📍 School Code: 220736 | Samdari, Balotra, Rajasthan 📧 gsssjethantri@gmail.com
Cyber Safety Simulation — A Handbook Oxford-style printable. Use Print → Save as PDF, or download the pre-rendered PDF.
📕 Download PDF ← Back
GOVT. SR. SEC. SCHOOL · JETHANTRI
LEGAL LITERACY CLUB

Cyber Safety
&
Citizen Awareness

A Handbook of Twenty-Seven Scenarios for Schools, Families and Communities

साइबर-सुरक्षा एवं नागरिक-जागरूकता — एक संपूर्ण मार्गदर्शिका

INSPIRED BY THE CYBER-SECURITY SESSION OF

Hon'ble Shri Siddharth Deep (rjs)

Secretary · District Legal Services Authority, Balotra

held at GSSS Jethantri on the 13th day of April, 2026

G S S S J E T H A N T R I M M X X V I

Cyber Safety
&
Citizen Awareness

Cyber Safety
& Citizen Awareness

A Handbook of Twenty-Seven Scenarios

साइबर-सुरक्षा एवं नागरिक-जागरूकता

inspired by the cyber-security session of

SHRI SIDDHARTH DEEP (R.J.S.)

Secretary, District Legal Services Authority, Balotra

GOVT. SR. SEC. SCHOOL, JETHANTRI

LEGAL LITERACY CLUB

2026

Govt. Sr. Sec. School, Jethantri — School Code 220736

Samdari, Balotra, Rajasthan

gsssjethantri.in · gsssjethantri@gmail.com

First impression, May 2026

Compiled by the Legal Literacy Club, GSSS Jethantri

This handbook accompanies the interactive Cyber Safety Simulation hosted at gsssjethantri.in/cyber-sim.

Inspired by the Cyber-Security Session conducted at GSSS Jethantri by Hon'ble Shri Siddharth Deep (RJS), Secretary, DLSA Balotra, on 13 April 2026, with profound gratitude.

All helpline numbers, statutes and portals cited herein have been verified against the official sources of the Government of India — Ministry of Home Affairs (I4C), Reserve Bank of India, NALSA, Department of Telecommunications, UIDAI, Ministry of Women & Child Development, SEBI, CERT-In, and the Ministry of Agriculture & Farmers' Welfare. Numbers and rules current as of May 2026; readers are advised to confirm against official portals.

This handbook is non-commercial educational material prepared for the school community. Quotation with citation is encouraged.

Stay alert. Verify before you trust. Report on 1930.

A foreword from the Principal

A Word to the Reader

विद्यार्थियों, अभिभावकों एवं समुदाय के नाम — एक संदेश

A school is, before it is anything else, a place where young people are prepared for the world they will actually inherit. That world, today, is not the world of the textbook alone. It is the world of the smartphone in every pocket, of the bank account that sits inside an application, of the friend on a screen whose face one has never met in person. It is, increasingly, the world in which the cleverest thieves do not break a lock — they ring the doorbell, and ask, very politely, to be let in.

This handbook, and the simulation it accompanies, is the school's modest attempt to teach our students — and through them, their families — to recognise the doorbell of the deceiver.

I owe a debt, both personally and on behalf of the institution, to Hon'ble Shri Siddharth Deep, RJS, Secretary of the District Legal Services Authority at Balotra, whose Cyber-Security Session held within these very walls on the thirteenth of April, 2026, was the spark from which this work has grown. The clarity, patience and lived experience he brought to our gathering left a mark on every student present that day; the present handbook is an effort to extend that mark into permanence.

To the student who reads these pages I would say only this: the first time a fraudster's voice reaches your phone, you will not have time to think. You will only have time to remember. That is why we ask you to read carefully now, while there is no telephone ringing — so that when, one day, a telephone does ring, the right answer comes to you, almost without effort, as if it had been waiting for you all along.

To parents, to elder siblings, to any adult into whose hands this volume may fall — I would request that you sit, even once, with the child of the house, and walk through one scenario together. The conversation that will then arise between you will be, I venture to say, more valuable than the page that prompted it.

It is my prayer that this handbook may save, in the years to come, some part of some family's hard-earned savings — and, more than that, some part of some family's peace. If it succeeds in even that, the labour of its making will have been amply rewarded.

Sushil Kumar Sharma

Principal

Govt. Sr. Sec. School, Jethantri

Jethantri · May, 2026

"शिक्षित बनो, संगठित रहो, संघर्ष करो।"

"Educate. Organise. Agitate."

— Bharat Ratna Dr. B. R. Ambedkar

"The price of liberty is eternal vigilance —
and in the digital age, the same is the price of one's savings."

