Cyber Crime Legal Notice in India: Online Fraud, Harassment & Data Breach

The rapid growth of digital technology in India has brought immense convenience — but also a sharp rise in cyber crimes. From online financial fraud and phishing scams to cyberstalking, identity theft, and data breaches, individuals and businesses face an ever-expanding range of digital threats. A cyber crime legal notice is a critical first step in asserting your legal rights, compelling the offender to cease unlawful activity, and laying the groundwork for formal criminal or civil proceedings.

This comprehensive guide explains what constitutes cyber crime under Indian law, the key legislative provisions — including the Information Technology Act, 2000 and the Bharatiya Nyaya Sanhita (BNS) — the process for sending a legal notice, how to file a cyber crime complaint, and the essential steps for preserving digital evidence that can make or break your case.

What Is Cyber Crime Under Indian Law?

Cyber crime refers to any criminal activity that involves a computer, computer network, or networked device as the instrument, target, or place of the offence. In India, the primary legislation governing cyber crime is the Information Technology Act, 2000 (as amended in 2008), supplemented by applicable provisions of the Bharatiya Nyaya Sanhita (BNS), 2023, which replaced the Indian Penal Code with effect from 1 July 2024.

Cyber crimes can be committed against individuals, corporations, or the government. They range from relatively simple acts — like sending threatening emails — to sophisticated operations such as large-scale data breaches, ransomware attacks, and financial fraud involving crores of rupees. Importantly, Indian cyber law applies not only to offences committed within India but also to offences committed outside India if the computer, computer system, or computer network involved is located in India (Section 75, IT Act).

Common Types of Cyber Crimes

Cyber crimes in India take many forms, and understanding the specific nature of the offence is essential for drafting an effective legal notice and filing the right complaint. Below are the most common categories encountered in practice.

Online Financial Fraud

Online financial fraud is the most prevalent category of cyber crime in India. It includes phishing attacks (fraudulent emails or messages impersonating banks or government agencies to steal credentials), UPI fraud (tricking victims into authorising payments through deceptive collect requests or QR codes), credit and debit card theft (skimming, cloning, or unauthorized online transactions), OTP fraud (social engineering victims into sharing one-time passwords), and investment scams (fake trading platforms, Ponzi schemes, and cryptocurrency fraud). Under the IT Act, such offences are punishable under Sections 43 and 66, with additional charges possible under BNS provisions for cheating and dishonest misappropriation.

Cyberstalking and Online Harassment

Cyberstalking involves using electronic communication to follow, monitor, or harass another person, causing fear, distress, or intimidation. This includes repeatedly sending threatening or offensive messages, tracking someone's online activity without consent, creating fake profiles to contact or monitor a victim, and sharing intimate images without consent (revenge pornography). Section 354D of the BNS (replacing Section 354D IPC) addresses stalking, while Section 67 of the IT Act covers publishing obscene material electronically. Section 66E specifically penalises violation of privacy by capturing, publishing, or transmitting images of a person's private area without consent.

Identity Theft and Impersonation

Identity theft occurs when a person fraudulently uses another individual's personal data — such as Aadhaar number, PAN card details, bank credentials, or social media accounts — for dishonest or unlawful purposes. Online impersonation involves creating fake profiles or accounts using another person's name, photographs, or personal details to deceive others. These offences are specifically addressed under Section 66C (identity theft) and Section 66D (cheating by personation using a computer resource) of the IT Act. Penalties include imprisonment up to three years and fines up to one lakh rupees.

Data Theft and Privacy Breach

Data theft involves the unauthorised copying, extraction, or downloading of data from a computer system or network. This can range from an employee stealing trade secrets or customer databases to external hackers exfiltrating sensitive personal data. Privacy breaches by companies — such as sharing user data without consent, failing to implement adequate security practices, or concealing data breaches from affected individuals — are increasingly common. Section 43 of the IT Act provides for compensation where any person without permission accesses, downloads, copies, or extracts data. Section 72 penalises breach of confidentiality and privacy, and Section 72A addresses disclosure of personal information in breach of lawful contract.

