Complete Anti-Scam Guide for India: From Identifying Fraud to Filing Reports and Recovering Funds (2026)

India is one of the countries with the highest digital payment adoption worldwide, with UPI (Unified Payments Interface) processing over 18 billion transactions per month. However, rapid digitization has also brought severe online fraud challenges. According to data from India's CERT-In (Computer Emergency Response Team) and NCRP (National Cyber Crime Reporting Portal), online fraud cases in India surged by over 35% year-on-year in 2025, with total losses exceeding 1.2 trillion rupees (approximately USD 14.3 billion). This guide will systematically help you identify common scams in India, use ScamLens tools to detect suspicious websites, report fraud through the proper channels, and maximize your chances of recovering stolen funds.

1. India's Online Fraud Landscape (2026)

Online fraud in India exhibits distinctive local characteristics. Here are the six most common types:

1. UPI Fraud — India's Unique Digital Payment Trap

UPI is India's homegrown instant payment system, and it has given rise to scam methods unique to the country:

• Fake Collect Requests (Collect Request Scam): Scammers send you a UPI collect request, claiming it is a "refund" or "bonus." Once you enter your PIN to authorize it, money is debited from your account — not credited.
• Fake QR Code Scam: Scammers pose as buyers on platforms like OLX and Quikr, sending you a "payment QR code" to scan. Scanning it actually transfers money to the scammer, not to you.
• UPI ID Spoofing: Scammers create UPI IDs that closely mimic well-known companies (e.g., spelling "paytm" as "paytnn") to trick you into transferring to the wrong address.
• Screen Sharing Scam: Scammers ask you to install remote access software like AnyDesk or TeamViewer under the pretext of "helping you fix a UPI issue," then take control of your phone to complete transactions.

Key Prevention: In UPI, scanning a QR code or approving a Collect Request is always a payment action — there is no such thing as "scanning to receive money." If someone asks you to scan a code to "receive payment," it is 100% a scam.

2. OTP Fraud — One-Time Password Theft

• Scammers impersonate bank staff, e-commerce support, or courier companies, calling to request your OTP (One-Time Password) under pretexts like "identity verification" or "processing a refund."
• Once you share the OTP, scammers immediately complete transfers or online purchases.
• Variant: Scammers send SMS messages with malicious links that automatically read and forward your OTP.

Golden Rule: No legitimate organization will ever ask for your OTP via phone call or SMS. Hang up immediately if you receive such a request.

3. KYC Update Scam

• Scammers impersonate banks or payment platforms like Paytm/PhonePe, claiming your KYC (Know Your Customer) verification is about to expire and your account will be frozen.
• They lure you into clicking a link to enter sensitive information such as card numbers, CVV, and Aadhaar numbers.
• Alternatively, they ask you to install a remote control app to directly operate your phone for identity theft.

How to Identify: Genuine KYC updates must be completed at bank branches or within official apps — never through SMS links or phone calls.

4. Fake Customer Care Scam

• Scammers place fake customer service phone numbers in Google search results (e.g., fake SBI helpline, fake Flipkart support).
• When you call, the "agent" asks you to install remote control software, provide banking details, or transfer a "processing fee."
• This type of scam is also rampant on Google Maps — scammers modify business phone numbers to their own.

Prevention: Only obtain customer service numbers from official apps or official websites. Never search for helpline numbers using search engines.

5. Investment and Cryptocurrency Scams

• Social media and WhatsApp groups promote "guaranteed profit" stock, futures, or cryptocurrency investments.
• Common pattern: They let you invest a small amount and earn returns (funded by the scammers themselves) to build trust, then push for larger investments before the platform "crashes" or the scammers disappear.
• Fake trading platforms: Professional-looking but with no regulatory credentials and no registration with SEBI (Securities and Exchange Board of India).
• Cryptocurrency "doubling" scams: Promising to return 2 ETH for every 1 ETH sent, using fake transaction screenshots for credibility.

6. Job Scams

• Recruitment messages offering "daily pay of 5,000-10,000 rupees" are sent via Telegram and WhatsApp.
• Common scripts: "Work from home tasks," "like videos," "write reviews."
• Initially, you complete simple tasks and receive payment. Later, you're asked to "recharge" to continue, with amounts escalating.
• Some job scams collect your Aadhaar and PAN card information for subsequent identity theft.

