decorative image for platform fraud
Posted inFraud Bharatiya Nayaya Sanhita IT Act

How to combat platform fraud and pursue legal action

No Comments

Platform fraud victims and cyber law professionals, this guide is for you. Learn to preserve digital evidence, file winning complaints with the cyber cell, and use consumer forums effectively. Master the Bharatiya Nyaya Sanhita and IT Act to hold platforms accountable and recover stolen assets. 

Introduction

“I need your help. And before you say anything: yes, I know I should have called you earlier.”

I looked up from my coffee to see Ananya, my school friend, who was standing in my office looking like she had not slept in days.

“What happened? Sit, sit. You are scaring me.”

She collapsed into the chair. “Remember that investment app I told you about? The one with the celebrity endorsements and promises of 40% returns?”

“The classic too-good-to-be-true setup,” I nodded. “These platforms are exactly why fraud is not just another category of cybercrime anymore; it is an entirely new beast that is rewriting the rules of legal practice.”

Here is what we are dealing with: fraudsters have evolved from street cons to digital architects, building elaborate schemes across e-commerce sites, fintech apps, trading platforms, and job portals. They are not just stealing money; they are exploiting the very basis of trust that platforms are built on.

And platforms? They are playing a different game altogether. Armed with terms of service longer than our Constitution and arbitration clauses tighter than a Swiss vault, they have built fortresses of legal immunity.

But here is what fraudsters did not count on: lawyers who refuse to accept “it is just how platforms work” as an answer.

This is not your typical legal guide. Consider it a masterclass from someone who has been in the trenches, fighting platform fraud cases when judges still asked, “What is an IP address?” I will share the skills that actually matter, the strategies that work, and most importantly, how to get results when everyone has told you there is no recourse.

Ready to dive right into it? 

Understanding platform fraud 

Remember when fraud meant bounced cheques and forged signatures? Those were simpler times.

Today’s fraudsters do not need a fake stamp or a practised signature. They need a laptop, basic photo editing skills, and an understanding of human psychology. And the results are devastating.

Let me share some real cases from my practice that will help you understand what we are  up against:

Case 1: The phantom electronics store

Rajesh thought he scored a deal, an iPhone 14 Pro at 60% off on a major e-commerce platform. The seller profile showed 4.7 stars, 200+ reviews. Payment made, order confirmed. Then silence. The seller vanished, the platform claimed “marketplace model,” and Rajesh was left with a Rs. 65,000 hole in his savings.

Case 2: The credit card harvesting scam

Meera received an SMS: “Your HDFC credit card reward points expire today. Click here to redeem.” The link led to a perfect replica of the bank’s website. She entered her card details to “verify.” Within hours, Rs. 2.8 lakhs vanished through international transactions. The SMS? Sent through a bulk messaging platform that claimed “we only provide the service.”

Case 3: The trading platform trap: 

An IIT graduate, Arjun, fell for a sophisticated derivatives trading platform advertising on social media. The platform showed real-time market data, a professional interface, and even provided “practice” profits. After investing Rs. 15 lakhs of his father’s retirement fund, the platform froze his account, citing “unusual trading patterns.” The company? Registered in Seychelles, operated from unknown locations, and advertised through Indian influencers.

What makes platform fraud particularly insidious?

It is the veneer of legitimacy.

These are not Nigerian princes asking for bank details. These are professional-looking platforms with GST numbers, customer support (initially), and social proof. They exploit our trust in technology and the assumption that “if it’s online and has an app, it must be legitimate.”

Common types of platform fraud 

Let me break down the different types so you understand where your case fits and also what others are facing.

1. The E-commerce con artists

Ananya, you might think major e-commerce platforms would be fraud-proof by now. Think again.

Fake seller profiles: Remember the “Great Diwali Electronics Scam of 2023”? Over 3,000 buyers across India ordered discounted electronics from sellers with names like “TechDeals Premium” and “GadgetWorld India.” These sellers had somehow gamed the platform’s rating system, showing 4.5+ stars despite being active for just weeks. Orders were marked “shipped,” tracking showed movement, then… nothing. The packages never existed.

Refund manipulation: Here is a sophisticated one. Fraudsters order high-value items, claim non-delivery despite receiving them, and demand refunds. They have studied platform policies better than platform employees. One group I helped prosecute had defrauded Amazon and Flipkart of over Rs. 2 crores using variations of this scheme.

