Cyber Crime FIR in India: How to File Complaint for Online Fraud, Banking Fraud & Digital Harassment [2025 Guide]

No applicable Coupler.io skills for this content-writing task. Proceeding directly with the blog regeneration.

Cyber Crime FIR in India: How to File Complaint for Online Fraud, Banking Fraud & Digital Harassment

To file a cyber crime FIR in India in 2026: call 1930 (National Cyber Crime Helpline) within the first 60 minutes of discovery, file an online complaint at cybercrime.gov.in, and visit your nearest cyber crime police station to convert that complaint into a formal FIR. For banking fraud, simultaneously notify your bank in writing within three working days to preserve zero-liability protection under RBI guidelines. Speed is the single biggest variable in whether you recover money — each hour of delay allows fraudsters to route funds further through mule accounts, making reversal progressively impossible.

Why the First 60 Minutes Are Make or Break

When Rs. 1,25,000 disappears from your account after you share an OTP with a caller claiming to be from your bank's "KYC team," the money rarely stays in that receiving account for more than two to four hours. Fraudsters operate in relay teams: the first account receives the transfer, within minutes it is routed across two or three mule accounts, then converted into e-vouchers, cryptocurrency, or cash withdrawals. Each hop makes forensic tracing exponentially harder.

The 1930 helpline connects directly to a network of banking cyber cells that can issue a freeze flag on the beneficiary account while the money is still traceable. This is not a theoretical capability — it is an operational pipeline built into the National Cyber Crime Reporting Portal (NCRP) infrastructure, which is integrated with major banks and payment aggregators. A complaint logged at 11:00 am with the correct UTR number can trigger an inter-bank freeze request by noon. A complaint logged on Day 3, after the victim spent two days expecting the bank to self-correct, achieves almost nothing because the money has cleared through multiple accounts and been withdrawn.

The "golden hour" concept that paramedics use for trauma applies here with equal precision. Treat it accordingly.

Step 1 — Call 1930 Before You Do Anything Else

The 1930 Cyber Crime Helpline is a dedicated toll-free number operated by the Ministry of Home Affairs, available 24×7, specifically for financial cyber fraud. It is not the same as your bank's customer care number. Calling your branch manager first — the natural instinct — costs you 20 to 40 minutes because branch staff will transfer you to a fraud team that will redirect you to 1930 anyway.

What to keep ready before you call:

• Your registered mobile number and the bank account that was debited
• The exact amount and time of each fraudulent transaction
• The UTR number or transaction reference ID (visible in the bank's SMS alert or UPI app transaction history)
• The number from which you received the fraudulent call, if applicable
• The UPI ID, bank account number, or wallet ID to which money was transferred, if visible in your statement

The helpline operator logs your complaint in real time and generates a complaint reference number. Write this number down physically — do not rely on memory or screen memory. This reference number is your audit trail for every subsequent step: bank escalation, cyber cell visit, Banking Ombudsman complaint, and RTI applications. Every institution you approach subsequently will ask for it.

After calling 1930, file separately on cybercrime.gov.in even if the operator says the complaint has been logged. The portal filing creates an independent searchable record and generates a PDF acknowledgement that is treated as a formal document in all downstream proceedings.

Step 2 — Filing on cybercrime.gov.in: A Complete Walkthrough

The National Cyber Crime Reporting Portal (NCRP) at cybercrime.gov.in handles two categories of complaints. Choose the correct one — using the wrong category delays routing.

