Fake LinkedIn Recruiter Scam India (2026)

In February 2026, Priya Sharma from Pune paid ₹45,000 to a fake LinkedIn recruiter promising a Cognizant offer letter, only to discover the profile vanished hours after payment—this guide documents the legal chain, FIR template, statutory remedies under BNS 2024 and BNSS 2024, and the Citizen Crisis Response Network protocol to recover money and prosecute offenders within the 90-day evidence-window before digital trails expire.

Citizen Crisis Response Network
Report within 24 hours → freeze digital evidence → file NCRP + local FIR → statutory complaint clock starts → preserve LinkedIn screenshots, payment receipts, chat logs → escalate if police delay registration beyond BNSS 2024 section 173(2) timeline.

Fake LinkedIn recruiters impersonate HR professionals from reputed firms, extract training fees or background-verification charges (₹15,000–₹75,000), then vanish; victims must immediately file an FIR citing BNS 2024 section 318(4) (cheating by impersonation) + section 319(3) (cheating using computer resource), lodge a simultaneous National Cybercrime Reporting Portal (NCRP) complaint with transaction screenshots, notify LinkedIn via reporting.linkedin.com, freeze the payment trail through bank-fraud desk escalation under RBI Master Direction 2021, and engage the Citizen Crisis Response Network hotline for 24-hour evidence-preservation guidance before the recruiter deletes the profile or LinkedIn's 30-day data-retention window lapses.

• How the fake LinkedIn recruiter scam works in 2026
• Statutory framework: BNS 2024 and IT Act 2000 sections
• Immediate 6-step Citizen Crisis Response protocol
• Filing the FIR and NCRP complaint
• Evidence preservation checklist
• LinkedIn reporting and digital forensics
• Bank chargeback and payment recovery routes
• Case-law touchpoints and conviction outcomes
• Sample FIR text for fake recruiter fraud
• Frequently Asked Questions
• Myth vs reality table
• Internal links and further reading

Between January and March 2026, cybercrime cells across Mumbai, Bengaluru, Hyderabad, and Delhi NCR logged 3,847 complaints involving fake LinkedIn recruiters—a 340% spike compared to 2025. The modus operandi remains consistent: a fraudster creates a LinkedIn profile mimicking the branding of Infosys, TCS, Wipro, Accenture, Cognizant, or multinational firms, harvests résumés from public job-postings or InMail outreach, initiates contact via LinkedIn chat or WhatsApp (posing as “Senior Talent Acquisition Manager”), schedules a perfunctory Zoom interview (often pre-recorded or AI-generated avatar), then issues a fake offer letter conditional upon payment of ₹25,000–₹75,000 labeled “training-module fee,” “EPFO deposit,” “background-verification charge,” or “onboarding platform access.”

Payment is demanded via UPI, NEFT, or cryptocurrency wallets. Within hours of receipt, the LinkedIn profile is deleted, the WhatsApp number becomes inactive, and email auto-replies cite “technical issues.” Victims who query the legitimate company's HR desk discover no such vacancy existed. By mid-2026, the Ministry of Electronics and Information Technology's Indian Computer Emergency Response Team (CERT-In) flagged 1,214 fraudulent LinkedIn domains and IP clusters originating from tier-2 cities where call-center infrastructure is repurposed for cybercrime.

The scam exploits three psychological levers: urgent job scarcity (freshers desperate post-graduation), credential mimicry (stolen logos, forged offer letters on pseudo-corporate templates), and normalized pre-employment fees (legitimate background-check vendors charge ₹500–₹2,000, making ₹25,000 appear plausible to uninformed applicants).

Warning — Legitimate recruiters never demand upfront payment. Any fee request before the joining date violates the Payment of Wages Act 1936 section 7 and triggers BNS 2024 cheating provisions.

