What is the punishment for cyber terrorism under the IT Act 2000 in India?

Under Section 66F of the IT Act 2000, cyber terrorism — acts that threaten the unity, integrity, security, or sovereignty of India through unauthorised access to computer resources, introduction of contaminants, or damaging or disrupting critical information infrastructure — is punishable with life imprisonment. This is the most serious cyber offence under the IT Act and has no prescribed fine ceiling — the court determines the fine.

What is a digital arrest scam and is it real in India?

A digital arrest scam is when fraudsters call victims posing as police, CBI, customs, or narcotics officers and claim you are under 'digital arrest' for involvement in drugs, money laundering, or other crimes. There is no such thing as a 'digital arrest' in Indian law — no law enforcement agency in India conducts arrests or interrogations over video calls. These are scams designed to extort money through fear. If you receive such a call, disconnect immediately, do not pay anything, and report to 1930 and cybercrime.gov.in. The Government of India has issued public advisories on this scam and instructed telecom providers to block international spoofed calls mimicking Indian numbers.

What is Section 69A of the IT Act 2000 India?

Section 69A of the IT Act 2000 empowers the Central Government to direct any agency or intermediary to block public access to any information, website, or platform if it is deemed necessary in the interest of sovereignty and integrity of India, defence, security of the state, friendly relations with foreign states, public order, or for preventing incitement to a cognizable offence. This is the provision used to block websites and apps in India. Failure by an intermediary to comply with a blocking order carries imprisonment up to 7 years and a fine.

IT Act 2000 India — Cybercrime Laws & Your Rights Explained

Q: How do I report cybercrime in India?

There are three ways to report cybercrime in India: (1) Call the national helpline 1930 — available 24x7, especially for financial fraud — to freeze fraudulent transactions immediately; (2) File an online complaint at cybercrime.gov.in — the National Cyber Crime Reporting Portal run by the Ministry of Home Affairs; (3) Visit your nearest Cyber Crime Police Station or any police station — cybercrime comes under global jurisdiction in India, so you can file with any police station regardless of where the crime occurred. For financial fraud, report within the first hour — recovery chances drop from 60% to under 15% after 24 hours.

Q: What is the punishment for hacking under the IT Act 2000 in India?

Under Section 66 of the IT Act 2000, hacking — defined as unauthorised access to or destruction, deletion, or alteration of information in a computer resource with dishonest or fraudulent intent — is punishable with imprisonment up to 3 years, a fine up to ₹5 lakh, or both. Hacking in relation to government or critical infrastructure systems carries additional penalties. Tampering with computer source code under Section 65 carries imprisonment up to 3 years or a fine up to ₹2 lakh.

Q: What is the punishment for identity theft under the IT Act 2000 in India?

Under Section 66C of the IT Act 2000, identity theft — the fraudulent or dishonest use of another person's electronic signature, password, or unique identification feature — is punishable with imprisonment up to 3 years and a fine up to ₹1 lakh. Section 66D separately covers cheating by impersonation using a computer resource — for example, creating a fake profile or website to pose as someone else — with the same punishment of up to 3 years imprisonment and fine up to ₹1 lakh.

Q: What should I do immediately if I am a victim of online fraud in India?

Act within the first hour — recovery chances are highest in the first 30-60 minutes: (1) Call 1930 (National Cyber Crime Helpline, 24x7) and give them the transaction details — fraudulent amount, date, beneficiary account/UPI ID; (2) Simultaneously call your bank's fraud helpline to block further transactions and raise a dispute; (3) File a complaint at cybercrime.gov.in with screenshots, transaction IDs, and all evidence; (4) File an FIR at the nearest police station or Cyber Crime Cell if recovery is sought through the courts. Indians lost over ₹22,845 crore to cyber fraud in 2024 — prompt reporting is the only path to recovery.

Q: Is receiving obscene messages or photos online a crime under the IT Act in India?

