CYBER FRAUD AND ONLINE SCAMS IN INDIA: WHAT THE LAW SAYS, WHAT VICTIMS CAN DO, AND WHY ACTING FAST IS EVERYTHING
CYBER FRAUD AND ONLINE SCAMS IN INDIA: WHAT THE LAW SAYS, WHAT VICTIMS CAN DO, AND WHY ACTING FAST IS EVERYTHING
CYBER FRAUD AND ONLINE SCAMS IN INDIA: WHAT THE LAW SAYS, WHAT VICTIMS CAN DO, AND WHY ACTING FAST IS EVERYTHING
CYBER FRAUD AND ONLINE SCAMS IN INDIA: WHAT THE LAW SAYS, WHAT VICTIMS CAN DO, AND WHY ACTING FAST IS EVERYTHING
One Click Away from Ruin: Understanding Cyber Fraud and Why It Is a Serious Crime Under Indian Law
Think of cyber fraud as the oldest crime in human history carried out through the newest tools available. Deception, impersonation, and theft are not inventions of the digital age. What the internet has done is make these crimes faster, harder to trace, more scalable, and devastatingly easier to execute against ordinary people who have done nothing wrong except trust a message that looked legitimate.
The common assumption that cyber fraud only happens to the technically inexperienced is dangerously wrong. Students, professionals, senior citizens, lawyers, doctors, and business owners are all targets. A single click on a fake link, one rushed approval on a UPI payment request, one convincing phone call from someone pretending to be a bank official can erase months or years of savings in seconds. The person who clicked, thinking they were helping someone in need, suddenly finds themselves in need. The fraudster is gone. The money is gone. And in too many cases, the victim does not know that the law has given them meaningful tools to fight back.
This article explains what cyber fraud is under Indian law, what legal remedies are available to victims, what the courts have said, what mistakes victims commonly make that benefit only the fraudster, and how the legal framework under the Information Technology Act, 2000 and the Bharatiya Nyaya Sanhita, 2023 protects every person who is deceived online.
Defining the Crime: What Qualifies as Cyber Fraud Under the Information Technology Act 2000 and BNS 2023?
The Information Technology Act, 2000, as amended in 2008, does not define cyber fraud in a single comprehensive provision. Instead, it criminalises the specific acts that constitute fraud when carried out through digital means. The key provisions address identity theft under Section 66C, cheating by impersonation using computer resources under Section 66D, and unauthorised access and data theft under Section 43. Together, these provisions cover the full spectrum of fraudulent conduct carried out through computers, smartphones, and digital networks.
In simple terms, cyber fraud refers to any act of cheating or deception carried out using digital platforms, including mobile phones, computers, the internet, and social media, with the intention of securing wrongful gain for the fraudster or causing wrongful loss to the victim. Common examples include phishing emails that mimic legitimate bank communications, fake KYC verification calls, UPI fraud, online shopping scams where goods are never delivered, investment schemes that disappear with the deposited money, and impersonation through social media to extract personal or financial information.
Under the Bharatiya Nyaya Sanhita, 2023, which replaced the Indian Penal Code, the offence of cheating and dishonestly inducing the delivery of property is punishable under Section 318. When a victim transfers money because of deception, this provision is directly attracted, regardless of the fact that the deception was carried out through digital means rather than in person.
One of the most important things a victim must understand is that cyber fraud is not a civil mistake or a case of personal negligence that the victim is responsible for resolving privately. In the overwhelming majority of cases, it is a criminal offence under Indian law, cognisable in nature, meaning that the police have the legal authority and obligation to register an FIR and investigate without requiring prior court approval.
The Clock Is Running: Immediate Steps Every Cyber Fraud Victim Must Take
Time is the single most critical factor in cyber fraud cases. The law provides meaningful remedies, but delay almost always reduces the chances of recovery. Every hour that passes after a fraud is an hour in which the fraudster is moving money, deleting trails, and disappearing further from the reach of investigation.
The first and most urgent step is to immediately contact the bank or payment service provider and request the freezing of the fraudulent transaction. Many banks have the technical capability to block or reverse transfers if they are notified quickly. This window is narrow, but it exists, and it has resulted in successful fund recovery in a significant number of cases.
The second step is to file a complaint on the National Cyber Crime Reporting Portal at cybercrime.gov.in. This portal is officially maintained by the Ministry of Home Affairs and is the primary mechanism established by the government for reporting online financial frauds. Complaints filed here are routed to the appropriate state cyber crime cells for investigation.
The third step is to approach the nearest police station or cyber crime cell in person, carrying the complaint acknowledgment from the portal, complete transaction details, and all available supporting evidence including screenshots, call recordings, email communications, and bank statements.
A police officer cannot legally refuse to register a complaint in a cognisable offence. If registration is refused, that refusal itself is challengeable under criminal procedure, and the victim can approach the Superintendent of Police or a Judicial Magistrate directly.
The Full Arsenal: Legal Remedies Available to Cyber Fraud Victims in India
Victims of cyber fraud in India have multiple legal routes available, and the choice between them depends on the nature and scale of the fraud.
1. Criminal Proceedings Under the IT Act and BNS 2023
An FIR can be registered under Section 66D of the Information Technology Act, covering cheating by impersonation through computer resources, and under the relevant provisions of the Bharatiya Nyaya Sanhita, 2023 for cheating and dishonest inducement. Once an FIR is registered, the police can deploy cyber forensic tools to trace IP addresses, identify associated bank accounts, and reconstruct the digital trail left by the fraudster.
2. Bank-Based Remedies and the RBI Integrated Ombudsman Scheme
The Reserve Bank of India has issued guidelines requiring all banks and payment service providers to maintain grievance redressal mechanisms specifically for digital transaction frauds. Where a bank's internal grievance mechanism fails to provide a satisfactory resolution within the prescribed period, the victim can escalate the matter to the Banking Ombudsman under the RBI Integrated Ombudsman Scheme. This is a free, accessible, and relatively expeditious remedy for victims of online banking fraud.
3. Compensation Through Courts
In cases involving significant financial loss, victims may approach civil or criminal courts seeking compensation. Courts have increasingly recognised the duty of banks and digital intermediaries to maintain reasonable and adequate security practices, and have awarded compensation where negligence in the discharge of that duty has been established.
4. Liability of Intermediaries Under Section 79 of the IT Act
Payment platforms, social media companies, and other digital intermediaries are required under Section 79 of the Information Technology Act to exercise due diligence in the operation of their platforms. Where an intermediary has failed to discharge this obligation and the failure has contributed to the fraud, the intermediary may be exposed to legal scrutiny. Victims with strong evidence of platform negligence may have viable claims against intermediaries in addition to their claims against the fraudster.
The Myths That Protect Fraudsters: Common Misconceptions That Stop Victims From Acting
Several deeply entrenched misconceptions prevent victims of cyber fraud from exercising their legal rights, and each one benefits only the fraudster.
