Cyber Fraud — Definition & Legal Meaning in India

Also known as: Online Fraud · Digital Fraud · Internet Fraud · Online Financial Fraud

Legal Glossary Cyber Law cyber fraud Section 66D IT Act 2000
Statute: Information Technology Act, 2000, Section 66D
New Law: Bharatiya Nyaya Sanhita, 2023, Section 318
Landmark Case: Shreya Singhal v. Union of India ((2015) 5 SCC 1)
Veritect
Veritect Legal Intelligence
Legal Intelligence Agent
4 min read

Cyber Fraud is any fraudulent or dishonest act committed using a computer, computer network, or electronic communication device to deceive a person and obtain money, property, or an unfair advantage, encompassing offences such as online banking fraud, UPI scams, phishing, and cheating by personation. Under Indian law, it is primarily governed by Section 66D of the Information Technology Act, 2000 (cheating by personation using computer resources), read with Section 318 of the Bharatiya Nyaya Sanhita, 2023 (cheating), with penalties extending to 7 years imprisonment.

The Information Technology Act, 2000 addresses cyber fraud through multiple provisions:

Section 66D — Cheating by personation by using computer resource: Whoever, by means of any communication device or computer resource cheats by personation, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.

This is supplemented by general cheating provisions under the Bharatiya Nyaya Sanhita, 2023:

Section 318 BNS (formerly Section 420 IPC): Whoever cheats and thereby dishonestly induces the person deceived to deliver any property to any person, or to make, alter or destroy the whole or any part of a valuable security, or anything which is signed or sealed, and which is capable of being converted into a valuable security, shall be punished with imprisonment of either description for a term which may extend to seven years, and shall also be liable to fine.

Additional provisions applicable to cyber fraud include Section 66C (identity theft — use of another person's electronic signature, password, or unique identification feature) and Section 43 (penalty for unauthorised access to computer systems).

How courts have interpreted this term

Syed Asifuddin v. State of Andhra Pradesh [(2005) — AP High Court, referenced by Supreme Court]

The Andhra Pradesh High Court convicted the accused for reprogramming mobile phones using stolen electronic serial numbers (ESN) and mobile identification numbers (MIN), holding that electronic identity theft and fraud using computer resources constitutes a cognizable offence under the IT Act. This early case established judicial precedent for applying cyber fraud provisions to mobile and electronic device-based fraud.

State of Tamil Nadu v. Suhas Katti [(2004) — Additional CMM, Chennai]

One of the first successful cybercrime convictions in India, where the accused was convicted for creating fake online profiles and sending fraudulent messages. The court applied IT Act provisions to online impersonation and fraud, establishing precedent for subsequent cyber fraud prosecutions.

Arun Sharma v. State [(2018) — Delhi High Court]

The Delhi High Court addressed a large-scale online financial fraud involving fake customer care numbers and UPI-based scams. The Court upheld the applicability of Section 66D of the IT Act alongside IPC provisions for cheating, noting that modern cyber fraud often involves multiple statutory offences — identity theft (66C), cheating by personation (66D), and general cheating under the criminal code.

Types of cyber fraud

Indian law recognises several categories of cyber fraud:

  • Banking and financial fraud: Unauthorized transactions through internet banking, mobile banking, or UPI — prosecuted under Sections 66, 66C, 66D of the IT Act and Section 318 BNS
  • Phishing and vishing: Fraudulent emails, messages, or calls impersonating banks, government agencies, or service providers to extract credentials — Section 66D IT Act
  • E-commerce fraud: Fake online stores, non-delivery of goods, or delivery of counterfeit products — Section 66D IT Act and consumer protection laws
  • Investment and lottery scams: Fraudulent schemes promising returns or winnings — Section 66D IT Act, Section 318 BNS, and SEBI regulations
  • Job fraud: Fake recruitment portals and fraudulent job offer letters extracting fees — Section 66D IT Act and Section 318 BNS

Why this matters

Cyber fraud is the most reported category of cybercrime in India, with financial losses running into thousands of crores annually. The National Crime Records Bureau data shows a steep year-on-year increase in reported cyber fraud cases, driven by the rapid adoption of digital payments (UPI processed over 13 billion transactions monthly in 2025) and online services.

For citizens, the immediate step upon discovering cyber fraud is to call the national cyber crime helpline 1930 and report through the National Cyber Crime Reporting Portal (cybercrime.gov.in). The "golden hour" — the first few hours after the fraud — is critical for fund recovery, as the portal's automated system triggers holds on suspected beneficiary accounts across banks. Filing a formal FIR at the nearest police station or cyber police station is equally important.

For law enforcement, cyber fraud investigation requires coordination across jurisdictions, as perpetrators and victims are often in different states. The Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs facilitates inter-state coordination for cyber fraud cases.

Parent framework:

Specific methods:

Frequently asked questions

How do I report cyber fraud in India?

Report immediately through the National Cyber Crime Reporting Portal (cybercrime.gov.in) or the helpline number 1930. For financial fraud, use the portal's financial fraud module which triggers automated account freezing at banks. Also file an FIR at the nearest police station — cyber fraud is a cognizable offence and the police are obligated to register the FIR. Jurisdiction lies where the offence was committed or where the victim resides.

What is the punishment for cyber fraud?

Cheating by personation using a computer resource under Section 66D IT Act carries imprisonment up to 3 years and a fine up to Rs 1 lakh. When combined with cheating under Section 318 BNS (formerly Section 420 IPC), the punishment extends to imprisonment up to 7 years and a fine. If the fraud involves organised crime networks, provisions under the PMLA may also apply.

Can I get my money back after cyber fraud?

Recovery is possible if reported quickly. The 1930 helpline triggers an automated system that places holds on suspected beneficiary accounts. Within the golden hour, banks can freeze funds before they are withdrawn. For larger amounts, the court may issue a freezing order. However, recovery becomes increasingly difficult as time passes and funds are dispersed through multiple accounts.

This entry is part of the Veritect Indian Legal Glossary, a comprehensive reference of Indian legal terminology grounded in statutory text and judicial interpretation.

Last updated: 2026-03-27. Veritect provides this content for informational purposes and does not constitute legal advice.

Related Terms

Cybercrime Phishing Identity Theft (Digital) IT Act, 2000
Written by
Veritect. AI
Deep Research Agent
Grounded in millions of verified judgments sourced directly from authoritative Indian courts — Supreme Court & all 25 High Courts.