CERT-In/NCRP Data Overview

According to CERT-In's 2025 annual report and NCRP statistics:

Metric	Data
Cyber fraud complaints in 2025	Over 3.2 million
Year-on-year growth	+35%
UPI-related fraud share	Approximately 47%
Average loss per case	₹38,000 (approximately USD 450)
Fund recovery rate (reported within 72 hours)	Approximately 28%
Fund recovery rate (reported after 72 hours)	Less than 5%

These figures reinforce a core message: Speed is everything. The sooner you report, the higher the probability of recovering your funds.

2. How to Use ScamLens to Determine If You're Being Scammed

When you receive a suspicious link, encounter a suspicious website, or suspect you're being scammed, ScamLens can help you make a quick assessment.

ScamLens Hindi Interface: Visit scamlens.org/hi/ to use the Hindi (हिन्दी) interface — all features and analysis results are available in Hindi.

Steps

1. Open scamlens.org and switch to Hindi (हिन्दी) or your preferred language in the top-right corner.
2. Enter the suspicious website URL (e.g., suspicious-investment-app.com) in the search box on the homepage.
3. ScamLens will return a comprehensive security analysis report within seconds, including:
   • Trust Score: 0-100, where lower scores indicate higher risk.
   • Threat Intelligence Matches: Whether the website has been flagged by 90+ global threat intelligence sources.
   • AI Risk Summary: A plain-language explanation of the specific risks.
   • Domain Registration Info: Registration date, registrar, server location, and other technical details.
4. For cryptocurrency concerns, visit scamlens.org/hi/check-crypto and enter a wallet address to check if it's associated with known scams.

Practical Scenarios:

• Received an "investment link" forwarded in a WhatsApp group — check it with ScamLens first.
• Found a suspicious payment page from a seller on OLX — scan it before proceeding.
• Received a KYC update link via SMS — copy the link into ScamLens to verify.

3. Searching and Reporting Suspicious Websites on ScamLens

Search Existing Reports

1. Enter the URL in the search box at scamlens.org.
2. If the website has been checked by other users before, you'll see historical reports, community ratings, and user comments.
3. Check "Community Votes" to see other users' assessments — websites flagged as scams by multiple users are extremely high-risk.

Report a Scam Website

1. On the domain report page, click the "Report This Website" button.
2. Select the scam type (e.g., investment fraud, phishing, impersonation, etc.).
3. Describe your experience and the amount lost (optional but recommended to help other users).
4. After submission, the website's risk score is adjusted, and other users will see a warning when they visit.

Every report you make protects others. ScamLens's community-driven mechanism means the more people report, the faster scam websites are flagged and blocked.

4. Evidence Collection Checklist

Before filing a police report or complaint, systematically collect the following evidence. The more thorough your evidence, the more efficient the case filing and the higher the probability of fund recovery.

Essential Evidence

Evidence Type	Details	How to Preserve
UPI transaction screenshots	UPI Transaction ID, amount, time, and recipient UPI ID for each transfer	Screenshots + handwritten Transaction ID record
WhatsApp chat history	Complete conversations with scammers (including voice messages and images)	Export chat (WhatsApp Settings → Export Chat)
Call records	Scammer's phone number, call time, call duration	Phone call log screenshots
SMS screenshots	Scam SMS content, sender number, timestamp	Save screenshots
Bank statements	All transaction records related to the fraud	Export PDF from net banking/app
Scam website/app screenshots	Website pages, app interfaces, false promises	Screenshots + record the URL
Scammer's information	Scammer's UPI ID, bank account, phone number, social accounts	Compile into a single document
Aadhaar/PAN misuse record	If you provided Aadhaar or PAN information	Record what was shared and when
Remote control app installation record	If you installed AnyDesk/TeamViewer, etc.	Screenshot the app connection ID and time

India-Specific Evidence Tips

• UPI Transaction ID is critical: This is the core reference for banks to trace funds. Every UPI transaction has a unique 12-digit Transaction ID — always record it.
• Do not delete WhatsApp chats: Even if the scammer deletes messages, your copy remains valid. Use WhatsApp's "Export Chat" feature to generate a complete record file.
• Aadhaar number exposure: If you shared your Aadhaar number with a scammer, immediately visit myaadhaar.uidai.gov.in to lock your Aadhaar biometrics.
• ScamLens report screenshot: After scanning a scam website on ScamLens, save a screenshot of the analysis report as supplementary evidence for your case.