Contents

  1. iA foreword from the Principal · Sushil Kumar Sharma
  2. iiEditor's note · Why this matters
  3. iiiHow to use this handbook
  4. IThe Nine Personas — A typology of cyber-fraud targets
  5. IITwenty-Seven Scenarios — A complete index
  6. IIIFeatured Walkthroughs — Nine deep dives
  7. IVThe Justice Playbook — Eight steps in the Golden Hour
  8. VVerified Helplines & Portals
  9. VIDirect Local Contact — DLSA Balotra
  10. VIIThe Cyber-Aware Certificate

A note from the editors

Why this matters

In the four years since the National Cyber Crime Reporting Portal opened its doors in August 2019, the Indian Cybercrime Coordination Centre — a unit of the Ministry of Home Affairs — has received well over twenty-three lakh complaints. Through its Citizen Financial Cyber Fraud Reporting and Management System, accessible by dialling 1930, more than seven thousand crore rupees have been intercepted before they could leave the country. The number is large; so, alas, is the number that did leave.

The pages that follow are not a recitation of statistics. They are an attempt — humble, plainly told, and bilingual where it matters — to make ordinary Indians slightly harder to deceive. Each scenario in this handbook is drawn from the patterns most frequently reported to police helplines and consumer-protection cells in 2024 and 2025. The names are imagined; the methods are not.

Particular attention has been paid to the so-called digital arrest — a class of impersonation fraud in which a victim is held captive on a video call by persons claiming to be from the Central Bureau of Investigation, the Enforcement Directorate or the customs service, and is told that money in his or her possession will, by some procedure unknown to law, be 'verified' if transferred to a 'reserve bank account.' The Ministry of Home Affairs has been at pains to remind the public that no such procedure exists, and that no enforcement agency in this country conducts arrests over a video call. In the year 2024 alone, by the I4C's reckoning, more than two thousand crore rupees were lost in this manner; the typical victim was a homemaker, or a senior citizen.

₹2,000+ Cr
lost to digital-arrest scams in 2024 alone — MHA / I4C
23 lakh+
complaints handled by I4C since 2021 (₹7,130+ Cr saved)
4×
growth in AI voice-clone scams in 2024–25 — MHA / I4C

The scenarios collected here are arranged by persona — the role one happens to occupy, in school, at work, in the household — because the fraudster's first task is always to locate the script the victim will believe. A teen will believe a modeling agency; a homemaker, the bank's KYC department; a farmer, the PMFBY claim adjuster. Each persona, accordingly, carries its own characteristic deceptions, and its own characteristic remedies.

The handbook is the slow, printed, library companion to the simulation — the simulation being the swift, mobile, interactive companion to the handbook. The two are meant to be read, and clicked, together.

A note for the reader

How to use this handbook

This handbook may be read in three ways. It may be read in sequence, as one reads a slim book of essays. It may be opened to the persona one most resembles — or the persona of a relative one wishes to protect — and read selectively. Or it may be kept beside the telephone, opened only on those unfortunate occasions when a call has just been received, the heart is racing, and a decision must be made within the next sixty seconds.

  1. Choose a persona. Find, in Chapter I, the role closest to your own life — or to the life of the person you intend to instruct. Each persona is a recognised target-class for cyber-fraud.
  2. Read a scenario. In Chapter III, the deep dives reproduce the conversation as it actually arrives — by call, by message, by direct mail. Read it as it would be read by the intended victim.
  3. Make a decision. Three choices are offered. Choose the one you believe you would, in fact, make.
  4. Read the consequence. If your choice was correct, the page will say so. If it was not, the anatomy of the fraud is set out in plain detail, with the path the money takes, the warning signs that were missed, and the steps you ought to have taken instead.
  5. Memorise the playbook. Chapter IV — the Justice Playbook — sets out, in eight steps, what is to be done if one has been defrauded. The first twenty-four hours are the most consequential; commit them to memory.

Chapter I

The Nine Personas

A typology of cyber-fraud targets

Fraudsters do not approach the public at large; they approach a person, and, for that approach to succeed, the person must be made to believe a particular story. The story changes with the persona. What follows is a short typology of the nine roles most frequently exploited.

Chapter I, continued

The Nine Personas — at a glance

👤

Teen (13–17)

किशोर / किशोरी

School students — Insta, Snap, gaming, OTP traps

🎓

College Student

कॉलेज छात्र

Part-time, internships, dating-app crypto traps

🏠

Homemaker

गृहिणी

KYC calls, refund OTPs, drug-parcel & digital arrest

🧓

Senior Citizen

वरिष्ठ नागरिक

Digital arrest, pension-stop, medicine discount

🏪

Small Shopkeeper

दुकानदार

Fake UPI screens, QR swap, supplier advance

🌾

Farmer

किसान

PM-Kisan KYC, crop-insurance, mandi-trader fraud

💼

Job Seeker

नौकरी की तलाश में

Fake recruiter fees, govt-job paper-leak scams

🏛️

Govt. Employee

सरकारी कर्मचारी

NPS / pension phishing, fake transfer-bribery calls

📈

First-time Investor

छोटा निवेशक

Telegram tip-groups, fake demat KYC, F&O groups

Chapter II

Twenty-Seven Scenarios

A complete index, by persona

👤 Teen (13–17) — किशोर / किशोरी

  1. INSTAGRAM Instagram DM — the 'modelling agency' trap An 11 PM DM from a 'verified-looking' page
  2. TELEGRAM Free Fire diamonds 'on discount' — Telegram seller The 70% off trap — UPI PIN demand, account drained
  3. WHATSAPP WhatsApp — Wedding-invite.apk from 'cousin' One click + install — parents' UPI / OTP all in scammer's hands

