You needed to cancel a hotel booking. The refund was stuck. You typed the company name and the words "customer care" into Google and dialled the first number on the screen. A polite voice picked up on the second ring, called you "ma'am" and "sir", asked you to install a small app called AnyDesk so the "refund team" could verify your bank, and walked you through "a tiny test transaction of one rupee". Forty minutes later your account had been emptied in twelve quick transfers, and the polite voice was no longer on the line.

You are not the first person this happened to, and you are not stupid. The criminal in this story is not your judgement — it is a well-rehearsed group running a fake call centre, using a paid Google listing or a hijacked map result to put themselves in front of you at exactly the moment you were anxious. The Indian legal system has clear, layered remedies for this. The next sixty minutes — and the next forty-eight hours — decide how much of your money comes back. This guide walks you through it in the order a calm friend who happens to know the law would tell you.

How the Scam Actually Works

The pattern repeats with small variations. The scammer pays Google for a sponsored listing — or quietly takes over an under-managed business profile — so a fake "customer care" number sits at the very top of the search result. Sometimes the listing copies a real brand's logo. Sometimes the website behind it is a clone of the genuine company's page.

You call the number. The voice on the line "verifies" you by reading back two real-sounding details — your registered name or last four digits of your card — that were probably scraped from a leaked database. Then comes the script: "Madam, our refund tool is not opening on our side, please install AnyDesk so I can do it for you," or "Sir, please install TeamViewer QuickSupport, it will only take two minutes." The moment you read out the nine-digit AnyDesk code on your screen, the scammer has full control of your phone.

From there, the rest is mechanical. He opens your bank app, sees the available balance, asks you to "verify by sending one rupee" — and uses the time you are typing to push through one or more big transfers. Or he triggers a card-not-present transaction and asks you to "share the OTP that just came so the refund can be processed". The result is the same: your money moves out, and his control of your screen lets him delete the SMS alerts before you even notice.

Is What Happened Actually a Crime?

Yes — and on multiple counts. The Indian Penal Code and the Information Technology Act, 2000 stack against the fraudster.

Section 415 of the IPC defines cheating — fraudulent or dishonest inducement of a person to deliver property or to do or omit something he would not otherwise do, causing him damage in body, mind, reputation or property. Where money is actually delivered, Section 420 of the IPC applies — cheating with delivery of property — punishable up to seven years' imprisonment and fine. The Supreme Court has repeatedly held that the dishonest intention must exist at the time of inducement, and that a fake-customer-care call is the textbook case: the very purpose of the call is to deceive you from the first second.

Section 416 of the IPC defines cheating by personation. A person cheats by personation if he cheats by pretending to be some other person, "whether the individual personated is a real or imaginary person". The fake agent is pretending to be a customer-care representative of your bank, e-wallet, hotel, airline, or e-commerce platform. Section 419 of the IPC punishes cheating by personation with imprisonment up to three years.

Section 66D of the Information Technology Act, 2000 — punishment for cheating by personation by using computer resource — squarely fits. The section reads: "Whoever, by means of any communication device or computer resource cheats by personating, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees." The IT Act's commentary records that Section 66D was introduced precisely because "people are misusing the computer resources and communication devices and are indulging in cheating by personation using computer resources and mobile devices".

Section 66C of the IT Act — punishment for identity theft — is attracted whenever the scammer makes use of "the electronic signature, password or any other unique identification feature of any other person" fraudulently. When he reads out your card last-four to convince you, when he uses an OTP you accidentally read out, when he logs into your net banking with credentials he tricked you into sharing — Section 66C kicks in. Section 66 read with Section 43 of the IT Act covers unauthorised access to a computer resource.

Together, an FIR for a fake-customer-care scam typically runs: IPC 419, 420 + IT Act 66, 66C, 66D — sometimes with IPC 468 and 471 if a forged invoice or fake company name was used in the script.

The First Hour — What to Do Right Now

The single most useful action in the first sixty minutes is the call to 1930. The Citizen Financial Cyber Fraud Reporting and Management System — set up under the Indian Cyber Crime Coordination Centre — is built around a "golden hour" principle. The faster the cyber-cell desk pushes a freeze request to the receiving bank, the higher the chance the money is held before the mule account is emptied. Recovery rates drop sharply after the first hour, which is why every minute matters.

Alongside the call, lodge an online complaint at cybercrime.gov.in. The portal is open round the clock, accepts file uploads, generates an acknowledgement number immediately, and routes the matter to the cyber cell with jurisdiction. The acknowledgement is the cleanest proof you reported quickly.

