Pay-to-apply job offer scam: verify recruiter (2025)

Pune, March 2026: Anita Deshmukh paid ₹8,500 as “document processing charges” to a LinkedIn recruiter promising her a ₹9 lakh analyst role at a multinational bank—the offer letter was fake, the recruiter vanished, and the bank confirmed no such vacancy existed.

Citizen Crisis Response Network
Any legitimate employer covers its own recruitment costs. If a recruiter asks you to pay registration, processing, training, or verification fees before joining, you are facing a pay-to-apply scam. Verify identity, check domains, and never transfer money to personal accounts.

A pay-to-apply job scam works when fraudsters pose as recruiters, send fake offer letters, and demand upfront fees for document processing, background verification, onboarding kits, or training. Verify the recruiter by (1) checking the email domain matches the official company website, (2) calling the company HR on the number listed on their website—not the one in the email, (3) searching the recruiter's name and phone on truecaller or LinkedIn, (4) refusing any payment request before your first salary, (5) reporting suspicious offers to the National Cybercrime Reporting Portal or the 1930 cyber-fraud helpline, (6) filing an FIR for cheating under the Bharatiya Nyaya Sanhita 2023 read with Section 66D of the IT Act 2000 (cheating by personation using computer resource), and (7) alerting your bank immediately if you transferred money.

• How the pay-to-apply scam works
• Red flags that confirm a fake recruiter
• Seven-step recruiter verification checklist
• Legal framework: BNS 2023 and IT Act 2000
• How to report: NCRP, FIR and bank fraud
• Sample cybercrime complaint text
• What happens after you file a complaint
• Recovery: chargeback, dispute and legal notice
• Touchpoints: enforcement trends
• FAQ: citizens ask
• Myth vs reality table
• Internal links and tools

The fraudster creates a profile on LinkedIn, Naukri, Indeed or WhatsApp, often copying the name and photo of a real HR manager. They scrape your resume from job portals, send you an unsolicited email or message claiming your profile has been shortlisted, attach a convincing offer letter with company logo, salary breakup, and joining date, then ask you to pay a “refundable security deposit,” “document courier charges,” “e-verification fee,” or “training module access fee.” Once you transfer ₹2,000 to ₹25,000 via UPI, NEFT or payment gateway, the recruiter blocks you. The offer letter PDF contains a fake HR signature, a Gmail or generic domain email, and no verifiable employee ID. The scam thrives because job seekers, especially fresh graduates and migrants, feel pressured by tight deadlines (“confirm within 24 hours or offer lapses”) and the recruiter's polished language creates false trust.

Warning — Scammers exploit urgency. Any recruiter who pressures you to pay “today” or “lose the opportunity” is running a fraud operation.

Employment and “work-from-home” fraud is among the most common categories reported on the National Cybercrime Reporting Portal (cybercrime.gov.in). Many cases go unreported because victims feel embarrassed or believe small amounts will not trigger police action. Inducing you to part with money through a fake offer is cheating under the Bharatiya Nyaya Sanhita 2023, and where the deception is carried out by impersonation over a computer resource it also attracts Section 66D of the Information Technology Act 2000. Cheating is a cognizable offence, meaning police must register an FIR without requiring a magistrate's order.

Email domain mismatch. Legitimate companies use corporate domains—@company.com, @companyindia.co.in. Fraudsters use Gmail, Yahoo, Outlook, Protonmail, or lookalike domains ([email protected], [email protected]). Always cross-check the sender domain against the official company website.

Unprofessional offer letter. Real offer letters carry the company's registered address, CIN number, authorized signatory designation, employee code of the issuing HR, and conditional clauses (background verification pending, medical clearance required). Fake letters omit these, use generic greetings (“Dear Candidate”), contain spelling errors, and lack watermark or digital signature.

Request for payment. No Indian or multinational employer asks candidates to pay registration fees, courier charges, verification charges, bond security, or training fees before the first day of work. Any upfront payment demand is a fraud indicator.

Unrealistic salary and instant selection. A ₹8 lakh package for a fresher data entry role, selection after a 10-minute phone call with no technical round, immediate offer without reference checks—these are bait tactics.

Unverifiable recruiter identity. The recruiter's LinkedIn profile was created last month, has fewer than 50 connections, no mutual connections with company employees, and the profile photo is a stock image reverse-searchable on Google Images.

Pressure tactics and urgency. “Pay ₹5,000 today or we move to the next candidate,” “Limited slots available,” “Offer valid for 6 hours”—these are psychological manipulation techniques.

Most citizens miss this — Always call the company's official switchboard (find the number on their investor relations page or About Us section) and ask to be transferred to HR. Do not call numbers mentioned in the offer email.

1. Cross-check the email domain. Visit the company's official website. Navigate to the Careers or Contact Us page. Compare the domain. If the email is from @gmail.com but the company website is @infosys.com, it is fake.

