If you are reading this because money has just left your account through fraud, or your business email has been compromised, or your social account has been weaponised against you — stop reading the news and read this. The next twenty-four hours determine almost everything.
Our cyber crime practice handles roughly two hundred such matters annually. The pattern is consistent: those who act in the first day recover; those who delay rarely do. This protocol is what we tell every caller.
Hour One — Freeze the Bleed
Call your bank's 24/7 fraud line immediately. Not your relationship manager — the fraud helpline. Insist on a transaction hold on the destination account. Banks have an internal authority to freeze suspicious credits for 48 hours pending investigation; you must demand it explicitly. Note the call reference number.
Simultaneously, dial 1930 — the National Cyber Crime Reporting helpline. The complaint number generated here is what enables banks to extend the freeze beyond the initial 48 hours.
Hour Two to Six — Document Everything
Screenshots of every fraudulent message, transaction, URL, phone number. Email headers (full source view, not just the message). Phone numbers that called you. Records of when each communication occurred, in chronological order. This file is what we use to build the case.
The single most damaging mistake we see: victims delete the fraudulent messages out of embarrassment. Without those records, criminal prosecution becomes nearly impossible.
Hour Twelve — File Online at cybercrime.gov.in
The National Cyber Crime Reporting Portal is the formal complaint mechanism. The complaint must be filed under the correct head — Financial Fraud for money matters, Cyber Stalking for harassment, Hacking for account compromise. Wrong categorisation routes the file to the wrong unit.
The portal generates an acknowledgment number. This number, plus the 1930 reference, plus the bank reference — these three together are what allow our practice to coordinate with banks, telcos, and the Cyber Cell on your behalf.
Hour Twenty-Four — Local FIR
Visit the cyber cell of the nearest police station. The online complaint is necessary but not sufficient — only a registered FIR gives investigative powers. If the local police refuse to register the FIR (common in lower jurisdictions), proceed to the Superintendent's office, or invoke Section 154(3) CrPC via a written complaint to the Magistrate.
What Not to Do
Do not respond to the fraudster, even to negotiate. Do not transfer money under any pretext (\"return processing fee,\" \"unlock charge,\" \"GST\"). Do not share fresh OTPs or KYC details with anyone calling about the original fraud — second-wave fraudsters often pose as bank or police officials.
When to Call Counsel
Immediately if the fraud exceeds Rs. 5 lakhs, if the perpetrator has connections to your business, if the matter involves international jurisdictions, or if you are an organisation discovering a coordinated attack. Our urgent line is monitored 24/7. The longer you wait, the harder recovery becomes — and beyond seven days, the recovery rate drops to single digits.