While you do those two things, freeze the bleeding from your end. Call the bank's verified helpline (printed on the back of your debit card or inside the bank app — never from Google). Ask them to put a hold on net banking, freeze every card, and lock UPI on the affected number. Note down the call reference number they give you.

FIR, Zero-FIR and Cyber Cell

The FIR is the formal step that starts a criminal investigation. Under BNSS Section 173 — the new procedural law that replaced CrPC Section 154 from 1 July 2024 — every information relating to a cognizable offence must be reduced to writing by the Station House Officer. The cyber-portal acknowledgement is not the FIR; the police record is.

If the police station says "the scammer is not in our area, go elsewhere", insist on a zero-FIR. The BNSS expressly recognises FIR registration "irrespective of the area where the offence is committed", which is the codification of the zero-FIR concept. Any police station can record the FIR as zero-FIR and transfer it to the station with proper jurisdiction. The classical authority on what constitutes an FIR — Soma v State of Gujarat AIR 1975 SC 1453 — held that the earliest information given to the police, which sets the investigation in motion, becomes the FIR. The zero-FIR is exactly that.

Carry these documents to the station: a typed narrative complaint with date, time and a clean timeline; bank statement showing the unauthorised debits; the SMS alerts (do not delete them); the screenshot of the Google search result that showed the fake number; the cybercrime.gov.in acknowledgement; the 1930 complaint reference; a copy of your government photo ID. If the threat overlaps with broader patterns of online fraud — UPI, e-wallet, online romance — the related toolkit at criminal-law cyber crime FIR guidance applies in the same way.

The Bank and RBI Route

The criminal track and the recovery track run in parallel. Your bank is bound by the Reserve Bank of India's customer-protection framework — its circular on "Customer Protection — Limiting Liability of Customers in Unauthorised Electronic Banking Transactions" lays down a layered liability model.

The principle is this. Where the unauthorised transaction is due to a deficiency on the bank's part — its system failed, its alerts did not fire — the customer's liability is zero, regardless of when she reports. Where the loss is due to negligence by the customer (sharing PIN, OTP, password), the customer initially bears the loss until the unauthorised transaction is reported to the bank. The faster the customer reports, the lower the customer's liability. Reporting within three working days typically caps customer liability sharply; delay beyond seven days places more on the customer.

Practically: file a written dispute the same day, addressed to the branch manager, with a copy to the nodal officer. Quote the RBI's circular by date. Attach the FIR copy and 1930 reference. If the bank does not credit the disputed amount within ten working days (or, where customer fault is contested, refuses), escalate to the Banking Ombudsman through the RBI's Complaint Management System portal. The ombudsman regularly orders re-credit where the bank's evidence of customer negligence is thin.

If You Installed AnyDesk or TeamViewer

Treat the device as fully compromised. The remote-control app does not just give the scammer one screen — it can install hidden background tools, plant SMS-forwarding code, and harvest stored passwords. Cleaning up has to be brutal:

  1. Disconnect the phone from the internet (turn off Wi-Fi and mobile data).
  2. Force-stop and uninstall AnyDesk, TeamViewer, QuickSupport, RustDesk, or any remote-control app the scammer named.
  3. From a different, clean device, change every password — bank, email, UPI PIN, social media, online shopping. Use unique passwords; do not recycle.
  4. Block all cards through the bank app on the clean device. Reset UPI PIN.
  5. Take a screenshot of the bank's transaction history — every line of the fraudulent debits, with time stamps, will be primary evidence.
  6. Back up your contacts and photos to your Google or Apple account, and factory-reset the affected phone.
  7. Re-install only essential apps fresh, from the official stores.

The factory reset is the cleanest way to be sure the scammer's hooks are gone. Do not skip it. Re-installing one app at a time also gives you a chance to re-enable two-factor authentication everywhere.

Evidence — Screenshots and Section 65B

Indian courts admit electronic records — call logs, screenshots, transaction SMS, bank statements, the Google search screenshot — as evidence under the special provisions for electronic records. The rule, set out in Section 65B of the Indian Evidence Act, 1872, is that secondary electronic evidence (a printout, a copy, a screenshot from a phone) is admissible only when accompanied by a certificate identifying the device, asserting that the device was operating properly, and authenticating the contents.

The Supreme Court in Anvar P V v P K Basheer AIR 2015 SC 180 settled that the certificate is mandatory for secondary electronic evidence — the safeguards exist because "electronic records being more susceptible to tampering, alteration, transposition, excision". The Tomaso Bruno v State of Uttar Pradesh (2015) 7 SCC 17 bench had earlier confirmed that print-outs of electronic records stored in optical or magnetic media are admissible if the conditions of Section 65B(2) are met.