Yes. Sending, publishing, or transmitting obscene material in electronic form is a criminal offence under Section 67 of the IT Act 2000, punishable with imprisonment up to 3 years and a fine up to ₹5 lakh for first-time offenders, and up to 5 years with fine up to ₹10 lakh for repeat offenders. Section 67A covers sexually explicit material — imprisonment up to 5 years and fine up to ₹10 lakh. Section 67B specifically covers child sexual abuse material (CSAM) — imprisonment up to 5 years and fine up to ₹10 lakh for first offence, and up to 7 years with ₹10 lakh fine for repeat offenders.

Q: Can I report cybercrime anonymously in India?

Yes, for certain categories. The National Cyber Crime Reporting Portal at cybercrime.gov.in allows anonymous reporting for crimes related to women and children — you can report online child sexual abuse material, online harassment, or exploitation without disclosing your identity. For financial fraud, identity theft, and other cybercrimes, you need to register an account on the portal to track the complaint status. However, you are not required to appear physically at a police station to file the initial complaint online.

What is the IT Act 2000 — India's primary cybercrime law?

The Information Technology Act 2000 (Act No. 21 of 2000), notified on 17 October 2000, is India's primary law governing cybercrime and electronic commerce. Before the IT Act, India had no legal framework to prosecute hackers, protect digital data, or validate online contracts — traditional laws were entirely inadequate for the digital world.

The IT Act has two broad functions. First, it gives legal recognition to electronic records and digital signatures — making online contracts, e-governance transactions, and digital documents legally valid. Second, it defines and penalises cyber offences — from hacking and identity theft to cyber terrorism and child sexual abuse material.

The Act has been significantly amended — most importantly in 2008, which added new sections covering identity theft, cheating by impersonation, privacy violations, and cyber terrorism. The Act applies to offences committed anywhere in the world if a computer system or network located in India is involved.

Section 66A is permanently struck down — it cannot be used against you

Section 66A, which punished sending "offensive or menacing" electronic messages and was widely misused to arrest people for social media posts, was struck down as unconstitutional by the Supreme Court in Shreya Singhal v. Union of India (2015). It violates freedom of speech under Article 19(1)(a). Despite being struck down, police in some states continued to use it — the Supreme Court has since reaffirmed that it is completely void and cannot be applied. If police attempt to book you under Section 66A, challenge it immediately through a lawyer.

IT Act 2000 key sections and penalties — complete reference table

Section	Offence	Punishment
Section 65	Tampering with computer source documents — knowingly concealing, destroying, or altering source code that is legally required to be maintained	Up to 3 years imprisonment or fine up to ₹2 lakh or both
Section 66	Hacking — unauthorised access to or destruction, deletion, or alteration of information in a computer resource with dishonest or fraudulent intent	Up to 3 years imprisonment, fine up to ₹5 lakh, or both
Section 66B	Receiving stolen computer resources — dishonestly receiving or retaining any stolen computer resource or communication device	Up to 3 years imprisonment, fine up to ₹1 lakh, or both
Section 66C	Identity theft — fraudulently using another person's electronic signature, password, or unique identification feature	Up to 3 years imprisonment and fine up to ₹1 lakh
Section 66D	Cheating by personation using a computer — impersonating another person through a fake profile, email, or website to cheat or defraud	Up to 3 years imprisonment and fine up to ₹1 lakh
Section 66E	Violation of privacy — capturing, publishing, or transmitting images of the private area of a person without consent (video voyeurism, non-consensual intimate images)	Up to 3 years imprisonment or fine up to ₹2 lakh or both
Section 66F	Cyber terrorism — acts threatening the unity, integrity, security, or sovereignty of India through unauthorised access to critical infrastructure or computer networks	Life imprisonment
Section 67	Publishing or transmitting obscene material in electronic form	First offence: up to 3 years and fine up to ₹5 lakh. Repeat: up to 5 years and fine up to ₹10 lakh
Section 67A	Publishing or transmitting material containing sexually explicit acts in electronic form	First offence: up to 5 years and fine up to ₹10 lakh. Repeat: up to 7 years and fine up to ₹10 lakh
Section 67B	Child sexual abuse material (CSAM) — publishing, transmitting, or browsing material depicting children in sexually explicit form	First offence: up to 5 years and fine up to ₹10 lakh. Repeat: up to 7 years and fine up to ₹10 lakh
Section 69A	Government power to block websites — power to direct intermediaries to block public access to any online content for national security, public order etc.	Intermediary non-compliance: up to 7 years imprisonment and fine
Section 72	Breach of confidentiality and privacy — disclosure of electronic records in breach of the lawful contract of an authorised person	Up to 2 years imprisonment or fine up to ₹1 lakh or both
Section 72A	Disclosure of information in breach of lawful contract — service providers disclosing personal information in breach of contract with intent to cause wrongful gain or loss	Up to 3 years imprisonment or fine up to ₹5 lakh or both
Section 66A	Struck down by Supreme Court in 2015 — no longer in force	Cannot be applied — challenge immediately through a lawyer if cited

