cyber crime in india 2

E-Commerce, Banking and E-Banking Cyber Crime in India: What the Law Says and What You Should Do

In my practice, cyber fraud matters that were rare five years ago now make up a steady share of new consultations, and the schemes keep evolving. One week it is a fake shopping site, the next it is someone impersonating a CBI officer on a video call, threatening an elderly couple with arrest unless they transfer their savings for verification. The good news is that Indian law has caught up considerably, and a victim who acts quickly has far better odds of recovering money than most people assume.

This article explains the three categories of digital financial crime I see most often, the laws that apply to each, and the exact steps to take if it happens to you or someone in your family.

1. E-Commerce Cyber Crime

E-commerce fraud covers any deception carried out through online shopping platforms, marketplaces, or internet-based commercial dealings. The targets can be buyers, sellers, or the platforms themselves. These offences fall under the Information Technology Act, 2000, read with the relevant provisions of the Bharatiya Nyaya Sanhita, 2023.

The varieties I encounter most frequently are these.

Fake shopping websites. Fraudsters build sites that copy the look of genuine platforms down to the logo and colour scheme. The bait is usually a price that seems too good to refuse. Once payment is made, the site either vanishes or keeps stalling delivery until the buyer gives up.

Payment fraud. The buyer pays, the order is confirmed, and the product never ships. By the time the buyer realises something is wrong, the seller has disappeared.

Fake seller accounts. Even on legitimate marketplaces, fraudulent sellers list goods that do not exist or are counterfeit. The platform’s buyer protection helps, but only if the victim complains within the window the platform allows.

Data theft. Hackers break into e-commerce databases and walk away with stored card numbers, addresses, and login credentials, which are then sold or used for further fraud.

Depending on the specific offence, punishment under the IT Act can extend to three years of imprisonment along with fines, and courts can direct the offender to compensate the victim.

2. Banking Cyber Crime

Banking cyber crime targets banks, financial institutions, and individual account holders directly. What strikes me about these cases is how little technology some of them actually require. Most rely on simple deception, and the technology only completes what the lie began.

ATM skimming. A small device fitted over the card slot reads your card data while a hidden camera or fake keypad captures the PIN. The criminal then clones the card and withdraws money, often from a different city.

Phishing. A message arrives that looks like it came from your bank, warning that your account will be blocked unless you act immediately. The link leads to a counterfeit page where you type in your own credentials and hand them to the fraudster.

SIM swap fraud. This one is particularly dangerous. The criminal convinces your telecom operator to issue a duplicate SIM for your number. Your phone goes dead, and every OTP your bank sends now lands in the fraudster’s hands. If your phone loses signal unexpectedly and stays that way, call your bank before you call your telecom provider.

Fake loan apps. These apps promise instant loans with no paperwork. What they actually collect is your Aadhaar, PAN, photographs, and contact list, which are later used for extortion and harassment.

The provisions that matter

Four sections of the Information Technology Act, 2000 do most of the work in banking fraud cases:

OffenceProvisionWhat it covers
Unauthorized accessSection 43Accessing or tampering with a computer system or network without permission. Civil damages and compensation to the victim, with no upper cap.
Computer-related fraudSection 66Dishonest or fraudulent acts under Section 43. Up to three years imprisonment, or fine up to five lakh rupees, or both.
Identity theftSection 66CFraudulent use of another person’s password, OTP, or electronic signature. Up to three years and fine up to one lakh rupees.
Cheating by personationSection 66DImpersonating a bank, official, or any person online to cheat. Up to three years and fine up to one lakh rupees.

3. E-Banking Cyber Crime

image

E-banking fraud is the newest and fastest-growing of the three. It targets internet banking, mobile banking apps, UPI, and digital wallets. Unlike a skimmed ATM card, these frauds happen entirely at a distance, and money can move through three or four accounts before the victim has even finished the phone call that tricked them.

Internet banking fraud. Stolen login credentials are used to transfer funds into mule accounts, which are emptied within minutes.

OTP fraud. Someone calls claiming to be from your bank, the income tax department, or even the police. They manufacture urgency, and somewhere in the conversation they ask you to read out the OTP that just arrived. That single number is all they need.

UPI and QR code fraud. This is the scam I find myself explaining most often, so let me be plain about it. In UPI, you never need to scan a QR code or enter your PIN to receive money. Scanning a code and entering your PIN can only send money out of your account. Anyone who tells you otherwise is attempting fraud, full stop.

Fake helpline numbers. Fraudsters plant bogus customer care numbers on search engines and social media. The victim, trying to resolve a genuine problem, calls the fraudster directly and is talked into sharing details or installing screen-sharing apps.

4. The Newer Frauds: Digital Arrest, Fake Agencies and Investment Traps

Alongside the classic banking frauds, a newer generation of scams has emerged in the last two or three years, and these are the ones doing the most financial and emotional damage in my experience. They deserve their own discussion.

