The landscape of digital justice in India has undergone a seismic shift with the introduction of the Bharatiya Nyaya Sanhita (BNS) 2023 and the Bhartiya Sakshya Adhiniyam (BSA). As an advocate practicing in the heart of Kolkata, I have seen victims lose life savings due to simple technical oversights. This guide is designed to empower you with the precise procedural knowledge required to fight back.
The 1930 Helpline: Financial SOS
If you are a victim of UPI fraud, banking phishing, or any financial cyber crime, the first 120 minutes are critical. The National Cyber Crime Helpline (1930) operates on a CFCFRMS (Citizen Financial Cyber Fraud Reporting and Management System) platform.
Required Info:
- Transaction ID / UTR Number
- Bank Account Number
- Wallet ID (if applicable)
Success Rate:
Reporting within the first hour increases money recovery chances by 85% through account freezing.
How to File Online: Step-by-Step
The National Cyber Crime Reporting Portal (NCRP) is the centralized repository for all complaints. Here is the process Advocate Panchanand Shaw recommends for his clients:
Citizen Registration
Access the portal and click on 'Report Other Cyber Crime'. You must provide your name, mobile number (for OTP), and state. This creates a secure trail for your complaint.
Categorization
Correctly identifying the crime (e.g., Cyber Stalking, Identity Theft, or E-commerce Fraud) ensures it is routed to the correct cell. Mis-categorization can lead to procedural delays.
Drafting the Narrative
In the 'Incident Details' section, write a chronological description. Avoid emotional language; focus on facts, timestamps, and specific communication channels used by the fraudster.
The New Legal Framework: BNS 2023
Understanding the sections under which your case will be prosecuted is vital for any legal standing. The IT Act 2000 remains, but many penal provisions have moved:
| Nature of Crime | Section (IT Act) | Section (BNS) |
|---|---|---|
| Identity Theft | Section 66C | Section 319 |
| Sextortion/Morphing | Section 66E/67 | Section 77 / 79 |
| Hacking/Ransomware | Section 66 | Section 324 |
The Art of Digital Forensics
To secure a conviction, the evidence must be "untouched." Do not delete chat histories or emails. Follow these Advocate-approved steps:
Step A: Screenshots
Capture the entire screen, including the system clock and URL bar. Do not crop the images.
Step B: Header Logs
For email fraud, download the 'Original Header' which contains the IP address of the sender.
State-Wise Cyber Cell Directory (2026 Updated)
If your online complaint is not progressing, you must visit or contact your local jurisdictional Cyber Cell. Below is the updated directory of Nodal Officers for 2026.
West Bengal & Kolkata
- Kolkata Police: Lalbazar, 18, Lalbazar Street, Kolkata - 700001
- Email: dccyber@kolkatapolice.gov.in
- Phone: 033-2250-5427
- State CID: 31, Belvedere Road, Alipore, Kolkata - 700027
Delhi (IFSO)
- Address: Special Cell, PS Dwarka Sec-19, New Delhi
- Email: dcp-ifso-dl@nic.in
- Phone: 011-20892633
Maharashtra (Mumbai)
- Address: World Trade Centre, Cuffe Parade, Mumbai
- Email: ig.cyber-mah@nic.in
- Phone: 022-22160080
Karnataka (Bengaluru)
- Address: CID HQ, Carlton House, #1, Palace Road, Bengaluru
- Email: cc-cid@ksp.gov.in
- Phone: 080-22094498
The Cyber Law Lexicon
As a legal practitioner, Advocate Panchanand Shaw emphasizes the importance of using correct terminology in your FIR. Here are the 50 most critical terms for 2026:
Technical Attacks
- 1. Phishing
- Fraudulent attempts to obtain sensitive info (passwords) by disguising as a trustworthy entity in electronic communication.
- 2. Ransomware
- Malicious software designed to block access to a computer system until a sum of money is paid.
- 3. DDoS Attack
- Distributed Denial of Service; overwhelming a server with traffic to make it crash.
Fraud Categories
- 4. SIM Swapping
- Gaining access to a victim's mobile number to bypass Two-Factor Authentication (2FA).
- 5. Sextortion
- The practice of extorting money or sexual favors from someone by threatening to reveal evidence of their sexual activity.
- 6. Digital Arrest
- A psychological scam where victims are kept on video call by fake police officers threatening immediate arrest.
Legal/Evidentiary
- 7. Section 65B Certificate
- A mandatory certificate under the Indian Evidence Act to make electronic records admissible in court.
- 8. Hash Value
- A unique numeric value that identifies the content of a digital file; crucial for proving data has not been tampered with.
- 9. Deepfake
- AI-generated media that convincingly replaces one person's likeness with another; highly relevant under BNS 2023 Section 79.