How to report cybercrime in India — step by step

⚡ Time is critical for financial fraud recovery

For online financial fraud — UPI scam, phishing, OTP theft, fake investment scheme — recovery chances are approximately 60% if reported within the first hour, and drop to under 15% after 24 hours. The 1930 helpline escalates to banks to freeze destination accounts in real time. Every minute counts.

Preserve all evidence immediately

Before anything else — screenshot every communication: fraudulent messages, transaction confirmations, fake websites, email threads, social media profiles, call logs. Note the exact date, time, amount, UPI ID, bank account number, phone number, email, and any URL involved. Digital evidence disappears — the fraudster may delete accounts or messages within hours. Preserve everything before contacting anyone.

Evidence first — everything else second

Call 1930 — National Cyber Crime Helpline (24x7)

The national helpline 1930 operates 24 hours a day, 7 days a week. For financial fraud especially, this call can freeze the fraudster's account before they withdraw. Tell the operator: the transaction amount, the date and time, the beneficiary bank account or UPI ID, and your own bank details. The operator files a ticket that is escalated to the banks involved. You will receive an acknowledgment SMS — use this reference number for follow-up.

🕐 Call within the first 30-60 minutes for best results

Call your bank's fraud helpline simultaneously

While your phone waits on the 1930 queue, use another device to call your bank's 24x7 fraud helpline. Report the fraudulent transaction immediately, request a dispute lodging, and ask them to block further outgoing transactions from your account. Get a complaint or reference number from the bank. Banks have internal mechanisms to recall or hold transactions flagged within hours — this is separate from the police process and works faster.

Bank and police action work in parallel

File a complaint at cybercrime.gov.in

Visit the National Cyber Crime Reporting Portal at cybercrime.gov.in. Register with your mobile number. Select the crime category: financial fraud, identity theft, cyberbullying, hacking, online harassment, or other. Fill in the complaint form with all details and upload all evidence. You will receive a complaint reference number — track your case using this number. For crimes against women and children, anonymous reporting is available without registering.

cybercrime.gov.in — MHA's official portal

File an FIR at any police station

Cybercrime has global jurisdiction in India — you can file an FIR at any police station regardless of where you live or where the crime occurred. Ask specifically for the cyber crime officer or section. Bring your complaint reference number from cybercrime.gov.in, screenshots, transaction records, and identity proof. If the police refuse to file an FIR, you can approach the Magistrate directly under Section 156(3) of the BNSS 2023 to direct police to register.

Any police station — cybercrime has global jurisdiction

Need a cybercrime lawyer urgently?

Book a verified cyber law advocate — AI prepares your full complaint brief with all IT Act 2000 sections before the call.

Book a Cyber Lawyer — ₹99

The most common cybercrimes in India — what section applies, what to do

UPI fraud, phishing, and online payment scams

The largest category of cybercrime in India — accounting for about 35% of all cases — involves fake UPI requests, QR code scams, OTP theft, fake customer care numbers, and fraudulent payment links. These are prosecuted under Section 66D of the IT Act (cheating by personation), Section 66C (identity theft), and Section 316 of the BNS 2023 (cheating). Call 1930 and your bank immediately for any payment fraud — frozen accounts can be recovered if acted upon quickly.

