The Call That Changed Your Week

You needed Rs. 8,000 to pay rent. A "Quick Cash" app on the Play Store said it would disburse in two minutes. The KYC was a selfie and an Aadhaar photo. The app asked for "permissions" — contacts, gallery, SMS — and you tapped "Allow" without reading. Five days later, eight men with eight different mobile numbers are calling your sister-in-law, your boss, your father's WhatsApp group, demanding payment of Rs. 22,000 — and threatening to send a morphed nude photograph to everyone in your phonebook unless you pay by 6 PM.

The fear is the worst part — not the money. This article is for you, and for the millions of Indians being put through the same machine. The law gives you more weapons than these operators want you to know about. It is time to use them.

Which Laws Actually Protect You?

Fake-loan-app harassment is a layered crime. The same conduct can be prosecuted under multiple sections, and a good FIR cites them together. The core stack is:

  • Section 384 IPC — punishment for extortion (the demand for money under threat).
  • Sections 503 and 506 IPC — criminal intimidation, including threats to publish images.
  • Section 354A IPC — sexual harassment (where threats are sexually coloured).
  • Section 354D IPC — stalking (where the harassment is repeated despite refusal).
  • Section 66E of the IT Act — violation of privacy by capturing or transmitting images of a person's private area.
  • Section 67 of the IT Act — publishing or transmitting obscene material in electronic form.
  • Section 67A of the IT Act — publishing or transmitting sexually explicit material in electronic form.
  • Section 66C of the IT Act — identity theft, where your KYC and identity are misused.
  • Section 66D of the IT Act — cheating by personation using a computer resource (the app pretending to be a regulated lender).
  • Section 43 read with Section 66 of the IT Act — unauthorised access to your computer resource (the app harvesting data without genuine consent).

Extortion and Criminal Intimidation Explained

The IPC defines extortion in Section 383 as the act of intentionally putting a person in fear of injury and dishonestly inducing the person to deliver any property or valuable security. Section 384 punishes it with imprisonment up to three years, or fine, or both. The commentary explains that extortion is committed by "overpowering the will of the victim" — the very mechanism a fake-loan-app uses when it threatens shame to extract payment.

Criminal intimidation lives in Sections 503 and 506. Section 503 covers threatening a person with any injury — to body, reputation or property — to compel them to do something they are not legally bound to do. The commentary cites the landmark Supreme Court ruling in Romesh Chandra Arora (1960), where the accused took indecent photographs of a girl and threatened her father with publication unless "hush money" was paid. The Court held that this amounted to criminal intimidation, not merely an attempt to extort. The same logic applies to morphed-photo threats by loan-app operators.

The commentary also points to Chander Kala v Ram Kishan (1985), where a head-master threatened to spoil a lady-teacher's modesty unless she signed papers. The Supreme Court held both extortion and criminal intimidation were made out. The point: where threats and demands run together, the FIR can plead both offences side by side.

Privacy Violation and Obscene Content

Section 66E IT Act — privacy

Section 66E punishes whoever "intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person", with imprisonment up to three years or fine up to Rs. 2 lakhs, or both. The IT Act commentary stresses that "transmit" includes electronically sending an image so that it will be viewed by another, and "publishes" includes making the image available to the public. Both apply when a fake-loan-app sends morphed images to a borrower's contacts.

Sections 67 and 67A IT Act — obscene and sexually explicit material

"Whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest... shall be punished on first conviction with imprisonment which may extend to three years and with fine which may extend to five lakh rupees..." — Section 67, IT Act

The commentary describes Section 67 as the legislative response to obscene content circulated through computers and communication devices, and observes that — as a special law — it overrides Section 292 IPC for obscene electronic material. Section 67A enhances punishment for sexually explicit material. Where morphed nude pictures are circulated, Section 67 / 67A apply alongside Section 66E and the IPC sections on extortion and intimidation.