For Financial Fraud (UPI, OTP scam, banking fraud, phishing, crypto theft)

1. Go to cybercrime.gov.in → click "Report Financial Fraud"
2. Enter your mobile number and complete OTP verification
3. Select the sub-category: UPI / Internet Banking / Credit or Debit Card / Wallet / E-Commerce / Other
4. Fill in these fields precisely:
5. Date and time of each fraudulent transaction (use the exact timestamp from your SMS alert — banks reconcile using milliseconds)
6. Transaction ID / UTR number for each debit
7. Amount lost in Rs.
8. Your bank account number and bank name
9. The beneficiary UPI ID, account number, or wallet ID
10. Modus operandi: write three to five sentences describing exactly what happened — who called, what they said, what you did, how the transactions were triggered
11. Upload evidence: screenshots of debit SMS alerts, bank statement PDF, WhatsApp or Telegram chat exports, call logs
12. Submit and immediately download the acknowledgement PDF — browsers sometimes block auto-downloads; check your downloads folder before closing the tab

For Other Cyber Crimes (Stalking, Deepfakes, Harassment, Sextortion)

1. Go to cybercrime.gov.in → "Report Other Cyber Crime"
2. Register with mobile OTP
3. Choose the sub-category: cyber stalking / online harassment / morphed images / cyber bullying / online defamation / child sexual abuse material
4. Provide all available suspect details: username, email ID, social media handle, phone number
5. Upload evidence: screenshots with device timestamps visible, URL of the offending page or post, video screen recordings for dynamic content such as Stories or live streams
6. For cases involving sexual content targeting women or children, a Women's Helpline integration is available; complaints can be escalated directly to the National Commission for Women

Important: The portal acknowledgement is a registered complaint — it is not an FIR. For most financial fraud cases, the cyber cell may resolve the matter at complaint stage if the freeze succeeds and funds are recovered. For larger losses, organised fraud, harassment, or cases where the suspect is identifiable, you must convert this into an FIR at the cyber crime police station.

Step 3 — Converting the Portal Complaint Into a Formal FIR

Go directly to the cyber crime police station in your district — not the nearest general police station. General police stations frequently lack technical training and may redirect you, costing 24 to 48 critical hours.

Documents to carry:

• Acknowledgement PDF from cybercrime.gov.in
• Government photo ID (Aadhaar / Passport / Driving Licence)
• Printed bank statement showing each fraudulent transaction
• All evidence in hard copy and on a USB drive: screenshots, chat exports, call logs
• Your mobile phone — do not factory reset it, uninstall apps, or swap SIM cards before this visit; the device is a potential forensic exhibit

Under Section 173 of the Bharatiya Nagarik Suraksha Sanhita 2023 (BNSS, which replaced the CrPC from July 1, 2024), a police officer is legally obligated to register an FIR when a cognisable offence is reported. Financial cyber fraud above a material threshold is a cognisable offence. If the officer refuses, you are entitled to:

1. Submit a written application to the Superintendent of Police (SP) of the district — courier it and keep proof of delivery
2. File a complaint directly before the Judicial Magistrate under Section 175 BNSS — the Magistrate can order the police to register and investigate
3. Escalate to the State Cyber Cell Nodal Officer or the Chief Minister's grievance portal of your state

Applicable Legal Sections by Offence Type

Sections under BNS 2023 apply to offences committed on or after July 1, 2024. Older matters may continue under IPC.

Step 4 — Bank-Side Action: The RBI Liability Window You Cannot Afford to Miss

Filing a police complaint and notifying your bank are parallel actions, not a sequence. Do not wait for the police acknowledgement before contacting your bank. The RBI liability clock starts ticking from the moment the bank sends you the debit alert — not from the moment you decide to act.

Under RBI's Master Direction on Customer Protection – Limiting Liability of Customers in Unauthorised Electronic Payment Transactions, the bank's obligation to refund depends on how quickly you report:

• Reported within 3 working days of receiving the bank's debit communication: Zero customer liability — the bank absorbs the full loss
• Reported between 4 and 7 working days: Limited liability applies; the customer bears a portion based on account type and transaction value, as specified in the RBI framework
• Reported after 7 working days: Liability is determined by the bank's board-approved policy — typically the customer bears a substantial portion

The clock starts from Day 0, which is the date the bank sent you the SMS or email alert — not the date you noticed it. If you missed the SMS for two days, you have already consumed two of your three days.