Fake CBI, ED and police calls, also called digital arrest. A call comes, sometimes on video, from someone in uniform sitting in what looks like a government office. They claim a parcel in your name contained drugs, or that your Aadhaar has been used in a money laundering case being investigated by the CBI or the Enforcement Directorate. They keep you on the call for hours, forbid you from speaking to family, and tell you that the only way to avoid arrest is to transfer your money to a so-called safe account for verification. Understand this clearly: there is no such thing as a digital arrest in Indian law. No agency, not the CBI, not the ED, not the police, not customs, arrests anyone over a video call or asks for money to verify innocence. The moment a caller says these words, you are speaking to a criminal. Hang up and dial 1930.

High-return investment fraud. The victim is added to a WhatsApp or Telegram group full of people posting screenshots of incredible stock or cryptocurrency profits. Most of those members are fake accounts run by the fraudsters themselves. A friendly mentor guides the victim to invest through a special trading app, and the app obligingly shows the money doubling. The trap closes when the victim tries to withdraw and is told to pay a tax or processing fee first. The dashboard was always fiction; the money left the moment it was deposited. Any scheme promising assured monthly returns of ten or twenty percent is not an opportunity, it is the bait.

Courier and postal fraud. You receive a call or message claiming to be from a courier company or the postal department: a parcel in your name has been seized, or a delivery failed and a small re-delivery fee is needed. The link provided takes you to a payment page designed to harvest your card details, or the call is transferred to a fake police officer and the digital arrest script begins. Genuine couriers do not collect customs penalties over the phone, and a parcel you never sent is not your problem.

OTP and malicious link fraud. A message arrives saying your electricity will be disconnected tonight, your bank KYC has expired, or you have won a refund. The link either opens a fake page that captures whatever you type, or quietly installs an app that reads your messages, including every OTP your bank sends. Once that app is on your phone, the fraudster no longer needs to trick you at all. If you have clicked such a link, change your banking passwords from a different device and have your phone checked before using it for any transaction.

5. What To Do If You Are Defrauded

Speed matters more than anything else. Banks and the cyber cell can freeze money while it is still in transit between accounts, but that window is short. In my experience, complaints filed within the first hour have a meaningfully better recovery rate than those filed the next day.

First, call 1930. This is the national cyber crime helpline, and it operates round the clock. Give them the transaction details and they can initiate a freeze request with the banks involved.

Second, file a written complaint at cybercrime.gov.in. Choose the financial fraud category, fill in the details carefully, and upload everything you have: transaction screenshots, SMS alerts, emails, and bank statements. Note down the acknowledgment number you receive.

Third, remember that an FIR is your right. You can file one at your nearest police station in addition to the online complaint. If the police decline to register it, you are not without remedy. You may approach the Superintendent of Police, or file a complaint before a Magistrate under Section 175(3) of the Bharatiya Nagarik Suraksha Sanhita, 2023.

6. Punishments at a Glance

For quick reference, here is how the law treats these offences:

OffenceProvisionPunishment
Unauthorized access to systemsSec. 43, IT ActCivil damages and compensation to the victim (uncapped)
Computer fraud causing financial lossSec. 66, IT ActUp to 3 years and/or fine up to ₹5 lakh
Identity theft (OTP, password misuse)Sec. 66C, IT ActUp to 3 years and fine up to ₹1 lakh
Online cheating by impersonationSec. 66D, IT ActUp to 3 years and fine up to ₹1 lakh
Large-scale or organised banking fraudIT Act with BNS3 to 7 years with heavy fines
Cyber terrorismSec. 66F, IT ActImprisonment for life

Courts also have the power to order compensation directly to the victim, over and above the punishment handed to the offender.

7. A Few Habits That Prevent Most of This

After handling these matters for years, I can say that the overwhelming majority of cyber fraud succeeds not because of brilliant hacking but because of one unguarded moment. A handful of habits closes most of the doors:

  • Never share an OTP, PIN, or password with anyone, whatever uniform or designation they claim. Your bank already has your details; it will never call to ask for them.
  • Do not click links in messages claiming to be from banks, TRAI, or any government body. Type the official website address yourself.
  • Install banking apps only from the official app stores, and check the developer’s name before you do.
  • Before entering payment details anywhere, look at the address bar. The domain should match the official site exactly.
  • Switch on two-factor authentication for every financial account you hold.
  • Refuse to scan any QR code sent to you for the purpose of receiving money. Receiving money in UPI requires no action from you at all.
  • Treat any call from the CBI, ED, police, or customs demanding money or threatening digital arrest as fraud, without exception. Hang up and verify with the real agency through its official number.
  • Be deeply sceptical of investment groups promising assured high returns, especially those that move you to private trading apps. If withdrawing your own money requires paying a fee first, it is a scam.

A Closing Word

image

Cyber fraud thrives on two things: urgency and silence. Fraudsters rush you so you cannot think, and victims stay quiet out of embarrassment, which lets the same trick claim the next person. If you take nothing else from this article, take this: slow down when anyone pressures you about money, and speak up immediately if something goes wrong. The helpline number is 1930, the portal is cybercrime.gov.in, and the law, used promptly, is firmly on your side.

If you have been the victim of cyber fraud or need advice on a digital financial matter, you are welcome to get in touch through my office.

Disclaimer: This article is written for general legal awareness and does not constitute legal advice. Every case turns on its own facts, and readers should consult a qualified advocate for guidance on their specific situation.

Leave a Comment

Your email address will not be published. Required fields are marked *