The most damaging misconception is that clicking a fraudulent link means the victim consented to what followed and therefore has no legal remedy. This is legally incorrect. Consent obtained through deception is not valid consent under any provision of Indian law. The victim who was deceived into clicking, approving, or transferring is not a willing party to a transaction; they are the victim of a criminal offence.
The second misconception is that small amounts are not worth reporting. This misunderstands how cyber crime investigation works. Cyber crime authorities rely on pattern recognition to identify and dismantle larger fraud networks. A complaint about a small-value fraud may be the piece of evidence that connects a fraudster to dozens of similar offences and leads to a prosecution that recovers significantly larger sums for multiple victims.
The third misconception is that embarrassment or social stigma justifies delaying the complaint. This delay serves only one person: the fraudster. The longer the victim waits, the more time the fraudster has to move funds, destroy evidence, and make investigation impossible. The law does not judge victims for being deceived. It offers them remedies. But those remedies require prompt action.
What India's Courts Have Said: Five Landmark Judgments on Cyber Fraud
Shreya Singhal v. Union of India (2015) 5 SCC 1: Drawing the Line Between Speech and Fraud
Although this judgment is principally known for striking down Section 66A of the IT Act as unconstitutional, the Supreme Court made an important distinction that is directly relevant to cyber fraud. The Court clearly separated offences involving deception, impersonation, and dishonest inducement through electronic means from protected online expression, affirming that such conduct falls squarely within the scope of Sections 66C and 66D of the IT Act and constitutes punishable criminal offences. The judgment reaffirmed that cyber fraud is not protected digital activity.
State of Maharashtra v. Mohd. Yakub (1980) 3 SCC 57: Establishing Criminal Intent in Digital Deception
This judgment, though predating the digital era, has been consistently relied upon by courts in cyber fraud cases to establish the principle that intent to deceive, demonstrated through conduct rather than words alone, is sufficient to constitute the criminal offence of cheating. This principle directly counters the fraudster's common argument that the victim voluntarily performed the transaction. Where the transaction was induced by deception, the element of voluntary consent is absent, and the offence is complete.
NASSCOM v. Ajay Sood and Others (2005): India's Foundational Phishing Judgment
The Delhi High Court's decision in this case is one of India's earliest and most important judicial pronouncements on cyber fraud. The court held that phishing amounts to passing off, identity theft, and online fraud, and restrained the defendants from using deceptive emails to extract confidential information from internet users. The judgment recognised phishing as a serious cyber offence even before widespread statutory clarity existed, laying the foundation for the enforcement framework subsequently developed under the Information Technology Act.
Umashankar Sivasubramanian v. ICICI Bank Ltd. (2020): Banks Are Not Blameless
The Madras High Court addressed the responsibility of banks in cases of unauthorised online transactions and held that banks have a duty of care toward their customers that cannot be discharged merely by pointing to the victim's conduct. Where a bank has failed to maintain adequate security mechanisms or has been negligent in its response to a reported fraud, it cannot escape liability. This judgment is frequently cited in cases involving online banking fraud and is essential authority for victims seeking compensation from financial institutions.
Ritu Kohli v. Union of India (2001): India's First Cyber Impersonation Case
This is among the earliest reported cyber crime cases in India, arising from online impersonation and misuse of personal identity. The case highlighted the legal vacuum that existed before comprehensive cyber legislation was enacted and directly influenced the strengthening of the statutory provisions that became Sections 66C and 66D of the Information Technology Act. It remains significant for its early recognition that online impersonation is a form of criminal wrongdoing that the law must address.
How the Courts Approach Cyber Fraud: The Evolving Judicial Philosophy
The Indian judiciary has demonstrated an increasingly serious and sophisticated approach to cyber fraud over the past two decades. Courts have moved from early uncertainty about how existing criminal law applied to digital conduct toward a clear and confident recognition that cyber fraud is a serious offence demanding strict enforcement, technical investigation, and coordinated action between law enforcement and financial institutions.
Courts have consistently held that victims of cyber fraud should not be left without remedy merely because the crime was committed through a digital medium rather than in person. The principles of criminal law, the duty of care owed by banks and intermediaries, and the constitutional right to an effective legal remedy all apply in the online context with the same force as they apply in the physical world. The law is evolving to match the sophistication of cyber offences, and victims who approach the courts with well-documented complaints are increasingly finding that the judicial system is prepared to take their cases seriously.
Conclusion: The Law Is on Your Side, But Only If You Use It
Cyber fraud is not an inevitable consequence of living in a digital world. It is a crime. The Indian legal system has built a meaningful framework of criminal provisions, regulatory remedies, and judicial precedent to protect victims and hold fraudsters, banks, and negligent intermediaries accountable. But that framework can only work if victims know it exists and have the courage to use it promptly.
The moment a fraud occurs, the clock starts. The victim who acts immediately, contacts their bank, files on the cyber crime portal, and approaches the police with organised evidence gives the legal system its best chance of recovering their money and prosecuting the offender. The victim who waits, embarrassed or uncertain, gives the fraudster everything they need to disappear.
You did not consent to be defrauded. Deception is not your fault. The law agrees. Use it.
Frequently Asked Questions (FAQs) on Cyber Fraud and Legal Remedies in India
What is cyber fraud under Indian law? Cyber fraud refers to any act of cheating or deception carried out using digital platforms, including computers, smartphones, or the internet, with the intention of causing wrongful gain to the fraudster or wrongful loss to the victim. It is criminalised under Sections 66C and 66D of the Information Technology Act, 2000 and under Section 318 of the Bharatiya Nyaya Sanhita, 2023.
Is cyber fraud a cognisable offence in India? Yes. Cyber fraud offences under the IT Act and the BNS are cognisable, meaning the police are legally empowered and obligated to register an FIR and investigate without requiring prior court approval.
Where should a cyber fraud victim file a complaint in India? A victim should file a complaint on the National Cyber Crime Reporting Portal at cybercrime.gov.in, which is maintained by the Ministry of Home Affairs, and simultaneously approach the nearest police station or cyber crime cell with supporting evidence.
Can a police officer refuse to register an FIR in a cyber fraud case? No. Refusal to register an FIR in a cognisable offence is illegal. A victim whose complaint is refused can approach the Superintendent of Police or a Judicial Magistrate directly to compel registration.
Can a bank be held liable for a cyber fraud committed through its platform? Yes. The Madras High Court in Umashankar Sivasubramanian v. ICICI Bank Ltd. held that banks owe a duty of care to their customers and can be held liable where negligence in their security mechanisms contributed to the fraud. Victims can also escalate unresolved banking fraud complaints to the RBI Integrated Ombudsman.
If I clicked a fraudulent link, can I still claim to be a victim? Yes. Consent obtained through deception is not legally valid consent. A victim who was deceived into clicking, approving, or transferring money has not consented to the fraud and retains full legal remedies under Indian law.
Is it worth reporting a small-value cyber fraud? Yes. Cyber crime authorities use pattern recognition to identify and dismantle larger fraud networks. Small complaints contribute to larger investigations and may help recover funds for multiple victims, including the complainant.