Identity Theft and Cheating by Personation

Section 66C of the IT Act punishes the fraudulent or dishonest use of any "unique identification feature" of a person — passwords, electronic signatures, and any other unique identifier. The commentary highlights how broad this language is — a fake-loan-app misusing your KYC, Aadhaar photo or biometric submission can fall within Section 66C.

Section 66D punishes "cheating by personation" using a computer resource or communication device. Many fake-loan-apps personate registered NBFCs by using similar names, fake licences and copied logos. The commentary stresses that 66D is intentionally broad and applies to any such personation. Where it applies, the FIR adds Section 66D and Section 420 IPC to the stack.

If your data was harvested by an app that asked for "all permissions" and used them for harassment, Section 43 (unauthorised access to a computer resource) read with Section 66 (criminal liability for the same when done dishonestly or fraudulently) can also apply. The IT Act commentary affirms that 43 read with 66 covers downloading or extracting data without permission, and the punishment under Section 66 is up to three years imprisonment or fine up to Rs. 5 lakhs.

Filing the FIR That Actually Bites

The FIR is filed under Section 173 of the Bharatiya Nagarik Suraksha Sanhita, 2023 (which has replaced Section 154 of the old CrPC). The FIR commentary stresses that the FIR is "a vital material" that records the first information of the incident — the document on which the entire investigation rests.

For a fake-loan-app case, your FIR should:

  1. Identify the app by name, Play Store / App Store URL, version, the date of installation and uninstall.
  2. List the threatening numbers and the nature of each call/message.
  3. Attach a chronological annexure of screenshots, recordings, contacts who received messages.
  4. Plead the legal stack — IPC 384, 503, 506, 354A/354D where applicable, and IT Act 66C, 66D, 66E, 67 / 67A, 43 r/w 66.
  5. Identify any UPI IDs / bank accounts where money was demanded or paid.

If the SHO refuses to register the FIR, escalate by registered post to the SP/SSP under Section 173(4) BNSS (corresponding to Section 154(3) CrPC), and then move the Judicial Magistrate under Section 175(3) BNSS (corresponding to Section 156(3) CrPC). The Supreme Court in Sakiri Vasu v State of Uttar Pradesh (2008) made it clear that the Magistrate's power to direct registration of an FIR is the proper remedy for police inaction. Many cyber-fraud victims succeed at this stage where local stations have stalled.

Stopping the Pipes — Telecom, App Store, Bank

Police action is necessary but slow. To stop the harassment in real time, attack the operator's pipes:

  1. Telecom blocks: Report each calling number on the Department of Telecommunications' Sanchar Saathi portal as spam / fraud. Report to your own telecom operator's customer care.
  2. App-store takedown: Report the app on Google Play / Apple App Store as a fraudulent / harassing app. Quote the FIR copy.
  3. Bank-account freeze: Where you have made any UPI payment, file at 1930 and cybercrime.gov.in citing the receiving VPA / account; the receiving bank can freeze pending balance.
  4. Intermediary takedowns: The IT Act framework allows the police and the courts to direct intermediaries to take down unlawful content. WhatsApp / Telegram channels publishing your morphed images can be reported with the FIR copy.

Where the harassment overlaps with cyber bullying, doxxing or sextortion, also explore the broader remedies available for online harm and harassment under cyber law.

What Should I Actually Do Now?