5. Reporting Channels (India)

1. 1930 — National Cyber Crime Helpline

Authority: Established by India's Ministry of Home Affairs as a nationwide unified cyber crime helpline, available 24/7 year-round.

Scope: All online financial fraud, especially urgent cases involving immediate fund transfers.

Steps:

1. Immediately call 1930 (nationwide number, toll-free).
2. Select your language after connecting (Hindi, English, and some regional languages supported).
3. Describe the type of scam and the amount involved.
4. Provide: your name, phone number, bank name, UPI Transaction ID, and the scammer's UPI ID or bank account.
5. The operator will immediately register the case in the Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS).
6. The system automatically notifies the involved banks to initiate fund-freezing procedures.
7. You will receive a Complaint Number — keep it safe.

Materials Needed:

• Your name and phone number
• Bank account information
• UPI Transaction ID or transfer receipt
• Scammer's contact details (phone, UPI ID, bank account)
• Amount lost and time of fraud

Critical Tip: The core value of the 1930 helpline is instant fund freezing. After calling, the system can freeze remaining funds in the scammer's account in the shortest possible time. The golden window is within 2 hours of being scammed — the faster you call, the higher the success rate.

2. cybercrime.gov.in — National Cyber Crime Reporting Portal (NCRP)

Authority: An online case-filing platform operated by India's Ministry of Home Affairs, supporting complete case submission and tracking.

Steps:

1. Visit cybercrime.gov.in.
2. Click "File a Complaint."
3. Select complaint type: "Financial Fraud" or "Other Cyber Crime."
4. Register/log in using your phone number (you will receive an OTP).
5. Fill out the detailed form:
   • Personal information (name, address, last four digits of Aadhaar)
   • Fraud type (UPI Fraud, Internet Banking Fraud, Credit/Debit Card Fraud, etc.)
   • Detailed description of the fraud
   • Amount involved and date
   • Scammer information (phone, account, website, etc.)
6. Upload evidence files (screenshots, chat records, etc. — PDF and JPG supported, max 5MB per file).
7. After submission, you'll receive a Complaint Reference Number to track your case on the portal.

Materials Needed: Phone number (for OTP), Aadhaar number, bank statements, transaction screenshots, scammer's information

Note: NCRP complaints are automatically assigned to the Cyber Crime Cell in your state. It's recommended to call 1930 first, then file online via NCRP for double protection.

3. 100 — Emergency Police

Scope: Emergency personal safety threats, crimes in progress, situations requiring police presence.

Steps:

1. Dial 100 (India's national emergency number).
2. State your location and the emergency.
3. For cyber fraud, the operator will typically direct you to call 1930 or visit the nearest Police Station to file a report.

Note: For purely online financial fraud (no personal safety threat), prioritize calling 1930 over 100. The 100 line is better suited for personal safety emergencies.

4. CERT-In — Indian Computer Emergency Response Team

Authority: An agency under India's Ministry of Electronics and Information Technology (MeitY), responsible for cybersecurity incident response.

Scope: Technical cybersecurity incidents — malware infections, phishing websites, data breaches, system intrusions, etc.

Steps:

1. Visit cert-in.org.in.
2. Click "Report an Incident."
3. Fill out the incident report form, including:
   • Incident type (Phishing, Malware, Website Defacement, etc.)
   • URLs, IP addresses, and email headers involved
   • Time of incident and scope of impact
4. You can also email [email protected] to report an incident.
5. Attach technical details and evidence (webpage source code, malicious links, email headers, etc.).

Materials Needed: Scam website URL, suspicious email originals (with headers), malicious APK file or package name

Tip: CERT-In's response focuses on the technical layer (blocking malicious websites and IPs), making it ideal for reporting phishing sites and malware. If your primary goal is fund recovery, you should also file with 1930 and NCRP.

5. RBI (Reserve Bank of India) — Banking and Financial Fraud Complaints

Scope: Unauthorized bank account transactions, credit/debit card fraud, net banking fraud, banking service complaints.

Complaint Path (Three-Tier Escalation):

Tier 1: Complain to Your Bank

1. Immediately contact your bank's customer service (every bank has a 24-hour helpline).
2. Report the unauthorized transaction and request account or card freezing.
3. Submit a written complaint and obtain a complaint number.
4. Per RBI regulations, the bank must resolve the issue within 10 working days of receiving the complaint.