🎓 College Student — कॉलेज छात्र

  1. WHATSAPP WhatsApp 'Part-time job' — ₹2000/day Like videos, earn money — then the 'task fee' trap
  2. WHATSAPP Dating-app 'guaranteed crypto returns' — pig butchering Bumble match → trust building → 'my uncle's tip' → savings vanish
  3. EMAIL Internship offer — but first a ₹999 'verification fee' Resume on Naukri/Internshala → fake HR → advance-fee trap

🏠 Homemaker — गृहिणी

  1. CALL Call from 'the bank' — 'Update KYC or account closed' AnyDesk installed → entire account drained
  2. CALL FedEx parcel call — 'drugs sent under your Aadhaar' India's most active scam — homemakers held in 6-8 hour digital arrest
  3. CALL 'Sorry, your refund came twice — share OTP, we'll reverse it' Reverse-payment scam — empathy weaponised to drain UPI

🧓 Senior Citizen — वरिष्ठ नागरिक

  1. VIDEO-CALL Skype call — 'We're calling from CBI' Digital arrest — held captive 8 hours, ₹15 lakh transferred
  2. SMS SMS — 'Your pension stops tomorrow, click the link' Phishing site → Aadhaar + OTP → entire account drained via AePS
  3. CALL 'Papa! I'm in an accident, send ₹50,000 right now' AI voice-clone — your son's voice from a scammer's mouth

🏪 Small Shopkeeper — दुकानदार

  1. IN-PERSON Customer's 'UPI paid' screen — but money never arrives Fake success-screen app — your whole day's earning at stake
  2. IN-PERSON Petrol-pump QR sticker swapped Overnight — customers paying directly into scammer's account
  3. CALL Call from 'PhonePe Merchant Care' — 'Your settlement is on hold' Fake helpline → AnyDesk install → merchant account drained

🌾 Farmer — किसान

  1. SMS SMS — 'Complete PM-Kisan KYC today or lose ₹6000' Phishing link → APK install → account drained
  2. WHATSAPP WhatsApp — 'Crop-insurance claim approved, send ₹500 processing fee' Advance-fee fraud — lured by ₹25,000 promise, lost ₹15,000
  3. WHATSAPP Selling a tractor on OLX — the 'army jawan buyer' trap Buyer 'advance test' scam — they collect, don't pay

💼 Job Seeker — नौकरी की तलाश में

  1. EMAIL 'You're selected' — but first deposit ₹1500 medical fee Resume on Naukri.com → fake offer letter → advance-fee scam
  2. TELEGRAM Telegram — 'RPSC Patwari paper leak for ₹2,000' The lure to pass — fake paper, money + future both lost
  3. WHATSAPP WhatsApp — 'Amazon Reviewer, daily ₹3,000, work from home' Free demo → trust → 'merchant deposit' pyramid

🏛️ Govt. Employee — सरकारी कर्मचारी

  1. EMAIL 'NPS portal — your password is expiring' Phishing email → fake login page → entire pension corpus drained
  2. CALL 'From DEO office' — send ₹5,000 to hold your transfer Impersonation + bribery scam — both money and job at risk
  3. CALL 'Call from SBI' — your salary account has been granted a ₹2 lakh credit limit Pre-approved offer trick → CVV + OTP → cards drained

📈 First-time Investor — छोटा निवेशक

  1. TELEGRAM Telegram tip-group — 'guaranteed multibagger' Free tips → premium fee → polished scam
  2. SMS SMS — 'Your demat suspends in 24 hours, update KYC' Phishing → PAN + bank details → portfolio drained
  3. TELEGRAM Telegram 'CA' — 'Your ₹85,000 TDS refund is stuck, we'll release it' Fake CA → IT-portal phishing → both ITR and bank hijacked

Chapter III

Featured Walkthroughs

Nine deep dives — one scenario per persona

What follows is a representative scenario from each of the nine personas. Read each in full — the setup, the choice, and the aftermath. The aftermath is where the lesson lives.

👤 TEEN (13–17)

Instagram DM — the 'modelling agency' trap

Instagram DM — 'मॉडलिंग एजेंसी' का जाल

An 11 PM DM from a 'verified-looking' page

The scenario

It's 11 PM. You're scrolling Instagram in your room. A DM lands — from a page with 8K followers.