What are intermediary liabilities under the IT Act in cyber fraud cases? Under Section 79 of the IT Act, intermediaries such as payment platforms are required to exercise due diligence. Where an intermediary has failed to meet this standard and the failure contributed to the fraud, the intermediary may face legal liability for negligence.
Key Takeaways: Everything You Must Know About Cyber Fraud and Legal Remedies in India
Cyber fraud is a criminal offence under the Information Technology Act, 2000 and the Bharatiya Nyaya Sanhita, 2023, punishable under Sections 66C and 66D of the IT Act and Section 318 of the BNS.
Anyone with a smartphone and a bank account is a potential target; cyber fraud is not limited to the technically inexperienced.
Victims must act immediately: contact their bank to freeze the transaction, file on the National Cyber Crime Reporting Portal at cybercrime.gov.in, and approach the police with complete supporting evidence.
Police cannot legally refuse to register an FIR in a cognisable cyber fraud case; refusal is itself challengeable.
Victims have multiple legal remedies including criminal proceedings, the RBI Integrated Ombudsman Scheme, court-ordered compensation, and claims against negligent intermediaries under Section 79 of the IT Act.
Consent obtained through deception is not valid consent; victims who were deceived have full legal standing regardless of their own actions.
The Supreme Court in Shreya Singhal v. Union of India confirmed that cyber fraud involving deception and impersonation is squarely within the ambit of criminal law under the IT Act.
Banks owe a duty of care to customers in digital transactions and can be held liable where negligence in their security practices contributes to fraud, as held in Umashankar Sivasubramanian v. ICICI Bank Ltd.
Delay in reporting benefits only the fraudster; prompt action is the single most important determinant of a victim's chances of recovery.
The Indian judiciary is increasingly treating cyber fraud as a serious offence demanding strict enforcement, technical investigation, and accountability from both fraudsters and the institutions that enable them.
References
The Information Technology Act, 2000 (as amended in 2008): The primary legislation criminalising cyber fraud in India, containing Sections 43, 66C, 66D, and 79, governing data theft, identity theft, cheating by impersonation, and intermediary liability respectively.
The Bharatiya Nyaya Sanhita, 2023: The successor to the Indian Penal Code, containing Section 318 on cheating and dishonestly inducing the delivery of property, applicable to cyber fraud involving the deceptive transfer of money.
Shreya Singhal v. Union of India, (2015) 5 SCC 1: The Supreme Court decision distinguishing protected online expression from criminal cyber offences, confirming that deception and impersonation through digital means are punishable under Sections 66C and 66D of the IT Act.
NASSCOM v. Ajay Sood and Others, (2005) 30 PTC 437 (Del): The Delhi High Court's foundational judgment recognising phishing as a serious cyber offence amounting to identity theft, passing off, and online fraud.
Umashankar Sivasubramanian v. ICICI Bank Ltd., 2020: The Madras High Court decision affirming the duty of care owed by banks to their customers in digital transactions and establishing bank liability where inadequate security practices contributed to the fraud.
Ritu Kohli v. Union of India, 2001: India's first significant online impersonation case, which recognised online identity misuse as criminal wrongdoing and influenced the strengthening of the statutory framework under the IT Act.
State of Maharashtra v. Mohd. Yakub, (1980) 3 SCC 57: The Supreme Court judgment establishing the principle of intent to deceive in economic offences, applied in cyber fraud cases to counter the argument that digitally induced transactions were voluntary.
National Cyber Crime Reporting Portal, cybercrime.gov.in: The Ministry of Home Affairs' official portal for reporting online financial frauds and cyber crimes in India.
RBI Integrated Ombudsman Scheme: The Reserve Bank of India's mechanism for resolving unaddressed grievances relating to digital transaction frauds against banks and payment service providers.
Disclaimer
This article is published by CLEAR LAW (clearlaw.online) strictly for educational and informational purposes only. It does not constitute legal advice, legal opinion, or any form of professional counsel, and must not be relied upon as a substitute for consultation with a qualified legal practitioner. Nothing contained herein shall be construed as creating a lawyer-client relationship between the reader and the author, publisher, or CLEAR LAW (clearlaw.online).
All views, interpretations, and conclusions expressed in this article are solely those of the author and represent independent academic analysis. CLEAR LAW (clearlaw.online) does not endorse, verify, or guarantee the accuracy, completeness, or reliability of the content, and expressly disclaims any responsibility for the same.
While reasonable efforts are made to ensure that the information presented is accurate and up to date, no warranties or representations, express or implied, are made regarding its correctness, adequacy, or applicability to any specific factual or legal situation. Laws, regulations, and judicial interpretations are subject to change, and the content may not reflect the most current legal developments.
To the fullest extent permitted by applicable law, CLEAR LAW (clearlaw.online), the author, editors, and publisher disclaim all liability for any direct, indirect, incidental, consequential, or special damages arising out of or in connection with the use of, or reliance upon, this article.
Readers are strongly advised to seek independent legal advice from a qualified professional before making any decisions or taking any action based on the contents of this article. Reliance on any information provided in this article is strictly at the reader's own risk.
By accessing and using this article, the reader expressly agrees to the terms of this disclaimer.
One Click Away from Ruin: Understanding Cyber Fraud and Why It Is a Serious Crime Under Indian Law
Think of cyber fraud as the oldest crime in human history carried out through the newest tools available. Deception, impersonation, and theft are not inventions of the digital age. What the internet has done is make these crimes faster, harder to trace, more scalable, and devastatingly easier to execute against ordinary people who have done nothing wrong except trust a message that looked legitimate.
The common assumption that cyber fraud only happens to the technically inexperienced is dangerously wrong. Students, professionals, senior citizens, lawyers, doctors, and business owners are all targets. A single click on a fake link, one rushed approval on a UPI payment request, one convincing phone call from someone pretending to be a bank official can erase months or years of savings in seconds. The person who clicked, thinking they were helping someone in need, suddenly finds themselves in need. The fraudster is gone. The money is gone. And in too many cases, the victim does not know that the law has given them meaningful tools to fight back.
This article explains what cyber fraud is under Indian law, what legal remedies are available to victims, what the courts have said, what mistakes victims commonly make that benefit only the fraudster, and how the legal framework under the Information Technology Act, 2000 and the Bharatiya Nyaya Sanhita, 2023 protects every person who is deceived online.
Defining the Crime: What Qualifies as Cyber Fraud Under the Information Technology Act 2000 and BNS 2023?
The Information Technology Act, 2000, as amended in 2008, does not define cyber fraud in a single comprehensive provision. Instead, it criminalises the specific acts that constitute fraud when carried out through digital means. The key provisions address identity theft under Section 66C, cheating by impersonation using computer resources under Section 66D, and unauthorised access and data theft under Section 43. Together, these provisions cover the full spectrum of fraudulent conduct carried out through computers, smartphones, and digital networks.