Tier 2: RBI Ombudsman (Integrated Ombudsman)

1. If the bank hasn't resolved the issue within 30 days or you're unsatisfied with the outcome.
2. Visit cms.rbi.org.in (RBI Complaint Management System).
3. Submit a complaint online, uploading your bank complaint number and relevant evidence.
4. The RBI Ombudsman will adjudicate within 30 days.

Tier 3: RBI Appeal

1. If unsatisfied with the Ombudsman's decision, you can appeal to the RBI Deputy Governor within 30 days.

Materials Needed: Bank statements, transaction details, bank complaint number, communication records with the bank

6. TRAI DND — Spam Call and Scam SMS Reporting

Scope: Spam SMS, nuisance calls, scam text messages.

Steps:

1. Download the TRAI DND APP (available on iOS/Android).
2. Register with your phone number.
3. Select "Register Complaint" to report spam calls or SMS.
4. Enter the offending number and select the category (e.g., "Fraud/Scam").
5. After submission, TRAI will investigate and penalize violating operators.

Alternative: Send an SMS to 1909 with the spam sender's number.

7. Sachet (sachet.rbi.org.in) — Illegal Financial Activity Reporting

Scope: Ponzi schemes, illegal fundraising, unregistered financial companies, illegal lending apps.

Steps:

1. Visit sachet.rbi.org.in.
2. Click "Lodge a Complaint."
3. Select the complaint target type (e.g., "Unauthorized Scheme," "Unauthorized NBFC," etc.).
4. Fill in details: company name, website, amount invested, promised returns, etc.
5. Upload evidence (promotional materials, transfer records, company website screenshots).
6. After submission, RBI and relevant financial regulators will investigate.

Materials Needed: Company information, investment records, promotional/promise materials

Tip: In India, many "high-return investments" promoted via WhatsApp are unregistered financial activities not authorized by SEBI or RBI. You can check on Sachet whether a company has been blacklisted.

8. State Cyber Crime Cells

Every state has a dedicated cyber crime investigation unit where you can file reports in person:

State/UT	Cyber Crime Cell Contact
Delhi	Cyber Crime Unit, Mandir Marg, 011-2658 9271
Maharashtra (Mumbai)	BKC Cyber Police Station, 022-2626 1451
Karnataka (Bengaluru)	CID Cyber Crime, 080-2294 3050
Tamil Nadu (Chennai)	Cyber Crime Wing, 044-2534 5893
Telangana (Hyderabad)	Cyber Crime PS, 040-2785 2040
West Bengal (Kolkata)	Lalbazar Cyber Crime PS, 033-2214 5092
Gujarat (Ahmedabad)	Cyber Crime Cell, 079-2539 7460

Steps:

1. Bring identity proof (Aadhaar Card/Voter ID/Passport).
2. Bring all evidence materials (originals + copies).
3. File an FIR (First Information Report) or written complaint.
4. Obtain a copy of the FIR or complaint receipt — this is a critical document for subsequent legal proceedings.

6. Getting Scam Websites Taken Down via Service Providers

In addition to filing police reports, you can proactively contact domain service providers to take down scam websites and prevent more people from falling victim.

Step 1: Look Up Domain Registration Info (WHOIS)

1. Visit whois.domaintools.com or who.is.
2. Enter the scam website domain to view the Registrar information.
3. Record the registrar name and Abuse contact email.

Step 2: File a Complaint with the Domain Registrar

International Registrars:

• GoDaddy: supportcenter.godaddy.com/AbuseReport
• Namecheap: Email [email protected]
• Cloudflare: abuse.cloudflare.com

Indian Registrars:

• BigRock: Email [email protected] with fraud evidence
• GoDaddy India: Same as GoDaddy global complaint channel
• HostGator India: Email [email protected]
• Net4India: [email protected]

Complaint Email Template Key Points:

• Subject: Abuse Report - Phishing/Fraud Website: [domain]
• Content: Domain name, fraud type description, victim evidence (screenshots), police report number (if available)
• Request: Suspend the domain or take down website content

Step 3: .in Domain Complaints (NIXI/INREGISTRY)

If the scam website uses a .in or .co.in Indian country-code domain:

1. Visit NIXI (National Internet Exchange of India) website: nixi.in
2. Or contact INREGISTRY (.in domain registry): registry.in
3. Send a complaint email to [email protected] explaining that the domain is being used for fraudulent activity.
4. Attach police report numbers (FIR/NCRP complaint number) and evidence screenshots.
5. NIXI/INREGISTRY has the authority to suspend .in domains suspected of illegal activity.

