Differences

This shows you the differences between two versions of the page.

@@ Line 1: / Line 1: @@
+{{htmlmetatags>metatag-keywords=(how to file cybercrime complaint,cybercrime 2026,cybercrime.gov.in,1930 helpline,UPI fraud refund,OTP fraud SBI,KYC fraud call,IT Act 66C 66D,BNSS 2023 section 173,BNS 2023 section 318,deepfake complaint India,phishing complaint,National Cybercrime Reporting Portal,RBI limited liability circular 2017,DPDP Act 2023 data breach)&metatag-description=(Step-by-step 2026 guide to filing a cybercrime complaint in India — UPI fraud, OTP / KYC fraud, deepfake, identity theft, online harassment. cybercrime.gov.in + 1930 helpline + state cyber cell. Includes RTI route when police refuse to register an FIR.)}}
+====== How to file a cybercrime complaint — complete 2026 guide ======
+{{ :social:auto:file-cybercrime-complaint-2026.png?direct&1200 |How to file cybercrime complaint 2026 — RTI Wiki citizen guide}}
+{{page>snippets:dpdp-banner}}
+<WRAP info>
+**Quick answer.** If you've been hit by **UPI fraud, OTP fraud, KYC fraud, identity theft, deepfake, online harassment, cyberstalking, phishing, or financial fraud**, do two things in this order. **(1) Within the first hour**, call **1930** (National Cyber Crime Helpline, 24x7) for **financial fraud** — operators flag the transaction with the receiving bank under the **RBI's Limited Liability Circular 2017** giving you the best chance of fund-freezing. **(2) Within 24 hours**, file a written complaint at **cybercrime.gov.in** (National Cyber Crime Reporting Portal) with screenshots, transaction IDs and any communication trail. Most cybercrimes today are registered under **§66, §66C, §66D of the IT Act 2000** read with **§318 (cheating) and §319 (forgery) of BNS 2023**, FIR under **§173 BNSS 2023**. State Cyber Crime Police Stations handle the local investigation.
+</WRAP>
+===== Suresh's story — "₹84,000 of ₹1.32 lakh recovered, in 3 months" =====
+<WRAP center round box 80%>
+//Suresh Verma, 56, retired Bank of Baroda branch manager from Aliganj, Lucknow. Lifelong banker; thought he could never be conned. March 2025.//
+> "Caller ID showed 'SBI Customer Care'. Voice was professional, accent was Hindi-English. Said my Yono SBI access was about to be blocked due to incomplete e-KYC and the link he was about to send had to be opened in 5 minutes. He asked me to read out the OTP for 're-activation'. Two OTPs in 90 seconds — by the time I realised something was wrong, ₹1,32,000 had moved out of my SB account in three transactions of ₹49,000 + ₹49,000 + ₹34,000. I called **1930 in 40 minutes**. The agent took the transaction IDs, conferenced in the SBI fraud desk, and within 90 minutes the receiving bank (a private bank in Jamtara, Jharkhand) had **frozen ₹84,000** that hadn't been swept further. I filed at **cybercrime.gov.in** the same evening with 7 screenshots — call log, SMS, transaction confirmations from SBI, the WhatsApp link the fraudster sent. Acknowledgement number generated. The complaint was forwarded to the Lucknow Cyber Crime Police Station; **FIR registered in 12 days under IT Act §66D + BNS §318 + §319**. The frozen ₹84,000 was credited back to my account in 3 months after a magistrate's release order. The remaining ₹48,000 — already withdrawn from a kirana-shop ATM in Deoghar — was written off as unrecoverable. **Lesson: those 40 minutes saved me 84 thousand rupees. The bank's own CRM ticket would have taken 30 days to even open.**"
+—Suresh, August 2025
+</WRAP>
+The **Indian Cyber Crime Coordination Centre (I4C) Annual Report 2024-25** records over **22.5 lakh complaints** on cybercrime.gov.in in FY 2024-25 alone — about **6,200 a day**. Financial frauds account for ~78%. Among financial frauds reported within the first hour through 1930, the **average recovery rate is around 12-15%** of the lost amount; reported after 24 hours, it drops to under **3%**. Speed is everything.