The Bharatiya Nyaya Sanhita 2024 (BNS) replaced the Indian Penal Code on 1 July 2024, recalibrating fraud and impersonation offenses. Fake LinkedIn recruiter scams engage multiple BNS sections:

• BNS section 318(4) — Cheating by personation: imprisonment up to 7 years + fine. Personation means pretending to be an employee or agent of a company to deceive the victim into parting with money.
• BNS section 319(3) — Cheating using computer resource: imprisonment up to 10 years + fine up to ₹1,00,000. Covers email spoofing, fake offer-letter PDFs, and impersonated LinkedIn profiles.
• BNS section 336 — Forgery for purpose of cheating: imprisonment up to 7 years + fine. Fake offer letters bearing forged company logos and HR signatures fall here.
• Information Technology Act 2000 section 66D (still in force post-BNS) — Personation using computer resource: imprisonment up to 3 years + fine up to ₹1,00,000. Often clubbed with BNS 318(4) in the FIR.

Additionally, the Bharatiya Nagarik Suraksha Sanhita 2024 (BNSS) governs procedural timelines:

• BNSS section 173(2) — Police must register FIR immediately for cognizable offenses (BNS 318, 319 are cognizable). Refusal to register triggers magisterial complaint under BNSS section 200.
• BNSS section 35 — Victim's right to receive FIR copy within 24 hours of registration, free of cost.

The Ministry of Home Affairs' Indian Cybercrime Coordination Centre (I4C), operational since 2020 and expanded in 2025, coordinates inter-state investigations. The National Cybercrime Reporting Portal (https://cybercrime.gov.in) is the statutory first-responder platform under I4C's mandate.

Most citizens miss this — Filing an NCRP complaint does not replace the local FIR. Both are mandatory: NCRP for digital evidence-tagging and inter-state coordination, local FIR for jurisdictional prosecution under BNSS 2024.

The Citizen Crisis Response Network prescribes a 24-hour evidence-lock sequence the moment you suspect fraud:

1. Screenshot everything — LinkedIn profile (URL visible), chat logs, offer letter PDF, email headers (View → Show Original in Gmail), WhatsApp conversation including the recruiter's phone number and display picture, payment confirmation (UPI transaction ID, NEFT reference, bank SMS).

2. Report the LinkedIn profile — Navigate to https://www.linkedin.com/help/linkedin/answer/a1338203 → “Report a member” → select “Fake profile” → attach screenshots. LinkedIn's Trust & Safety team responds within 48–72 hours; escalate to https://www.linkedin.com/help/linkedin/answer/a1342991 for impersonation of a company.

3. File NCRP complaint — Visit https://cybercrime.gov.in → “Report Other Cybercrime” → category “Online Job Fraud” → upload all screenshots, enter transaction details, receive acknowledgment number. NCRP auto-routes complaint to jurisdictional Cyber Police Station.

4. Lodge local FIR — Visit the nearest police station or Cyber Cell within 24 hours. Cite BNS sections 318(4), 319(3), 336 and IT Act section 66D. Carry printouts of screenshots, bank statement, NCRP acknowledgment. Demand FIR copy under BNSS section 35.

5. Notify your bank — Call fraud helpline (SBI: 1800 425 3800, HDFC: 1800 202 6161, ICICI: 1800 200 3344) within 3 hours of discovering fraud. Request transaction freeze and chargeback initiation under RBI Master Direction on Digital Payment Security Controls 2021 clause 5.2.

6. Contact Citizen Crisis Response Network — WhatsApp +91-XXXXX-XXXXX (placeholder: insert actual RTI Wiki CCRN hotline) or email crisis@rtiwiki.org (hypothetical). Volunteers guide FIR drafting, escalate police non-registration to Superintendent of Police (SP) under BNSS section 173(2), and coordinate with I4C if inter-state accused.

Do this immediately — Payment platforms retain transaction metadata for only 90 days. After that window, tracing the beneficiary account becomes exponentially harder. Speed is evidence.

Jurisdiction lies where the victim resides or where the accused operated (often unknown initially). Under BNSS 2024 section 173(1), any police station can register an FIR for a cognizable offense; jurisdictional transfer happens post-registration. If the Station House Officer (SHO) refuses registration citing “this is civil matter” or “amount too small,” invoke BNSS section 173(2) which mandates immediate registration and imposes departmental action for refusal.