For your case, this means: do not delete a single SMS. Do not "clean up" your call log. Do not crop or annotate the screenshots. Email the screenshots to yourself the same day so an independent server timestamp exists. Your lawyer will draft the Section 65B certificate when filing.

Need a Lawyer Who Has Filed These Before?

The cyber-fraud team at Pinaka Legal handles fake-customer-care matters as a single workflow — the 1930 complaint, the FIR registration, the bank dispute and ombudsman escalation, and the Magistrate complaint where the SHO is reluctant. One folder, one timeline, one lawyer reading every paper. Many of these cases are time-sensitive. If you are inside the first forty-eight hours of the fraud, the speed of paperwork has a direct bearing on how much money returns.

What Should I Actually Do Now?

  1. Call 1930. Have ready: bank account number, transaction reference, time of fraud, mobile number used, UPI ID. Note the 1930 complaint number.
  2. File on cybercrime.gov.in. Same details. Upload screenshots and bank statement. Save the acknowledgement PDF.
  3. Block everything with the bank. Net banking, debit card, credit card, UPI. Use only the bank's verified helpline from inside the official app.
  4. Walk into the police station. Insist on an FIR under IPC 419, 420 and IT Act 66, 66C, 66D. If they say jurisdiction, demand a zero-FIR under BNSS Section 173.
  5. Send a written dispute to the bank. Same day. Quote the RBI customer-liability circular. Attach FIR and cybercrime acknowledgement. Send by email and by hand.
  6. Uninstall remote-control apps and factory-reset the affected phone after backing up contacts and photos.
  7. Preserve evidence. Do not delete SMS, call logs, or chat. Email all screenshots to yourself.
  8. Escalate if police refuse. SP under BNSS Section 173(4); private complaint before Magistrate under BNSS 223 and 175(3) — the FIR-problems escalation route.
  9. Escalate if bank refuses. Banking Ombudsman through the RBI portal.
  10. Talk to a lawyer. Especially if the amount is large, the bank is stalling, or the SHO is reluctant.

Moving Forward Without Shame

Anyone can fall for a fake customer care number. The script is engineered against trust and urgency, two emotions every adult feels in a refund situation. Calling 1930 and registering the FIR is the responsible thing — and it actually helps the system trace the gang faster. Each complaint adds one more data point on the cyber cell's radar; gangs are eventually identified through pattern aggregation. Your case is not just about your money.

Many victims hesitate because they fear the bank will say "you shared the OTP, your fault". The RBI's framework specifically addresses negligence-based losses — and reporting time is a major variable. Timely reporting protects you. Silence costs you the protection. Speak. File. Escalate.

Get legal help from Pinaka Legal — Cyber-fraud experts in Delhi

Frequently Asked Questions

I called a fake customer care number from Google and lost money — what should I do in the first hour?

Call 1930 immediately. The Citizen Financial Cyber Fraud Reporting and Management System works on a golden-hour principle — the faster you report, the higher the chance of stopping the money before it leaves the receiving account. Then file an online complaint at cybercrime.gov.in and walk into the nearest police station for an FIR. While you do all this, screenshot the Google search result that showed the fake number, dispute the transaction with your bank in writing, uninstall AnyDesk or TeamViewer if you installed it, and back up and factory-reset the affected phone. Speed is everything in the first hour.

Is calling a fake customer care number a crime, or is it just my mistake?

It is a crime — by the scammer, not by you. The fraudster has committed multiple offences: cheating by personation under Section 419 of the IPC by pretending to be a real customer-care agent; cheating under Section 420 of the IPC by dishonestly inducing you to part with money or one-time passwords; cheating by personation using a computer resource under Section 66D of the IT Act, 2000; and identity theft under Section 66C of the IT Act if your password or unique identifier was misused. The scam is a fully cognizable crime and the police are bound to register an FIR.

What is the 1930 helpline and what does it actually do?

1930 is the national cyber-fraud financial helpline operated under the Indian Cyber Crime Coordination Centre. It is the first call you should make. The operator records the transaction details and pushes a freeze request to the bank or wallet that received your money. If the money is still in the receiving account when the freeze lands, it is held — and a court can later release it back to you. Reports show meaningful recovery rates when victims call within the golden hour. The same complaint can be lodged simultaneously on cybercrime.gov.in.

What is a zero-FIR and how does it help me?

A zero-FIR allows any police station to register your FIR even if the offence was technically committed outside its territorial jurisdiction. The complaint is recorded as FIR number zero, and then transferred to the police station with proper jurisdiction. For online frauds where the scammer's location is unknown — and the money may have moved across states — the zero-FIR is your friend. BNSS Section 173 codifies the principle that information of a cognizable offence must be recorded "irrespective of the area where the offence is committed". Insist on it if any officer tries to send you away.