+===== What this is — and which forum to use =====
+A cybercrime complaint is a complaint about a crime committed using the internet, mobile phones, or any digital device — financial fraud, sexual harassment online, child sexual abuse material, identity theft, hacking, defamation, blackmail, deepfake morphing, ransomware. The legal anchors are:
+  * **Information Technology Act, 2000** — §43 (data damage), §66 (fraud / hacking), **§66C (identity theft)**, **§66D (cheating by personation using computer resource)**, §66E (privacy violation), §67 (obscene content), §72 (breach of confidentiality).
+  * **Bharatiya Nyaya Sanhita (BNS), 2023** — §318 (cheating), §319 (forgery), §351 (criminal intimidation), §356 (defamation), §75 (sexual harassment), §77 (voyeurism). (Replaces the IPC since 1 July 2024.)
+  * **Bharatiya Nagarik Suraksha Sanhita (BNSS), 2023** — **§173 (registration of FIR)**, §175 (Magistrate's order to register FIR if police refuse), §176 (investigation). (Replaces CrPC.)
+  * **Digital Personal Data Protection Act, 2023 (DPDP)** — for personal data breaches by Data Fiduciaries; Data Protection Board complaints.
+  * **RBI Master Direction on Limited Liability of Customers in Unauthorised Electronic Banking Transactions, 2017** — defines your liability cap if reported in time (zero liability if reported within 3 working days for low-value SB accounts).
+The forums to use, in order of speed:
+  * **1930** — National Cyber Crime Helpline. Toll-free, 24x7. **Single most important number for financial fraud**, because it triggers the bank-side freeze in real time.
+  * **cybercrime.gov.in** — National Cyber Crime Reporting Portal (NCRP). For all categories: financial, women/child, other.
+  * **State Cyber Crime Police Station** — physical/online registration of FIR; investigation and chargesheeting. Mumbai Police Cyber, Delhi Cyber Cell, Bengaluru CCB Cyber, Hyderabad Cyber Crimes PS, Chennai Cyber Crime Cell, Kolkata Cyber, Lucknow Cyber, Pune Cyber, etc.
+  * **Your bank's fraud desk** — for financial cybercrimes; mandatory under RBI 2017 Circular.
+  * **CERT-In (cert-in.org.in)** — for major incidents (data breach, ransomware on a business).
+  * **Data Protection Board of India** — for DPDP Act 2023 personal data breaches.
+===== Step-by-step process =====
+==== Step 1 — In the first 60 minutes ====
+If money has left your account or card:
+  * **Call 1930.** Keep the call active; the operator will take your transaction IDs and reference numbers, and conference your bank in.
+  * **Call your bank's fraud number** in parallel — block your card / Net Banking / UPI handle. (SBI 1800-11-2211; HDFC 1800-258-6161; ICICI 1800-1080; Axis 1800-103-5577; Yes Bank 1800-1200; Bank of Baroda 1800-5700; PNB 1800-180-2222.)
+  * If UPI: open the app → "Help" → "Report a fraud" → cite UTR.
+  * **Do not** click any further links sent by the same caller; **do not** install AnyDesk / TeamViewer / QuickSupport on your phone; **disconnect** the call.
+==== Step 2 — Preserve evidence ====
+  * Take **screenshots** of: SMS, WhatsApp messages, the fraudster's call log entry, transaction confirmations, the bank's debit alert, the website / app the fraudster used.
+  * **Do not delete** anything from your phone or email.
+  * If the fraud was via a phishing link, **save the link as a screenshot** (don't visit again).
+  * For deepfake / morphed images: save the original file with EXIF intact.
+  * For online harassment / stalking: screenshot the profile, the messages, and the URL.
+==== Step 3 — File at cybercrime.gov.in ====
+  * Visit **cybercrime.gov.in**.