  1. Stop engaging with the callers. Do not negotiate. Do not "pay one last installment".
  2. Save evidence first, then revoke access. Take screenshots of every chat, threat and morphed image. Back up to email or cloud. Then revoke the app's permissions and uninstall.
  3. Inform your family proactively. A 2-minute heads-up to parents, spouse, employer ("If you get an abusive call about me, ignore — police complaint filed") defangs the entire shame strategy.
  4. Call 1930 and file at cybercrime.gov.in. Note acknowledgement numbers.
  5. Lodge the FIR within 48 hours at the cyber police station with sections 384, 503, 506, 354A/354D IPC and 66C, 66D, 66E, 67 / 67A, 43 r/w 66 IT Act.
  6. If the FIR is refused, escalate to the SP/SSP and then to the Magistrate under Section 175(3) BNSS.
  7. Report numbers on Sanchar Saathi and the app on Play Store / App Store.
  8. Block UPI auto-debits and ask your bank to flag the loan-app's account.
  9. Repay only the genuine principal through a verifiable bank channel — not through anonymous VPAs or cash deposits.
  10. Pull a CIBIL report after two weeks to ensure no fraudulent loans appear in your name.

When a Lawyer's Notice Saves Sleep

Many fake-loan-app harassments stop within days of a structured legal notice and a properly drafted FIR. A lawyer adds three things you may struggle to produce alone — the right combination of IPC and IT Act sections, formal escalation letters to the SP/SSP under Section 173(4) BNSS, and a Section 175(3) BNSS petition where the police are slow. At Pinaka Legal we have helped clients silence these networks by going directly at the bank accounts, telecom numbers and app listings that keep them alive. If the fear is keeping you up at night, an early consultation can move the timeline by weeks.

Get legal help from Pinaka Legal — Cyber & Digital experts in Delhi

The Quiet After the Storm

The hardest thing about fake-loan-app harassment is the way it hijacks your phone — the device that connects you to family, work and dignity becomes the source of every threat. The law cannot delete the morphed image from someone's WhatsApp forever, but it can punish the maker, freeze his accounts, take down his app and reduce him to silence. With the FIR copy, the 1930 acknowledgement, telecom blocks and app-store takedowns moving in parallel, the storm passes faster than you imagine. You are not the borrower they are pretending you are. You are the complainant.

Frequently Asked Questions

How do I stop fake loan app calls and threats?

Three actions in parallel — police, platform and bank. Lodge an FIR at the cyber police station under Sections 384 (extortion), 503 and 506 (criminal intimidation), 354A or 354D where stalking is involved, and Sections 66C, 66D, 66E and 67 of the IT Act where applicable. Report the app to Google Play / Apple App Store and the calling numbers to your telecom operator and DoT's Sanchar Saathi portal. Call 1930 and file at cybercrime.gov.in. Tell your bank to block any UPI mandate or auto-debit linked to the app.

Is it extortion if a loan app threatens to send my photo to my contacts?

Yes, in most cases. Section 383 IPC defines extortion as putting a person in fear of injury and dishonestly inducing the person to deliver property. Section 384 punishes it with imprisonment up to three years and fine. Where the threat is to publish photographs unless "hush money" is paid, the Supreme Court in Romesh Chandra Arora (1960) called it criminal intimidation under Section 503 / 506 IPC. Many fake-loan-app cases involve both extortion and intimidation; the FIR usually cites both.

What about morphed nude photos sent by the loan app to my contacts?

This is among the most serious tracks of fake-loan-app abuse. Morphing pictures into private-area images and circulating them attracts Section 66E of the IT Act (violation of privacy by capturing or transmitting images of a person's private area) and Section 67 / 67A for publishing or transmitting obscene or sexually explicit material in electronic form. Add Section 384 IPC for extortion if money was demanded, and Sections 354A / 354D where the victim is a woman. Save every screenshot and contact log — the case is built on that.

Can the loan app legally call my contacts who never gave it permission?

No. Calling a borrower's family, colleagues or random contacts to shame the borrower is not "recovery"; it is harassment and intimidation. The RBI's Digital Lending Guidelines also bar regulated lenders from accessing a borrower's contacts list without consent and using it for collection. For unregulated apps, this conduct is captured by Sections 503 / 506 IPC (criminal intimidation), Section 384 IPC (extortion) and Section 66E IT Act (privacy violation). The FIR should specifically plead the unauthorised calling of contacts as part of the offence.