In simple terms, cyber fraud refers to any act of cheating or deception carried out using digital platforms, including mobile phones, computers, the internet, and social media, with the intention of securing wrongful gain for the fraudster or causing wrongful loss to the victim. Common examples include phishing emails that mimic legitimate bank communications, fake KYC verification calls, UPI fraud, online shopping scams where goods are never delivered, investment schemes that disappear with the deposited money, and impersonation through social media to extract personal or financial information.
Under the Bharatiya Nyaya Sanhita, 2023, which replaced the Indian Penal Code, the offence of cheating and dishonestly inducing the delivery of property is punishable under Section 318. When a victim transfers money because of deception, this provision is directly attracted, regardless of the fact that the deception was carried out through digital means rather than in person.
One of the most important things a victim must understand is that cyber fraud is not a civil mistake or a case of personal negligence that the victim is responsible for resolving privately. In the overwhelming majority of cases, it is a criminal offence under Indian law, cognisable in nature, meaning that the police have the legal authority and obligation to register an FIR and investigate without requiring prior court approval.
The Clock Is Running: Immediate Steps Every Cyber Fraud Victim Must Take
Time is the single most critical factor in cyber fraud cases. The law provides meaningful remedies, but delay almost always reduces the chances of recovery. Every hour that passes after a fraud is an hour in which the fraudster is moving money, deleting trails, and disappearing further from the reach of investigation.
The first and most urgent step is to immediately contact the bank or payment service provider and request the freezing of the fraudulent transaction. Many banks have the technical capability to block or reverse transfers if they are notified quickly. This window is narrow, but it exists, and it has resulted in successful fund recovery in a significant number of cases.
The second step is to file a complaint on the National Cyber Crime Reporting Portal at cybercrime.gov.in. This portal is officially maintained by the Ministry of Home Affairs and is the primary mechanism established by the government for reporting online financial frauds. Complaints filed here are routed to the appropriate state cyber crime cells for investigation.
The third step is to approach the nearest police station or cyber crime cell in person, carrying the complaint acknowledgment from the portal, complete transaction details, and all available supporting evidence including screenshots, call recordings, email communications, and bank statements.
A police officer cannot legally refuse to register a complaint in a cognisable offence. If registration is refused, that refusal itself is challengeable under criminal procedure, and the victim can approach the Superintendent of Police or a Judicial Magistrate directly.
The Full Arsenal: Legal Remedies Available to Cyber Fraud Victims in India
Victims of cyber fraud in India have multiple legal routes available, and the choice between them depends on the nature and scale of the fraud.
1. Criminal Proceedings Under the IT Act and BNS 2023
An FIR can be registered under Section 66D of the Information Technology Act, covering cheating by impersonation through computer resources, and under the relevant provisions of the Bharatiya Nyaya Sanhita, 2023 for cheating and dishonest inducement. Once an FIR is registered, the police can deploy cyber forensic tools to trace IP addresses, identify associated bank accounts, and reconstruct the digital trail left by the fraudster.
2. Bank-Based Remedies and the RBI Integrated Ombudsman Scheme
The Reserve Bank of India has issued guidelines requiring all banks and payment service providers to maintain grievance redressal mechanisms specifically for digital transaction frauds. Where a bank's internal grievance mechanism fails to provide a satisfactory resolution within the prescribed period, the victim can escalate the matter to the Banking Ombudsman under the RBI Integrated Ombudsman Scheme. This is a free, accessible, and relatively expeditious remedy for victims of online banking fraud.
3. Compensation Through Courts
In cases involving significant financial loss, victims may approach civil or criminal courts seeking compensation. Courts have increasingly recognised the duty of banks and digital intermediaries to maintain reasonable and adequate security practices, and have awarded compensation where negligence in the discharge of that duty has been established.
4. Liability of Intermediaries Under Section 79 of the IT Act
Payment platforms, social media companies, and other digital intermediaries are required under Section 79 of the Information Technology Act to exercise due diligence in the operation of their platforms. Where an intermediary has failed to discharge this obligation and the failure has contributed to the fraud, the intermediary may be exposed to legal scrutiny. Victims with strong evidence of platform negligence may have viable claims against intermediaries in addition to their claims against the fraudster.
The Myths That Protect Fraudsters: Common Misconceptions That Stop Victims From Acting
Several deeply entrenched misconceptions prevent victims of cyber fraud from exercising their legal rights, and each one benefits only the fraudster.
The most damaging misconception is that clicking a fraudulent link means the victim consented to what followed and therefore has no legal remedy. This is legally incorrect. Consent obtained through deception is not valid consent under any provision of Indian law. The victim who was deceived into clicking, approving, or transferring is not a willing party to a transaction; they are the victim of a criminal offence.
The second misconception is that small amounts are not worth reporting. This misunderstands how cyber crime investigation works. Cyber crime authorities rely on pattern recognition to identify and dismantle larger fraud networks. A complaint about a small-value fraud may be the piece of evidence that connects a fraudster to dozens of similar offences and leads to a prosecution that recovers significantly larger sums for multiple victims.
The third misconception is that embarrassment or social stigma justifies delaying the complaint. This delay serves only one person: the fraudster. The longer the victim waits, the more time the fraudster has to move funds, destroy evidence, and make investigation impossible. The law does not judge victims for being deceived. It offers them remedies. But those remedies require prompt action.
What India's Courts Have Said: Five Landmark Judgments on Cyber Fraud
Shreya Singhal v. Union of India (2015) 5 SCC 1: Drawing the Line Between Speech and Fraud
Although this judgment is principally known for striking down Section 66A of the IT Act as unconstitutional, the Supreme Court made an important distinction that is directly relevant to cyber fraud. The Court clearly separated offences involving deception, impersonation, and dishonest inducement through electronic means from protected online expression, affirming that such conduct falls squarely within the scope of Sections 66C and 66D of the IT Act and constitutes punishable criminal offences. The judgment reaffirmed that cyber fraud is not protected digital activity.
State of Maharashtra v. Mohd. Yakub (1980) 3 SCC 57: Establishing Criminal Intent in Digital Deception
This judgment, though predating the digital era, has been consistently relied upon by courts in cyber fraud cases to establish the principle that intent to deceive, demonstrated through conduct rather than words alone, is sufficient to constitute the criminal offence of cheating. This principle directly counters the fraudster's common argument that the victim voluntarily performed the transaction. Where the transaction was induced by deception, the element of voluntary consent is absent, and the offence is complete.
NASSCOM v. Ajay Sood and Others (2005): India's Foundational Phishing Judgment
The Delhi High Court's decision in this case is one of India's earliest and most important judicial pronouncements on cyber fraud. The court held that phishing amounts to passing off, identity theft, and online fraud, and restrained the defendants from using deceptive emails to extract confidential information from internet users. The judgment recognised phishing as a serious cyber offence even before widespread statutory clarity existed, laying the foundation for the enforcement framework subsequently developed under the Information Technology Act.
