According to the latest statistical data available on cybercrime from the National Crime Records Bureau (NCRB) for the year 2022, cybercrime increased by 24.38 per cent compared to 2021.
As technology becomes an integral part of almost everything we do, including social media, online banking, and e-commerce, our dependence on digital systems has grown rapidly, but with this increased digital use comes more risk. Cybercriminals are finding new ways to misuse technology to commit fraud, identity theft, and harassment. These crimes not only cause financial loss but also damage someone’s reputation, identity, and mental well-being.
The Government of India, while answering to the question in the Lok Sabha on 6 August 2024, also reflected that the continuously increasing incidents of online transaction frauds and cybercrimes in the country have occurred during the last few years. In this article, we tried to understand the real cybercrime incidents and remedies available to the victims alongwith precautions in order to protect from these incidents.1
According to the latest statistical data available on cybercrime from the National Crime Records Bureau (NCRB) for the year 2022, cybercrime increased by 24.38 per cent compared to 2021, which is a significant rise.2
The common cybercrime incidents are related to online transaction fraud, identity theft, deep-fake creation, online stalking, sextortion, fake social media profiles and job scams. Overall, cybercrime has become one of the biggest threats to personal security and public trust in today’s digital era. A few of the common cybercrimes that usually happen, and remedies to avoid them are discussed below:
1. Identity theft: Identity theft is the unlawful and dishonest use of another person’s identity and private information, such as a name, photo, or identification number (ID number), for one’s own benefit, usually with the intention of defrauding or defaming the person whose name is used. Many people now know that creating fake profiles or impersonating someone on social media to harm their reputation or attract attention is a common cybercrime, but they do not know how to get a remedy if they become the victim of that. Such acts can result in mental discomfort, embarrassment, and a loss of personal safety since private photos or information may be made public without consent. For instance, a man in Noida used a woman’s pictures to make a fake Instagram profile without getting her permission and attempted to blackmail her by sharing her personal photos. A first information report (FIR) was registered against him under Section 66-C, Information Technology Act, 2000, for identity theft. Later, the police discovered that her colleague had made the fake account.3 Whenever anyone gets into this kind of situation, the victim can report the incidents on the “National Cybercrime Reporting Portal”, which is accordingly converted into FIRs and subsequent action thereon is handled by the State/Union Territory (UT) law enforcement agencies concerned.
2. Cyber fraud: Cyber fraud is the illegal use of digital systems or data for financial gain. It may target individuals, companies, or even governmental organisations. Cybercriminals put individuals, companies, and governmental entities at risk by using technological flaws to commit online fraud and data breaches. For instance, a former employee of a private company was arrested for generating fake invoices to falsely claim input tax credit under the Goods and Services Tax (GST). He was booked under the Nyaya Sanhita, 2023 and the Information Technology Act, 2000.4 In another instance, in Mangaluru, police discovered a gang that forged Aadhaar cards and tenancy documents to help accused individuals secure bail using fake identities. This case showed how digital forgery can harm the credibility of legal processes.5
3. Cyberstalking: Persistent online harassment, monitoring, or threatening messages are referred to as cyberstalking. The phrase itself implies that someone regularly monitors your online behaviour, even if they show no interest in you and occasionally, even specifically, instructs you not to message and follow. Usually, the accused would utilise a fake, or someone else’s account, to accomplish this. In an instance, 23-year-old man was sentenced to three years in prison for stalking a 15-year-old girl on WhatsApp. He sent obscene messages and threatened to harm himself if she did not reply. The court convicted him under Section 354-D, Penal Code, 1860 and Section 11(4), Protection of Children from Sexual Offences Act, 2012 (POCSO Act), along with fines and victim compensation.6
4. Deep-fake technology: Deepfakes are artificial intelligence (AI) generated spoof images or videos intended to deceive or threaten people. This modifies reality and then deceives the audience and the person’s supporters. This is typically done to harm the individual emotionally and psychologically, as well as to tarnish their reputation. There is a similar concept of image morphing, where someone digitally alters a photo to change a person’s appearance, often to embarrass or defame them. This resulted in sextortion from the innocent, communal violence, and business dealings in the names of other famous people and celebrities.
In order to get protection from the deepfakes, citizens from throughout the country approach the Delhi High Court. As Delhi High Court is renowned for defending intellectual property rights. There is no culture like the one that emerged at the Delhi High Court to safeguard intellectual property anywhere in the country. This is the reason several celebrities petitioned this court to have their personality rights protected from AI-generated videos and altered photos. The Delhi High Court consequently issued a number of rulings in support of well-known people and celebrities to shield them from harm to their reputations caused by AI-generated videos.