Online Defamation and Trolling

Publishing defamatory content about a person or business through social media, websites, blogs, or messaging platforms constitutes online defamation. This includes false allegations, doctored images, misleading reviews intended to damage reputation, and coordinated trolling campaigns. While defamation is primarily addressed under Sections 356 and 357 of the BNS (replacing Sections 499–500 of the IPC), the IT Act's provisions on intermediary liability and the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 provide mechanisms for content takedown and identification of anonymous offenders.

Hacking and Unauthorized Access

Hacking refers to gaining unauthorised access to a computer system, network, or database with the intent to cause wrongful loss or damage, steal data, or disrupt services. Under Section 43 of the IT Act, any person who accesses or secures access to a computer system without authorisation is liable to pay compensation up to Rs. 5 crore (or as determined by an adjudicating officer). Section 66 makes hacking a criminal offence punishable with imprisonment up to three years and/or a fine up to Rs. 5 lakh. More serious attacks — such as those targeting critical information infrastructure (power grids, defence systems, banking networks) — attract penalties under Section 66F (cyber terrorism), which can include life imprisonment.

Legal Framework for Cyber Crimes in India

India's legal framework for addressing cyber crime rests on three pillars: the Information Technology Act, 2000, the Bharatiya Nyaya Sanhita (BNS), 2023, and the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. Understanding these provisions is essential for drafting a legally effective cyber crime notice.

Information Technology Act, 2000

The Information Technology Act, 2000 (amended in 2008) is the principal legislation governing cyber activities in India. Key sections relevant to cyber crime legal notices include:

• Section 43: Penalty and compensation for damage to computer systems — covers unauthorised access, data theft, introducing viruses, disrupting services, and denial-of-service attacks. Compensation can be awarded up to Rs. 5 crore by the adjudicating officer.
• Section 66: Computer-related offences (hacking) — imprisonment up to 3 years and/or fine up to Rs. 5 lakh.
• Section 66B: Punishment for dishonestly receiving stolen computer resource or communication device — imprisonment up to 3 years and/or fine up to Rs. 1 lakh.
• Section 66C: Punishment for identity theft — imprisonment up to 3 years and fine up to Rs. 1 lakh.
• Section 66D: Punishment for cheating by personation using computer resource — imprisonment up to 3 years and fine up to Rs. 1 lakh.
• Section 66E: Punishment for violation of privacy — capturing, publishing, or transmitting images of private areas without consent — imprisonment up to 3 years and/or fine up to Rs. 2 lakh.
• Section 67: Punishment for publishing or transmitting obscene material in electronic form — first conviction: imprisonment up to 3 years and fine up to Rs. 5 lakh.
• Section 72: Breach of confidentiality and privacy — imprisonment up to 2 years and/or fine up to Rs. 1 lakh.
• Section 72A: Punishment for disclosure of information in breach of lawful contract — imprisonment up to 3 years and/or fine up to Rs. 5 lakh.

Bharatiya Nyaya Sanhita (BNS)

The Bharatiya Nyaya Sanhita (BNS), 2023, which replaced the Indian Penal Code from 1 July 2024, contains several provisions applicable to cyber crimes. While the IT Act remains the primary cyber law, the BNS supplements it for offences that have a cyber component:

• Section 318 (Cheating): Applicable to online fraud, phishing, and e-commerce scams where the accused deceives the victim into delivering property or money.
• Section 319 (Cheating by Personation): Covers cases where the offender pretends to be another person online to commit fraud.
• Section 356 (Defamation): Addresses online defamation through social media posts, blogs, reviews, and other digital publications.
• Section 354D (Stalking): Covers cyberstalking, including monitoring internet or electronic communication, and repeated attempts to contact despite clear disinterest.
• Section 351 (Criminal Intimidation): Applicable to online threats and intimidation through emails, messages, or social media.

IT Rules 2021 (Intermediary Guidelines)

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 impose obligations on social media platforms, messaging services, and digital news media. These rules are particularly relevant when the cyber crime involves content hosted on third-party platforms:

• Grievance Redressal Mechanism: Every significant social media intermediary (SSMIs like Facebook, Instagram, X, YouTube) must appoint a Grievance Officer, a Chief Compliance Officer, and a Nodal Contact Person resident in India.
• Content Takedown: Intermediaries must remove or disable access to unlawful content within 36 hours of receiving a court order or government notification, and within 72 hours for content flagged as violating the rules.
• First Originator Traceability: Messaging platforms like WhatsApp must enable identification of the first originator of a message that is the subject of a court or government order, particularly for serious offences.
• Due Diligence Safe Harbour: Intermediaries that fail to comply with these rules lose their safe harbour protection under Section 79 of the IT Act and can be held liable for third-party content.