Aakash Talent Agency. ‘Hi! We loved your last reel 😍’

Stranger. ‘We're launching a new campaign with Tata. ₹50,000 per shoot, 3 days in Mumbai.’

Stranger. ‘Slot has to be confirmed by tonight. Send 2-3 portfolio photos — casual + 1 swimwear/gym wear.’

The decision

What do you do?

  1. A. Send the photos — big opportunity trapped
  2. B. Ask first for office address and contract trapped
  3. C. Block + Report. Tell my parents. correct

If trapped — anatomy of the fraud

  1. Your 2-3 photos are screenshotted.
  2. An AI app morphs your face onto explicit images (deepfake).
  3. The next day a message arrives: 'Send ₹50,000 or these go to your entire Insta/WhatsApp friend-list.'
  4. The moment you pay ₹50,000 — the demand jumps to ₹1 lakh, then ₹2 lakh. Paying never ends extortion — it accelerates it.
  5. The victim spirals into depression, can't tell the family — the entire scam runs on that shame.

The money trail. Funds hit one mule UPI ID → split across 10-15 small accounts → withdrawn in cash from Jharkhand/Mewat ATMs within hours. Recovery is extremely hard — that's why calling 1930 within the 'golden hour' is non-negotiable.

Red flags missed

  • An 'opportunity' DM at 11 PM.
  • No verified agency email/office — only an Insta DM.
  • Urgency: 'confirm slot in hours' — pressure is always a scam tell.
  • A stranger asking for swimwear/gym-wear photos.

What ought to have been done

  • Ignore 'paid opportunity' messages in unsolicited DMs.
  • Never send photos to a stranger — especially swimwear/private images.
  • If genuine, demand the agency's GST number, registered office, contract on letterhead, advance payment.
  • Most important: tell a parent or trusted adult immediately.

🎓 COLLEGE STUDENT

WhatsApp 'Part-time job' — ₹2000/day

WhatsApp 'Part-time job' — ₹2000 रोज़

Like videos, earn money — then the 'task fee' trap

The scenario

You're in college 2nd year. Money is tight at the hostel. An unknown WhatsApp number messages you.

Sarah HR — Global Tasks. ‘Hi! Part-time work from home — ₹2000-₹5000 daily. Just like YouTube videos, 5 min per task.’

Stranger. ‘First 2 tasks are a free demo. Confirm to receive the video links.’

You like 2 video links. ₹50 + ₹100 actually land in your account. You're excited.

Stranger. ‘Excellent! Now a VIP task — ₹5000 reward. To join VIP, deposit ₹2000 — refundable + bonus.’

The decision

What do you do?

  1. A. Send ₹2000 — they've already paid twice. trapped
  2. B. Ask a senior first. trapped
  3. C. Block immediately. No legitimate work asks for a deposit. correct

If trapped — anatomy of the fraud

  1. The moment ₹2000 lands, the next 'VIP task' arrives — ₹5000 reward, but now deposit ₹10,000.
  2. When you hesitate, even the old ₹150 is blocked as 'system error'.
  3. Each round demands more. You're now in 'sunk cost' — paying more to recover what you already paid.
  4. The final stage moves you to a Telegram group for 'crypto recharge' — entire savings of ₹50,000+ vanish.

The money trail. Deposits hit small mule accounts → converted to crypto and routed abroad in minutes. These rings are run from Cambodia/Myanmar compounds — recovery is near-zero.

Red flags missed

  • 'Job offer' from an unknown number.
  • Small initial payouts to build trust (foot-in-the-door tactic).
  • 'Refundable deposit' — no real job ever asks an employee to pay.
  • A 'job' with no skill check, interview, or document.

What ought to have been done

  • No legitimate job ever requires a deposit — this is illegal.
  • Apply only via verified sites like Internshala, LinkedIn, naukri.com.
  • Never trust an 'offer letter' arriving via WhatsApp/Telegram.

🏠 HOMEMAKER

Call from 'the bank' — 'Update KYC or account closed'

बैंक से कॉल — 'KYC update करो वरना खाता बंद'

AnyDesk installed → entire account drained

The scenario

It's 2 PM. You're busy with housework. A +91-XXX number calls.

'Rakesh Sharma — SBI head office'. ‘Hello madam. I'm calling from SBI head office. If your KYC isn't updated by evening, your account will be blocked.’

Stranger. ‘Don't worry — I'll do it on the phone in 5 minutes. You just need to install a small app — AnyDesk.’

Stranger. ‘After the app opens, a 9-digit code will appear — share it with me. I'll complete the KYC from my end.’

The decision

What do you do?