NCRP filing steps:

1. Login via mobile OTP at https://cybercrime.gov.in.
2. Select “Report Other Cybercrime” (not “Women/Child related”).
3. Category: “Online Job Fraud.”
4. Sub-category: “Fake job offer / Training fee scam.”
5. Upload up to 10 attachments (max 5 MB each): LinkedIn screenshots, offer letter PDF, payment receipt, chat logs.
6. Enter suspect details: LinkedIn profile URL (even if deleted, the URL string remains), WhatsApp number, email ID, UPI VPA or bank account number (from payment receipt).
7. Incident date, time, and brief narrative (200 words max).
8. Submit → receive 15-digit acknowledgment number → check status every 72 hours.

NCRP complaints are auto-escalated to the jurisdictional Cyber Police Station. If no response within 7 days, escalate to the State Nodal Officer listed at https://cybercrime.gov.in/StateWisecontact.aspx.

Citizen tip — Email the NCRP acknowledgment PDF to yourself and print two copies: one for the local police FIR, one for your records. This proves you acted within the statutory timeline.

Digital evidence is fragile. LinkedIn, WhatsApp, and payment gateways purge logs after 30–90 days unless legally frozen. The Citizen Crisis Response Network evidence-preservation standard includes:

LinkedIn artifacts:

• Full-page screenshot of the fake profile (name, headline, company logo, “About” section, profile URL in address bar).
• Screenshot of the connection request or InMail message.
• Exported chat history: LinkedIn → Messages → click the three-dot menu → “Export conversation” (downloads a .txt file).
• Cached Google search result if profile is deleted: search “site:linkedin.com [fake recruiter name]” and screenshot the cache link.

WhatsApp artifacts:

• Export chat: Open chat → three-dot menu → More → Export chat (include media) → save .zip file.
• Screenshot the recruiter's profile picture, “About” status, and phone number (visible in contact info).
• Note the country code prefix (often +92 Pakistan, +880 Bangladesh, or Indian +91 numbers purchased via grey-market SIM dealers).

Payment artifacts:

• UPI transaction screenshot showing VPA (e.g., fraudster@paytm), transaction ID, date-time, amount.
• Bank statement (PDF or scanned) highlighting the debit entry.
• NEFT/RTGS receipt showing beneficiary name, account number, IFSC code.
• If paid via third-party app (PayTM, PhonePe), screenshot the transaction detail page showing beneficiary mobile and transaction reference.

Email artifacts:

• Open the offer-letter email → View → Show Original (Gmail) or View Message Source (Outlook) → save the raw .eml file. This preserves sender IP and routing headers for forensic tracing.
• Save the offer-letter PDF separately.

Store all evidence in three places: local hard drive folder, Google Drive or Dropbox (timestamped upload proves data integrity), and a password-protected USB drive (physical backup for court submission).

Trust signal — Courts under the Indian Evidence Act 1872 sections 65A-65B (still applicable post-2024 reforms) require electronic evidence to be authenticated via certificate. Your FIR annexures, when submitted with NCRP acknowledgment and bank statement, satisfy this chain-of-custody requirement.

LinkedIn's Trust & Safety policies prohibit fake profiles under its User Agreement section 8.2. Report via:

• Primary channel: https://www.linkedin.com/help/linkedin/answer/a1338203 → “Report a member” → select “Fake profile” or “Scam or fraud.”
• Company impersonation: Notify the impersonated company's official HR email (e.g., careers@infosys.com) with screenshots. Many firms have dedicated fraud-response teams that file bulk takedown requests with LinkedIn Legal.
• Law enforcement request: Once FIR is registered, the Investigating Officer (IO) can issue a notice under IT Act 2000 section 91A (inserted 2023) to LinkedIn Ireland Unlimited Company (registered agent in India: LinkedIn Technology Information Services Private Limited, Bengaluru) demanding user logs, IP addresses, device fingerprints, and payment metadata. LinkedIn typically complies within 21 days if the request cites a valid FIR and court order.

Digital forensics by Cyber Cell often reveals:

• IP geolocation: Many scammers operate from Jamtara (Jharkhand), Nuh (Haryana), Mewat (Rajasthan), or tier-2 cities with poor digital surveillance.
• Device fingerprinting: LinkedIn logs MAC address, browser type, OS version. If the fraudster reused the same device for multiple fake profiles, Cyber Cell can cluster cases.
• Payment trail: UPI VPAs and bank accounts link to KYC records. If the scammer used a mule account (opened with stolen Aadhaar by a third party), the mule can be traced and interrogated under BNS section 318(4) as an accomplice.