When to Send a Cyber Crime Legal Notice

A cyber crime legal notice is appropriate when you have identified the offender (or the intermediary platform hosting the offending content) and wish to demand that they cease the unlawful activity, compensate you for losses, or take down harmful content. Specific situations where sending a legal notice is advisable include:

• You have lost money to an online fraud or phishing scam and have identified the beneficiary account or the platform used.
• Someone is cyberstalking or harassing you through social media, email, or messaging apps and has not stopped despite warnings.
• Your personal data has been stolen or leaked by an individual, company, or platform that failed to maintain adequate security.
• A person has committed identity theft by creating fake accounts or using your personal details for fraudulent transactions.
• You are the victim of online defamation — false and malicious statements published about you on websites, social media, or review platforms.
• Your computer system or network has been hacked, causing data loss, service disruption, or financial damage.
• A social media platform or intermediary has failed to act on your grievance or take down unlawful content within the timelines prescribed by the IT Rules, 2021.
• You need to establish a documented legal trail before filing an FIR or civil suit — a legal notice creates formal evidence of your demand and the other party's response (or lack thereof).

Key Elements of a Cyber Crime Notice

A well-drafted cyber crime legal notice must be precise, factually accurate, and legally grounded. The following elements are essential:

1. Sender's Details: Full name, address, and contact information of the victim or their authorised advocate.
2. Recipient's Details: Name, designation, and address of the accused person, company, or intermediary. If the offender is anonymous, the notice may be addressed to the platform or service provider.
3. Date and Subject Line: The date of the notice and a clear subject line indicating the nature of the cyber crime (e.g., "Legal Notice for Online Financial Fraud under IT Act, 2000").
4. Detailed Statement of Facts: A chronological account of the cyber crime — when it occurred, how it was discovered, the digital platforms or devices involved, and the impact on the victim. Be specific about URLs, usernames, transaction IDs, IP addresses, and dates.
5. Digital Evidence Referenced: A list of digital evidence in your possession — screenshots, email headers, transaction records, server logs, chat transcripts — with a statement that originals are preserved and a Section 65B certificate is available if needed.
6. Legal Provisions Violated: Cite the specific sections of the IT Act, 2000 and/or BNS that apply — for example, Section 66C for identity theft, Section 66D for cheating by personation, Section 43 for unauthorised access, or Section 67 for obscene content.
7. Relief Demanded: Clearly state your demands — cessation of the unlawful activity, takedown of offending content, monetary compensation for losses suffered, a public apology, or any other appropriate relief.
8. Time Frame for Compliance: A reasonable deadline — typically 15 to 30 days — for the recipient to comply with your demands.
9. Consequences of Non-Compliance: A clear statement that failure to comply will result in filing an FIR with the Cyber Crime Cell, a complaint on the National Cyber Crime Reporting Portal, and/or civil proceedings for damages, with all costs to be borne by the recipient.

Step-by-Step Process for Sending a Cyber Crime Legal Notice

Follow these steps to effectively send a cyber crime legal notice and, where necessary, escalate the matter to law enforcement:

1. Preserve All Digital Evidence Immediately: Before doing anything else, take screenshots, save emails with full headers, download chat transcripts, and record URLs. Digital evidence can be deleted or altered by the offender at any time. Time-stamp everything.
2. Identify the Offender or Intermediary: Determine who the notice should be addressed to. If you know the offender, gather their contact details. If the offender is anonymous, identify the platform or service provider hosting the content or facilitating the transaction.
3. Draft the Legal Notice: Prepare a comprehensive notice containing all the key elements outlined above. Engage a lawyer experienced in cyber law or use OpenVakil's AI-assisted drafting with legal review to ensure accuracy.
4. Have the Notice Reviewed: Cyber crime legal notices involve technical and legal nuances — incorrect citations or factual inaccuracies can weaken your position. Have the notice reviewed by a legal professional.
5. Send via Registered Post / Speed Post with AD: Send the physical notice through India Post's registered post or speed post with acknowledgment due. Retain the postal receipt and tracking number as proof of dispatch and delivery.
6. Send an Electronic Copy: Email the notice to the recipient's official email address. For intermediaries, use the email address of their designated Grievance Officer as published on their website.
7. File an FIR at the Cyber Crime Cell: If the offence is serious — involving financial loss, threats, obscene content, or ongoing harassment — file an FIR with the local Cyber Crime Cell or the nearest police station. Provide copies of the legal notice and all digital evidence.
8. Monitor the Response: Track the acknowledgment of your notice and wait for the stipulated time period. Document any response (or lack thereof) from the recipient.
9. Escalate if Necessary: If there is no satisfactory response, proceed with filing a formal complaint on cybercrime.gov.in, approaching the adjudicating officer under the IT Act for compensation, or filing a civil suit for damages.

Cyber crime is not merely a law and order issue — it is a national security concern. The legal framework must keep pace with technology, and victims must be empowered with accessible, swift mechanisms for redress.

— Supreme Court of India, Shreya Singhal v. Union of India (2015)

Filing a Cyber Crime Complaint

In addition to (or instead of) sending a legal notice, you can file a formal cyber crime complaint through the following channels:

• National Cyber Crime Reporting Portal (cybercrime.gov.in): This is the Government of India's official portal for reporting cyber crimes. You can file complaints related to online financial fraud, crimes against women and children, and other cyber offences. The portal generates a unique complaint number for tracking, and complaints are automatically routed to the relevant state cyber police for investigation.
• Cyber Crime Cell / Cyber Police Station: Every state in India has dedicated Cyber Crime Cells or Cyber Police Stations. You can visit in person to file an FIR. Bring printouts of all digital evidence, your legal notice (if already sent), and identification documents.
• Local Police Station: If there is no dedicated cyber cell in your area, you can file an FIR at the nearest police station. Under Section 154 of the CrPC (now Section 173 of BNSS), the police are obligated to register an FIR for cognizable offences. Cyber crimes under Sections 66, 66C, 66D, 66E, and 67 of the IT Act are cognizable.
• Helpline Number 1930: The Government of India's National Cyber Crime Helpline (1930) provides immediate assistance, especially for financial fraud cases. Call within the "golden hour" after discovering a fraudulent transaction to increase the chances of freezing the funds.

Preserving Digital Evidence

Digital evidence is the cornerstone of any cyber crime case. Unlike physical evidence, digital evidence can be easily altered, deleted, or rendered inadmissible if not properly preserved. Indian courts require digital evidence to comply with Section 65B of the Indian Evidence Act (now Section 63 of the Bharatiya Sakshya Adhiniyam, 2023) to be admissible. Here is how to preserve your evidence effectively:

1. Take Screenshots Immediately: Capture screenshots of the offending content, messages, transactions, or profiles. Ensure the screenshots show the URL, date, time, and the complete content. Use the device's built-in screenshot function rather than third-party tools.
2. Save Complete Emails with Headers: If the crime involves emails, save the complete email including full headers (which contain metadata like originating IP address, mail server path, and timestamps). Most email clients allow you to view and download the original email source.
3. Download and Preserve Chat Transcripts: Export WhatsApp chats, Telegram messages, Instagram DMs, or other chat records using the app's built-in export function. Save both the text and any media files.
4. Record Transaction Details: For financial fraud, save bank statements, UPI transaction screenshots, payment gateway receipts, and any communication from the bank or payment service.
5. Use Screen Recording for Dynamic Content: For content that may be deleted (such as live videos, stories, or temporary posts), use screen recording to capture the content in real time.
6. Obtain a Section 65B Certificate: For digital evidence to be admissible in Indian courts, it must be accompanied by a certificate under Section 65B of the Indian Evidence Act (now Section 63, BSA 2023). This certificate, signed by a person who is in charge of the computer or has access to the relevant data, attests that the electronic record is a true reproduction of the original. Without this certificate, the digital evidence may be deemed inadmissible.
7. Engage a Cyber Forensic Expert: In serious cases involving large financial losses, data breaches, or hacking, consider engaging a certified cyber forensic expert to create forensic images of affected devices, preserve chain of custody, and provide expert testimony if needed.