2. Fintech’s dark side

So you will see how the RBI’s push for digital payments created opportunities for both innovation and fraud.

KYC identity theft via apps: “Complete your KYC in 2 minutes!” These apps promise easy onboarding for financial services. What do they actually do? Harvest your Aadhaar, PAN, and selfies to create fake loan accounts. One client discovered 14 microfinance loans in his name across different NBFCs. His crime? Using a “helpful” KYC app recommended in a WhatsApp forward.

UPI’s shortcoming: Those QR codes everywhere? They are not always what they seem. Fraudsters create payment pages that look identical to legitimate ones but with tweaked UPI IDs. You think you’re paying “paytm-grocery@paytm” but it’s actually “paytnn-grocery@paytm” (notice the double ‘n’?). By the time you realise, the money’s gone.

3. Trading platform nightmares

This is where things get really ugly, Ananya, and this is exactly what happened to you

The classic pump-and-dump evolution: Old scheme, new platform. Fraudsters create trading platforms offering “exclusive” penny stocks or cryptocurrencies. They show artificial price movements, encourage investments, pump the prices through fake trades, then vanish. The platform, the stocks, the entire ecosystem: all fake.

Subscription Traps with a Twist: “Free trial for premium trading signals!” Sounds harmless? These platforms auto-debit Rs. 9,999 monthly after the trial, hidden in 6-point font in their T&C. When you protest, they have your signed consent. When you try to cancel, the website conveniently “undergoes maintenance.”

4. Job portal wolves

In a country desperate for employment, job fraud hits differently.

The Registration Fee Racket: “Congratulations! You are selected for TCS/Infosys/Wipro. Just pay Rs. 5,000 for document verification.” These fraudsters have cloned entire HR processes, complete with fake offer letters on authentic-looking letterheads, video interviews with “HR managers,” and even background verification calls.

Data Harvesting Operations: Some platforms exist solely to collect resume data. They sell your information to everyone from loan sharks to identity thieves. That random loan call you got? It might be because you uploaded your resume to “GlobalJobsPortal.com” last month.

Now, let us talk law. But not the boring, section-by-section way.  I will explain how each law can help us get our money back

1. Bharatiya Nyaya Sanhita 2023 (BNS) 

Section 318 (Cheating) is your workhorse. 

But here is what most lawyers miss: we need to establish “dishonest inducement” from the outset. Platform fraud often involves sophisticated inducement. Document how the platform created trust. Was it through fake reviews? Manipulated algorithms? Professional appearance?

Pro tip from my experience: Do not just cite “cheating.” Build a narrative. In a recent case, I demonstrated how a trading platform spent Rs. 50 lakhs on Google Ads, specifically targeting “safe investment India” keywords. This showed premeditated intent to deceive risk-averse investors.

Section 319 deals with cheating by personation. Crucial for cases where fraudsters impersonate legitimate businesses. That “HDFC Bank” SMS? If it’s from fraudsters, this section applies.

2. Information Technology Act 2000

Section 66C (Identity Theft): Not just for Aadhaar fraud. Any case where someone uses another’s digital identity, including creating fake seller profiles using stolen business registrations, falls here.

Section 66D (Cheating by personation using computer resource): This is beautiful when combined with BNS. I have used this for everything from fake trading platforms to counterfeit payment gateways.

Here is what most lawyers do not know: Section 66D has a wider ambit than traditional cheating. You do not need to prove direct financial loss. Even attempted personation using digital means is punishable.

3. Consumer Protection Act 2019

This Act changed everything by introducing the E-commerce Rules 2020.

Direct platform liability: As per these rules, platforms cannot hide behind “we are just intermediaries” anymore. If they fail to display seller details, do not have grievance mechanisms, or allow counterfeit goods, they are liable.

4. Consumer protection guidelines issued by the RBI 

Master circular on digital payment frauds is your bible for fintech cases. Key provisions:

  1. Mandatory reporting of fraud within 24 hours
  2. Customer liability limits (Rs. 5,000 – Rs. 25,000 depending on reporting time)
  3. The platform’s obligation to maintain transaction logs

Let me be candid here, traditional legal education did not prepare us for this.