2. Call the company HR directly. Use the phone number on the company's official website—not the one in the recruiter's email. Ask: “I received an offer letter dated [date] from [recruiter name]. Can you confirm this person works in your recruitment team and that the offer reference number [number] is valid?”

3. Verify recruiter on LinkedIn. Check profile creation date (if less than six months old, be cautious), review work history (does it match the company they claim to represent?), look for mutual connections, check for employee badge or company verification mark, and search their name in quotation marks on Google with the company name to see if any fraud alerts appear.

4. Inspect the offer letter PDF metadata. Right-click the PDF, select Properties or Document Properties. Check Author, Creator, and Creation Date. Many fake letters show PDF creators like “WPS Office” or “Free PDF Converter,” and author names that do not match the issuing company.

5. Search for complaints. Google “[recruiter name] + scam,” “[company name] + fake offer letter,” “[phone number] + fraud.” Check Truecaller comments, Reddit threads on r/Indian_Academia, Quora, and Twitter.

6. Refuse any payment. If asked for money, immediately stop communication. Do not argue or try to negotiate. Block the number and email.

7. Report to NCRP. File a complaint at cybercrime.gov.in even if you did not lose money. Early reporting helps police track patterns and prevents the fraudster from targeting others.

Do this immediately — If you already paid, take screenshots of all messages, payment confirmations, offer letter, and recruiter profile before the fraudster deletes their account.

Bharatiya Nyaya Sanhita 2023, Section 318: Cheating. Section 318(4) punishes whoever cheats and thereby dishonestly induces the person deceived to deliver any property (here, your money) with imprisonment up to seven years and fine. A pay-to-apply scam, where a fake offer induces you to transfer fees, squarely fits cheating that induces delivery of property.

Bharatiya Nyaya Sanhita 2023, Section 319: Cheating by personation. Where the fraudster cheats by pretending to be someone else—for example, posing as a company's HR manager—the offence of cheating by personation applies, punishable with imprisonment up to five years and fine.

Information Technology Act 2000, Section 66D: Punishment for cheating by personation using computer resource. Whoever, by means of any communication device or computer resource, cheats by personation shall be punished with imprisonment up to three years and a fine up to ₹1 lakh. This applies directly to fraudsters impersonating legitimate company HR personnel via email, WhatsApp, or LinkedIn, and is routinely charged alongside the BNS cheating provisions.

Bharatiya Nagarik Suraksha Sanhita 2023, Section 173(3): Registration of FIR in cognizable offences. Police must register an FIR for cognizable offences like cheating, on oral or written information. A public servant who knowingly disobeys the law on registering and investigating such offences can himself be liable under Section 199 of the Bharatiya Nyaya Sanhita 2023.

Consumer Protection Act 2019. Where a job portal or intermediary fails to exercise due diligence, a victim may pursue a complaint before the District Consumer Disputes Redressal Commission (which hears matters up to ₹1 crore in value), alongside the criminal complaint.

Citizen tip — When filing an FIR, ask that it be registered for cheating under the BNS 2023 read with Section 66D of the IT Act 2000. This ensures the case is treated as a cybercrime and routed to the Cyber Crime Police Station.

Step 1: File online complaint on National Cybercrime Reporting Portal. Visit https://cybercrime.gov.in. Click “Report Cybercrime.” Select category: “Online Financial Fraud → Other.” Provide details: date of fraud, recruiter name, phone, email, amount lost, bank account/UPI ID to which you transferred money, transaction ID, screenshots. The portal generates an acknowledgment number. Save it. For money already lost, you can also call the toll-free cyber-fraud helpline 1930 immediately so the transaction can be flagged.

Step 2: Simultaneous FIR at local Cyber Crime Police Station. Within 24 hours of online complaint, visit your district Cyber Crime Police Station with printouts of NCRP acknowledgment, offer letter, chat screenshots, payment receipt, and identity proof. Request FIR for cheating under the BNS 2023 read with IT Act Section 66D. If the officer refuses, point to Section 173(3) BNSS 2023 and ask for written reasons. If still refused, approach the Superintendent of Police (Cyber) or file a private complaint before the Judicial Magistrate First Class.

Step 3: Report to your bank. Call your bank's fraud helpline (the number printed on your card or the bank's official website) and report the unauthorized transaction. Request a chargeback if payment was via credit card, and ask the bank to coordinate a freeze of the recipient account. Email a written complaint to the bank's nodal/grievance officer (details on the bank website). Mention your NCRP complaint number and FIR number (once obtained).

Step 4: Report to payment gateway or UPI app. If you paid via Paytm, PhonePe, Google Pay, or Razorpay, report fraud in-app: go to transaction history, select the transaction, click “Report Issue” or “Report Fraud.” Payment system operators are regulated under the Payment and Settlement Systems Act 2007 and cooperate with law enforcement.