Common Mistakes to Avoid

Handling a cyber crime case requires care at every stage. Avoid these common mistakes that can weaken your case or result in lost evidence:

1. Delaying Action: Cyber criminals can delete evidence, move funds, and cover their tracks quickly. Report the crime and preserve evidence within hours, not days.
2. Confronting the Offender Online: Do not engage with the offender through threatening messages or public posts. This can compromise your evidence, alert the offender, and potentially expose you to counter-claims.
3. Citing Section 66A of the IT Act: This section was struck down by the Supreme Court in Shreya Singhal v. Union of India (2015). Citing it in a legal notice demonstrates a lack of legal awareness and weakens your credibility.
4. Failing to Preserve Evidence Properly: Taking partial screenshots, not saving email headers, or failing to obtain a Section 65B certificate can render your digital evidence inadmissible in court.
5. Not Filing an FIR: Many victims send a legal notice but do not file an FIR. For criminal offences, the FIR is essential. The police have the power to investigate, seize devices, and arrest offenders — a legal notice alone cannot achieve this.
6. Sending Vague or Emotional Notices: A legal notice should be specific, factual, and cite applicable legal provisions. Vague allegations without supporting evidence, or emotional language without legal substance, will not achieve the desired result.
7. Ignoring Intermediary Liability: If the offending content is hosted on a social media platform or website, send a separate notice to the intermediary demanding content takedown under the IT Rules, 2021. Intermediaries that fail to act lose their safe harbour protection.
8. Not Consulting a Lawyer: Cyber law is a specialised field. The intersection of the IT Act, BNS, evidence law, and procedural requirements makes professional legal advice essential for serious cyber crime matters.

How OpenVakil Helps with Cyber Crime Legal Notices

Cyber crime legal notices require a unique combination of technical understanding and legal precision. Unlike conventional legal notices, they must reference specific digital platforms, describe technical processes, cite the correct IT Act sections, and address the nuances of electronic evidence. OpenVakil is purpose-built to handle this complexity.

With OpenVakil, you can generate a professional, legally accurate cyber crime legal notice in minutes. Simply provide the details of the offence — the type of cyber crime, the platforms involved, the evidence you have, and the relief you seek. Our AI engine drafts a comprehensive notice citing the relevant provisions of the IT Act, BNS, and IT Rules, and our legal team reviews it for accuracy.

• AI-Powered Drafting: Generate a detailed, legally sound cyber crime notice tailored to the specific type of offence — whether it is financial fraud, cyberstalking, identity theft, data breach, or online defamation.
• Correct Legal Citations: Our system ensures that the notice cites only valid, current legal provisions — no struck-down sections, no outdated IPC references.
• Lawyer-Reviewed Quality: Every notice is reviewed by legal professionals experienced in cyber law to ensure factual accuracy, proper legal framing, and persuasive tone.
• Evidence Guidance: Receive guidance on how to preserve digital evidence, obtain Section 65B certificates, and build a strong evidentiary foundation for your case.
• End-to-End Support: From drafting the notice to guidance on filing an FIR at the cyber cell, reporting on cybercrime.gov.in, and pursuing legal remedies, OpenVakil supports you throughout the process.
• Affordable & Transparent: Access expert-quality cyber crime legal notices at a fraction of the cost of traditional law firms, with no hidden charges.

Whether you are dealing with a phishing scam that drained your bank account, a cyberstalker who will not stop, a data breach that exposed your personal information, or defamatory content circulating online — OpenVakil gives you the legal tools to fight back effectively and assert your rights under Indian cyber law.

Cyber crime is a rapidly evolving threat, but Indian law provides robust mechanisms for protection and redress. Armed with the right knowledge, properly preserved evidence, a well-drafted legal notice, and timely complaints to the cyber cell and online portals, you can hold offenders accountable and recover your losses. The key is to act swiftly, document meticulously, and seek expert legal guidance when the stakes are high. Take the first step today — your digital rights deserve to be protected.