  1. A. Install the app, share the code — can't let the account close. trapped
  2. B. Won't share OTP, but ask which form to fill. trapped
  3. C. Cut the call. Walk into my bank branch and verify in person. correct

If trapped — anatomy of the fraud

  1. AnyDesk installs, a 9-digit code appears. You share it.
  2. Now the scammer sees your entire phone screen — every keystroke.
  3. He says: 'Open your bank app to complete KYC.' You open it — he now sees balance, recent transactions, everything.
  4. He says: 'Make a ₹1 transaction for verification.' You enter PIN — he records it.
  5. Within 10 minutes, ₹1.8 lakh is drained in 5 transactions. SMS alerts get dismissed because the scammer controls your screen too.

The money trail. Funds split into 5-7 mule accounts, then cash-withdrawn from ATMs within 30 minutes. Per RBI Circular dated 6 July 2017 — if reported to the bank within 3 working days, customer liability is zero; 4-7 days, limited; beyond 7 days, the bank's board-approved policy applies.

Red flags missed

  • Banks never call for KYC — you must visit a branch.
  • AnyDesk / TeamViewer / QuickSupport — never required for any banking process.
  • Asking you to share a 9-digit code = a sure screen-sharing scam.
  • 'By this evening' — manufactured fear and urgency.

What ought to have been done

  • Any 'urgent' bank call — cut and visit the branch in person.
  • Never install AnyDesk / TeamViewer / QuickSupport on a stranger's instruction.
  • Never share OTP, PIN, CVV, or 9-digit code with anyone.

🧓 SENIOR CITIZEN

Skype call — 'We're calling from CBI'

Skype कॉल — 'CBI से बोल रहे हैं'

Digital arrest — held captive 8 hours, ₹15 lakh transferred

The scenario

10 AM. You're reading the paper in your drawing-room. The phone rings — a +91 number.

'Inspector Verma — CBI Mumbai'. ‘Sir, this is CBI Mumbai. A FedEx parcel was sent under your Aadhaar containing 1.5 kg of drugs (MDMA).’

Stranger. ‘A money-laundering case under the NDPS Act is being filed against you. This is extremely serious.’

Stranger. ‘I'm connecting you to a Skype video call with our SHO. Keep camera ON. Tell no one — this is a national security matter.’

On Skype, a 'police officer' appears — in uniform, with a CBI logo behind. He says: as proof of innocence, transfer all your money to an 'RBI verification account' — it'll be returned once cleared.

The decision

What do you do?

  1. A. He's an officer; I must save my children from jail — I'll transfer. trapped
  2. B. Wait — I'll call my lawyer first. correct
  3. C. Cut the call immediately. This is digital-arrest scam. correct

If trapped — anatomy of the fraud

  1. Scammers kept you on Skype for 8 hours, camera-on — even bathroom breaks needed permission.
  2. Under 'investigation' you broke an FD, redeemed mutual funds, swore not to tell the family.
  3. One by one — ₹15 lakh in total — transferred to 4 different 'verification accounts'.
  4. By 8 PM, exhausted, you tell your children — only to learn the CBI never makes such calls. The money is gone.

The money trail. These rings operate from Cambodia/Myanmar. Funds are converted to crypto minute-by-minute — recovery under 5%. But an immediate call to 1930 can freeze some accounts.

Red flags missed

  • CBI / Police / ED / Customs — none make video calls on Skype or WhatsApp.
  • No agency ever asks you to transfer money for 'verification' — no such legal provision exists.
  • 'Tell no one' — the loudest red flag in every scam.
  • FedEx/DHL parcel + Aadhaar + drugs + Mumbai/Delhi police — the same scripted story every time.

What ought to have been done

  • Cut any 'police/CBI' video call immediately.
  • Tell your children, neighbour or lawyer right away.
  • Call 1930 and visit your local police station.
  • Never transfer money — the government has no 'verification account'.

🏪 SMALL SHOPKEEPER

Customer's 'UPI paid' screen — but money never arrives

ग्राहक का 'UPI paid' screen — पर खाते में नहीं आया

Fake success-screen app — your whole day's earning at stake

The scenario

You're at your kirana shop. A new customer picks up ₹2,400 of goods — rice, ghee, dal.

Customer. ‘Bhaiya, paying by UPI. Where's the QR code?’

He scans, then shows you his phone — a green tick, '₹2,400 paid to Ramesh Stores'. An SMS even arrives on your phone: 'A/C credited ₹2,400'.

The customer picks up the goods and starts to leave.

The decision

What do you do?

  1. A. Screen + SMS both look fine — let him go. trapped
  2. B. Open my own UPI app and check if ₹2,400 actually arrived. correct
  3. C. Check my 'recent transactions' — if no credit, stop him. correct

If trapped — anatomy of the fraud

  1. Apps like 'PhonePe Success Screen Maker' are easily available on Play Store and unofficial sites — generate any amount, any merchant name.
  2. SMS can be spoofed — a sender ID like 'AX-PhonePe' carries the fake credit message.
  3. The customer flashes his phone and walks out — you never realise.
  4. At night, day-end reconciliation reveals ₹2,400 never arrived. Goods gone.

