We get the call several times a month. A senior citizen in Jayanagar who lost ₹40 lakhs to a 'CBI officer' on a video call. A small business in Whitefield hit by a man-in-the-middle invoice swap. A founder in HSR Layout whose UPI was drained while he was sleeping.
In every one of these cases, the question is not whether the scammers were sophisticated. They were not. The question is what the victim did in the first 24 hours — because Indian banking, the National Cybercrime Reporting Portal (NCRP), and the Karnataka Cyber Crime cells all run on a clock that starts the moment the money leaves your account.
The frauds we see most in Bangalore
The shape of the fraud matters because the legal route differs. The four patterns that account for the bulk of matters that walk through our door are: 'digital arrest' impersonation calls (typically against senior citizens, often originating from Cambodia and Myanmar mule networks), invoice and vendor email compromise affecting SMEs, fake investment platforms — including crypto and stock-tips groups — that allow withdrawals on the first cycle and freeze on the second, and account takeovers via SIM-swap or SS7 redirection of the OTP itself.
Each of these has a recovery profile of its own. UPI and IMPS frauds where money sits in a domestic bank account are the most recoverable. Crypto exchange frauds, especially those using offshore exchanges, are the hardest. Knowing which shape you are dealing with lets us pick the right combination of banking, civil and criminal action.
Hour 0–1: Stop the bleeding.
- Call your bank's fraud helpline. Get the receiving account flagged. Banks have lien-marking powers if alerted in time.
- Disable cards, UPI, and net banking.
- Do NOT delete anything — not the message, not the call log, not the email. They are evidence.
Hour 1–4: Lodge the formal complaint.
- File an online complaint at cybercrime.gov.in (NCRP). This generates a ticket that all banks act on.
- Get an acknowledgement number. Save it.
- Visit the local Cyber Crime cell with a printed copy of the NCRP report.
How NCRP actually works.
The portal is run by the Indian Cybercrime Coordination Centre (I4C) under the Ministry of Home Affairs. When you file, the system pushes the complaint to the receiving bank's nodal officer with a request to put a temporary hold on the disputed amount. If the bank acts within the RBI-prescribed window, recovery odds are highest. The portal also routes the complaint to the local police station based on the address of the complainant — which, in Bangalore, may mean the City Cyber Crime Police Station on Infantry Road, or one of the zonal Cyber Economic and Narcotics (CEN) units in Bangalore Rural, North or South. The 1930 helpline does the same thing on the phone, but is often easier to reach in the very first hour when the website is slow.
Hour 4–24: Begin the legal track.
- Engage a cyber lawyer who has run recovery matters before. The right civil and criminal applications, filed early, dramatically improve recovery odds.
- Preserve digital evidence properly: screenshots are not enough — original messages, call recordings, headers, transaction screenshots, and device-level evidence.
- If a UPI or bank account is identifiable, parallel civil action against the receiving account holder can be initiated.
What a lawyer adds that NCRP alone does not.
The portal is a complaint mechanism, not a litigation strategy. It does not draft the right Section 156(3) BNSS application that compels investigation when the police are slow. It does not move a Karnataka High Court writ to direct expedited recovery from a non-cooperative bank. It does not file a parallel civil suit for recovery against an identifiable receiving account holder under Order XXXVIII of the CPC, which can attach assets while the criminal case crawls. And it does not coordinate with RBI, the Banking Ombudsman or the receiving bank's compliance team to escalate beyond the customer service channel.
A lawyer used to recovery work also knows what evidence to preserve in a way that a court will accept months later — call detail records subpoenaed under a 91 BNSS notice, header information from email exchanges to authenticate spoofing, and bank account statements with debit narration that match the claimed transaction trail.
The realistic recovery timeline.
Where the receiving bank acts within the RBI's prescribed time window and the funds are still sitting in the first beneficiary account, partial or full recovery within 90 days is realistic. Where the funds have moved to a second mule account but the chain is still domestic, 6–12 months is more typical and recovery is partial. Where money has been converted to crypto or routed through an offshore exchange, recovery is rare; the legal track shifts to prosecution and asset attachment in India for any traceable proceeds.
Insurance is the silent variable. If the victim is a business with a cyber insurance policy, the policy often funds the recovery effort, including legal fees, in exchange for subrogation rights against the fraudsters. We always ask about cyber insurance on the first call.
What we don't recommend
- Posting the scammer's number on social media. It feels good. It also tips off the fraud network and accelerates money movement.
- Calling 'recovery agents' who message on Instagram. Almost all are themselves fraudsters preying on victims.
- Waiting more than 24 hours to act. Time is the single biggest variable.
If you or a family member is dealing with online fraud right now, call us on +91 63634 69138. The first call is privileged, free, and we will tell you honestly whether recovery is realistic in your matter.
Discuss your matter with us.
Articles can only go so far. Every legal matter has its own facts. Reach out for a confidential consultation.