Umashankar Sivasubramanian v. ICICI Bank Ltd. (2020): Banks Are Not Blameless
The Madras High Court addressed the responsibility of banks in cases of unauthorised online transactions and held that banks have a duty of care toward their customers that cannot be discharged merely by pointing to the victim's conduct. Where a bank has failed to maintain adequate security mechanisms or has been negligent in its response to a reported fraud, it cannot escape liability. This judgment is frequently cited in cases involving online banking fraud and is essential authority for victims seeking compensation from financial institutions.
Ritu Kohli v. Union of India (2001): India's First Cyber Impersonation Case
This is among the earliest reported cyber crime cases in India, arising from online impersonation and misuse of personal identity. The case highlighted the legal vacuum that existed before comprehensive cyber legislation was enacted and directly influenced the strengthening of the statutory provisions that became Sections 66C and 66D of the Information Technology Act. It remains significant for its early recognition that online impersonation is a form of criminal wrongdoing that the law must address.
How the Courts Approach Cyber Fraud: The Evolving Judicial Philosophy
The Indian judiciary has demonstrated an increasingly serious and sophisticated approach to cyber fraud over the past two decades. Courts have moved from early uncertainty about how existing criminal law applied to digital conduct toward a clear and confident recognition that cyber fraud is a serious offence demanding strict enforcement, technical investigation, and coordinated action between law enforcement and financial institutions.
Courts have consistently held that victims of cyber fraud should not be left without remedy merely because the crime was committed through a digital medium rather than in person. The principles of criminal law, the duty of care owed by banks and intermediaries, and the constitutional right to an effective legal remedy all apply in the online context with the same force as they apply in the physical world. The law is evolving to match the sophistication of cyber offences, and victims who approach the courts with well-documented complaints are increasingly finding that the judicial system is prepared to take their cases seriously.
Conclusion: The Law Is on Your Side, But Only If You Use It
Cyber fraud is not an inevitable consequence of living in a digital world. It is a crime. The Indian legal system has built a meaningful framework of criminal provisions, regulatory remedies, and judicial precedent to protect victims and hold fraudsters, banks, and negligent intermediaries accountable. But that framework can only work if victims know it exists and have the courage to use it promptly.
The moment a fraud occurs, the clock starts. The victim who acts immediately, contacts their bank, files on the cyber crime portal, and approaches the police with organised evidence gives the legal system its best chance of recovering their money and prosecuting the offender. The victim who waits, embarrassed or uncertain, gives the fraudster everything they need to disappear.
You did not consent to be defrauded. Deception is not your fault. The law agrees. Use it.
Frequently Asked Questions (FAQs) on Cyber Fraud and Legal Remedies in India
What is cyber fraud under Indian law? Cyber fraud refers to any act of cheating or deception carried out using digital platforms, including computers, smartphones, or the internet, with the intention of causing wrongful gain to the fraudster or wrongful loss to the victim. It is criminalised under Sections 66C and 66D of the Information Technology Act, 2000 and under Section 318 of the Bharatiya Nyaya Sanhita, 2023.
Is cyber fraud a cognisable offence in India? Yes. Cyber fraud offences under the IT Act and the BNS are cognisable, meaning the police are legally empowered and obligated to register an FIR and investigate without requiring prior court approval.
Where should a cyber fraud victim file a complaint in India? A victim should file a complaint on the National Cyber Crime Reporting Portal at cybercrime.gov.in, which is maintained by the Ministry of Home Affairs, and simultaneously approach the nearest police station or cyber crime cell with supporting evidence.
Can a police officer refuse to register an FIR in a cyber fraud case? No. Refusal to register an FIR in a cognisable offence is illegal. A victim whose complaint is refused can approach the Superintendent of Police or a Judicial Magistrate directly to compel registration.
Can a bank be held liable for a cyber fraud committed through its platform? Yes. The Madras High Court in Umashankar Sivasubramanian v. ICICI Bank Ltd. held that banks owe a duty of care to their customers and can be held liable where negligence in their security mechanisms contributed to the fraud. Victims can also escalate unresolved banking fraud complaints to the RBI Integrated Ombudsman.
If I clicked a fraudulent link, can I still claim to be a victim? Yes. Consent obtained through deception is not legally valid consent. A victim who was deceived into clicking, approving, or transferring money has not consented to the fraud and retains full legal remedies under Indian law.
Is it worth reporting a small-value cyber fraud? Yes. Cyber crime authorities use pattern recognition to identify and dismantle larger fraud networks. Small complaints contribute to larger investigations and may help recover funds for multiple victims, including the complainant.
What are intermediary liabilities under the IT Act in cyber fraud cases? Under Section 79 of the IT Act, intermediaries such as payment platforms are required to exercise due diligence. Where an intermediary has failed to meet this standard and the failure contributed to the fraud, the intermediary may face legal liability for negligence.
Key Takeaways: Everything You Must Know About Cyber Fraud and Legal Remedies in India
Cyber fraud is a criminal offence under the Information Technology Act, 2000 and the Bharatiya Nyaya Sanhita, 2023, punishable under Sections 66C and 66D of the IT Act and Section 318 of the BNS.
Anyone with a smartphone and a bank account is a potential target; cyber fraud is not limited to the technically inexperienced.
Victims must act immediately: contact their bank to freeze the transaction, file on the National Cyber Crime Reporting Portal at cybercrime.gov.in, and approach the police with complete supporting evidence.
Police cannot legally refuse to register an FIR in a cognisable cyber fraud case; refusal is itself challengeable.
Victims have multiple legal remedies including criminal proceedings, the RBI Integrated Ombudsman Scheme, court-ordered compensation, and claims against negligent intermediaries under Section 79 of the IT Act.
Consent obtained through deception is not valid consent; victims who were deceived have full legal standing regardless of their own actions.
The Supreme Court in Shreya Singhal v. Union of India confirmed that cyber fraud involving deception and impersonation is squarely within the ambit of criminal law under the IT Act.
Banks owe a duty of care to customers in digital transactions and can be held liable where negligence in their security practices contributes to fraud, as held in Umashankar Sivasubramanian v. ICICI Bank Ltd.
Delay in reporting benefits only the fraudster; prompt action is the single most important determinant of a victim's chances of recovery.
The Indian judiciary is increasingly treating cyber fraud as a serious offence demanding strict enforcement, technical investigation, and accountability from both fraudsters and the institutions that enable them.
References
The Information Technology Act, 2000 (as amended in 2008): The primary legislation criminalising cyber fraud in India, containing Sections 43, 66C, 66D, and 79, governing data theft, identity theft, cheating by impersonation, and intermediary liability respectively.
The Bharatiya Nyaya Sanhita, 2023: The successor to the Indian Penal Code, containing Section 318 on cheating and dishonestly inducing the delivery of property, applicable to cyber fraud involving the deceptive transfer of money.
Shreya Singhal v. Union of India, (2015) 5 SCC 1: The Supreme Court decision distinguishing protected online expression from criminal cyber offences, confirming that deception and impersonation through digital means are punishable under Sections 66C and 66D of the IT Act.