+  * Pick the right category:
+    * **Report Other Cyber Crime** — hacking, deepfake, identity theft, harassment (non-women/child), online fraud (non-financial).
+    * **Report Women / Child Related Crime** — separate, anonymous-friendly track for cyberstalking, sextortion, CSAM, morphed images.
+    * **Report Financial Fraud** — UPI, internet banking, card, wallet fraud (this is also where 1930 calls feed into).
+  * Login with **mobile number + OTP** (Aadhaar optional but speeds things up).
+  * Fill the complaint form:
+    * Incident date, time, place.
+    * Suspect details: phone numbers, UPI handle (e.g., name@oksbi), email, website URL, social media handle, IFSC + account number if known.
+    * **Modus operandi** — narrate in plain language (e.g., "fraudster posed as SBI agent, asked for OTP citing KYC update").
+    * Upload **all evidence files** (PDF / JPG / PNG, ≤ 5 MB each, up to 10 files).
+  * Submit → **Acknowledgement Number** generated (format: e.g., 38000260000123).
+  * Track on **"Track Your Complaint"** with the acknowledgement number + mobile.
+==== Step 4 — Get an FIR registered ====
+For serious cybercrimes, the cybercrime.gov.in complaint is forwarded to the **jurisdictional Cyber Crime Police Station**. They may convert it to an **FIR under §173 BNSS 2023** if there's a cognizable offence — which most cybercrimes are.
+If the police refuse to register an FIR:
+  * Approach the **SP / DCP / Commissioner** with a written representation under **§173(4) BNSS** (the equivalent of old §154(3) CrPC).
+  * If still refused, approach the **Judicial Magistrate** under **§175 BNSS 2023** with a private complaint — Magistrate can direct registration of FIR.
+  * In parallel, file **RTI** to the SHO of the Cyber Crime PS asking why FIR was not registered. See [[:rti-for-fir-not-registered|RTI for FIR not registered — copy-ready template]].
+==== Step 5 — Notify your bank in writing ====
+For financial fraud, send a **written complaint to your bank** within **3 working days** of the unauthorised transaction. This triggers the **RBI 2017 Limited Liability** protection:
+  * Reported in 3 working days → **Zero customer liability** (if not customer's fault).
+  * Reported in 4-7 working days → Limited liability (₹5,000 to ₹25,000 depending on account type).
+  * Reported in >7 working days → As per bank's board-approved policy (often 100% loss to customer).
+==== Step 6 — Track + follow up ====
+  * Cybercrime.gov.in shows status: "Submitted → Forwarded → Under Investigation → Closed".
+  * If "Closed" without resolution, request **reopening** via the portal (limited 30-day window).
+  * Visit the cyber PS in person if needed; carry your acknowledgement number printout, ID proof, and original evidence.
+==== Step 7 — Insurance + tax-loss claim ====
+If you had **cyber-insurance** (HDFC ERGO / Bajaj Allianz cyber-fraud cover, or built-in cover on premium credit cards), file a claim within 30 days with the FIR copy + cybercrime.gov.in acknowledgement + bank statement.
+For **business losses** from cybercrime, the loss may be tax-deductible under §37(1) of the Income Tax Act if treated as a business loss; consult a CA.
+==== Step 8 — Special routes for special crimes ====
+  * **Child sexual abuse material (CSAM)** — report to **NCMEC CyberTipline** (cybertipline.org) and **POCSO e-Box** at **ncpcr.gov.in/POCSO**.
+  * **Sextortion / morphed images of women** — additionally on **shebox.nic.in** and to your local Women's Helpline **181**.
+  * **Bulk SMS / fake-call spam** — DOT's **Sanchar Saathi** at **sancharsaathi.gov.in** (also for blocking lost mobiles via CEIR).
+  * **Data breach by a Data Fiduciary** (e.g., your data leaked by an app/company) — file with the **Data Protection Board of India** under DPDP Act 2023.