Will the bank give me my money back if I called a fake customer care number?

It depends on how fast you reported and whether the bank can be shown to have failed in any duty. The Reserve Bank of India's circular on customer protection — limiting the liability of customers in unauthorised electronic banking transactions — sets a layered framework. Where the negligence is clearly the customer's, full liability may rest on the customer. Where the bank's system failed, or where the customer reported within three working days, the limitation in customer liability kicks in. File a written dispute, escalate to the Banking Ombudsman, and quote the RBI circular by date. Many banks settle once the cyber-portal acknowledgement and FIR copy are produced.

I installed AnyDesk on the call — what should I do now?

Treat the device as fully compromised. Disconnect it from the internet immediately. Force-stop and uninstall AnyDesk, TeamViewer, QuickSupport, RustDesk, or any remote-control app. Change every password you used on that device — bank, email, UPI PIN, social media — from a different, clean device. Call your bank to block all cards and freeze net banking. Take a photo of the screen showing every transaction in the bank app's history. Then back up your contacts and photos to your Google or Apple account, and factory-reset the phone. Re-installing apps fresh is safer than trusting that the scammer's hidden tools are gone.

What sections will the police register for a fake customer care number scam how to complain case?

Expect to see a combination of sections in the FIR. From the IT Act: Section 66D for cheating by personation by computer resource, Section 66C for identity theft if a password or OTP was misused, and Section 66 read with Section 43 if data was accessed without authorisation. From the IPC: Section 419 for cheating by personation, Section 420 for cheating with delivery of property, and Section 379 if any data or money was effectively taken. If a fake company name or fake invoice was used, Sections 468 and 471 for forgery may also be added. Lawyers usually push for the widest combination.

How do I prove what happened — what is admissible in court?

Indian courts admit electronic records — call logs, screenshots, transaction SMS, bank statements, the Google search screenshot — as evidence under the special provisions for electronic records. Section 65B of the Evidence Act requires a certificate identifying the device, asserting the device was working properly when the records were captured, and authenticating the contents. The Supreme Court in Anvar P V v P K Basheer settled that the certificate is mandatory for secondary electronic evidence. Save the original phone, preserve the SIM, and keep the bank's email confirmations untouched. Your lawyer prepares the certificate when filing.

Can the police really trace where my money went?

Yes, in most cases. The transaction trail leaves a clear bank-side audit. The investigating officer issues notices under BNSS Section 94 (the new equivalent of CrPC Section 91) to banks, wallets, and telecom providers asking for KYC, account flow, and call records. Cyber cells routinely follow money through three or four hops. The challenge is that mule accounts — opened with someone else's KYC — are often emptied within minutes. That is why the 1930 freeze in the first hour matters more than any later investigation. Identification of the controlling fraudster usually takes weeks but does happen.

How long does the case take, and will I get my money back?

There are two parallel tracks. The criminal case — chargesheet under BNSS Section 193, trial in a Magistrate's court — typically takes one to three years. The recovery track is faster. Money frozen on a 1930 alert can come back in weeks once a Magistrate orders release under BNSS Section 503. Where the bank is partly liable, RBI ombudsman cases close in three to six months. Civil suits for compensation can run alongside. A realistic expectation: partial recovery is common; full recovery depends entirely on how fast the freeze landed.

What if the police refuse to register the FIR?

You have a layered escalation. Under BNSS Section 173(4), send the substance of the information by registered post to the Superintendent of Police. The SP, if satisfied, must investigate or order investigation. If even the SP fails, file a private complaint before the jurisdictional Magistrate under BNSS Section 223 and ask for an investigation order under BNSS Section 175(3). The High Court under Article 226 is the final layer. Never accept a verbal refusal — always demand a written daily diary entry, which itself is admissible later as proof that you reported the offence.

How do I avoid this in future?

Never search Google for a customer care number. Always go to the official app or the brand's verified website to find the contact. Save the genuine number once and reuse it. No real bank, e-wallet, airline, or e-commerce company will ever ask you to install AnyDesk, TeamViewer, or QuickSupport. No one legitimate asks for an OTP, UPI PIN, or CVV on a phone call. If a caller pressures you with urgency — "your account will be blocked", "refund will lapse" — the urgency itself is the red flag. Hang up, call back on the verified number from the app.

Related Reads

For more articles on Indian law, visit the Pinaka Legal Blog. For queries, call +91 8595704798 or email info@pinakalegal.com.