NASSCOM v. Ajay Sood and Others, (2005) 30 PTC 437 (Del): The Delhi High Court's foundational judgment recognising phishing as a serious cyber offence amounting to identity theft, passing off, and online fraud.
Umashankar Sivasubramanian v. ICICI Bank Ltd., 2020: The Madras High Court decision affirming the duty of care owed by banks to their customers in digital transactions and establishing bank liability where inadequate security practices contributed to the fraud.
Ritu Kohli v. Union of India, 2001: India's first significant online impersonation case, which recognised online identity misuse as criminal wrongdoing and influenced the strengthening of the statutory framework under the IT Act.
State of Maharashtra v. Mohd. Yakub, (1980) 3 SCC 57: The Supreme Court judgment establishing the principle of intent to deceive in economic offences, applied in cyber fraud cases to counter the argument that digitally induced transactions were voluntary.
National Cyber Crime Reporting Portal, cybercrime.gov.in: The Ministry of Home Affairs' official portal for reporting online financial frauds and cyber crimes in India.
RBI Integrated Ombudsman Scheme: The Reserve Bank of India's mechanism for resolving unaddressed grievances relating to digital transaction frauds against banks and payment service providers.
Disclaimer
This article is published by CLEAR LAW (clearlaw.online) strictly for educational and informational purposes only. It does not constitute legal advice, legal opinion, or any form of professional counsel, and must not be relied upon as a substitute for consultation with a qualified legal practitioner. Nothing contained herein shall be construed as creating a lawyer-client relationship between the reader and the author, publisher, or CLEAR LAW (clearlaw.online).
All views, interpretations, and conclusions expressed in this article are solely those of the author and represent independent academic analysis. CLEAR LAW (clearlaw.online) does not endorse, verify, or guarantee the accuracy, completeness, or reliability of the content, and expressly disclaims any responsibility for the same.
While reasonable efforts are made to ensure that the information presented is accurate and up to date, no warranties or representations, express or implied, are made regarding its correctness, adequacy, or applicability to any specific factual or legal situation. Laws, regulations, and judicial interpretations are subject to change, and the content may not reflect the most current legal developments.
To the fullest extent permitted by applicable law, CLEAR LAW (clearlaw.online), the author, editors, and publisher disclaim all liability for any direct, indirect, incidental, consequential, or special damages arising out of or in connection with the use of, or reliance upon, this article.
Readers are strongly advised to seek independent legal advice from a qualified professional before making any decisions or taking any action based on the contents of this article. Reliance on any information provided in this article is strictly at the reader's own risk.
By accessing and using this article, the reader expressly agrees to the terms of this disclaimer.
One Click Away from Ruin: Understanding Cyber Fraud and Why It Is a Serious Crime Under Indian Law
Think of cyber fraud as the oldest crime in human history carried out through the newest tools available. Deception, impersonation, and theft are not inventions of the digital age. What the internet has done is make these crimes faster, harder to trace, more scalable, and devastatingly easier to execute against ordinary people who have done nothing wrong except trust a message that looked legitimate.
The common assumption that cyber fraud only happens to the technically inexperienced is dangerously wrong. Students, professionals, senior citizens, lawyers, doctors, and business owners are all targets. A single click on a fake link, one rushed approval on a UPI payment request, one convincing phone call from someone pretending to be a bank official can erase months or years of savings in seconds. The person who clicked, thinking they were helping someone in need, suddenly finds themselves in need. The fraudster is gone. The money is gone. And in too many cases, the victim does not know that the law has given them meaningful tools to fight back.
This article explains what cyber fraud is under Indian law, what legal remedies are available to victims, what the courts have said, what mistakes victims commonly make that benefit only the fraudster, and how the legal framework under the Information Technology Act, 2000 and the Bharatiya Nyaya Sanhita, 2023 protects every person who is deceived online.
Defining the Crime: What Qualifies as Cyber Fraud Under the Information Technology Act 2000 and BNS 2023?
The Information Technology Act, 2000, as amended in 2008, does not define cyber fraud in a single comprehensive provision. Instead, it criminalises the specific acts that constitute fraud when carried out through digital means. The key provisions address identity theft under Section 66C, cheating by impersonation using computer resources under Section 66D, and unauthorised access and data theft under Section 43. Together, these provisions cover the full spectrum of fraudulent conduct carried out through computers, smartphones, and digital networks.
In simple terms, cyber fraud refers to any act of cheating or deception carried out using digital platforms, including mobile phones, computers, the internet, and social media, with the intention of securing wrongful gain for the fraudster or causing wrongful loss to the victim. Common examples include phishing emails that mimic legitimate bank communications, fake KYC verification calls, UPI fraud, online shopping scams where goods are never delivered, investment schemes that disappear with the deposited money, and impersonation through social media to extract personal or financial information.
Under the Bharatiya Nyaya Sanhita, 2023, which replaced the Indian Penal Code, the offence of cheating and dishonestly inducing the delivery of property is punishable under Section 318. When a victim transfers money because of deception, this provision is directly attracted, regardless of the fact that the deception was carried out through digital means rather than in person.
One of the most important things a victim must understand is that cyber fraud is not a civil mistake or a case of personal negligence that the victim is responsible for resolving privately. In the overwhelming majority of cases, it is a criminal offence under Indian law, cognisable in nature, meaning that the police have the legal authority and obligation to register an FIR and investigate without requiring prior court approval.
The Clock Is Running: Immediate Steps Every Cyber Fraud Victim Must Take
Time is the single most critical factor in cyber fraud cases. The law provides meaningful remedies, but delay almost always reduces the chances of recovery. Every hour that passes after a fraud is an hour in which the fraudster is moving money, deleting trails, and disappearing further from the reach of investigation.
The first and most urgent step is to immediately contact the bank or payment service provider and request the freezing of the fraudulent transaction. Many banks have the technical capability to block or reverse transfers if they are notified quickly. This window is narrow, but it exists, and it has resulted in successful fund recovery in a significant number of cases.
The second step is to file a complaint on the National Cyber Crime Reporting Portal at cybercrime.gov.in. This portal is officially maintained by the Ministry of Home Affairs and is the primary mechanism established by the government for reporting online financial frauds. Complaints filed here are routed to the appropriate state cyber crime cells for investigation.
The third step is to approach the nearest police station or cyber crime cell in person, carrying the complaint acknowledgment from the portal, complete transaction details, and all available supporting evidence including screenshots, call recordings, email communications, and bank statements.
A police officer cannot legally refuse to register a complaint in a cognisable offence. If registration is refused, that refusal itself is challengeable under criminal procedure, and the victim can approach the Superintendent of Police or a Judicial Magistrate directly.
The Full Arsenal: Legal Remedies Available to Cyber Fraud Victims in India
Victims of cyber fraud in India have multiple legal routes available, and the choice between them depends on the nature and scale of the fraud.
