How to Report Cyber Fraud in India (1930 & Cybercrime Portal)

If you have just lost money to an online scam — a fake investment app, a “digital arrest” call, a UPI request, a phishing link or a job fraud — speed is everything. The first hour decides whether your money can be frozen before the fraudster withdraws it. Do not waste time arguing with the scammer or waiting for the bank to open. Act now, in this order.

Do these three things immediately

1. Call the national cyber-fraud helpline 1930. It is toll-free and operates round the clock. Give your name, mobile number, the fraud amount and the transaction details (UTR/transaction ID, date, the bank or wallet involved). The operator logs your complaint into the Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS), which alerts your bank and the beneficiary bank to freeze the disputed funds before they can be siphoned off.
2. Report online at cybercrime.gov.in — the only government-authorised portal for cybercrime. If you reported by phone first, complete the written complaint on the portal within 24 hours using the acknowledgement number sent to you by SMS.
3. Inform your own bank. Call the bank’s fraud helpline, ask them to block your card/UPI, and put a written request on record to dispute the transaction and recover the amount.

The “golden hour”

The single most important idea is the golden hour. Money moved by a fraudster usually sits briefly in a mule account before being withdrawn or layered onward. If you report within minutes — ideally inside the first hour — the police and banks, working through CFCFRMS, can place a hold on the funds while they are still traceable. Report after a day, and the money is often already gone. Government figures show that over ₹7,000 crore has been saved across more than 23 lakh complaints through this system precisely because some victims acted fast. The lesson is blunt: every minute you delay lowers your odds of getting your money back.

How the reporting system works

The 1930 helpline and cybercrime.gov.in are run under the Indian Cyber Crime Coordination Centre (I4C), a unit of the Ministry of Home Affairs. I4C operates the CFCFRMS platform and a data-sharing tool (Samanvay) that connects police, banks, wallets and telecom operators so that a single complaint can trigger coordinated action — freezing accounts, tracing money trails and blocking fraudulent SIMs and numbers. This is why reporting through the official channel is far more effective than only calling the scammer’s “customer care”.

Filing the complaint on cybercrime.gov.in

When you file online, keep these ready:

• Your ID — a soft copy of any government ID (Aadhaar, PAN, voter ID, passport or driving licence) in JPG/PNG, under 5 MB.
• For financial fraud — name of the bank/wallet/merchant, the 12-digit transaction ID or UTR number, the date of the transaction and the exact fraud amount.
• Evidence — screenshots of the chat, the fake website/app, the caller’s number, SMS, payment receipts and any UPI handle or account number used.

Choose the correct category — “Report Financial Fraud” if you have lost money, or “Report Other Cybercrime” for hacking, phishing, blackmail or social-media offences. Enter your mobile, verify the OTP, describe the incident (minimum 200 characters, plain text), upload the evidence, and submit. You will receive a complaint reference number. Use the “Track Your Complaint” tab to follow the action taken. (If you cannot access the portal, you can also call the helpline 155260.)

Getting an FIR and a formal investigation

An online complaint sets the recovery machinery in motion, but for prosecution you usually need a First Information Report (FIR). For a financial cyber fraud, the local cyber crime police station or cyber cell can register an FIR. If the police refuse, you can escalate to the Superintendent of Police, or approach a Magistrate under Section 175(3) of the Bharatiya Nagarik Suraksha Sanhita, 2023 (BNSS) (the provision that replaced Section 156(3) CrPC from 1 July 2024) to direct registration and investigation. Our cyber crime lawyers in Delhi regularly help victims push a stalled complaint into a properly registered FIR and follow it through investigation.

How cyber offences are charged

Cyber frauds are prosecuted under a combination of the Information Technology Act, 2000 and the new Bharatiya Nyaya Sanhita, 2023 (BNS), which replaced the Indian Penal Code on 1 July 2024:

• Section 66C, IT Act — identity theft: dishonest use of someone’s password, electronic signature or other unique identification. Punishable with imprisonment up to 3 years and a fine up to ₹1 lakh.
• Section 66D, IT Act — cheating by personation using a computer resource (the section used for most impersonation/phishing scams). Imprisonment up to 3 years and a fine up to ₹1 lakh.
• Section 318, BNS — cheating (this is the provision that replaced Section 420 IPC). Cheating that dishonestly induces delivery of property is punishable with imprisonment up to 7 years and a fine.
• Section 336, BNS — forgery, including forgery of electronic records and forgery for the purpose of cheating (replacing IPC Sections 463–468), commonly added in fake-document and account-takeover frauds.
• Criminal breach of trust, where applicable, falls under Section 316, BNS.

Most cyber-fraud charge sheets combine IT Act and BNS sections — for example 66C + 66D of the IT Act read with Section 318 BNS — because a single scam often involves both identity misuse and dishonest inducement.

If your account gets frozen

Honest people sometimes find their own account frozen because money from a fraud passed through it. Under a Ministry of Home Affairs / I4C Standard Operating Procedure issued in January 2026, banks are expected to restrict only the disputed amount, not your entire account. If you are affected, ask the bank in writing for the freeze details — the authority that ordered it, the FIR number and the legal provision — then submit a written representation with your ID and transaction history to that cyber cell and get a stamped acknowledgement. A lawyer can speed up the de-freezing.

How to protect yourself

• Treat any call claiming “digital arrest”, CBI/police custody over video, or a “verification” payment as a scam — no agency works this way.
• Never share OTPs, CVV, UPI PIN or card details; banks never ask for them.
• Do not install screen-sharing/remote apps or click payment links sent by strangers.
• Be sceptical of guaranteed-return investment groups, part-time “task” jobs and lottery wins.
• Keep evidence. If you are being threatened or extorted with private images, read our guidance on cyber blackmailing and on cyber crime and law in India.

The bottom line: call 1930 first, file on cybercrime.gov.in, and tell your bank — all within the golden hour — then pursue the FIR. The faster you move, the more law enforcement can do.

This is general information, not legal advice. Consult our lawyers for advice on your situation.