1. Digital evidence handling 

Screenshots are kindergarten stuff. Real digital evidence handling means understanding:

  1. Metadata mastery: That WhatsApp chat screenshot? Worthless without metadata showing timestamp, sender details, and message hash. Use tools like WhatsApp’s “Export Chat” feature, which provides forensically sound evidence.

Last month, a friend told me how an opposing counsel in one of his matters presented edited screenshots. He demonstrated manipulation by showing metadata inconsistencies. Case dismissed.

  1. The chain of custody challenge: Digital evidence is fragile. One wrong move and it is inadmissible. Here is my protocol that we will follow for your case:
  • Use hash functions to create digital fingerprints
  • Document every access to evidence
  • Store on write-protected media
  • Create contemporaneous certificates under section 65B of Bharatiya Sakshya Adhiniyam 2023. 
  1. Mobile forensics basics: Learn to preserve mobile evidence properly. Tools like Cellebrite are not just for police anymore. Private forensic experts can extract deleted data, recover app databases, and trace digital footprints.

2. Platform architecture 

You cannot fight what you don’t understand, Ananya. So you can either understand it yourself or have a technical consultant on board who can help you out in understanding the following key concepts: 

  1. API (application programming interface) exploitation patterns: Most platform frauds exploit API vulnerabilities. Understanding REST APIs, authentication tokens, and rate limiting helps you identify how fraudsters operate. In a recent case, I demonstrated how fraudsters used API calls to create 10,000 fake reviews in one hour, technically impossible through a normal user interface.
  2. Terms of service archive: Platform T&Cs are deliberately obtuse. I maintain a database of T&C versions for major platforms. Why? Platforms often change terms post-fraud to limit liability. Having historical versions proves what terms actually applied during your client’s transaction.

3. Drafting for digital crimes 

Forget generic complaint templates. Digital fraud complaints need surgical precision.

  1. The perfect complaint structure:
  • Opening lines: Start with the financial loss and platform details. “Complainant lost Rs. 5,00,000 through fraudulent trading platform ‘QuickTrades’ operating via website www.quicktrades.io and mobile application.”
  • Technical details: Include IP addresses, transaction IDs, wallet addresses, timestamps in UTC and IST. Precision is always appreciated. 
  1. Legal notice: 

Your case calls for a different approach. Here is what we will be including in your legal notice: 

  • Specific API calls that enabled fraud
  • Platform policy violations with section references
  • Data preservation demands 
  • The threat of representative suits if the platform has multiple victims

4. Consumer forum strategy 

  1. Jurisdiction shopping: File where the platform’s terms would least expect. Most platforms designate arbitration in Mumbai/Bangalore. But remember that consumer forums have overriding jurisdiction. 
  2. Evidence packaging: Consumer forums are not criminal courts. They appreciate:
  • Simple flowcharts showing fraud progression
  • Comparative tables of promised vs. delivered
  • Video demonstrations of platform failures
  1. Platform deficiency documentation: Platforms must provide:
  • Seller verification documents
  • Transaction logs
  • Grievance records
  • Compliance certificates

We will be incorporating these pointers in your complaint articulately. 

5. Cross-border complications 

I am sure you are aware that platform fraud rarely respects borders.

  1. Mutual Legal Assistance Treaties (MLAT): You see, theoretical knowledge is not enough. I network with lawyers in Singapore, Dubai, and Eastern Europe (common destinations) to obtain fraud proceeds. Quick action through local counsel often works better than lengthy MLAT processes.

As the name suggests, MLAT is nothing but bilateral agreements between countries that provide for international cooperation and assistance in criminal and civil matters. They allow countries to assist each other in tasks like collecting evidence, examining witnesses, and executing court orders. 

  1. Cryptocurrency tracing: I have learnt blockchain basics. Tools like Chainalysis and CipherTrace are expensive but invaluable. In one case, we traced Bitcoin through 15 wallets across 4 exchanges to finally freeze funds in Binance.
  2. Domain and hosting Intel: Most fraud platforms use:
  • Cloudflare for anonymity
  • Offshore hosting in Russia/Netherlands
  • Domain privacy protection

Summoning Cloudflare under Section 94 of the Bharatiya Nagrik Suraksha Sanhita 2023 (BNSS) often reveals the actual server locations.

And, what is the best defence? It is a crushing offence.