1. Criminal Proceedings Under the IT Act and BNS 2023
An FIR can be registered under Section 66D of the Information Technology Act, covering cheating by impersonation through computer resources, and under the relevant provisions of the Bharatiya Nyaya Sanhita, 2023 for cheating and dishonest inducement. Once an FIR is registered, the police can deploy cyber forensic tools to trace IP addresses, identify associated bank accounts, and reconstruct the digital trail left by the fraudster.
2. Bank-Based Remedies and the RBI Integrated Ombudsman Scheme
The Reserve Bank of India has issued guidelines requiring all banks and payment service providers to maintain grievance redressal mechanisms specifically for digital transaction frauds. Where a bank's internal grievance mechanism fails to provide a satisfactory resolution within the prescribed period, the victim can escalate the matter to the Banking Ombudsman under the RBI Integrated Ombudsman Scheme. This is a free, accessible, and relatively expeditious remedy for victims of online banking fraud.
3. Compensation Through Courts
In cases involving significant financial loss, victims may approach civil or criminal courts seeking compensation. Courts have increasingly recognised the duty of banks and digital intermediaries to maintain reasonable and adequate security practices, and have awarded compensation where negligence in the discharge of that duty has been established.
4. Liability of Intermediaries Under Section 79 of the IT Act
Payment platforms, social media companies, and other digital intermediaries are required under Section 79 of the Information Technology Act to exercise due diligence in the operation of their platforms. Where an intermediary has failed to discharge this obligation and the failure has contributed to the fraud, the intermediary may be exposed to legal scrutiny. Victims with strong evidence of platform negligence may have viable claims against intermediaries in addition to their claims against the fraudster.
The Myths That Protect Fraudsters: Common Misconceptions That Stop Victims From Acting
Several deeply entrenched misconceptions prevent victims of cyber fraud from exercising their legal rights, and each one benefits only the fraudster.
The most damaging misconception is that clicking a fraudulent link means the victim consented to what followed and therefore has no legal remedy. This is legally incorrect. Consent obtained through deception is not valid consent under any provision of Indian law. The victim who was deceived into clicking, approving, or transferring is not a willing party to a transaction; they are the victim of a criminal offence.
The second misconception is that small amounts are not worth reporting. This misunderstands how cyber crime investigation works. Cyber crime authorities rely on pattern recognition to identify and dismantle larger fraud networks. A complaint about a small-value fraud may be the piece of evidence that connects a fraudster to dozens of similar offences and leads to a prosecution that recovers significantly larger sums for multiple victims.
The third misconception is that embarrassment or social stigma justifies delaying the complaint. This delay serves only one person: the fraudster. The longer the victim waits, the more time the fraudster has to move funds, destroy evidence, and make investigation impossible. The law does not judge victims for being deceived. It offers them remedies. But those remedies require prompt action.
What India's Courts Have Said: Five Landmark Judgments on Cyber Fraud
Shreya Singhal v. Union of India (2015) 5 SCC 1: Drawing the Line Between Speech and Fraud
Although this judgment is principally known for striking down Section 66A of the IT Act as unconstitutional, the Supreme Court made an important distinction that is directly relevant to cyber fraud. The Court clearly separated offences involving deception, impersonation, and dishonest inducement through electronic means from protected online expression, affirming that such conduct falls squarely within the scope of Sections 66C and 66D of the IT Act and constitutes punishable criminal offences. The judgment reaffirmed that cyber fraud is not protected digital activity.
State of Maharashtra v. Mohd. Yakub (1980) 3 SCC 57: Establishing Criminal Intent in Digital Deception
This judgment, though predating the digital era, has been consistently relied upon by courts in cyber fraud cases to establish the principle that intent to deceive, demonstrated through conduct rather than words alone, is sufficient to constitute the criminal offence of cheating. This principle directly counters the fraudster's common argument that the victim voluntarily performed the transaction. Where the transaction was induced by deception, the element of voluntary consent is absent, and the offence is complete.
NASSCOM v. Ajay Sood and Others (2005): India's Foundational Phishing Judgment
The Delhi High Court's decision in this case is one of India's earliest and most important judicial pronouncements on cyber fraud. The court held that phishing amounts to passing off, identity theft, and online fraud, and restrained the defendants from using deceptive emails to extract confidential information from internet users. The judgment recognised phishing as a serious cyber offence even before widespread statutory clarity existed, laying the foundation for the enforcement framework subsequently developed under the Information Technology Act.
Umashankar Sivasubramanian v. ICICI Bank Ltd. (2020): Banks Are Not Blameless
The Madras High Court addressed the responsibility of banks in cases of unauthorised online transactions and held that banks have a duty of care toward their customers that cannot be discharged merely by pointing to the victim's conduct. Where a bank has failed to maintain adequate security mechanisms or has been negligent in its response to a reported fraud, it cannot escape liability. This judgment is frequently cited in cases involving online banking fraud and is essential authority for victims seeking compensation from financial institutions.
Ritu Kohli v. Union of India (2001): India's First Cyber Impersonation Case
This is among the earliest reported cyber crime cases in India, arising from online impersonation and misuse of personal identity. The case highlighted the legal vacuum that existed before comprehensive cyber legislation was enacted and directly influenced the strengthening of the statutory provisions that became Sections 66C and 66D of the Information Technology Act. It remains significant for its early recognition that online impersonation is a form of criminal wrongdoing that the law must address.
How the Courts Approach Cyber Fraud: The Evolving Judicial Philosophy
The Indian judiciary has demonstrated an increasingly serious and sophisticated approach to cyber fraud over the past two decades. Courts have moved from early uncertainty about how existing criminal law applied to digital conduct toward a clear and confident recognition that cyber fraud is a serious offence demanding strict enforcement, technical investigation, and coordinated action between law enforcement and financial institutions.
Courts have consistently held that victims of cyber fraud should not be left without remedy merely because the crime was committed through a digital medium rather than in person. The principles of criminal law, the duty of care owed by banks and intermediaries, and the constitutional right to an effective legal remedy all apply in the online context with the same force as they apply in the physical world. The law is evolving to match the sophistication of cyber offences, and victims who approach the courts with well-documented complaints are increasingly finding that the judicial system is prepared to take their cases seriously.
Conclusion: The Law Is on Your Side, But Only If You Use It
Cyber fraud is not an inevitable consequence of living in a digital world. It is a crime. The Indian legal system has built a meaningful framework of criminal provisions, regulatory remedies, and judicial precedent to protect victims and hold fraudsters, banks, and negligent intermediaries accountable. But that framework can only work if victims know it exists and have the courage to use it promptly.
The moment a fraud occurs, the clock starts. The victim who acts immediately, contacts their bank, files on the cyber crime portal, and approaches the police with organised evidence gives the legal system its best chance of recovering their money and prosecuting the offender. The victim who waits, embarrassed or uncertain, gives the fraudster everything they need to disappear.
You did not consent to be defrauded. Deception is not your fault. The law agrees. Use it.