Reported instance: One of the cases is of the famous journalist and editor-in-chief of DD News Sudhir Chaudhary, who also filed for the protection of personality rights before the Delhi High Court, where the Court has passed an interim order protecting the personality rights of the journalist from deepfake videos on YouTube from using in his name, image, likeness and voice, and regarding circulation of allegedly misleading and AI-generated videos against him on social media.7 The Delhi High Court recently addressed cases involving deepfakes and unauthorised use of celebrity images. The Court emphasised that personality rights, including names, voices, and likeness, should be legally protected under intellectual property principles.8 In a much-known instance, an influencer from Assam was targeted when her ex-boyfriend used AI tools to create sexually explicit deepfake images and sold them online. He earned nearly Rs 10 lakhs through subscriptions before being arrested. Police warned that sharing such fake content is also punishable.9
5. Online banking and Unified Payments Interface (UPI) fraud: These are among the most common and fast-growing cybercrimes in India today, especially with the use of UPI (Google Pay, PhonePe, Paytm, etc.).
Online transaction fraud typically occurs through gaming apps, betting apps, Telegram links, cryptocurrency platforms, peer-to-peer (P2P) transactions, and others. When a complaint about a fraudulent transaction is received by the cybercrime police or when they intercept it themselves, they mark the transaction on a layered basis and then proceed accordingly. If someone becomes a victim of online fraud and their account is marked under layers 1 and 2, there is a possibility of arrest, as the police can conduct searches and seizures, and may also call for the production of documents under Section 94, Nyaya Sanhita, 2023 (BNSS). Therefore, if someone is a victim of such a crime, they should file a representation with the cybercrime police and the bank. If the cybercrime police are from a different State, then send your grievance through email and speed post to get an appropriate response and understand the nature of the allegation imposed against you. Once you receive a reply to your representation and if the account hold exceeds the fraudulent transaction amount, you can request the bank to remove the lien or hold on the account due to enhanced due diligence (EDD). The victim can then instruct the bank to lift the hold on the account based on the cybercrime police report. You can also call on 1930 helpline number to know the reason for the lien or freeze of the account.
Mumbai Police in 2024 stated that they received 2000 to 2500 calls on a daily basis on the “1930” helpline number. After receiving the complaint, they transfer the complaint swiftly to the Nodal Police Officers of the banks, wallet or merchant concerned, to try and freeze the funds; who then coordinate and make every effort to save the money of the citizens.
In 2024, Mumbai Police reported an increase in UPI-related scams, where fraudsters sent fake payment links or one-time password (OTP) requests to trick victims into transferring money. Many scammers pretended to be buyers on platforms like OnLine eXchange (OLX) or Quikr. Victims were advised to never click on payment links or share OTPs and to verify UPI transactions directly on their bank app.10
6. Ransomware attacks on institutions: These crimes lock down the data of businesses, companies, powerhouses, hospitals, or even universities and demand cryptocurrency or ransom payments. Sometimes they just sell it on the dark web. Attacks of this nature typically originate from foreign nations that wish to utilise the data to monitor other nations. They close the institutions in order to undermine the public’s trust in the government and give them more options, which led to a resurgence of industry and services throughout the nation. In 2023, sensitive patient data was compromised in a significant ransomware attack that shut down hospital servers for several days at the All India Institute of Medical Sciences (AIIMS), Delhi. The attack demonstrated how even important government agencies can become targets of cyberattacks.11
7. Job scams and phishing e-mails: Online job scams are becoming widespread, especially those promising remote work or part-time income. Fraudsters collect victims’ personal and sensitive data and take money for becoming members through fake offers.
Sometimes they even send the money into the innocent victim’s account by giving them false promise of a job where they give them a job of liking a post or sharing the post to other people, creating more accounts on their platforms, paying for viewing images for the certain times for which they reward them initially; when cybercrime raises the flag, to escape the liability of fraud, and real fraudsters show themselves as the victim and the real victim is treated as a fraudster by the police, and sometimes they even get arrested also.
In an instance in Hyderabad, the cyber police arrested a gang operating a fake job portal that offered “high-paying remote jobs”, requiring victims to pay a registration fee. Over 200 jobseekers were defrauded before the website was taken down.12
8. Cryptocurrency and investment frauds: Nowadays, scammers defraud individuals by using phoney trading apps or bitcoin sites. In order to avoid taxes and government liability, the fraudsters use various digital platforms to create a fake screen that shows unimaginable profits from cryptocurrency and shares. They then start offering investment ideas to the inexperienced viewers and ask them to register on the phishing links, which either deduct their money initially or cause their accounts to be frozen later. And occasionally, they do not file a complaint against the same, as they are afraid of the inquiry being conducted against them.