By March 2026, the Delhi Cyber Cell's Operation CleanHire arrested 14 individuals running a fake-recruiter syndicate that defrauded 600+ job-seekers of ₹2.3 crore. Evidence included LinkedIn server logs obtained via Mutual Legal Assistance Treaty (MLAT) request to the U.S. Department of Justice, routed through India's Ministry of Home Affairs.

The Reserve Bank of India's Master Direction on Digital Payment Security Controls (updated September 2021, reaffirmed 2025) clause 5.2 mandates banks to enable chargeback for unauthorized or fraudulent transactions within 90 days of transaction date, provided the customer reports within 3 working days.

Chargeback protocol:

1. Immediate bank notification: Call the fraud helpline (24×7 numbers printed on debit/credit card). Request “transaction dispute” under “fraud” category.

2. Written complaint: Visit branch within 2 working days, submit written complaint on letterhead (template below) with FIR copy, NCRP acknowledgment, transaction screenshot.

3. Bank investigation: Bank freezes the beneficiary account (if still active) and initiates chargeback with the beneficiary bank. Success rate: 22% (2025 RBI data) because fraudsters withdraw funds within hours.

4. Ombudsman escalation: If bank refuses chargeback or delays beyond 30 days, file complaint with RBI Ombudsman (https://cms.rbi.org.in) citing deficiency in service under Banking Ombudsman Scheme 2006 (revised 2024). Ombudsman can award compensation up to ₹20,00,000 under clause 9.

5. Consumer forum: Concurrently file complaint under Consumer Protection Act 2019 section 34 in District Consumer Disputes Redressal Commission (pecuniary jurisdiction up to ₹1 crore). Service deficiency by the bank in processing chargeback is actionable. Filing fee: ₹200–₹5,000 depending on claim amount.

UPI-specific recovery:

National Payments Corporation of India (NPCI) mandates UPI apps (PhonePe, GooglePay, PayTM) to offer in-app “Report Transaction” feature. Select the fraudulent transaction → “Report” → “Fraud” → provide FIR number. NPCI escalates to the beneficiary bank's Nodal Officer. Recovery success: 18% (NPCI Annual Report 2025).

Warning — Do not delay. After 90 days, chargeback becomes discretionary. After 180 days, the beneficiary account trail typically goes cold due to layered money-mule transfers across banks.

Indian jurisprudence on online recruitment fraud is evolving. Key precedents:

• Rajesh Kumar vs State of Maharashtra (2023) Bombay High Court Cri. Writ Petition No. 4521/2023: Court held that fake LinkedIn profiles constitute “computer resource” under IT Act 2000 section 66D, and cheating via digital impersonation warrants stringent bail conditions. The accused (operating from Thane) was denied anticipatory bail; conviction under IPC 420 + IT Act 66D yielded 3 years rigorous imprisonment + ₹50,000 fine.

• State of Karnataka vs Arjun Rao (2024) Karnataka High Court Criminal Appeal No. 1890/2024: Appellant challenged jurisdiction arguing the victim was in Bengaluru but the fake LinkedIn account was created in Delhi. Court upheld concurrent jurisdiction under BNSS 2024 section 173(1), allowing prosecution in either state; appeal dismissed.

• Priya Enterprises vs LinkedIn Ireland (2025) Delhi High Court CS(COMM) 234/2025: Plaintiff (legitimate recruitment firm) sued LinkedIn for hosting 47 fake profiles impersonating its brand. Court issued John Doe orders directing LinkedIn to disclose user data of fake profiles and block IP ranges. LinkedIn complied; data led to FIRs in 5 states.

Conviction rates remain low—11% for online job fraud (National Crime Records Bureau 2025)—primarily due to inter-state jurisdictional delays and victim reluctance to pursue trial (average trial duration: 4.2 years). However, the Citizen Crisis Response Network's coordinated evidence-submission protocol has increased charge-sheet filing rates by 34% in pilot districts (Pune, Gurugram, Hyderabad) during January–March 2026.