Do I still have to repay the principal if the app is fake or illegal?

It depends. If money actually came into your account from the app, you have a civil obligation to return the principal — but only the principal that was disbursed, not the inflated "fees", "penalties" or interest a fake app demands. Many illegal apps are not registered NBFCs and operate without RBI authorisation; their interest and fee terms are unenforceable. Pay back only what you genuinely received, and only when the recipient is verifiable. Routing repayments through a bank with proof beats UPI to a random VPA every time.

Will the police register my FIR against a fake loan app?

Yes — the offences are cognizable. Sections 384 (extortion), 506 (criminal intimidation, second part) and Section 67 IT Act are cognizable. The FIR must be registered under Section 173 of the Bharatiya Nagarik Suraksha Sanhita. If the SHO refuses, escalate in writing to the SP/SSP under Section 173(4) BNSS, and to the Judicial Magistrate under Section 175(3) BNSS — the route confirmed by the Supreme Court in Sakiri Vasu v State of UP (2008). Cyber police stations are usually faster than local stations for these complaints.

What evidence should I save before reporting?

Everything in original form — screenshots of the app's permissions, calls and threats, WhatsApp chats, recorded calls, the contacts who received messages, the UPI VPAs and bank accounts where payments were demanded, transaction proofs, the app's listing on Play Store / App Store, and any morphed images. Keep a written timeline. Do not delete the app till you have backed up the in-app messages and screenshots; uninstalling sometimes wipes evidence.

Can I claim that the app cheated me by personation under Section 66D?

Yes, where applicable. Section 66D punishes cheating by personation using a computer resource or communication device. Many fake-loan apps personate registered NBFCs or banks — using the same logo, name or fake licence number — to convince you they are legal. The IT Act commentary stresses that Section 66D is "broad" and now applied widely. Plead the personation expressly in the FIR. Section 66C is added where they misuse your KYC documents and identity for fraudulent borrowing in your name elsewhere.

What should I do about the loan-recovery numbers calling me?

Note them, do not engage. Save call logs and recordings. Block the numbers after recording details. Report each number on the Department of Telecommunications' Sanchar Saathi portal so the SIM can be deactivated for fraudulent use, and quote the same numbers in your FIR. Threats made in those calls are evidence of criminal intimidation under Section 506 IPC and, where money is demanded, of extortion under Section 384. Do not pay "one last installment to close the matter"; it never closes.

Do I need to delete the app's access to my phone?

Yes — but after backing up evidence. Once you have the screenshots and chats, revoke the app's access to contacts, gallery, microphone and SMS in your phone settings, and uninstall the app. Change passwords for Google / Apple ID, banking and email. Consider a factory reset for serious infections. The IT Act commentary on Section 43 read with Section 66 makes unauthorised access to your computer resource a criminal offence; the FIR should mention the app harvested data without genuine informed consent.

Can a fake loan app file a recovery suit against me?

Almost never, in practice. Fake loan apps thrive on harassment because they cannot easily approach a court. Legal recovery requires a verifiable lender, a written contract, KYC, and compliance with usury and consumer law. An unregistered overseas operator harassing borrowers usually has no standing in Indian civil courts and would expose itself to criminal prosecution if it did. The threat of "court case" from a recovery agent is a tool of intimidation, not a real risk.

How long does it take to stop the harassment after filing an FIR?

Often quickly, sometimes slowly. Once a serious FIR with the right sections lands at a cyber police station, the operators behind many fake apps go silent within days because their numbers, accounts and apps are reported. In persistent cases, the investigation under Section 173 BNSS, takedown of the app, and seizure of mule accounts can take weeks. Either way, the FIR is what gives you the standing to demand telecom blocks, app-store takedowns and bank-account freezes — silence does not.

Related Reads

For more articles on Indian law, visit the Pinaka Legal Blog. For queries, call +91 8595704798 or email info@pinakalegal.com.