Immediate bank-side steps:

1. Call the bank's 24×7 fraud helpline (on the back of your card) — not the branch landline
2. Block your debit card, credit card, UPI ID, and net banking in the same call, confirming each block with a reference number
3. Send a written email to the bank's fraud reporting address within the same business day — a phone call alone does not create a timestamped legal record
4. In the email, explicitly request a transaction reversal or chargeback and state that you are invoking zero-liability protection
5. If the bank does not acknowledge or resolve within 30 days, file a complaint on the RBI Complaint Management System at cms.rbi.org.in — this is free, fully online, and the bank is contractually required to respond within the prescribed timeline

Worked Example: UPI Fraud of Rs. 1,25,000

The following is a composite scenario for illustration. All figures are hypothetical.

Ravi, a 38-year-old from Pune, receives a call at 11:04 am on a Tuesday. The caller claims to be from his bank's "KYC upgrade team" and says his account will be blocked in two hours unless he confirms a one-time password. Trusting the caller's detailed knowledge of his account number, Ravi shares three OTPs. Three transactions of Rs. 45,000, Rs. 50,000, and Rs. 30,000 (total: Rs. 1,25,000) are processed to an unknown UPI ID between 11:07 and 11:12 am. Ravi receives the debit SMS alerts at 11:12 am.

11:19 am — Ravi calls 1930. The operator records the three UTR numbers and the beneficiary UPI ID. A freeze request is transmitted to the beneficiary bank through the NCRP–bank integration channel. The 1930 reference number is noted.

11:35 am — Ravi opens cybercrime.gov.in on his laptop and completes the financial fraud complaint form. He uploads screenshots of all three debit SMS alerts, his call log showing the fraudster's number (saved as a screenshot with the timestamp bar visible), and a PDF export of his bank passbook. He downloads the acknowledgement PDF.

11:50 am — Ravi calls his bank's fraud helpline, blocks all payment instruments, and immediately sends an email to the bank's fraud reporting address. This email is timestamped at 11:50 am on Day 0 — well within the three-working-day window. Zero-liability protection is preserved.

Day 2 (Thursday morning) — Ravi visits the district cyber crime police station with the acknowledgement PDF, ID proof, and a numbered evidence folder. The FIR is registered under Sections 66C and 66D of the IT Act read with Section 319 of BNS 2023.

Outcome: Rs. 80,000 of the Rs. 1,25,000 was still in the beneficiary account when the freeze was applied. The bank refunded this amount within 14 working days under zero-liability rules. The remaining Rs. 45,000 had already moved to a secondary account; the investigation is ongoing. Had Ravi reported four hours later instead of seven minutes, the freeze request would have arrived after all three amounts had been forwarded, and full recovery under zero liability would still have applied — but actual fund recovery would have been effectively zero.

Evidence Preservation — Your 24-Hour Protocol

Cyber evidence is volatile. Cloud accounts can be deactivated, messaging platforms purge unread data after 90 days, phone numbers are recycled, and social media profiles are deleted within hours of a complaint. Your job in the first 24 hours is to create an immutable, time-stamped evidence record before critical data disappears.

What to Capture and How

• Transaction SMS alerts: Screenshot every debit alert with the phone's status bar showing date and time. Back up to email immediately to create a server-side timestamp.
• WhatsApp or Telegram chats: Open the chat → More options → Export chat → select "With media." Email the exported file to yourself. The email server timestamp becomes a second layer of authentication.
• Email threads: Do not just screenshot the email body. Forward the original email to a separate email account — this preserves the full email headers, which contain the sender's IP address, routing servers, and DKIM signatures that investigators use to trace the source. Headers are invisible in screenshots.
• Phone calls: Note the fraudster's number, call time, and duration. Back up the call log screenshot. If you recorded the call (legal in India when you are a party to the conversation), email the audio file immediately.
• Social media harassment: Use screen recording rather than screenshots for dynamic content such as Stories or live streams. Screenshot the offending profile page including bio, profile photo, follower count, and the URL in the address bar.
• Your device: Do not factory reset, clear app data, or swap SIM cards until the cyber cell has noted your device's IMEI and completed their preliminary inquiry. Malware or spyware installed by the fraudster may be on the device.