The money trail. No money was 'taken' — it never arrived. Your goods are gone. Recovery depends on CCTV and identifying the customer.

Red flags missed

  • Customer shows his phone — but you don't check your own UPI.
  • Unknown customer, large amount, hurry.
  • SMS and screen both — but no confirmation in your bank's mini-statement.

What ought to have been done

  • For every large UPI payment — open your own BHIM/PhonePe/GPay app and verify.
  • Use a UPI sound box (audio confirmation device) for ₹2000+ payments.
  • Install CCTV — your single biggest aid for identification.

🌾 FARMER

SMS — 'Complete PM-Kisan KYC today or lose ₹6000'

SMS — 'PM-Kisan KYC आज नहीं की तो ₹6000 बंद'

Phishing link → APK install → account drained

The scenario

You're at your fields. At 5 PM, an SMS lands — sender 'AX-PMKSAN'.

PM-Kisan. ‘Dear farmer, your PM-Kisan e-KYC is incomplete. If not done by 18 April, your next ₹2,000 instalment will stop. Click immediately: http://pmkisan-verify.in/kyc.apk’

The decision

What do you do?

  1. A. Click the link and install the app — it's a government SMS. trapped
  2. B. Visit my Common Service Centre (CSC) and do e-KYC there. correct
  3. C. Visit pmkisan.gov.in officially and check myself. correct

If trapped — anatomy of the fraud

  1. The moment you click, a .apk downloads — you tap 'Install'.
  2. The app demands: SMS read, contacts, accessibility — permissions you blindly grant.
  3. It quietly reads every bank SMS and intercepts every OTP.
  4. At 2 AM ₹40,000 leaves your account. The OTP arrives on your phone but the scammer reads and deletes it first. You never know.

The money trail. Funds spread rapidly across multiple accounts. Spotting the SMS in the morning and calling 1930 immediately can freeze some accounts.

Red flags missed

  • No legitimate government SMS ever sends a .apk or .exe link.
  • Government links are always on .gov.in — never .in / .info / .xyz.
  • The government does not use 'do it today or else' language.

What ought to have been done

  • For any government service — use the CSC, the Patwari, or the official portal.
  • PM-Kisan KYC: official pmkisan.gov.in or your nearest CSC.
  • Never click unknown links — especially never install a .apk file.

💼 JOB SEEKER

'You're selected' — but first deposit ₹1500 medical fee

'चयन हो गया' — पर पहले ₹1500 medical fee

Resume on Naukri.com → fake offer letter → advance-fee scam

The scenario

You uploaded your resume on naukri.com 2 weeks ago. This morning, an email — 'Congratulations! You've been selected by TCS.'

tcs.hr.recruit2026@gmail.com. ‘We are pleased to select you for the position of 'Junior Software Engineer' at TCS at ₹4.8 LPA. Joining 1 May.’

Stranger. ‘Before joining, deposit ₹1500 medical/uniform fee (refundable on joining). Pay via the QR below and reply with the screenshot.’

The decision

What do you do?

  1. A. Just ₹1500 — TCS is a big company, I'll pay. trapped
  2. B. First check tcs.com careers page for this posting. correct
  3. C. Sender is gmail.com — TCS never emails from gmail. Delete + report. correct

If trapped — anatomy of the fraud

  1. The moment ₹1500 lands, next email: 'background verification fee ₹3,500'.
  2. Then: 'laptop allowance, refundable on joining ₹8,000'.
  3. Then: 'IT-tools licence ₹12,000'.
  4. You keep paying because of sunk-cost — 'if I stop now I lose the previous payments'.
  5. After ₹25-30,000 is gone, the email and number both vanish. No joining. Money gone.

The money trail. These rings often run on databases leaked from naukri.com / shine.com. Funds split into small mule accounts and are withdrawn instantly.

Red flags missed

  • No real company asks an employee to pay any joining/medical/uniform fee.
  • Email from gmail.com / yahoo.com / outlook.com — never the real company.
  • No interview, no test — direct selection.
  • Asking payment via QR — corporate hiring never collects fees over UPI.

What ought to have been done

  • Verify every offer letter on the company's official careers page.
  • Get the HR number from the official switchboard — never trust numbers in the email.
  • Any 'fee' demand = confirmed scam.

🏛️ GOVT. EMPLOYEE

'NPS portal — your password is expiring'

'NPS portal — password expire हो रहा है'

Phishing email → fake login page → entire pension corpus drained

The scenario

You're a government school teacher. At noon, an email arrives — sender 'NPS Trust Service'.

service@nps-trust-india.org. ‘Dear Subscriber, your NPS portal password expires in 24 hours. Click the link below to update or your account will be suspended.’

Stranger. ‘https://nps-trust-india.org/login (the URL appears as a blue button)’

The decision

What do you do?