Frequently Asked Questions (FAQs) on Cyber Fraud and Legal Remedies in India
What is cyber fraud under Indian law? Cyber fraud refers to any act of cheating or deception carried out using digital platforms, including computers, smartphones, or the internet, with the intention of causing wrongful gain to the fraudster or wrongful loss to the victim. It is criminalised under Sections 66C and 66D of the Information Technology Act, 2000 and under Section 318 of the Bharatiya Nyaya Sanhita, 2023.
Is cyber fraud a cognisable offence in India? Yes. Cyber fraud offences under the IT Act and the BNS are cognisable, meaning the police are legally empowered and obligated to register an FIR and investigate without requiring prior court approval.
Where should a cyber fraud victim file a complaint in India? A victim should file a complaint on the National Cyber Crime Reporting Portal at cybercrime.gov.in, which is maintained by the Ministry of Home Affairs, and simultaneously approach the nearest police station or cyber crime cell with supporting evidence.
Can a police officer refuse to register an FIR in a cyber fraud case? No. Refusal to register an FIR in a cognisable offence is illegal. A victim whose complaint is refused can approach the Superintendent of Police or a Judicial Magistrate directly to compel registration.
Can a bank be held liable for a cyber fraud committed through its platform? Yes. The Madras High Court in Umashankar Sivasubramanian v. ICICI Bank Ltd. held that banks owe a duty of care to their customers and can be held liable where negligence in their security mechanisms contributed to the fraud. Victims can also escalate unresolved banking fraud complaints to the RBI Integrated Ombudsman.
If I clicked a fraudulent link, can I still claim to be a victim? Yes. Consent obtained through deception is not legally valid consent. A victim who was deceived into clicking, approving, or transferring money has not consented to the fraud and retains full legal remedies under Indian law.
Is it worth reporting a small-value cyber fraud? Yes. Cyber crime authorities use pattern recognition to identify and dismantle larger fraud networks. Small complaints contribute to larger investigations and may help recover funds for multiple victims, including the complainant.
What are intermediary liabilities under the IT Act in cyber fraud cases? Under Section 79 of the IT Act, intermediaries such as payment platforms are required to exercise due diligence. Where an intermediary has failed to meet this standard and the failure contributed to the fraud, the intermediary may face legal liability for negligence.
Key Takeaways: Everything You Must Know About Cyber Fraud and Legal Remedies in India
Cyber fraud is a criminal offence under the Information Technology Act, 2000 and the Bharatiya Nyaya Sanhita, 2023, punishable under Sections 66C and 66D of the IT Act and Section 318 of the BNS.
Anyone with a smartphone and a bank account is a potential target; cyber fraud is not limited to the technically inexperienced.
Victims must act immediately: contact their bank to freeze the transaction, file on the National Cyber Crime Reporting Portal at cybercrime.gov.in, and approach the police with complete supporting evidence.
Police cannot legally refuse to register an FIR in a cognisable cyber fraud case; refusal is itself challengeable.
Victims have multiple legal remedies including criminal proceedings, the RBI Integrated Ombudsman Scheme, court-ordered compensation, and claims against negligent intermediaries under Section 79 of the IT Act.
Consent obtained through deception is not valid consent; victims who were deceived have full legal standing regardless of their own actions.
The Supreme Court in Shreya Singhal v. Union of India confirmed that cyber fraud involving deception and impersonation is squarely within the ambit of criminal law under the IT Act.
Banks owe a duty of care to customers in digital transactions and can be held liable where negligence in their security practices contributes to fraud, as held in Umashankar Sivasubramanian v. ICICI Bank Ltd.
Delay in reporting benefits only the fraudster; prompt action is the single most important determinant of a victim's chances of recovery.
The Indian judiciary is increasingly treating cyber fraud as a serious offence demanding strict enforcement, technical investigation, and accountability from both fraudsters and the institutions that enable them.
References
The Information Technology Act, 2000 (as amended in 2008): The primary legislation criminalising cyber fraud in India, containing Sections 43, 66C, 66D, and 79, governing data theft, identity theft, cheating by impersonation, and intermediary liability respectively.
The Bharatiya Nyaya Sanhita, 2023: The successor to the Indian Penal Code, containing Section 318 on cheating and dishonestly inducing the delivery of property, applicable to cyber fraud involving the deceptive transfer of money.
Shreya Singhal v. Union of India, (2015) 5 SCC 1: The Supreme Court decision distinguishing protected online expression from criminal cyber offences, confirming that deception and impersonation through digital means are punishable under Sections 66C and 66D of the IT Act.
NASSCOM v. Ajay Sood and Others, (2005) 30 PTC 437 (Del): The Delhi High Court's foundational judgment recognising phishing as a serious cyber offence amounting to identity theft, passing off, and online fraud.
Umashankar Sivasubramanian v. ICICI Bank Ltd., 2020: The Madras High Court decision affirming the duty of care owed by banks to their customers in digital transactions and establishing bank liability where inadequate security practices contributed to the fraud.
Ritu Kohli v. Union of India, 2001: India's first significant online impersonation case, which recognised online identity misuse as criminal wrongdoing and influenced the strengthening of the statutory framework under the IT Act.
State of Maharashtra v. Mohd. Yakub, (1980) 3 SCC 57: The Supreme Court judgment establishing the principle of intent to deceive in economic offences, applied in cyber fraud cases to counter the argument that digitally induced transactions were voluntary.
National Cyber Crime Reporting Portal, cybercrime.gov.in: The Ministry of Home Affairs' official portal for reporting online financial frauds and cyber crimes in India.
RBI Integrated Ombudsman Scheme: The Reserve Bank of India's mechanism for resolving unaddressed grievances relating to digital transaction frauds against banks and payment service providers.
Disclaimer
This article is published by CLEAR LAW (clearlaw.online) strictly for educational and informational purposes only. It does not constitute legal advice, legal opinion, or any form of professional counsel, and must not be relied upon as a substitute for consultation with a qualified legal practitioner. Nothing contained herein shall be construed as creating a lawyer-client relationship between the reader and the author, publisher, or CLEAR LAW (clearlaw.online).
All views, interpretations, and conclusions expressed in this article are solely those of the author and represent independent academic analysis. CLEAR LAW (clearlaw.online) does not endorse, verify, or guarantee the accuracy, completeness, or reliability of the content, and expressly disclaims any responsibility for the same.
While reasonable efforts are made to ensure that the information presented is accurate and up to date, no warranties or representations, express or implied, are made regarding its correctness, adequacy, or applicability to any specific factual or legal situation. Laws, regulations, and judicial interpretations are subject to change, and the content may not reflect the most current legal developments.
To the fullest extent permitted by applicable law, CLEAR LAW (clearlaw.online), the author, editors, and publisher disclaim all liability for any direct, indirect, incidental, consequential, or special damages arising out of or in connection with the use of, or reliance upon, this article.
Readers are strongly advised to seek independent legal advice from a qualified professional before making any decisions or taking any action based on the contents of this article. Reliance on any information provided in this article is strictly at the reader's own risk.
By accessing and using this article, the reader expressly agrees to the terms of this disclaimer.