Digital arrest scams — the new mass fraud in India

Fraudsters call victims on WhatsApp or regular phone posing as CBI officers, customs officials, narcotics agents, or police and claim the victim is under "digital arrest" for supposed money laundering, drug trafficking, or other serious offences. They demand money to "settle" the case and instruct the victim to stay on a video call for hours or days. There is no such thing as a digital arrest in Indian law. No legitimate law enforcement agency conducts arrests or interrogations over phone or video call. Disconnect immediately, do not pay, and report to 1930.

Hacking and unauthorised account access

If your email, social media account, bank account, or any online profile has been accessed without your permission — this is an offence under Section 66 of the IT Act (hacking). File a complaint on cybercrime.gov.in and an FIR immediately. Also report to the platform itself (Gmail, Instagram, etc.) to initiate account recovery. Preserve login activity logs, notifications of suspicious logins, and any communications from the hacker as evidence.

Non-consensual intimate image (NCII) and video voyeurism

Capturing, publishing, or transmitting private images or videos of a person without their consent — whether through hidden cameras, screenshots from private chats, or deepfakes — is a criminal offence under Section 66E of the IT Act with up to 3 years imprisonment. Sending, sharing, or threatening to share such material is also covered by Section 67 and 67A. Report to cybercrime.gov.in and take a screenshot of the content as evidence before reporting it to the platform for takedown.

Cyberstalking and online harassment

Persistent, repeated electronic communication designed to cause alarm, distress, or harassment is covered by Section 354D of the former IPC (now BNS Section 77) and Section 66A was previously used (now struck down). For cyberstalking against women, report to cybercrime.gov.in — the portal has a dedicated section for crimes against women. Preserve all messages, comments, emails, and posts. You can report anonymously to protect your identity.

Investment scams and fake trading platforms

Investment scams accounted for ₹17,400 crore of cybercrime losses in 2024 — the single largest category. These involve fake stock trading apps, fraudulent crypto platforms, Ponzi schemes promising 10-15% monthly returns, and fake mutual fund advisors. Prosecuted under Section 66D of the IT Act and Section 316 of the BNS 2023. File on cybercrime.gov.in, report to SEBI (for securities fraud), and file an FIR. The I4C coordinates with banks and payment gateways to freeze fraudulent accounts.

IT Act 2000 — intermediaries, data protection, and what's changing

What are safe harbour protections for intermediaries under the IT Act?

Section 79 of the IT Act provides "safe harbour" protection to intermediaries — platforms like Google, Meta, WhatsApp, and Twitter/X — from liability for third-party content, provided they act as mere conduits, do not initiate or modify content, and comply with government takedown notices. The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 (IT Rules 2021) significantly expanded obligations on large platforms — requiring grievance officers, content takedown timelines, and traceability of messaging content for large social media platforms.

What is the Digital Personal Data Protection Act 2023 — and how does it relate to the IT Act?

The Digital Personal Data Protection Act 2023 (DPDPA) is India's first comprehensive data protection law, passed in August 2023. It establishes a Data Protection Board, requires organisations to obtain explicit consent before processing personal data, and mandates breach notification to individuals and the board. The DPDPA is expected to eventually supersede or substantially replace the data privacy provisions of the IT Act — particularly Section 43A (compensation for data breach) and the IT (Reasonable Security Practices) Rules 2011. As of 2025, the DPDPA is largely yet to come into force pending subordinate rules and the establishment of the Data Protection Board.

What is CERT-In and how does it help cybercrime victims?

The Indian Computer Emergency Response Team (CERT-In) is the national nodal agency for cybersecurity, established under Section 70B of the IT Act. CERT-In handles cybersecurity incidents, issues advisories on vulnerabilities, coordinates with government and private sector on incident response, and maintains the national cybercrime response framework. For individuals, CERT-In is not the first point of contact — use 1930 and cybercrime.gov.in. CERT-In's role is primarily in protecting critical infrastructure, issuing public advisories, and working with I4C (Indian Cyber Crime Coordination Centre) to combat cybercrime at a systemic level.