+===== Sample portal forms + helplines + section table =====
+<code>
++-------------------------------------------------------------------------+
+| INDIAN CYBERCRIME — KEY ACCESS POINTS (2026)                             |
++-------------------------------------------------------------------------+
+| 1930        | National Cyber Crime Helpline — 24x7. Financial frauds.   |
+|             | CALL WITHIN 1 HOUR for best fund-freezing chance.         |
++-------------+-----------------------------------------------------------+
+| 1098        | CHILDLINE — for child-related cyber abuse.                |
++-------------+-----------------------------------------------------------+
+| 181         | Women's Helpline — for online harassment / stalking.      |
++-------------+-----------------------------------------------------------+
+| 1915        | National Consumer Helpline — for e-commerce fraud         |
+|             | (non-criminal disputes — refund / wrong delivery).        |
++-------------+-----------------------------------------------------------+
+| cybercrime.gov.in | National Cyber Crime Reporting Portal             |
++-------------+-----------------------------------------------------------+
+| cert-in.org.in    | Major incidents — for businesses / sysadmins.     |
++-------------+-----------------------------------------------------------+
+| sancharsaathi.gov.in | Spam SMS / fake calls / lost mobile blocking.  |
++-------------+-----------------------------------------------------------+
+| shebox.nic.in     | Online sexual harassment / workplace cyber abuse. |
++-------------+-----------------------------------------------------------+
+| pgportal.gov.in   | CPGRAMS — for portal / police service grievance.  |
++-------------+-----------------------------------------------------------+
+KEY SECTIONS APPLIED IN MOST CYBERCRIME FIRs:
+  IT Act 2000:
+    §43         Data damage / unauthorised access (civil + criminal)
+    §66         Hacking / fraud (3 yrs / Rs.5L)
+    §66C        Identity theft — punishable up to 3 yrs + Rs.1 lakh
+    §66D        Cheating by personation using computer (3 yrs + Rs.1L)
+    §66E        Privacy violation — 3 yrs + Rs.2L
+    §67         Obscene content transmission (3 yrs + Rs.5L 1st; 5+10L 2nd)
+    §72         Breach of confidentiality
+  BNS 2023:
+    §318        Cheating (up to 7 years)
+    §319        Cheating by personation
+    §336        Forgery
+    §351        Criminal intimidation
+    §75-§77     Sexual harassment / stalking / voyeurism
+  BNSS 2023:
+    §173        FIR for cognizable offence (registration)
+    §175        Magistrate's power to direct FIR
+    §176        Investigation procedure
+REQUIRED EVIDENCE TO UPLOAD ON cybercrime.gov.in:
+   * Bank SMS + statement showing unauthorised debit
+   * Transaction reference (UTR / RRN / IMPS ref no.)
+   * Suspect's phone / UPI handle / email / URL screenshots
+   * Call recording (if any)
+   * Chat / WhatsApp / SMS screenshots (full thread, with timestamps)
+   * Government ID — Aadhaar / PAN / Passport / Driving License
+   * Filled cybercrime.gov.in complaint form (auto-PDF)
+RTI to PIO Cyber Crime PS:        Rs.10 by IPO. BPL = free.
+RTI to PIO MeitY / I4C:           Rs.10 by IPO. meity.gov.in.
+</code>
+===== Common reasons your cybercrime complaint stalls =====
+  * **Delayed reporting** — by the time the complaint reaches the cyber PS, the money has already been laundered through 4-5 mule accounts and withdrawn at a far-off ATM. **Speed is the single biggest factor.**
+  * **Insufficient evidence** — failed to screenshot, deleted the SMS, didn't note transaction IDs. Reconstruct what you can from your bank statement and email/SMS history.
+  * **Suspect untraceable** — fraudsters use mule accounts in Jamtara (Jharkhand), Mewat (Haryana), Bharatpur (Rajasthan), Phulwari (Bihar) clusters; SIM cards on fake KYC; VPNs and foreign IPs. Investigation often hits a dead end.
+  * **Funds already withdrawn / dispersed** beyond the freezing window — there's no money left in the receiving account when the bank gets the freeze request.