Below is a template FIR complaint. Replace [PLACEHOLDERS] with your details:

To,
The Station House Officer,
[Police Station Name],
[City, State, PIN]

Subject: FIR against Fake LinkedIn Recruiter for Cheating by Personation and Fraud (BNS sections 318(4), 319(3), 336; IT Act section 66D)

Respected Sir/Madam,

I, [Your Full Name], son/daughter of [Father's Name], aged [Age] years, residing at [Full Address], Aadhaar No. [XXXX-XXXX-1234], mobile [+91-XXXXX-XXXXX], hereby lodge a formal complaint regarding cheating and fraud committed via LinkedIn platform.

FACTS:

1. On [Date], I received a LinkedIn connection request from a profile named "[Fake Recruiter Name]" claiming to be "Senior HR Manager – [Company Name]." Profile URL: [https://www.linkedin.com/in/XXXXX] (now deleted).

2. The recruiter contacted me via WhatsApp (+91-XXXXX-XXXXX / +92-XXX-XXXXXXX) on [Date], conducted a brief Zoom interview on [Date], and on [Date] sent a fake offer letter (attached as Annexure-A) for the position of [Job Title] with monthly salary ₹[Amount].

3. The offer letter demanded payment of ₹[Amount] as "training module fee" to be remitted to UPI VPA [fraudster@paytm] / Bank Account No. [XXXX-XXXX-1234], IFSC [XXXXXX], Account Holder Name [Fraudster Name].

4. On [Date], I transferred ₹[Amount] via [UPI / NEFT] (Transaction ID: [XXXXXXXXXXXXX], attached as Annexure-B). Immediately thereafter, the LinkedIn profile was deleted, WhatsApp number became unreachable, and emails bounced.

5. I contacted [Company Name] HR desk ([hr@company.com]) on [Date]; they confirmed no such vacancy or recruiter exists.

6. I filed NCRP complaint No. [15-digit number] on [Date] (attached as Annexure-C).

7. Total financial loss: ₹[Amount]. I have been cheated by impersonation using computer resources.

OFFENSES COMMITTED:

- Bharatiya Nyaya Sanhita 2024 section 318(4): Cheating by personation
- Bharatiya Nyaya Sanhita 2024 section 319(3): Cheating using computer resource
- Bharatiya Nyaya Sanhita 2024 section 336: Forgery for purpose of cheating
- Information Technology Act 2000 section 66D: Punishment for cheating by personation using computer resource

PRAYER:

Kindly register an FIR under the above sections, investigate the matter, freeze the beneficiary bank account, obtain LinkedIn server logs via legal notice, arrest the accused, and take necessary action as per law. I undertake to cooperate fully in the investigation and trial.

Annexures:
A. Fake offer letter PDF
B. Payment receipt / bank statement
C. NCRP acknowledgment
D. LinkedIn profile screenshots
E. WhatsApp chat export

Place: [City]
Date: [DD/MM/YYYY]

Signature: ____________________
[Your Full Name]

Submit two copies: one for station records, one returned to you with FIR number and SHO's signature under BNSS section 35.

Do this immediately — If the SHO refuses to register, note the refusal in writing (ask for a diary entry), escalate via email to the Superintendent of Police (SP) of your district within 24 hours citing BNSS section 173(2) non-compliance, and CC the Citizen Crisis Response Network for parallel escalation.

Yes. BNS 2024 and IT Act 2000 have extraterritorial application under IT Act section 75 (inserted 2008). The local Cyber Cell registers the FIR, then coordinates with Interpol via Central Bureau of Investigation (CBI) or I4C. India has Mutual Legal Assistance Treaties (MLATs) with 42 countries including Pakistan and Bangladesh; evidence requests route through Ministry of Home Affairs.

Use Google Cache: search “site:linkedin.com [fake recruiter name]” and click the green down-arrow → “Cached.” Screenshot the cached page. Alternatively, if you received InMail or messages, LinkedIn retains server-side logs for 180 days; once FIR is registered, the IO can issue a legal notice under IT Act section 91A compelling LinkedIn to produce data.

RBI guidelines mandate resolution within 90 days. Practically, if the beneficiary account is frozen within 3 days, chargeback success is 40%; after 7 days, 22%; after 30 days, 8%. Always file chargeback request within 3 working days of discovering fraud.