Step 5: Inform the impersonated company. Email the company's official HR or Legal/Compliance team. Subject: “Fraud alert: Fake recruiter impersonating your company.” Attach evidence. Many companies publish fraud alerts on their careers page, which helps other job seekers.

Trust signal — Filing a complaint on NCRP feeds into the Indian Cyber Crime Coordination Centre (I4C), which coordinates with state police, banks, and intermediaries for fund freezing and suspect identification.

Use this template when filing your NCRP complaint or written FIR application:

To
The Station House Officer
Cyber Crime Police Station
[City/District]

Subject: Complaint regarding online job offer scam and cheating by personation – cheating under the Bharatiya Nyaya Sanhita 2023 read with Section 66D of the IT Act 2000

Sir/Madam,

I, [Your Full Name], aged [Age], residing at [Full Address], Aadhaar No. [Aadhaar], Mobile No. [Mobile], email [Email], hereby lodge the following complaint:

1. On [Date], I received a job offer email from [Recruiter Name] ([Email Address]) claiming to represent [Company Name]. The email contained an offer letter (attached) for the position of [Position], salary ₹[Amount] per annum, joining date [Date].

2. The recruiter instructed me to pay ₹[Amount] as "document processing charges" to confirm acceptance. Trusting the legitimacy, I transferred the amount on [Date] via [UPI/NEFT/IMPS] to [Recipient Name], Account No. [Account Number], IFSC [IFSC Code], Transaction ID [Transaction ID].

3. After payment, the recruiter became unreachable. I contacted [Company Name] via their official website and was informed that no such offer was issued and the recruiter is not an employee.

4. The fraudster impersonated a legitimate company employee using computer resources (email, fake offer letter PDF) to cheat me. This constitutes cheating under the Bharatiya Nyaya Sanhita 2023 and an offence under Section 66D of the Information Technology Act 2000.

5. I have filed an online complaint on the National Cybercrime Reporting Portal (Acknowledgment No. [Number], dated [Date]) and reported the transaction to my bank ([Bank Name], Complaint Ref. [Number]).

6. I request you to register an FIR, investigate, freeze the recipient bank account, identify and arrest the accused, and initiate proceedings for recovery of the defrauded amount and appropriate punishment.

Enclosures:
- Copy of fake offer letter
- Screenshots of email and WhatsApp chats
- Payment receipt/transaction confirmation
- NCRP acknowledgment
- Identity proof (Aadhaar/PAN)

Place: [City]
Date: [Date]

Signature
[Your Name]

Citizen tip — Always keep three printed copies: one for police station, one for your records, and one for mailing to the Superintendent of Police if the local station delays registration.

Immediate police action. The Cyber Crime Police Station registers an FIR (where the information discloses a cognizable offence), assigns an investigating officer, and forwards account details to the bank's nodal officer with a request to freeze the recipient account as suspected proceeds of crime.

Fund tracing. Banks typically respond within a few days. If the fraudster has not withdrawn the money, the account is frozen and the balance is preserved as case property. If money was withdrawn or transferred further (layering), the trail is traced through multiple banks using the Indian Cyber Crime Coordination Centre's cyber-fraud mitigation system.

Suspect identification. The investigating officer seeks the bank's KYC documents of the account holder, requests call detail records (CDR) from telecom operators, and analyses email headers (via lawful process to the service provider) to identify IP addresses and device IDs.

Arrest and charge sheet. If the suspect is identified and located, police may arrest under the BNSS 2023 arrest provisions (Section 35), with notice being the norm for offences punishable up to seven years. The accused is produced before a magistrate within 24 hours, and the charge sheet is filed within the statutory period for the offence.

Trial and compensation. If convicted, the court may order compensation to the victim, including under the victim compensation scheme framed under Section 396 of the BNSS 2023, in addition to fine and imprisonment. Victims can also file a separate civil suit for damages.

Most citizens miss this — You can track your NCRP complaint status online using the acknowledgment number. Login to cybercrime.gov.in and check updates on fund recovery and case progress.

Chargeback for credit card transactions. If you paid via credit card, contact your card issuer and request a chargeback for a fraudulent / “card not present” transaction. Banks follow RBI's Master Direction on Credit and Debit Card operations and must investigate. Chargebacks often succeed where the recipient is a payment-aggregator merchant.

UPI dispute resolution. For UPI payments, raise a dispute through your app (PhonePe, Google Pay, Paytm). Payment service providers are required to handle such disputes within defined timelines; if unresolved, escalate to the RBI Ombudsman at https://cms.rbi.org.in.