Frequently Asked Questions by Victims
Can I file a complaint for a crime that happened 6 months ago? βΌ
While it is best to report within the "Golden Hour," there is no strict statute of limitations for reporting cyber crime. However, digital evidence (IP logs) is often deleted by ISPs after 6β12 months, so delay significantly weakens your case.
Is a lawyer mandatory for filing a cyber crime complaint? βΌ
No, it is not mandatory for filing the initial portal complaint. However, for drafting a formal FIR, ensuring the correct BNS sections are applied, and navigating the trial, professional legal counsel is highly recommended to avoid technical loopholes.
Corporate Liability: The DPDP Act 2023 & Cyber Crime
Under the Digital Personal Data Protection (DPDP) Act 2023, organizations (Data Fiduciaries) are now legally obligated to report data breaches to the Data Protection Board of India. Failure to do so can result in penalties up to βΉ250 Crores.
- β Mandatory Notification: Companies must report a breach within 72 hours of discovery.
- β Victim Rights: As a victim, you have the "Right to Erasure" and the "Right to Redressal" if your data was leaked through corporate negligence.
Pro Tip by Adv. Panchanand Shaw:
"If your money was stolen because a bank's app was hacked, you are not just a victim of theft, but a Data Principal whose rights have been violated. We can sue for damages under the DPDP Act alongside the criminal case."
The New Evidence Paradigm: BSA 2023 vs IEA 1872
Effective July 2024, the Indian Evidence Act (IEA) has been replaced by the Bharatiya Sakshya Adhiniyam (BSA), 2023. This changes how your digital evidence is treated in court.
| Feature | Old Law (IEA) | New Law (BSA 2023) |
|---|---|---|
| Definition of "Document" | Limited focus on physical records. | Explicitly includes Server Logs, Locational Data, and Voice Messages. |
| Electronic Certificate | Section 65B (Often disputed). | Section 61 Certificate (Now more standardized and mandatory). |
| Primary Evidence | Hard to prove for digital files. | Smartphone data & Cloud storage can be Primary Evidence if properly handled. |
Landmark Cyber Judgments Every Victim Should Know
1. Shreya Singhal vs Union of India (2015)
The "Freedom of Speech" Landmark.
Struck down Section 66A of the IT Act, ensuring that citizens cannot be arrested for "offensive" comments unless they incite violence. It protects your right to online expression.
2. Arjun Panditrao Khotkar vs Kailash Kushanrao Gorantyal (2020)
The "Electronic Evidence" Bible.
The Supreme Court ruled that a 65B Certificate is mandatory for admitting secondary electronic evidence. Without this, your WhatsApp screenshots are useless in court.
3. Right to be Forgotten (2025/26 Trends)
DVSB vs Axis Bank (2025) & Recent HC Rulings.
Recent judgments have established that victims of cyber-defamation or deepfakes have a "Right to be Forgotten," forcing search engines like Google to delink harmful content.
National Directory of Cyber Nodal Officers (2026)
Under the direction of the Ministry of Home Affairs (MHA), each State/UT has appointed Nodal Officers to oversee cybercrime investigations. Use this directory if your local FIR is not being processed.
| State | Designation | Contact Email |
|---|---|---|
| Delhi | DCP IFSO (Special Cell) | dcp-ifso-dl@nic.in |
| Uttar Pradesh | SP, Cyber Crime (Lucknow) | sp-cyber.lu@up.gov.in |
| Punjab | AIG, Cyber Crime (Mohali) | aigcyber@punjabpolice.gov.in |
| Haryana | SP, Cyber Crime (Panchkula) | sp.cyber@hry.nic.in |
| State | Designation | Contact Email |
|---|---|---|
| West Bengal | DIG, Cyber Crime (CID) | occyber@cidwestbengal.gov.in |
| Bihar | SP, Cyber Crime (Patna) | sp-cyber-bih@nic.in |
| Odisha | SP, CID CB (Cuttack) | sp1cyber.odpol@nic.in |
The Victim Recovery Handbook
Reporting the crime is only 50% of the battle. The remaining 50% is mitigation. Depending on the type of attack, Advocate Panchanand Shaw advises the following immediate protocols:
Case A: Financial Fraud (GPay/PhonePe/Bank)
- 1. Change your UPI PIN and Net Banking passwords immediately.
- 2. Call your Bank's "Nodal Officer" for Fraud β ask for the Money Freeze Report.
- 3. Report to the merchant (e.g., if money was used on Amazon, call Amazon Security).
Case B: Social Media Hijack / Identity Theft
- 1. Use the "Account Hacked" link on Facebook/Instagram/X.
- 2. Inform your contact list via another platform to prevent secondary scams.