+  * **Cyber Crime PS is over-burdened** — small staffing vs. exploding case volume. Follow up persistently; escalate to SP / DCP if no progress in 30 days.
+  * **Police refuse to register FIR** despite a cognizable cybercrime — common practice. Use **§175 BNSS 2023** Magistrate route + RTI for written reason.
+  * **Cross-border element** — fraudster operates from Cambodia / Dubai / Nepal call centres. Mutual Legal Assistance Treaty (MLAT) requests are slow.
+  * **No KYC linkage** — the receiving bank account was opened on fake KYC; even if identified, the operator was a paid mule.
+  * **Low-value loss** — cyber PS may "advise" you to forget it. Don't — even small complaints add to the I4C database that helps build cases against fraud rings.
+===== If unresolved — escalation ladder =====
+==== Rung 1 — SHO Cyber Crime Police Station ====
+Visit in person; carry acknowledgement + ID + evidence. Ask for the **Investigating Officer (IO)** assigned and his/her direct contact.
+==== Rung 2 — SP Cyber Crime / DCP Cyber / Commissioner ====
+Written representation under §173(4) BNSS / §175 BNSS to the SP-Cyber, with copies of cybercrime.gov.in acknowledgement, the original complaint, and any RTI replies. Ask for either FIR registration, IO change, or investigation progress.
+==== Rung 3 — Magistrate under §175 BNSS 2023 ====
+If FIR is not being registered despite a cognizable offence, file a **private complaint** before the jurisdictional Magistrate seeking direction under **§175 BNSS** (formerly §156(3) CrPC) — the Magistrate can direct the police to register the FIR and report. Counsel optional but useful.
+==== Rung 4 — State Police Complaints Authority + DGP ====
+Each state has a **Police Complaints Authority** under //Prakash Singh// Supreme Court directions — for misconduct / inaction by police. Parallel: a written complaint to the **DGP** of the state.
+==== Rung 5 — CPGRAMS ====
+For portal-related grievances (case marked closed without action, status not updating, harassment by IO): **pgportal.gov.in** → "Ministry of Home Affairs" → "I4C / Cybercrime".
+==== Rung 6 — Right to Information (RTI) ====
+The Cyber Crime Police Station, the I4C, and MeitY are all **public authorities** under §2(h) of the RTI Act 2005.
+**RTI helps here when:**
+  * **Police refuse to register your FIR** — RTI to the SHO asking for written reason and the file noting. Very effective; see the dedicated guide [[:rti-for-fir-not-registered|RTI for FIR not registered]].
+  * Your complaint on cybercrime.gov.in shows "Closed" with no explanation — RTI for the **closure report**.
+  * You want **status of investigation** after 60 days of FIR — RTI to the IO for the case diary status (gist, not full diary, since case-diary content is privileged).
+  * You want to know **how many similar frauds** have been reported with the same suspect mobile / UPI handle — useful when arguing for a serious chargesheet.
+  * You want **MeitY's action against a particular spoof-call cluster** or take-down orders issued under §69A IT Act.
+  * You want **bank's fraud-handling SOPs** that should have triggered earlier (RTI to PIO of public-sector banks).
+**RTI does NOT help here when:**
+  * You want the **money back from the suspect** — RTI cannot adjudicate or recover; only the criminal court / civil court / banking ombudsman can.
+  * You want **information from a private bank / private platform** (HDFC, ICICI, WhatsApp, Truecaller, Paytm) — they are not public authorities. Use the **Banking Ombudsman / NCRP / CERT-In takedown** routes.
+  * You want **case-diary contents** in a pending investigation — protected from disclosure under §8(1)(h) RTI Act + §172 BNSS.
+  * For **civil disputes disguised as cybercrime** (e.g., e-commerce wrong delivery) — use **National Consumer Helpline 1915** instead, see [[:file-consumer-complaint-ncdrc-2026|How to file a consumer complaint at NCDRC]].
+For background on filing a basic RTI, see [[:rti-for-beginners|RTI in 12 simple steps]].