Step 4: Report to Search Engines

• Google Safe Browsing: safebrowsing.google.com/safebrowsing/report_phish
• Google Search Console Removal Request: search.google.com/search-console/removals
• Bing Webmaster: www.bing.com/webmasters/conman
• PhishTank: phishtank.org — submit phishing website reports

After reporting, search engines will display safety warnings for the website in search results and browsers, effectively preventing more people from visiting it.

7. Fund Recovery

Fund recovery is a race against time. Here are the specific recovery paths available in India:

1. Bank Complaint — The 30-Day Deadline Is Critical

According to RBI's 2017 circular (RBI/2017-18/15), liability for unauthorized electronic transactions is allocated as follows:

Scenario	Your Liability	Time Requirement
Caused by bank system failure	Zero liability	No time limit
Third-party breach, not your fault	Zero liability (if reported within 3 working days)	Within 3 working days
Your fault (e.g., sharing OTP)	Full liability	—
Reported after 3 working days	Partial liability per bank policy	Losses continue to grow

Steps:

1. Immediately contact your bank's customer service, report the unauthorized transaction, and request account freezing.
2. Within 3 working days, submit a written complaint to the bank (online or offline).
3. The bank must provide a temporary refund (shadow reversal) within 10 working days.
4. The bank has 90 days to complete the investigation. If you're found not at fault, the temporary refund becomes permanent.
5. If the bank refuses to refund or fails to act, file a complaint with the RBI Ombudsman after 30 days.

2. UPI Refund Process

Through NPCI (National Payments Corporation of India):

1. Find the transaction in your UPI app (e.g., PhonePe, Google Pay, Paytm).
2. Tap "Raise Dispute" or "Report Issue."
3. Select "Fraud/Unauthorized Transaction."
4. Fill in a detailed description and submit.
5. NPCI will coordinate between your bank and the recipient bank for investigation.
6. The investigation period is typically 30-45 days.

Tip: If filing a dispute through the app is unsuccessful, you can complain directly to NPCI — visit npci.org.in or email [email protected].

3. Cryptocurrency Tracing

Fund recovery for cryptocurrency scams is the most difficult, but not entirely hopeless:

1. Use ScamLens Crypto Trace to track the on-chain flow of funds.
2. If funds have flowed to a known exchange (e.g., WazirX, CoinDCX, Binance), file a complaint with the exchange's compliance department and request a freeze.
3. File a report on NCRP specifying cryptocurrency involvement, providing the on-chain transaction hash (TX Hash).
4. India's ED (Enforcement Directorate) and Cyber Crime Cells have specialized capabilities for investigating cryptocurrency fraud.
5. For large cases (exceeding ₹50 lakh), consider hiring a professional blockchain forensics firm.

4. Credit/Debit Card Disputes

1. Immediately call the number on the back of your card, report the fraud, and request card freezing.
2. Submit a "Chargeback" (refund dispute) application through your bank's app or net banking.
3. For credit cards, filing a dispute before EMI or bill payment can temporarily defer that payment.
4. During the bank's investigation, no interest is charged on the disputed amount.
5. The investigation period is typically 45-90 days.

5. Consumer Forum

If the bank or payment platform is uncooperative, you can file a complaint with the Consumer Forum:

1. Visit edaakhil.nic.in to submit a consumer complaint online.
2. For amounts up to ₹1 crore, file with the District Forum.
3. For ₹1-10 crore, file with the State Commission.
4. For amounts exceeding ₹10 crore, file with the National Commission.
5. Consumer Forum filing fees are minimal (a few hundred rupees), and you can file without a lawyer.

8. Beware of Recovery Scams

This is an extremely important warning. After being scammed, you may be in a state of anxiety, making you most vulnerable to "recovery scams" — where scammers exploit your desperation to recover funds and defraud you a second time.

Common Recovery Scams in India

• Impersonating CBI/NIA: Claiming to be officers from the Central Bureau of Investigation (CBI) or National Investigation Agency (NIA), demanding you pay a "case processing fee" to recover your funds.
• Impersonating Cyber Crime Police: Claiming they've caught the scammer and you need to pay a "security deposit" or "processing fee" to get your money back.
• Impersonating RBI Officials: Claiming RBI has frozen your stolen funds and you need to pay an "unfreezing fee."
• Fake "Hacker" Services: Claiming they can "hack into the scammer's account" to recover your funds, charging a hefty upfront fee.
• Fake Law Firms: Posing as law firms online, promising 100% fund recovery and charging upfront "litigation fees."