- 3. Search your name on Google to check for impersonating profiles.
| State | Designation | Contact Email / Phone |
|---|---|---|
| Karnataka | SP, Cyber Crime (Bengaluru) | spccpscid@ksp.gov.in | 080-22942349 |
| Tamil Nadu | SP, Cyber Crime Division-I (Chennai) | cbcyber@nic.in | 044-28447712 |
| Telangana | SP, Cyber Crime (Hyderabad) | addldgp-cid@tspolice.gov.in | 9440627693 |
| Kerala | ADGP, Cyber Operations | adgpcyberops.pol@kerala.gov.in |
| State | Designation | Contact Email / Phone |
|---|---|---|
| Maharashtra | Special IGP, Maharashtra Cyber | ig.cyber-mah@nic.in | 022-22160080 |
| Gujarat | SP, State Cyber Crime Cell | cc-cid@gujarat.gov.in | 9978408719 |
| Madhya Pradesh | ADGP, Cyber Cell (Bhopal) | spcyber@mp.gov.in | 0755-2770248 |
Advocateβs Guide: Cyber Safety for Senior Citizens
Senior citizens are the primary targets of "High-Pressure" scams. Advocate Panchanand Shaw has identified the three most common tactics used against the elderly in 2026:
1. The "Digital Arrest" Scam
Fraudsters call via Skype/WhatsApp pretending to be CBI/Police. They claim your Aadhaar is linked to a drug parcel and put you under "Digital Arrest" via video. Fact: Indian Law does not recognize "Digital Arrest." Police must visit in person.
2. Insurance/Pension Fraud
Scammers pose as IRDAI officials promising a massive bonus on an old policy if a "processing fee" is paid. Never pay upfront for insurance claims.
3. The "Grandchild in Trouble"
AI Voice Cloning is used to mimic a relative's voice claiming they are in a foreign jail. Always hang up and call the relative on their known number.
Cross-Border Jurisdictions & The Budapest Convention
Cybercrime often transcends borders. While India is not a signatory to the Budapest Convention on Cybercrime due to sovereignty concerns, it actively cooperates with Interpol and uses Mutual Legal Assistance Treaties (MLATs) with over 45 countries.
If a crime originates from a foreign IP address (e.g., Nigeria or Southeast Asia), the investigation moves to the CBI (Central Bureau of Investigation), which acts as the National Central Bureau for Interpol in India. Recovering funds from international jurisdictions remains the most complex area of cyber law, requiring specialized legal petitions under the BNS 2023.
The Judicial Journey: From FIR to Final Verdict
Filing a complaint is just the initiation. As your legal counsel, Advocate Panchanand Shaw navigates the complex machinery of the Indian Judicial System to ensure the accused is brought to book.
1. Conversion of Complaint to FIR
The police verify the portal complaint. Under Section 173 of the BNSS (formerly 154 IPC), if a cognizable offense is made out, an FIR must be registered. If the police refuse, we move the Magistrate under Section 175(3) BNSS.
2. Investigation & Charge Sheet
The IO (Investigating Officer) collects digital footprints, issues notices to intermediaries (Google/Meta), and files a Charge Sheet in the Cyber Court within 60-90 days.
3. Framing of Charges & Trial
The Magistrate examines the Section 61 (BSA) Certificates. We present the digital forensic evidence. The trial concludes with arguments and a final judgment.
Legal Notice Templates for Victims
Note: These templates are for reference. For a legally binding notice, consult Advocate Panchanand Shaw.
Template 1: Notice to Bank for Unauthorized Transaction
To, The Nodal Officer, [Bank Name], [Branch Address].
Subject: Legal Notice for Immediate Reversal of Fraudulent Transaction.
Ref: A/c No: [Your Account Number] | Txn ID: [Transaction ID]
Sir/Madam,
I am writing to formally report an unauthorized transaction of Rs. [Amount] debited from my account on [Date] at [Time]. As per RBI Circular DBR.No.Leg.BC.78/09.07.005/2017-18, my liability is ZERO as I have reported this within 3 days. I demand an immediate shadow credit to my account...
Template 2: Notice to Intermediary for Content Removal
To, The Grievance Officer, [Platform Name - e.g. Instagram].
Subject: Takedown Notice under Rule 3(2)(b) of IT Rules 2021.
I hereby notify you of illegal content posted at URL: [Paste URL]. The content involves [Identity Theft/Deepfake/Harassment] which violates Section 79 of the BNS 2023. You are requested to remove this access within 24 hours of receipt of this notice...
Cyber Audit Checklist for Businesses (MSMEs)
Phase 1: Legal Compliance
- β Draft a clear Privacy Policy as per DPDP Act 2023.
- β Appoint a Data Protection Officer (DPO) if handling bulk data.
- β Maintain a "Record of Processing Activities" (ROPA).
Phase 2: Technical Defense
- β Implement Mandatory 2FA for all employee logins.
- β Conduct monthly vulnerability assessments (VAPT).
- β Encrypt PII (Personally Identifiable Information) at rest.