+===== FAQs =====
+**Q. I gave OTP to a caller and lost ₹50,000. Was it my fault?**\\
+Under RBI's 2017 Limited Liability Circular, "customer negligence" — like sharing OTP — can shift liability to you. **But** banks have been held liable in many Banking Ombudsman cases when their fraud-detection system failed (e.g., transaction at unusual hour, new beneficiary, multiple back-to-back debits). Always escalate; don't assume you're stuck with the loss.
+**Q. The fraudster's UPI ID showed a familiar bank name (e.g., name@oksbi). How is that possible?**\\
+@oksbi is a UPI handle suffix issued by SBI's UPI partner (PhonePe). Anyone can register a UPI ID with that suffix — the suffix is not a guarantee that the recipient is a verified SBI customer. Always cross-check the **payee name displayed** before sending money.
+**Q. Can I get the fraudster's phone number traced?**\\
+Police can issue notices under **§94 BNSS** (replaces §91 CrPC) and **§43A IT Act** to telecom operators for KYC subscriber data. Citizens cannot do this directly; you must rely on the police investigation post-FIR.
+**Q. The cybercrime.gov.in portal won't let me upload — files too big.**\\
+Compress images (use any free online JPEG compressor); split documents; or visit the cyber PS in person with a CD/USB. The portal is glitchy; don't give up.
+**Q. I'm being cyberstalked / blackmailed via Instagram morphed photos. What's the fastest route?**\\
+(1) Report on **cybercrime.gov.in** under "Women/Child Related Crime" — track is faster and confidentiality is preserved. (2) Use Instagram's "Report" feature on the post + profile. (3) Call **181** Women's Helpline. (4) For minors — additionally **POCSO e-Box** at ncpcr.gov.in/POCSO.
+**Q. Can I get my deepfake video taken down?**\\
+Yes — under **§79(3)(b) IT Act** read with the IT (Intermediary Guidelines) Rules 2021 + the 2023 Deepfake Advisory by MeitY, intermediaries (Meta, X, YouTube, Telegram) must remove deepfakes within **24-36 hours** of a valid takedown notice. Send via the platform's grievance officer + cybercrime.gov.in.
+**Q. The bank says the fraud is "with the merchant" and refuses to refund. Now what?**\\
+Escalate to the **Banking Ombudsman** under the Integrated Ombudsman Scheme 2021 at **rbi.org.in** → "Complaint Lodging" → "CMS portal". Free. Award binding on bank up to ₹20 lakh.
+**Q. My data was leaked by an app I used 2 years back. Whom do I complain to?**\\
+File with the **Data Protection Board of India** under the DPDP Act 2023. The Data Fiduciary can be fined up to **₹250 crore** for personal data breach. Also CERT-In if it's a major breach affecting many users.
+===== Related on RTI Wiki =====
+  * [[:rti-for-fir-not-registered|RTI for FIR not registered — copy-ready template]]
+  * [[:rti-for-beginners|RTI in 12 simple steps — for first-time filers]]
+  * [[:file-consumer-complaint-ncdrc-2026|How to file a consumer complaint at NCDRC]]
+  * [[:helplines:start|All Indian government helplines — one master directory]]
+  * [[:forms:start|RTI forms + state-wise fee chart]]
+//Last reviewed: 26 April 2026 by RTI Wiki editorial team. Cybercrime law evolves rapidly with new MeitY advisories and BNS / BNSS jurisprudence — verify on cybercrime.gov.in or meity.gov.in before relying on dated provisions, or write to admin@bighelpers.in if you spot a stale figure.//
+{{tag>cybercrime cybercrime-gov-in 1930 UPI-fraud OTP-fraud KYC-fraud identity-theft IT-Act-2000 section-66 section-66C section-66D BNS-2023 BNSS-2023 section-318 section-319 section-173 deepfake phishing online-harassment DPDP-Act-2023 RBI-limited-liability rti-for-fir citizen-guide help-first 2026}}

Was this helpful? — views