  1. John Doe orders: Get blanket injunctions against “unknown defendants” operating fake platforms. Various courts have passed orders that require:
  • Internet service providers to block fraudulent domains
  • Payment gateways to freeze suspicious accounts
  • Google/Facebook to preserve advertiser data
  1. Asset freezing: Be quick. Within hours of the complaint, I usually advise:
  • File an application under section 102 of BNSS for property attachment
  • Send notices to all banks under the fraud platform’s registered address
  • Alert payment gateways and wallet companies
  • File LOC requests if the platform directors are identified

Speed matters. In 24 hours, money moves through 10 jurisdictions.

7. AI and fraud pattern recognition

Welcome to the future of legal practice.

Pattern analysis tools: Cybercrime lawyers use Python scripts to analyse:

  • Common phrases in fraud platform terms
  • Registration patterns (bulk domains registered simultaneously)
  • Review posting patterns (temporal clustering indicates fake reviews)

This technical analysis impresses judges and demonstrates sophisticated investigation.

8. Know the red flags

This is what I personally look out for: 

  • Domain age < 6 months: Red flag
  • No physical address verification: Red flag
  • Payment only through wallets/crypto: Red flag
  • Exponential user growth claims: Red flag
  • Stock photos for team members: Run away

The complaint roadmap 

Let me tell you how I plan to stratergize your case. 

Step 1: Evidence lockdown (First 24 hours)

Immediate actions:

  • Screenshot everything with timestamp apps (not regular screenshots)
  • Export all chats with headers
  • Download the platform app APK (they often disappear)
  • Record screen while navigating the platform (shows functionality)
  • Preserve payment receipts in the original format

You must send the aforesaid documents to your client immediately: “As of [date/time], I have preserved the following evidence related to fraud on [platform name]: [list]. Hash values for digital files: [values]. This email serves as documentation.”

Why? Establishes timeline and evidence integrity.

Step 2: Platform pressure (Day 1)

Before police complaints, squeeze the platform.

  1. Grievance bombardment: We won’t send just one complaint. We will send to:
  • Nodal officer (mandated under IT Rules)
  • Grievance officer (under Consumer Protection)
  • Compliance officer (if payment platform)
  1. What will our complaint contain (in addition to brief facts, of course)? 
  • Liability under platform rules
  • Criminal prosecution possibility
  • Class action suit warning

Platforms fear publicity. Mention “considering media approach” subtly.

Step 3: Cyber Crime Portal (Day 2-5)

The National Cyber Crime Portal (cybercrime.gov.in) is your friend, but most lawyers use it wrong.

Category selection matters: We won’t just select “online fraud.” Be specific:

  • Financial fraud → Online Banking/Trading fraud
  • E-commerce → Online shopping fraud
  • Job fraud → Fake website category

Each route leads to different specialised cells.

Here is how we shall structure your complaint.  

INCIDENT SUMMARY (100 words max):

On [date], the complainant lost [amount] through [platform] due to [specific fraud type]. Evidence preserved includes [list]. The accused is identifiable through [details]. Immediate action is required to prevent further victims.

DETAILED DESCRIPTION:

[Chronological narrative with evidence references]

SUSPECT DETAILS:

Platform: [Name, URL, App details]

Operators: [If known]

Bank Accounts: [All identified]

Digital Footprints: [IPs, emails, phones]

LEGAL PROVISIONS:

[Specific sections – do not write “relevant sections of IPC”]

RELIEF SOUGHT:

1. FIR registration

2. Immediate fund freezing

3. Platform takedown

4. Accused arrest

Step 4: Local police/Cyber cell (Day 5-7)

Online complaints often languish. Physical presence matters.

The documentation dossier will bring: 

  • Complaint in triplicate
  • Evidence pen drive (with index)
  • Notarized affidavit
  • Certificate under section 65B of the IT Act 2000
  • ID proofs

Speaking cop language: Police understand:

  • Clear financial loss
  • Identified the accused (even if with fake names)
  • Specific sections violated
  • Evidence readily available

We won’t lecture on technology. We will simplify: “Accused created fake platform, induced investment, stole money, evidence attached.”

We also need to get an acknowledgement with the diary number, officer name, and date/time stamp.