Cyber insurance claims. If you hold a standalone cyber insurance policy or a personal policy with cyber cover, check the wording and file a claim with the FIR copy, bank statement and NCRP acknowledgment. Cover and limits vary by policy, so read your schedule before assuming a payout.

Legal notice to fraudster and intermediary. Draft a legal notice (through a lawyer) demanding refund within a stated period. Send it via registered post and email to the fraudster's last known address (from bank KYC, if disclosed by the bank to the police), the payment gateway (if identifiable), and the job portal where the fraudster posted the ad. Under the Consumer Protection Act 2019, intermediaries such as job portals can be held liable where they failed to exercise due diligence.

Consumer forum complaint. You may file a complaint in the District Consumer Disputes Redressal Commission (which hears matters up to ₹1 crore in value). Attach all evidence. Consumer forums are generally faster than civil courts and can award compensation, refund, and litigation costs.

Warning — Do not hire “recovery agents” or “cyber lawyers” who promise guaranteed fund recovery for upfront fees. Many are secondary scams. Verify a lawyer's credentials on the Bar Council of India website (barcouncilofindia.org) and pay only after documented progress.

Centralised reporting and fund freezing. The National Cybercrime Reporting Portal and the 1930 helpline feed financial-fraud complaints into the Citizen Financial Cyber Fraud Reporting and Management System run under the Indian Cyber Crime Coordination Centre (I4C). The faster a victim reports, the better the chance of placing a hold on the recipient account before the money is withdrawn.

Company fraud alerts. Many large employers maintain a recruitment-fraud or “careers fraud alert” page on their official website, listing authorised recruitment channels and warning about fake offer letters using their brand.

Trust signal — Check whether the company has published a fraud alert or recruiter-verification page on its official website. Companies like Infosys, TCS, Wipro, and Accenture maintain such advisories and lists of fraudulent domains and contact details.

No. File an NCRP complaint and FIR immediately. There is no fixed limitation that bars an FIR for a cognizable offence like cheating. Faster reporting improves fund-recovery chances as banks act quicker when fraud is fresh.

NCRP allows complaints without full disclosure in some categories, but for FIR registration and prosecution you must disclose your identity and provide a statement. Anonymous tips may trigger a preliminary inquiry, but a formal FIR requires a named complainant.

Yes. Indian police can investigate the Indian leg (bank account, payment gateway) and coordinate with Interpol for foreign suspects. Under Section 75 of the IT Act 2000, offences involving a computer, computer system or network located in India fall within Indian jurisdiction even if the accused is abroad.

No. Filing a criminal complaint as a victim does not appear in routine employment background verification. You are exercising your legal right, and being a fraud victim is not a disqualification.

Yes. Report to NCRP. Your complaint helps police map the fraudster's network, prevent future victims, and may support the suspect's arrest in other cases.

No. You are a victim, not a co-conspirator. Companies generally welcome such reports because it helps them issue alerts and protect their brand.

Often, yes. Legitimate overseas employers arrange visas through official channels and do not ask candidates to pay. Some licensed recruitment agents registered under the Emigration Act 1983 may charge regulated service fees—verify the agent's registration with the Protector General of Emigrants (emigrate.gov.in). Never pay individual agents; deal only with registered firms with verifiable office addresses.

No. Legitimate employers do not ask for refundable deposits from candidates. This is a common tactic to make the scam appear legal. Once you pay, the “refund” never materializes.

Do this immediately — Save recruiter messages and call records. WhatsApp lets you export chats. Evidence is critical for the FIR and for recovery.

Citizen Crisis Response Network main hub: https://righttoinformation.wiki/citizen-crisis-response-network

AI RTI Drafter (free tool to draft complaints): https://righttoinformation.wiki/tools/rti-assistant

PIO Reply Checker (analyze government responses): https://righttoinformation.wiki/tools/pio-reply-checker

RTI Act 2005 Complete Guide: https://righttoinformation.wiki/rti-act-2005-complete-guide

Related guide — online payment fraud recovery: https://righttoinformation.wiki/online-payment-fraud-recovery-india

National Cybercrime Reporting Portal: https://cybercrime.gov.in

Ministry of Home Affairs Cyber and Information Security Division: https://www.mha.gov.in/division_of_mha/cyber-and-information-security-cis-division

Reserve Bank of India Ombudsman (complaints portal): https://cms.rbi.org.in

Every year, thousands of job seekers lose money to pay-to-apply scams—not because they are gullible, but because fraudsters exploit hope, urgency, and the information asymmetry in online hiring. Verification takes three phone calls and fifteen minutes. Payment is instant and often irreversible. The Citizen Crisis Response Network exists to shift that balance: when you verify, report, and warn others, you break the fraud chain. Bookmark this guide, share it in your college groups and family WhatsApp chats, and remember—no genuine recruiter will ever ask you to pay to work. Your first salary should be your first transaction with an employer, not your last.