Rules for Identifying Recovery Scams

1. No official agency will ever ask you to pay a fee before recovering your stolen funds.
2. CBI, NIA, and Cyber Crime authorities will not contact you proactively via WhatsApp or phone.
3. No one can guarantee 100% recovery of stolen funds.
4. RBI will never contact individuals directly to collect any fee.
5. If someone claims they can "hack into" the scammer's account, they are a scammer themselves.

If you encounter a suspected recovery scam, use ScamLens to check the website they provide, and report them to 1930.

9. Prevention Tips + ScamLens

Daily Prevention Checklist

1. Never share your OTP — no matter who the caller claims to be (bank, police, government), no legitimate organization will ever ask for your OTP.
2. Receiving money via UPI does not require entering your PIN — if someone asks you to enter your PIN to "receive money," it's a scam.
3. Do not install remote control apps — AnyDesk, TeamViewer, Quick Support — unless requested by IT personnel you trust.
4. Stay alert in WhatsApp/Telegram groups — any "investment opportunity," "free giveaway," or "earn thousands daily from part-time work" is high-risk.
5. Check suspicious links with ScamLens first — make it a habit to visit scamlens.org/hi/ to scan before clicking.
6. Enable Two-Factor Authentication (2FA) — turn on 2FA for your banking apps, UPI apps, and email accounts.
7. Regularly review bank transaction records — report any unusual transactions to your bank immediately.
8. Lock Aadhaar biometrics — lock your fingerprint and iris data in the mAadhaar app to prevent misuse.
9. Be cautious with Google search results — never search for "XX customer service number" and dial directly; always get helpline numbers from official apps.
10. Install the ScamLens Chrome Extension — real-time website safety detection that warns you before you click on scam links.

ScamLens Comprehensive Protection

• Website Safety Check: scamlens.org/hi/check-website — enter any URL to get a trust score and risk analysis.
• Cryptocurrency Address Check: scamlens.org/hi/check-crypto — check if a wallet address is linked to known scams.
• Chrome Browser Extension: Real-time protection that automatically alerts you when visiting suspicious websites.
• Community-Driven: Users worldwide collaboratively flag scam websites, keeping the database continuously updated.
• Hindi Support: Full Hindi interface with no language barriers.

10. Emotional Support

Being scammed is not just a financial loss — it's a tremendous psychological blow. Many victims feel shame, self-blame, anxiety, or even depression. Remember: Being scammed is not your fault — the scammer is the criminal.

Mental Health Helplines in India

Organization	Phone	Hours	Description
iCall (TISS)	9152987821	Mon-Sat 8:00-22:00	Professional counseling, English and Hindi
Vandrevala Foundation	1860-2662-345	24/7	Free crisis intervention, multilingual
NIMHANS	080-46110007	Mon-Sat 9:30-16:30	National Institute of Mental Health and Neuro-Sciences
Snehi	044-24640050	24/7	Emotional support helpline
AASRA	9820466726	24/7	Crisis intervention and suicide prevention

A Message for Victims

• Don't blame yourself: Scammers are professionally trained — their schemes fool even bank employees and IT professionals.
• Speak up: Talk to family or friends about your experience. Bearing it alone only makes things worse.
• File a report: Reporting isn't just about recovering your money — it's about protecting others from becoming victims.
• Don't give up: Even if funds can't be fully recovered, your report enters the national database and helps law enforcement dismantle fraud networks.
• Seek professional help: If anxiety or depression is affecting your daily life, call the helplines listed above. They understand and will not judge you.

---

Summary Action Checklist:

1. Discover you've been scammed → Immediately call 1930 (golden 2-hour window)
2. File online → cybercrime.gov.in
3. Contact your bank → Freeze account, submit written complaint within 3 working days
4. Collect evidence → UPI Transaction ID, WhatsApp records, screenshots
5. Use ScamLens → scamlens.org/hi/ to detect and report
6. Beware of recovery scams → Any "recovery service" asking you to pay first is a scam
7. Take care of yourself → Being scammed is not your fault; call a helpline when needed

Save this guide and share it with your family and friends. We hope you never need it — but if you do, it can help you take the right action at the most critical moment.