A Bengaluru-based tech worker lost Rs 12 lakhs in a cryptocurrency scam after being lured by a fake Telegram investment group promising high returns. The case showed how digital currency fraud is rising rapidly in India.13
9. Cyberbullying and online harassment: The practice of bullying other users, including influencers, politicians and celebrities, is a global offense that has left no one unpunished. When it comes to leaving comments and messaging someone, there is no check and balance, just as there is no rigorous mechanism to restrict the same. However, in accordance with the Digital Personal Data Protection (DPDP) Regulations, if someone objects, the corporation must remove it within the stipulated time frame; if they do not, they might face a fine of up to 200 crores.
In Pune, a teenage boy was booked for sending threatening messages and edited images to classmates on social media. The case raised awareness about the impacts of mental health and the importance of cyber ethics in schools.14
Digital evidence and solutions
Victims should always collect and preserve digital proof with original devices from which the evidence below can be collected. The following evidence is essential to show that someone is a victim of cybercrime during any investigation:
1. Screenshots, chat history, and message logs.
2. Uniform resource locators (URLs), usernames, and metadata of fake accounts.
3. Reports from digital forensic analysis.
4. Records of financial or communication activities linked to the crime.
Remedies available to victims
The immediate steps that need to be taken if such cybercrimes occur, to secure personal and sensitive information, and other steps that need to be followed in order to prevent oneself from becoming a cybercrime victim; time being of the essence.
|
Immediate steps for remedies |
Other steps |
|
1. Take screenshots and preserve history and chat records as proof of cyber offence. 2. Report fake accounts and suspicious profiles immediately to the authorities concerned. 3. Register a complaint on the cybercrime portal https://cybercrime.gov.in/. 4. Call on “1930” helpline number to know the reason for the lien or freeze of the account. 5. Also, approach the local police cyber cell in case of serious cybercrime has happened urgently. 6. Report/notify the grievance professional of the social media platforms with respect to the cybercrime. |
1. Do not share excessive and sensitive personal information on social platforms. 2. Always enable two-factor authentication to secure bank apps, email accounts, WhatsApp, and social media platforms. 3. Keep updating passwords and security software, and device operating systems at a certain time interval to avoid any sort of compromise from anyone else logging in. 4. Do not share OTP, download or click suspicious links shared by anyone, check on the network provided by the SIM company, where they clarify with genuineness of the link in case you want to log in. 5. Regularly monitor the bank details, social media activity and where it was logged in before to detect unauthorised use. |
Enforcement authorities
1. As per the direction issued by Indian Computer Emergency Response Team (CERT-In) relating to information security practices, procedure, prevention, response and reporting of cyber incidents under the provisions of sub-section (6) of Section 70-B, Information Technology Act, 2000, which mandate victims of cybercrime including service providers, intermediaries, data centres, body corporates and government organisation to mandatorily report cybercrime within six hours after getting the knowledge of such incidents.
2. Cyber Crime Investigation Cells within police departments handle cases of cyber offences. The Ministry of Home Affairs has also set up the “Indian Cybercrime Coordination Centre” (I4C) to deal with all types of cybercrime in the country, where we can also report our grievances for speedy and comprehensive investigation in a coordinated manner.
3. The Data Protection Board enforces accountability and compliance for the exploitation of personal data on the data fiduciary, intermediaries and data under the Digital Personal Data Protection Act, 2023 (DPDP).
Cybercrime awareness and education
Cybercrime is a universal threat that transcends social, educational and economic boundaries. Both technologically adept and digitally inexperienced individuals remain vulnerable to online exploitation. Consequently, public awareness has emerged as a central pillar of national cybersecurity strategy.
The Government of India has consistently promoted public initiatives to mitigate the risks of cyber offences. These include awareness campaigns warning citizens against disclosing sensitive information such as OTPs and banking credentials.3 Reserve Bank of India (RBI) in collaboration with commercial banks, has also launched multimedia campaigns and television advertisements to educate users on secure digital banking practices. Hoardings, caller tune advisories, and online alerts further reinforce the importance of maintaining digital vigilance.
