Cyber scams are fraudulent activities carried out using digital technologies to extract money, personal data, or sensitive information from individuals. These scams often exploit human psychology—fear, urgency, or trust—resulting in financial loss, identity theft, and emotional distress. Below are some of the most common forms of cyber scams, followed by the legal framework governing them and available remedies.

Common Types of Cyber Scams

Identity Theft

Identity theft involves the unauthorised use of another person’s personal information for fraudulent purposes. This may include misuse of identity documents, credit or debit card fraud, fraudulent loan applications, or filing false tax returns to claim refunds.

Section 66C of the Information Technology Act, 2000, criminalises identity theft, including the dishonest or fraudulent use of another person’s electronic signature, password, or any unique identification feature.

Digital Arrest Scams

In such scams, fraudsters impersonate law enforcement or regulatory authorities and falsely accuse victims of offences such as money laundering or fraud. Victims are then coerced into paying money to avoid “arrest.”

Such acts are not legally recognised and may attract offences such as cheating, impersonation, and criminal intimidation under applicable laws, including Section 66D of the Information Technology Act, 2000 (cheating by personation using computer resources), along with relevant provisions of the Bharatiya Nyaya Sanhita.

Mobile Application Fraud

With the increasing reliance on mobile applications for financial and personal transactions, attackers often trick users into installing malicious applications or APK files through phishing links or third-party platforms. These applications may steal OTPs, access contacts, emails, and photos, or initiate unauthorised transactions.

Online Banking Fraud

Cybercriminals exploit the widespread use of digital banking services such as fund transfers, account access, and online requests for financial instruments. Phishing, credential theft, and malware attacks are commonly used to gain unauthorised access, leading to financial loss.

Virus and Malware Attacks

Malicious software can infiltrate devices through phishing emails, insecure downloads, pirated software, or external devices. Once installed, such malware can compromise sensitive data, disrupt systems, or enable unauthorised access to financial information.

Investment Scams (Ponzi Schemes)

These scams promise high returns with minimal risk. Funds from new investors are used to pay earlier investors, rather than being invested legitimately. Eventually, the scheme collapses when new investments cease.

Phishing

Phishing involves deceptive emails, messages, or websites designed to trick individuals into revealing sensitive information such as login credentials or financial details. These attacks may also install malware on the victim’s device.

Vishing and Spam Calls

Vishing (voice phishing) involves fraudulent phone calls where scammers impersonate bank officials or government authorities to extract confidential information using social engineering techniques.

Deepfake Cybercrime

Cybercriminals use artificial intelligence to create realistic but fabricated audio, video, or images to impersonate individuals—such as public figures or known contacts—to mislead victims or manipulate public perception.

Fake Mobile Application (APK) Scams

Fraudsters create counterfeit mobile applications resembling legitimate banking or service apps. Once installed, these applications can steal credentials and enable unauthorised transactions.

Penalties and Legal Framework

Sections 43 and 66 of the Information Technology Act, 2000, together address a wide range of cyber offences, including unauthorised access, data theft, introduction of malware, and system damage. Section 43 imposes civil liability, while Section 66 criminalises such acts when committed dishonestly or fraudulently, with penalties including imprisonment of up to three years, a fine of up to five lakh rupees, or both.

Sections 66C and 66D are among the most frequently invoked provisions. Section 66C deals with identity theft, while Section 66D penalises cheating by personation using computer resources.

Reporting Cyber Crimes

Cybercrimes may be reported through the National Cyber Crime Reporting Portal, which allows complaints relating to financial fraud, other cyber offences, and offences against women and children.

In cases of financial fraud, victims may immediately contact the helpline 1930, which enables authorities to attempt to freeze or block fraudulent transactions through the Citizen Financial Cyber Fraud Reporting and Management System.

Additionally, a Zero FIR may be filed at any police station irrespective of jurisdiction, facilitating prompt initiation of investigation before transfer to the appropriate authority.

Remedies Available to Victims

Victims of cyber scams have both civil and regulatory remedies:

• Intermediaries are required to remove unlawful content within prescribed timelines (generally 36 hours, and 24 hours in cases such as non-consensual intimate imagery) upon receiving valid legal notice or order from the competent authorities under the Information Technology Rules, 2021.
• Compensation may be sought under Section 43 of the IT Act for unauthorised access, data theft, or system damage.
• Victims of identity theft may request banks and financial institutions to flag and freeze fraudulent accounts or transactions.

Conclusion

Cyber scams pose a significant threat to financial security and personal privacy. As technology evolves, cybercriminals continue to adopt more sophisticated methods, making awareness and timely legal recourse essential. While the legal framework provides both preventive and remedial mechanisms, effective enforcement and public vigilance remain crucial in combating cybercrime.