How to File a Cybercrime Complaint in India: Complete Guide
Step-by-step guide to filing a cybercrime complaint in India including the National Cyber Crime Reporting Portal, types of cybercrimes, and legal remedies under IT Act 2000.
# How to File a Cybercrime Complaint in India: Complete Guide
India has witnessed an exponential rise in cybercrimes over the past decade. From online financial fraud and identity theft to cyberstalking and data breaches, the digital landscape presents an ever-growing array of threats to individuals and businesses. According to the National Crime Records Bureau (NCRB), cybercrime cases registered across India have been increasing year on year, with financial fraud, social media crimes, and data theft accounting for a significant share.
Despite the prevalence of such offences, many victims remain uncertain about where to report cybercrimes, what laws protect them, and how to preserve evidence effectively. This article provides a comprehensive educational overview of how to file a cybercrime complaint in India, the relevant provisions of the Information Technology Act, 2000 (IT Act), types of cybercrimes recognised under Indian law, the penalties prescribed, and the landmark judicial pronouncements that have shaped cyber jurisprudence.
---
What Constitutes a Cybercrime Under Indian Law?
A cybercrime is broadly defined as any criminal activity that involves the use of a computer, computer network, or the internet as a tool, target, or means of committing an offence. In India, cybercrimes are primarily governed by the **Information Technology Act, 2000** (as amended by the IT Amendment Act, 2008) and the relevant provisions of the **Indian Penal Code, 1860 (IPC)** -- now the **Bharatiya Nyaya Sanhita, 2023 (BNS)**.
The IT Act, 2000 was enacted to provide legal recognition for transactions carried out through electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce." Over time, its scope expanded significantly through amendments to address a wide array of cybercrimes.
---
Types of Cybercrimes and Applicable Legal Provisions
1. Online Financial Fraud
Online financial fraud includes phishing, vishing (voice phishing), UPI fraud, credit/debit card fraud, internet banking fraud, and fraudulent e-commerce transactions. These offences are addressed under:
- **Section 66 of the IT Act** -- Computer-related offences: If any person dishonestly or fraudulently does any act referred to in Section 43 (such as accessing a computer without permission, extracting data, introducing viruses, etc.), they are punishable with **imprisonment up to three years** or a **fine up to five lakh rupees**, or both.
- **Section 66D of the IT Act** -- Cheating by personation using computer resources: Whoever, by means of any communication device or computer resource, cheats by personation, is punishable with **imprisonment up to three years** and a **fine up to one lakh rupees**.
- **Section 420 IPC (Section 318 BNS)** -- Cheating and dishonestly inducing delivery of property.
2. Identity Theft
Identity theft involves the fraudulent use of another person's identity credentials -- such as Aadhaar number, PAN card, digital signatures, or login credentials -- for unlawful purposes.
- **Section 66C of the IT Act** -- Identity theft: Whoever fraudulently or dishonestly makes use of the electronic signature, password, or any other unique identification feature of any other person is punishable with **imprisonment up to three years** and a **fine up to one lakh rupees**.
3. Hacking
Hacking refers to the unauthorised access to computer systems, networks, or data. Under Indian law:
- **Section 43 of the IT Act** -- Penalty and compensation for damage to computer, computer system, etc.: This section provides for civil liability (compensation by way of damages up to five crore rupees as adjudicated by an adjudicating officer) for acts such as accessing a computer without permission, downloading or extracting data, introducing viruses or contaminants, disrupting or denying access, or tampering with computer source code.
- **Section 66 of the IT Act** -- If the acts under Section 43 are done dishonestly or fraudulently, it becomes a criminal offence.
- **Section 65 of the IT Act** -- Tampering with computer source documents: Whoever knowingly or intentionally conceals, destroys, or alters any computer source code (when the source code is required to be kept by law) is punishable with **imprisonment up to three years** or a **fine up to two lakh rupees**, or both.
4. Cyberstalking and Online Harassment
Cyberstalking involves using electronic communication to repeatedly follow, monitor, threaten, or harass a person. Online harassment includes sending offensive or threatening messages, publishing defamatory content, and transmitting obscene material.
- **Section 354D IPC (Section 78 BNS)** -- Stalking: Includes following a woman through electronic communication, monitoring her internet or electronic usage.
- **Section 509 IPC (Section 79 BNS)** -- Word, gesture, or act intended to insult the modesty of a woman.
- **Section 67 of the IT Act** -- Publishing or transmitting obscene material in electronic form: Punishable with **imprisonment up to three years on first conviction** and **up to five years on subsequent conviction**, along with fines.
- **Section 67A of the IT Act** -- Publishing or transmitting material containing sexually explicit acts in electronic form: Punishable with **imprisonment up to five years on first conviction** and **up to seven years on subsequent conviction**, along with fines.
5. Phishing and Social Engineering
Phishing involves creating fraudulent websites, emails, or messages that mimic legitimate entities to trick individuals into revealing sensitive information such as passwords, OTPs, or banking details.
- **Section 66D of the IT Act** -- Cheating by personation using computer resources.
- **Section 66C of the IT Act** -- Identity theft (where stolen credentials are used).
- **Section 420 IPC (Section 318 BNS)** -- Cheating.
6. Data Theft and Breach of Confidentiality
Data theft involves the unauthorised copying, downloading, or extraction of data from computer systems.
- **Section 43(b) of the IT Act** -- Downloading, copying, or extracting data from a computer system without permission.
- **Section 72 of the IT Act** -- Breach of confidentiality and privacy: Any person who, in pursuance of powers conferred under the IT Act, secures access to any electronic record, book, register, etc., and discloses such information without the consent of the person concerned, is punishable with **imprisonment up to two years** or a **fine up to one lakh rupees**, or both.
- **Section 72A of the IT Act** -- Punishment for disclosure of information in breach of a lawful contract: Punishable with **imprisonment up to three years** or a **fine up to five lakh rupees**, or both.
- The **Digital Personal Data Protection Act, 2023** provides an additional framework for data protection obligations and penalties for data breaches.
7. Social Media Crimes
Crimes committed through social media platforms include creating fake profiles, impersonation, defamation, trolling, morphing photographs, cyberbullying, and spreading misinformation.
- **Section 66C of the IT Act** -- Identity theft (for fake profile creation using another's identity).
- **Section 66D of the IT Act** -- Cheating by personation.
- **Section 500 IPC (Section 356 BNS)** -- Defamation.
- **Section 67 and 67A of the IT Act** -- Publishing obscene or sexually explicit material.
- **Section 66E of the IT Act** -- Violation of privacy: Whoever intentionally or knowingly captures, publishes, or transmits the image of a private area of any person without their consent is punishable with **imprisonment up to three years** or a **fine up to two lakh rupees**, or both.
---
The Striking Down of Section 66A: Shreya Singhal v. Union of India
One of the most significant judicial pronouncements in the realm of cyber law in India is **Shreya Singhal v. Union of India (2015) 5 SCC 1**. In this landmark case, the Supreme Court of India struck down **Section 66A of the IT Act** as unconstitutional, holding that it violated **Article 19(1)(a)** (freedom of speech and expression) and **Article 21** (right to life and personal liberty) of the Constitution of India.
Section 66A had made it a criminal offence to send "grossly offensive" or "menacing" messages through a computer resource, or to send messages that caused "annoyance" or "inconvenience." The Supreme Court found that the terms used in Section 66A were vague and overbroad, failing to satisfy the test of reasonable restriction under Article 19(2). The Court held that:
- The section was **not saved by any of the reasonable restrictions** under Article 19(2) such as public order, decency, morality, or defamation.
- The terms "grossly offensive," "menacing," "annoyance," "inconvenience," and "danger" were **vague and undefined**, and their interpretation was left entirely to the subjective discretion of law enforcement.
- The section had a **chilling effect on free speech**, as citizens could be prosecuted for legitimate online expression.
This judgment is a cornerstone of digital rights jurisprudence in India and must be noted by anyone studying cyber law. **Section 66A is no longer in force, and no person can be prosecuted under it.** Despite this, reports have emerged of continued use of Section 66A by police in some states, which the Supreme Court addressed in **Peoples Union for Civil Liberties v. Union of India (2019)** by directing all state governments to ensure compliance with the Shreya Singhal judgment.
---
How to File a Cybercrime Complaint: Step-by-Step
Option 1: National Cyber Crime Reporting Portal (cybercrime.gov.in)
The **National Cyber Crime Reporting Portal** (https://cybercrime.gov.in) is an initiative of the Government of India under the Ministry of Home Affairs. It provides a centralised mechanism for citizens to report cybercrimes online. The portal is particularly useful for reporting:
- **Financial fraud** (online banking fraud, UPI fraud, credit card fraud, investment fraud)
- **Women/child-related cybercrimes** (child pornography, sexually explicit content, cyberstalking, online harassment)
- **Other cybercrimes** (hacking, identity theft, ransomware, data theft, social media crimes)
#### Step-by-Step Filing Process on the Portal
**Step 1:** Visit **https://cybercrime.gov.in** and click on "File a Complaint."
**Step 2:** You will be prompted to choose the category of cybercrime:
- **Report Women/Child Related Crime** -- For crimes against women and children (sexually explicit content, child pornography, rape/gang rape content, cyberstalking).
- **Report Other Cyber Crime** -- For financial fraud, hacking, identity theft, data theft, and other cybercrimes.
**Step 3:** If not already registered, create an account using your **mobile number**. You will receive an OTP for verification.
**Step 4:** After login, fill in the complaint form with the following details:
- Category and sub-category of the cybercrime
- Date and time of the incident
- Description of the incident in detail
- Details of the suspect (if known) -- name, phone number, email, social media profile
- Bank account or transaction details (in case of financial fraud)
- Supporting evidence -- upload screenshots, transaction records, emails, URLs, chat logs
**Step 5:** Review your complaint and submit it. You will receive a **complaint acknowledgement number** for tracking purposes.
**Step 6:** Track the status of your complaint using the acknowledgement number on the portal. The complaint is forwarded to the concerned state/UT cyber cell for action.
Option 2: Cyber Crime Helpline -- 1930
The Government of India has launched the **Cyber Crime Helpline number 1930** (earlier 155260) under the **Indian Cyber Crime Coordination Centre (I4C)**. This helpline is specifically designed for **financial cybercrimes** such as:
- Online banking fraud
- UPI fraud (PhonePe, Google Pay, Paytm, etc.)
- Credit/debit card fraud
- OTP fraud
- E-wallet fraud
**When to call:** Call **1930** immediately after you discover a fraudulent transaction. The sooner you report, the higher the chances of the stolen money being frozen before the fraudster can withdraw it. The helpline operates in coordination with banks and payment intermediaries to put a temporary hold on the fraudster's account.
Option 3: Filing an FIR at the Local Police Station
Cybercrimes are **cognizable offences** under the IT Act and the IPC/BNS. You have the right to file an FIR at **any police station** (the concept of Zero FIR applies). The police cannot refuse to register your complaint on the ground that they do not have a cyber cell or that the offence occurred online.
**Step 1:** Visit the nearest police station and provide a written complaint describing the cybercrime, the accused (if known), and any evidence you have.
**Step 2:** The police are obligated to register the FIR if a cognizable offence is disclosed, as held by the Supreme Court in **Lalita Kumari v. Government of Uttar Pradesh (2014) 2 SCC 1**.
**Step 3:** Obtain a free copy of the FIR and note down the FIR number for future reference.
**Step 4:** The police may forward the case to the designated **Cyber Crime Police Station** or **Cyber Cell** in the district for specialised investigation.
Option 4: Dedicated Cyber Crime Police Stations / Cyber Cells
Most states and major cities have **dedicated Cyber Crime Police Stations** or **Cyber Cells** that specialise in investigating cybercrimes. In Maharashtra, the **Maharashtra Cyber** (the state's nodal cyber crime unit) operates along with district-level cyber police stations. Citizens can approach these specialised units directly with their complaints.
---
Jurisdiction in Cybercrime Cases
Jurisdiction is a critical consideration in cybercrime cases because the offender, the victim, and the computer system involved may all be located in different places. The IT Act addresses this through:
- **Section 75 of the IT Act** -- Applicability for offences committed outside India: The Act applies to any offence or contravention committed outside India by any person, if the act involves a computer, computer system, or network **located in India**.
- **Section 46 of the IT Act** -- The Central Government has the power to appoint adjudicating officers for adjudicating matters under Chapter IX (penalties and adjudication).
- Under general criminal law, an FIR can be filed where: (a) the offence was committed; (b) the consequence of the offence occurred; or (c) the victim resides. Since cybercrime effects are often felt at the victim's location, the victim can generally file an FIR at their local police station.
---
Evidence Preservation: Critical Steps
Preserving digital evidence is of paramount importance in cybercrime cases. Digital evidence is fragile -- it can be deleted, modified, or become inaccessible. Victims should take the following steps immediately:
1. Take Screenshots
Capture screenshots of the fraudulent messages, emails, websites, social media posts, profiles, and conversations. Include the **URL, date, and time** visible in the screenshot.
2. Save Transaction Records
For financial fraud, save all bank statements, UPI transaction history, credit card statements, and payment confirmation messages. Note down the **transaction ID, amount, date, time**, and the **beneficiary account details** (if visible).
3. Preserve Email Headers
If the cybercrime involves fraudulent emails, preserve the **full email headers** (not just the visible "From" address). Email headers contain metadata that can help trace the origin of the email.
4. Do Not Delete Anything
Do not delete messages, emails, call logs, or app data related to the cybercrime. Even if the content is distressing, it constitutes evidence.
5. Record URLs and Profile Links
If the crime involves a website or social media profile, record the exact URL or profile link. Social media profiles can be deactivated or deleted by the offender, so capturing this information early is critical.
6. Obtain Certified Copies
Under **Section 65B of the Indian Evidence Act, 1872 (Section 63 of the Bharatiya Sakshya Adhiniyam, 2023)**, electronic records are admissible as evidence only if accompanied by a **certificate** from a person in a responsible position in relation to the operation of the relevant device or the management of the relevant activities. The Supreme Court in **Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal (2020) 7 SCC 1** held that the certificate under Section 65B(4) is a **mandatory condition** for admissibility of electronic evidence.
---
Penalties Under the IT Act: Key Sections at a Glance
| Section | Offence | Punishment |
|---|---|---|
| **Section 43** | Damage to computer system (civil) | Compensation up to Rs. 5 crore |
| **Section 65** | Tampering with computer source documents | Up to 3 years imprisonment or Rs. 2 lakh fine or both |
| **Section 66** | Computer-related offences (dishonest/fraudulent) | Up to 3 years imprisonment or Rs. 5 lakh fine or both |
| **Section 66B** | Dishonestly receiving stolen computer resource | Up to 3 years imprisonment or Rs. 1 lakh fine or both |
| **Section 66C** | Identity theft | Up to 3 years imprisonment and Rs. 1 lakh fine |
| **Section 66D** | Cheating by personation using computer resource | Up to 3 years imprisonment and Rs. 1 lakh fine |
| **Section 66E** | Violation of privacy | Up to 3 years imprisonment or Rs. 2 lakh fine or both |
| **Section 67** | Publishing obscene material electronically | First conviction: up to 3 years and Rs. 5 lakh fine; Subsequent: up to 5 years and Rs. 10 lakh fine |
| **Section 67A** | Publishing sexually explicit material electronically | First conviction: up to 5 years and Rs. 10 lakh fine; Subsequent: up to 7 years and Rs. 10 lakh fine |
| **Section 67B** | Publishing child pornography electronically | First conviction: up to 5 years and Rs. 10 lakh fine; Subsequent: up to 7 years and Rs. 10 lakh fine |
| **Section 72** | Breach of confidentiality and privacy | Up to 2 years imprisonment or Rs. 1 lakh fine or both |
---
Key Judicial Pronouncements on Cybercrime
1. Shreya Singhal v. Union of India (2015) 5 SCC 1
As discussed above, the Supreme Court struck down Section 66A of the IT Act as unconstitutional for being vague and overbroad. This judgment is the most significant cyber law decision in India and established that online speech is protected under Article 19(1)(a).
2. Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal (2020) 7 SCC 1
A three-judge bench of the Supreme Court held that the **certificate under Section 65B(4) of the Indian Evidence Act** is a mandatory requirement for the admissibility of electronic evidence. This judgment overruled the earlier decision in **Shafhi Mohammad v. State of H.P. (2018)** which had relaxed the requirement. The Court clarified that electronic evidence without a Section 65B certificate is inadmissible.
3. K.N. Govindacharya v. Union of India (2022)
The Delhi High Court addressed the liability of social media intermediaries and the obligations under the **Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021**, reinforcing that intermediaries must exercise due diligence and comply with takedown requests.
4. State of Tamil Nadu v. Suhas Katti (2004)
One of the earliest cybercrime convictions in India, where the accused was convicted under **Section 67 of the IT Act** and **Section 469 IPC** for posting obscene and defamatory messages about a woman on a Yahoo message group. This case demonstrated the applicability of the IT Act in prosecuting cybercrimes.
5. Avnish Bajaj v. State (NCT of Delhi) (2005)
The Delhi High Court examined the liability of website intermediaries (in this case, Baazee.com/eBay) for the sale of obscene material through their platform. The Court held that the intermediary could not be held liable if it did not have knowledge of the specific listing and had taken reasonable steps to prevent such content. This case was instrumental in shaping the intermediary liability framework under **Section 79 of the IT Act**.
---
The Role of the Indian Cyber Crime Coordination Centre (I4C)
The **Indian Cyber Crime Coordination Centre (I4C)** was established by the Ministry of Home Affairs to provide a framework for law enforcement agencies to deal with cybercrimes in a comprehensive and coordinated manner. Its components include:
- **National Cyber Crime Reporting Portal** (cybercrime.gov.in)
- **Cyber Crime Helpline 1930**
- **National Cyber Crime Threat Analytics Unit** -- For analysis of cybercrime data and patterns
- **National Cyber Crime Training Centre** -- For training of law enforcement and judicial officers
- **Citizen Financial Cyber Fraud Reporting and Management System** -- For immediate response to financial cybercrimes
The I4C works in coordination with state police cyber cells, the Reserve Bank of India, banks, and payment aggregators to enable rapid response to financial fraud complaints.
---
Frequently Asked Questions
What should I do immediately if I am a victim of online financial fraud?
**Call the Cyber Crime Helpline 1930 immediately.** Time is critical in financial fraud cases. The sooner you report, the greater the chance that the transaction can be reversed or the fraudster's account can be frozen. After calling the helpline, file a formal complaint on the **National Cyber Crime Reporting Portal** (cybercrime.gov.in) and visit your nearest police station to register an FIR.
Can I file a cybercrime complaint if I do not know the identity of the offender?
Yes. A complaint can be filed against **unknown persons**. The investigating officer will use digital forensics, IP tracing, transaction records, and other investigative techniques to identify the offender.
Is there a time limit for filing a cybercrime complaint?
There is no specific time limit for filing a cybercrime complaint. However, it is strongly advisable to file the complaint **as soon as possible** after the offence is discovered. Delay can result in loss of digital evidence (deletion of profiles, accounts, messages) and reduced chances of recovering stolen funds.
Can I file a cybercrime complaint online from any state?
Yes. The **National Cyber Crime Reporting Portal** (cybercrime.gov.in) allows citizens to file complaints from anywhere in India. The complaint is routed to the appropriate state or district cyber cell for investigation based on the jurisdiction.
What is the difference between the Cyber Crime Portal and calling 1930?
The **National Cyber Crime Reporting Portal** (cybercrime.gov.in) is for filing a detailed written complaint with supporting evidence for any type of cybercrime. The **helpline 1930** is primarily for **immediate reporting of financial fraud** to enable quick freezing of fraudulent accounts and is specifically designed for time-sensitive financial crime cases. For comprehensive redressal, it is advisable to use both.
Can the police refuse to register an FIR for a cybercrime?
No. Cybercrimes under the IT Act and IPC/BNS are **cognizable offences**. As established by the Supreme Court in **Lalita Kumari v. Government of Uttar Pradesh (2014) 2 SCC 1**, the police are **mandated** to register an FIR when information discloses a cognizable offence. If the police refuse, you may send a written complaint to the Superintendent of Police under Section 154(3) CrPC, file an application before the Magistrate under Section 156(3) CrPC, or file a complaint on the National Cyber Crime Reporting Portal.
Is Section 66A of the IT Act still in force?
**No.** Section 66A was struck down as unconstitutional by the Supreme Court in **Shreya Singhal v. Union of India (2015) 5 SCC 1**. No person can be arrested or prosecuted under Section 66A. If any police officer attempts to invoke Section 66A, the accused can challenge it in court citing the Supreme Court's judgment.
What types of evidence are admissible in cybercrime cases?
Electronic evidence -- including screenshots, emails, chat logs, transaction records, CCTV footage, server logs, and call detail records -- is admissible under **Section 65B of the Indian Evidence Act (Section 63 of the Bharatiya Sakshya Adhiniyam, 2023)**, provided it is accompanied by a mandatory certificate under Section 65B(4). The Supreme Court in **Arjun Panditrao Khotkar v. Kailash Kushanrao Gorantyal (2020)** confirmed the mandatory nature of this certificate.
Can I claim compensation for losses suffered due to a cybercrime?
Yes. Under **Section 43 of the IT Act**, the adjudicating officer can award compensation up to **Rs. 5 crore** for damage to computer systems, data theft, and related offences. Additionally, the victim may file a civil suit for damages and claim compensation through the criminal court under relevant provisions of the CrPC/BNSS.
---
Conclusion
Cybercrime is a rapidly evolving challenge, and Indian law continues to adapt to meet new threats. The IT Act, 2000, together with the IPC/BNS, provides a comprehensive legal framework for addressing a wide range of cybercrimes -- from online fraud and identity theft to hacking, cyberstalking, and data breaches. The establishment of the National Cyber Crime Reporting Portal and the 1930 helpline has made it significantly easier for citizens to report cybercrimes and seek redressal.
For any individual who has been a victim of cybercrime, the key steps are: (1) preserve all digital evidence immediately, (2) report the crime through the National Cyber Crime Reporting Portal or the 1930 helpline without delay, and (3) file an FIR at the local police station. Understanding your legal rights and the available remedies is the first step towards seeking justice.
---
*Disclaimer: This article is intended for educational and informational purposes only. It does not constitute legal advice, a solicitation, or an advertisement. The information provided is based on Indian laws and judicial pronouncements as of the date of publication and may be subject to change. No reader should act or refrain from acting based on this article without seeking professional legal advice tailored to their specific facts and circumstances. For personalised guidance, please consult a qualified advocate.*
Disclaimer: This article is for informational purposes only and does not constitute legal advice. For advice specific to your situation, please book a consultation.
Have Questions About This Topic?
Get personalized legal guidance from an experienced advocate.
Book a ConsultationWeekly Legal Insights
Receive informational updates on Indian law, recent judgments, and legal developments. Delivered weekly.
No spam. Unsubscribe anytime. Your email will not be shared.