Chain-of-Custody Tip

Before your cyber cell visit, number your evidence sequentially — Evidence 1: UPI debit SMS screenshot (11:12 am, 14 May 2026), Evidence 2: Call log showing fraudster's number, and so on — and prepare a one-page evidence index. Investigators handle dozens of complaints simultaneously; a well-organised folder moves your case up the queue.

Common Mistakes That Derail Complaints

1. Waiting to see if the money "comes back on its own." Banks do not self-reverse fraudulent UPI or NEFT transactions without a formal complaint. The RBI zero-liability window counts from the debit SMS date. A five-day wait "to see what happens" can permanently extinguish your right to a full refund.

2. Filing only with the bank and not with 1930. Your bank can initiate a reversal request internally. But the freeze mechanism that locks the beneficiary account requires a law-enforcement trigger via the 1930 / NCRP pipeline. The two channels are complementary — you need both.

3. Resetting or changing your phone before the investigation. A factory reset destroys forensic data irreversibly. Even if you believe your phone contains nothing useful, the cyber cell may want to examine installed applications, browser history, or evidence of screen-sharing malware.

4. Writing a vague complaint. "I was cheated online" is operationally useless. Write four precise sentences: who contacted you, what they said, what you did, how each transaction was executed. Specific complaints receive faster action because they contain extractable investigative leads — UPI IDs, phone numbers, time windows.

5. Not following up in person. Online complaints at cybercrime.gov.in can stall without follow-up. Complaints that are converted into an FIR through an in-person cyber cell visit receive an investigating officer assignment and are tracked differently from portal-only filings.

6. Relying on a phone call to the bank as your formal record. A phone call is not a timestamped legal record for RBI liability purposes. Send an email. If your bank does not publish a fraud reporting email, send to the branch email and the main customer service address, CC-ing yourself.

7. Paying "recovery agents" who promise to retrieve your funds for a fee. This is a documented secondary scam targeting fraud victims while they are still in shock. No private individual has access to the NCRP freeze-and-recover pipeline. Report any such solicitation to 1930 immediately.

What to Do If Police Refuse to Register the FIR

This is less common at dedicated cyber cells than at general police stations but does occur — particularly in districts where the cyber cell is understaffed or where the officer believes the amount is too small.

1. Submit a written application addressed to the Station House Officer (SHO), delivered in person with a rubber-stamp acknowledgement on your copy. Under Section 173(4) of BNSS 2023, the SHO is legally required to register a cognisable offence.
2. Write to the Superintendent of Police (SP) of the district by speed post, attaching all evidence and your rejected application copy. Keep the India Post receipt.
3. File a private complaint before the Judicial Magistrate under Section 175 BNSS — this does not require a lawyer, though one helps. The Magistrate can direct the police to register and investigate.
4. For women victims of cyber stalking, sextortion, or sexual harassment online, the National Commission for Women's online complaint portal (ncwapps.nic.in) provides a direct escalation channel that bypasses local police bottlenecks.

Key Takeaways

• Call 1930 within the first 60 minutes of any financial cyber fraud — this is the highest-leverage action you can take and the one most directly tied to fund recovery.
• The cybercrime.gov.in complaint is not an FIR — for losses above a material amount, organised fraud, or harassment, visit the cyber crime police station within 48 hours to register a formal FIR.
• Notify your bank in writing on the same day — the RBI zero-liability clock runs from the date of the bank's debit alert, not from the date you choose to report. Three working days is a hard deadline.
• Under BNSS 2023 (in force from July 1, 2024), police are legally obligated to register cognisable cyber offences; if registration is refused, escalate in writing to the SP or directly to the Judicial Magistrate.
• Preserve digital evidence proactively: forward emails with headers intact, export full chat backups, use screen recording for dynamic content, and do not reset your device until after the initial cyber cell inquiry.
• If your bank does not acknowledge or resolve within 30 days, file free of cost with the Banking Ombudsman at cms.rbi.org.in — the resolution timeline is binding on the bank.
• Ignore all private "recovery agent" offers — they are a secondary scam; report them to 1930.