Step 5: Escalation ladders (Day 7-14)

In case the local police refuse to file the FIR, we can approach either of the following remedies: 

  1. SP/DCP complaint: Email and physical letter to:
  • Superintendent of Police (district)
  • DCP Cyber Crime
  • Copy to Commissioner

Include the original complaint, acknowledgement, and the inaction complaint.

  1. We may need to approach judicial magistrates, who can then direct the police to register an FIR. File application with:
  • Original complaint
  • Police inaction proof
  • Urgency affidavit
  • Court fee

Step 6: Parallel forum shopping 

When other avenues for remedy are open to me, I do not just rely on one forum. We can consider approaching the following forums (for the reliefs provided thereunder) simultaneously: 

  1. Consumer Commission via eDaakhil:
  • Compensation for service deficiency
  • Platform liability for enabling fraud
  • Mental agony damages
  • Litigation cost recovery
  1. RBI Ombudsman (for fintech):
  • Strict 30-day timeline
  • Platform license implications
  • Faster than courts
  1. SEBI SCORES (for trading platforms):
  • Regulatory action
  • Investor protection fund access
  • Platform suspension powers

Step 7: Asset recovery mechanisms

FIR is just the beginning. Recovery needs aggression.

Application under section 102 of BNSS: File immediately for:

  • Freezing all platform accounts
  • Attaching movable/immovable property
  • Production of documents from banks

Civil recovery suit: Parallel to a criminal case:

  • Summary suit under order XXXVII of the Civil Procedure Code, 1908 
  • Ex parte injunctions
  • Mareva injunctions for asset freezing
  • Worldwide freezing orders if needed

Platform-specific battle strategies

Each platform type needs different approaches.

  1. E-commerce platforms

Amazon/Flipkart fraud protocol:

  1. Seller details requisition under E-Commerce Rules 2020 under the Consumer Protection Act 2019
  2. Transaction trail from the platform payment system
  3. Warehouse verification for phantom shipments
  4. Algorithm manipulation evidence (sudden rating spikes)

Winning Argument: Platforms profit from each transaction (commission). They are not neutral intermediaries but active participants who failed due diligence.

B. Trading/investment platforms

The incident with you falls under this bracket. 

Unregistered investment advice is illegal. Most fraud trading platforms violate:

  • SEBI Investment Advisers Regulations
  • SEBI Portfolio Managers Regulations
  • Collective Investment Scheme prohibitions

File complaints with SEBI before the police. Regulatory violation strengthens a criminal case.

So when you approach the SEBI, ensure that you have the following documents in place: 

Order matching logs

  • Price feed sources
  • Liquidity provider agreements
  • Custodian certificates

Absence proves platform illegitimacy.

C. Fintech/payment apps

RBI’s strict stance: Recent guidelines make platforms liable for:

  • Customer fund safety
  • Transaction reversal mechanisms
  • Grievance resolution timelines
  • Fraud reporting to FIU-IND

Non-compliance? The license cancellation threat works wonders.

The chargeback chase: For card transactions:

  • Initiate a chargeback with the issuing bank
  • If denied, approach Banking Ombudsman
  • Parallel criminal complaint
  • Consumer forum for compensation

Success requires persistence and documentation.

What can you do to avoid it? 

Before leaving, Ananya posed the question every fraud victim asks: ‘What should I have done differently to avoid this?'”

My response is very well captured in the infographic below: 

Conclusion 

Platform fraud is not just another practice area; it is the future of criminal law. Every day, thousands of Indians lose their savings to digital predators hiding behind corporate veils and terms of service. The platforms think they have won with their fortresses of arbitration clauses and liability limitations. They are wrong.

We are not just lawyers anymore. We are digital detectives, technical translators, and the last line of defence against platform predators. Your clients need warriors who speak both law and code, who can chase fraudsters through virtual worlds and emerge victorious in real courts. The tools are here. The laws exist. The question is not whether you will encounter platform fraud; it is whether you will be ready when you do. Time to become the lawyer platform that fear and fraudsters flee from.

Glossary of technical terms used in the article

Every time technical jargon like ‘Cloudflare’ or specialised legal terms like ‘Mareva Injunction’ come up in our conversations, Ananya looks puzzled. This glossary is my solution to break down each concept with practical examples so she can grasp not just what these terms mean, but how we actually use them to fight digital fraud.

Tags:
Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *