.gov.in
• RBI Complaint Management System — Banking ombudsman complaints: https://cms.rbi.org.in

Fake LinkedIn recruiter scams prey on job-seekers' urgency, but they leave prosecutable digital trails if victims act quickly. The statutory architecture—the Bharatiya Nyaya Sanhita 2023 cheating and forgery sections, the BNSS 2023 FIR-registration duty, Information Technology Act 2000 section 66D, the RBI customer-protection framework, and NCRP inter-state coordination—creates several pressure points for recovery and prosecution. Speed, documentation, and escalation discipline determine outcomes. The Citizen Crisis Response Network exists to close the information gap that fraudsters rely upon: when citizens know the law, invoke it precisely, and refuse bureaucratic inertia, their chances improve. Screenshot now, report immediately, demand your FIR copy, escalate delays, and act before the fraudster's trail goes cold.