  1. A. Click the link — looks official. trapped
  2. B. Type npscra.nsdl.co.in into the browser myself. correct
  3. C. Check the sender domain — NPS never emails from a .org domain. correct

If trapped — anatomy of the fraud

  1. Link opens a perfect NPS lookalike — logo, layout, everything.
  2. You enter PRAN + password — 'invalid' appears. You try again.
  3. Meanwhile, the scammer captures your real password and logs into the real NPS site.
  4. Bank account changed, nominee changed — the entire pension corpus is withdrawn within days.

The money trail. Pension funds flow to a fraudulent nominee account. Recovery is possible only if NPS Trust and the bank are alerted within 24 hours.

Red flags missed

  • Official NPS site: npscra.nsdl.co.in — never .org.
  • Government services do not email 'password expiring' alerts.
  • Manufactured urgency — 'account will be suspended'.

What ought to have been done

  • Never click government links from email/SMS.
  • Always type the address yourself: npscra.nsdl.co.in.
  • Confirm with your DDO (Drawing & Disbursing Officer) if any password-reset drive is genuinely on.

📈 FIRST-TIME INVESTOR

Telegram tip-group — 'guaranteed multibagger'

Telegram tip-group — 'गारंटीड multibagger'

Free tips → premium fee → polished scam

The scenario

You opened your first Zerodha demat account last month. After an Instagram ad, you joined the 'Rakesh Wealth' Telegram group.

Rakesh Sir — Wealth Master. ‘🚀 Today's tip: BUY SUZLON @ 38, target 50 in 5 days — 100% sure!’

The next week, the share really goes 38 to 47. Many 'students' post screenshots of ₹1 lakh gains.

Stranger. ‘Now join the VIP group — only ₹15,000 (recover in a week). You'll get F&O multibagger calls.’

The decision

What do you do?

  1. A. Pay ₹15,000 fee — last tip worked. trapped
  2. B. Check 'Rakesh Wealth' on SEBI's registered investment-adviser list. correct
  3. C. Leave + report — 'guaranteed multibagger' violates SEBI rules. correct

If trapped — anatomy of the fraud

  1. The free tip was scripted — the operators bought a penny stock first, used the public tip to pump it, then dumped on members.
  2. Once ₹15,000 lands, you're pushed to bet ₹50,000 on a 'high-conviction call'.
  3. Eventually an F&O 'multibagger' wipes out the full margin.
  4. Most 'student screenshots' are photoshopped — there are no real members.

The money trail. VIP fees go straight to the scammer. Trading losses come from your own demat account — irrecoverable.

Red flags missed

  • 'Guaranteed' + 'multibagger' — these words are illegal under SEBI rules.
  • Stock advice on Telegram — no SEBI-registered adviser operates on Telegram.
  • If 'sir' earns so much, why is he selling VIP membership? Stop and think.

What ought to have been done

  • Verify any adviser on SEBI's 'Registered Investment Advisers' list at sebi.gov.in.
  • Stay away from Telegram/WhatsApp 'tip groups' — paid investment advice without SEBI registration is illegal.
  • Complain on SEBI SCORES: scores.sebi.gov.in (old scores.gov.in closed 28 March 2024).
  • F&O / options — only after training and risk-management, never on a 'tip'.

Chapter IV

The Justice Playbook

Eight steps in the Golden Hour

The first twenty-four hours after a cyber-fraud are decisive. The rules that govern customer liability for unauthorised electronic transactions — set down by the Reserve Bank of India in its Master Circular of 6 July 2017 — turn upon precisely how quickly the customer notifies his bank. Reported within three working days, the customer's liability is nil; reported within seven, it is limited; reported beyond seven, the customer is at the mercy of the bank's board-approved policy.

What follows are the eight steps to be taken, in order, by anyone who has been defrauded.

  1. 1

    1930 — National Cyber Crime Helpline

    Call 1930 immediately (24×7×365 toll-free, run by MHA / I4C). Keep ready: your bank account number, transaction ID, mode of payment and the scammer's number. The helpline is wired to the 'Citizen Financial Cyber Fraud Reporting and Management System' — the scammer's account can be frozen during the call.

  2. 2

    cybercrime.gov.in — file an online complaint (NCRP)

    File on the National Cybercrime Reporting Portal under I4C. Within 24 hours of the 1930 call, upload full details, screenshots and transaction IDs. Save the acknowledgement number — you'll need it for every later step.

  3. 3

    Notify your bank — RBI's 'limited liability' rule

    Per RBI Circular dated 6 July 2017 (DBR.No.Leg.BC.78/09.07.005/2017-18) — (i) Reported within 3 working days: zero customer liability; (ii) 4 to 7 working days: limited liability (per RBI table); (iii) beyond 7 days: bank's board-approved policy applies. The bank must credit the disputed amount within 10 working days of notification.

  4. 4

    File an FIR at the local Cyber-Crime Cell

    Register an FIR at your district's Cyber-Crime Police Station. Carry the NCRP acknowledgement number. This is mandatory for both legal proceedings and recovery.