Cybercrime India — questions people actually ask

How do I report cybercrime in India?

Three ways: (1) Call 1930 — national cybercrime helpline, 24x7, especially for financial fraud — to freeze transactions immediately; (2) File online at cybercrime.gov.in — the MHA's National Cyber Crime Reporting Portal for all cybercrime types; (3) File an FIR at any police station — cybercrime has global jurisdiction in India, so any station can file. For financial fraud, call 1930 within the first hour — recovery chances drop sharply after 24 hours.

What is the punishment for hacking under the IT Act 2000 in India?

Under Section 66 of the IT Act 2000, hacking — unauthorised access to or destruction of data in a computer resource with dishonest intent — is punishable with imprisonment up to 3 years, a fine up to ₹5 lakh, or both. Tampering with computer source code (Section 65) carries up to 3 years or fine up to ₹2 lakh. Cyber terrorism (Section 66F) carries life imprisonment.

What is the punishment for identity theft under the IT Act 2000 in India?

Under Section 66C of the IT Act 2000, identity theft — fraudulent use of another's electronic signature, password, or unique identification — carries imprisonment up to 3 years and fine up to ₹1 lakh. Section 66D covers cheating by impersonation using a computer (fake profiles, fake websites, impersonating others to defraud) with the same punishment of up to 3 years and ₹1 lakh fine.

What should I do immediately if I am a victim of online fraud in India?

Act within the first hour: (1) Call 1930 with your transaction details — amount, date, beneficiary UPI/bank account; (2) Call your bank's fraud helpline to block further transactions and dispute the charge; (3) File a complaint at cybercrime.gov.in with all evidence; (4) File an FIR at the nearest police station. Indians lost over ₹22,845 crore to cyber fraud in 2024 — the earlier you act, the higher the recovery chances.

Is digital arrest real — can police really arrest you over a video call in India?

No — digital arrest is a fraud, not a real legal process. No law in India permits arrest or interrogation over a phone or video call. Fraudsters pose as CBI, customs, or police officers and demand money to "settle" a case. If you receive such a call, disconnect immediately, do not pay anything, and report to 1930 and cybercrime.gov.in. The Government of India has publicly warned citizens about this scam and instructed telecom providers to block international spoofed calls mimicking Indian numbers.

Is receiving obscene messages or photos online a crime under the IT Act in India?

Sending or transmitting obscene material electronically is a crime under Section 67 (up to 3 years, ₹5 lakh fine) and Section 67A for sexually explicit material (up to 5 years, ₹10 lakh fine). Section 67B specifically covers child sexual abuse material with up to 7 years imprisonment for repeat offenders. If you receive such material, preserve it as evidence and report to cybercrime.gov.in — you can do so anonymously for crimes involving children.

Can I report cybercrime anonymously in India?

Yes, for crimes against women and children. The National Cyber Crime Reporting Portal at cybercrime.gov.in allows anonymous reporting for these categories — you do not need to disclose your identity to report online child sexual abuse material, exploitation, or harassment. For financial fraud and other cybercrimes, you need to register an account to track complaint status, but you do not need to appear physically at a police station to file the initial online complaint.

What is Section 69A of the IT Act 2000?

Section 69A empowers the Central Government to direct any intermediary or agency to block public access to any online information if needed for national security, public order, defence, or preventing incitement to a cognizable offence. This is the provision used to block websites, apps, and social media accounts in India. Intermediaries that fail to comply face up to 7 years imprisonment and fine. Individuals have limited direct recourse against blocking orders — challenges go through the High Court.

Not sure which cybercrime law applies to your case?

AI generates your complete complaint citing the correct IT Act 2000 sections — ready to file at the police station or cybercrime portal.

Speak to Legal AI — free