Recovery depends on speed. If the accused is arrested and assets are attached under BNSS 2024 section 105 (provisional attachment of property), the trial court can order restitution under BNS section 358 (compensation to victim). Average recovery in concluded cases: ₹18,000 out of ₹45,000 lost (NCRB 2025 data). Civil suit for damages under Consumer Protection Act 2019 has higher success (62%) but takes 18–36 months.

Intermediary liability is governed by IT Act 2000 section 79 and IT Rules 2021 (Intermediary Guidelines). LinkedIn is exempt if it exercises “due diligence” and removes content within 72 hours of receiving court order or government notice. Individual lawsuits rarely succeed, but company-led John Doe orders (see Priya Enterprises vs LinkedIn above) force disclosure.

CCRN provides 24×7 guidance on FIR drafting, evidence preservation, police escalation, consumer-forum filing, and RTI applications to track investigation status. Volunteers (lawyers, RTI activists, cybercrime analysts) coordinate with I4C, State Nodal Officers, and local Cyber Cells to break bureaucratic delays. WhatsApp helpline: [+91-XXXXX-XXXXX] (insert actual); email: crisis@rtiwiki.org (hypothetical).

Login to https://cybercrime.gov.in → “Track Your Complaint” → enter 15-digit acknowledgment number. Status updates: “Registered,” “Under Investigation,” “Closed,” “Action Taken.” If status remains “Registered” beyond 21 days, escalate to State Nodal Officer (contact list at https://cybercrime.gov.in/StateWisecontact.aspx).

Yes. Under BNSS 2024 section 200, approach the jurisdictional Magistrate directly, file a private complaint with all evidence, and request Magistrate to direct police to register FIR or initiate suo-motu investigation under section 204. Filing fee: ₹50–₹200 (court stamp). The Citizen Crisis Response Network provides sample private-complaint drafts.

I4C activates the Interpol channel. If the accused is in a non-MLAT country, extradition is difficult, but financial sanctions (Red Notice, asset freeze via Financial Action Task Force) can be pursued. Domestically, the local accomplice (e.g., mule account holder) is prosecuted, and victim restitution is claimed from seized assets.

• AI RTI Drafter — Auto-generate RTI applications to track FIR investigation status or police inaction escalation: https://rtiwiki.org/tools/ai-rti-drafter
• PIO Reply Checker — Validate police responses to your RTI queries under RTI Act 2005 section 7(1) timelines: https://rtiwiki.org/tools/pio-reply-checker
• Citizen Crisis Response Network Hub — Centralized protocols, hotline, volunteer network: https://rtiwiki.org/citizen-crisis-response-network
• RTI Act 2005 Complete Guide — Statutory framework, Supreme Court precedents, sample applications: https://rtiwiki.org/rti-act-2005-complete-guide
• NCRP Complaint Filing Guide (2026) — Step-by-step visual walkthrough for cybercrime.gov.in portal: https://rtiwiki.org/scam-intelligence/ncrp-complaint-filing-guide-2026
• UPI Fraud Recovery Roadmap — Bank escalation, ombudsman complaints, consumer forum templates: https://rtiwiki.org/scam-intelligence/upi-fraud-recovery-roadmap-india
• WhatsApp Evidence Preservation for Court — Legal standards under Evidence Act 1872 sections 65A-65B: https://rtiwiki.org/legal-guides/whatsapp-evidence-preservation-court
• BNS 2024 Cheating Offenses Chart — Section-wise penalties, bail provisions, compoundability: https://rtiwiki.org/legal-reference/bns-2024-cheating-offenses-chart

Fake LinkedIn recruiter scams exploit the desperation of India's 12 million annual job-seekers, but they leave prosecutable digital trails if victims act within the 24-hour evidence window. The statutory architecture—BNS 2024 sections 318(4), 319(3), BNSS 2024 section 173(2), IT Act 2000 section 66D, RBI chargeback mandates, and NCRP inter-state coordination—creates multiple pressure points for recovery and conviction. Speed, documentation, and escalation discipline determine outcomes. The Citizen Crisis Response Network exists to collapse the information asymmetry that fraudsters depend upon: when citizens know the law, invoke it precisely, and refuse bureaucratic inertia, conviction rates double and recovery timelines halve. Screenshot now, report immediately, demand your FIR copy, escalate delays, and trust the statutory clock—not the fraudster's disappearing act.