  5. 5

    Sanchar Saathi (Chakshu) — get the scammer's number blocked

    On sancharsaathi.gov.in/sfc, report the scammer's call/SMS/WhatsApp number through the Department of Telecommunications' Chakshu module. After verification, DoT blocks that mobile connection and handset — protecting future victims.

  6. 6

    RBI Integrated Ombudsman — if the bank doesn't resolve

    If the bank doesn't respond satisfactorily within 30 days, escalate at cms.rbi.org.in under the 'Reserve Bank – Integrated Ombudsman Scheme, 2021'. This is an independent, free appellate mechanism.

  7. 7

    NALSA / DLSA — free legal aid

    Under the Legal Services Authorities Act 1987, weaker sections and cyber-fraud victims are entitled to a free panel lawyer. NALSA Helpline: 15100 (toll-free). Rajasthan residents can directly approach DLSA Balotra / RSLSA Jaipur.

  8. 8

    Preserve every piece of evidence

    Every screenshot, SMS, call recording, transaction email, bank statement, scammer's UPI ID and number — keep them in one folder. Delete nothing — they will be needed at every stage in court.

Chapter V

Verified Helplines & Portals

The table that follows lists the principal helpline numbers and online portals maintained by the Government of India for the redress of cyber-fraud and cognate complaints. Each entry has been verified, in May 2026, against the official site of the issuing department. Readers are advised to commit at least the first three to memory.

ServiceNumber / URL
Cyber Crime Helpline (MHA / I4C)1930
Universal Emergency (ERSS)112
Women Helpline (MoWCD)181
Child Helpline (integrated with 112)1098
NALSA Free Legal Aid15100
UIDAI Aadhaar Helpline1947
PM-Kisan Helpline155261 / 011-24300606
CERT-In (cyber-incident reporting)1800-11-4949 · incident@cert-in.org.in
RBI Integrated Ombudsman (CMS)cms.rbi.org.in
Sanchar Saathi (Chakshu — DoT)sancharsaathi.gov.in/sfc
SEBI SCORES (investor complaint)scores.sebi.gov.in

Sources — Ministry of Home Affairs (I4C), Reserve Bank of India, NALSA, Department of Telecommunications, UIDAI, Ministry of Women & Child Development, SEBI, CERT-In, Ministry of Agriculture & Farmers' Welfare. May 2026.

Chapter VI

DLSA Balotra

Direct local contact for free legal aid

Free legal aid, in cases of cyber-fraud as in all other cases involving citizens of limited means, is a statutory right under the Legal Services Authorities Act, 1987. Citizens of Balotra district may approach the District Legal Services Authority directly, on the numbers and at the address set out below. The Secretary of the Authority is, at the time of writing, the Hon'ble Shri Siddharth Deep, RJS, to whose Cyber-Security Session at GSSS Jethantri this handbook owes its inspiration.

Hon'ble Shri Siddharth Deep (R.J.S.)

Secretary · District Legal Services Authority, Balotra

सचिव · ज़िला विधिक सेवा प्राधिकरण, बालोतरा

Legal Aid Helpline8306002103
Office Landline02988-294119
Official Mobile9358865708
E-maildlsa3balotra@gmail.com
NALSA Helpline15100

Chapter VII

The Cyber-Aware Certificate

Upon completing the simulation in full, every reader may, at the press of a button, generate a personally-named certificate, signed digitally by the Principal of the school. A specimen of the certificate is reproduced overleaf, that the reader may know what to expect.

G O V T. S R. S E C. S C H O O L, J E T H A N T R I
L E G A L L I T E R A C Y C L U B · C Y B E R S A F E T Y S I M U L A T I O N

Cyber-Aware Certificate

THIS IS TO CERTIFY THAT
[ Student Name ]

has, with diligence and discernment, completed the Cyber Safety Simulation — an interactive cyber-fraud awareness module of nine personas and twenty-seven scenarios, inspired by the cyber-security session conducted at this school by Hon'ble Shri Siddharth Deep, RJS, Secretary, District Legal Services Authority, Balotra, on the thirteenth day of April, in the year of our reckoning 2026.

DATE OF ISSUE
[Auto-generated]
CERTIFICATE ID
GSJ-CS-XXXXXX-XXXX

Sushil Kumar Sharma

Principal
Govt. Sr. Sec. School, Jethantri

— colophon —

This handbook was set in EB Garamond, designed by Georg Duffner after the sixteenth-century Romain de l'Université by Claude Garamont; running heads in Cormorant Garamond; and Devanagari passages in Noto Sans Devanagari.

Printed pages were composed at A4 portrait, single-column, with cream stock, deep-burgundy accents and a generous outer margin in the Oxford manner.

Stay alert.
Verify before you trust.
Report on 1930.

G S S S J E T H A N T R I · L E G A L L I T E R A C Y C L U B
gsssjethantri.in/cyber-sim