Nevertheless, awareness alone is insufficient without comprehensive digital literacy and preventive education. Citizens must be equipped with practical knowledge on identifying phishing attempts, verifying online platforms, and using two-factor authentication to safeguard personal and financial data.
It is also noteworthy that India observes National Cyber Security Awareness Month every October, serving as a timely reminder of the collective responsibility to maintain cyber hygiene and prevent digital exploitation.
*Founding Partner, Chambers of Jain and Kumar. Author can be reached at: aarushi@jainkumar.com.
**Associate, Chambers of Jain and Kumar. Author can be reached at: prassantsharma@gmail.com.
1. Ministry of Home Affairs, Government of India, Lok Sabha Unstarred Question No. 2504 to be Answered on 6-8-2024, available at <https://xn--i1b5bzbybhfo5c8b4bxh.xn--11b7cb3a6a.xn--h2brj9c/MHA1/Par2017/pdfs/par2024-pdfs/LS06082024/2504.pdf>.
2. Ministry of Home Affairs, Government of India, Lok Sabha Unstarred Question No. 410 to be Answered on 4-2-2025, available at <https://www.mha.gov.in/MHA1/Par2017/pdfs/par2025-pdfs/LS04022025/410.pdf>.
3. Advitya Bahl, “Man Creates Fake Insta Profile, Shares Photos of Woman from Noida; FIR Filed” The Times of India (8-8-2025) available at <https://timesofindia.indiatimes.com/city/noida/man-creates-fake-insta-profile-shares-photos-of-woman-from-noida-fir-filed/articleshow/123174104.cms>.
4. Samiran Mishra, “Man Creates Fake Bills Worth Rs 10 Crore to Claim Rs 1.8 Crore GST, Arrested” NDTV (6-9-2025) available at <https://www.ndtv.com/india-news/man-arrested-in-noida-for-creating-fake-invoices-worth-rs-10-crore-9229249>.
5. “Mangaluru CCB Uncovers Forgery Racket; Arrested Five for Producing Forged Documents to Help Accused Secure Bail” The Hindu (13-9-2025) available at <https://www.thehindu.com/news/cities/Mangalore/mangaluru-ccb-busts-forgery-racket-arrested-five-for-producing-forged-documents-to-help-accused-secure-bail/article70045815.ece>.
6. “Youth Gets 3 Years in Jail for Cyberstalking Minor Girl” The Times of India (5-2-2025) available at <https://timesofindia.indiatimes.com/city/ahmedabad/youth-gets-3-years-in-jail-for-cyberstalking-minor-girl/articleshow/117957453.cms>.
7. Sudhir Chaudhary v. Meta Platforms Inc., 2025 SCC OnLine Del 10572.
8. Aishwarya Rai Bachchan v. Aishwaryaworld.com, 2025 SCC OnLine Del 5943.
9. Geeta Pandey, “Deepfake Deception: Indian Woman’s Identity Stolen for Erotic AI Content” BBC (23-7-2025) available at <https://www.bbc.com/news/articles/cn0znk47x9eo>.
10. Mateen Hafeez and Nitasha Natu, “Investment Scams Up 14 Times in Mumbai, Cybercrimes Spike 22% in 2024” The Times of India (30-1-2025) available at <https://timesofindia.indiatimes.com/city/mumbai/investment-scams-up-14-times-cybercrimes-spike-22-in-2024/articleshow/117700353.cms>.
11. “1.3 TB Data Encrypted and Five Servers Affected in AIIMS Ransomware Attack: Centre” The Hindu (17-12-2022) available at <https://www.thehindu.com/news/national/13-tb-data-encrypted-in-ransomware-attack-on-aiims-by-unknown-threat-actors-centre/article66271226.ece>.
12. “4 of Gang from Guj Held for Job Fraud” The Times of India (4-2-2024) available at <https://timesofindia.indiatimes.com/city/hyderabad/gujaratbased-gang-arrested-for-job-fraud-in-hyderabad/articleshow/107394683.cms>.
13. “Police Recover Rs 12 Lakh Invested by Techie in Fake Cryptocurrency Scam” The Hindu (13-9-2023) available at <https://www.thehindu.com/news/national/karnataka/police-recover-12-lakh-invested-by-techie-in-fake-cryptocurrency-scam/article67303396.ece>.
14. “6-Yr-Old Boy Sexually Abused by Two, Including Minor” The Times of India (1-10-2024) available at <https://timesofindia.indiatimes.com/city/pune/pune-teen-booked-for-cyberbullying-classmates-on-social-media/articleshow/113857951.cms>.