“What started as a routine day quickly turned into a shocking lesson on the dark realities of cybercrime—one that exposed the flaws in our security systems and the uphill battle for justice.” Here is Air Commodore Nrip Kumar Mehta VSM(Retd) from Noida narrating his striking experience on cyber crime.
I am sharing my experience of losing my mobile phone and the subsequent financial loss I suffered but ended up in recovery of full amount.
October 14, 2024 – Mobile Snatching on a Moving Train
On October 14, 2024, while returning from Jaipur on the Ajmer-Delhi Shatabdi Express, my mobile phone was snatched in a shocking incident. At approximately 10:30 PM, about 10 minutes after the train crossed Delhi Cantt and was nearing New Delhi Railway Station, I got up and moved toward the door to make a call to my taxi driver. As I took my phone out of my pocket, a young man, approximately 20-25 years old, suddenly jumped onto the moving train from outside. He snatched my five-month- old OnePlus 12R and leaped out. I attempted to grab his hand, but he had applied oil, making it impossible to hold onto him. He fell from the moving train but quickly got up and ran away.
This was the second time in six months that I had lost a mobile phone. Earlier, my phone had been stolen from my back pocket at Indira Gandhi National Stadium, New Delhi. However, what followed was even more distressing than the theft itself.
The Struggle Begins
Upon reaching New Delhi Railway Station, I exited from the Ajmeri Gate side and proceeded to Kamla Market Police Station. There, I was advised to visit the Government Railway Police (GRP) office. When I arrived at the GRP office, I found it deserted. Concerned about losing contact with my taxi driver, I quickly returned to the pre-designated pickup point where my driver could spot me.
Once home, I promptly contacted JioCare to block both SIMs in my phone. At 11:54 PM, I received confirmation via SMS and email. The process was relatively smooth, thanks to a helpful customer care executive
October 15, 2024 – The Nightmare of Getting a Duplicate SIM
The next step was obtaining a duplicate SIM, which turned out to be an ordeal. After some effort, I found a Jio Store inside a Reliance outlet at Star Mall, Noida. Unfortunately, I was informed that the responsible executive would not be available until after 2 PM. I was advised to visit another Jio Store in Sector 120, Noida.
Absurd Jio Policy for Duplicate SIM Issuance
At the Sector 120 Jio Store, a disinterested employee informed me that Jio required Aadhaar-based e-KYC verification for issuing a duplicate SIM. However, since my Aadhaar biometrics were locked, I was advised to visit an Aadhaar Seva Kendra (ASK) to unlock them.
At ASK, located in a cramped basement of a Noida mall, I was met with a long queue of over 100 people. The help desk informed me that neither ASK nor UIDAI could unlock my biometrics. It had to be done by me through the mAadhaar app or the UIDAI website. However, this required an OTP sent to my registered mobile number—the very SIM that was lost! My only option was to apply for updating my Aadhaar with a new number, which involved filling out a form and enduring further delays. He gave me form for that. Next there was a waiting of 30 min for token and then lunch break. I decided to try checking from Jio care and some senior officials in UID.
Jio’s Customer Care: A Lesson in Frustration
Repeatedly, I called JioCare and requested callbacks, but I never received one. However, they were prompt in sending feedback requests after 30 minutes of every callback request, despite never actually calling me back. Through chat support, I was rudely informed that Jio would not issue a duplicate SIM unless my Aadhaar biometrics were unlocked.
Escalation to UIDAI
After considerable effort, I was able to connect with a senior UIDAI official in Mumbai, who assisted me in submitting my application at the Aadhaar Seva Kendra (ASK) located at Akshardham Metro Station, New Delhi, on October 15 at 4:01 PM. Although I was assured that the update would be processed within 24 to 72 hours, it ultimately took an entire seven days.
During this period, I reached out to the office of the Director General, UIDAI, only to be informed that my application number, as mentioned in the Aadhaar acknowledgment slip, was not even reflecting on their portal. The Mumbai-based UIDAI contact made attempts to resolve the issue from the backend, but without any success. In an effort to escalate the matter, I also posted a tweet on X, hoping for a response from the CEO of UIDAI. However, there was no reply.
Contact With Senior Jio Officials
Meanwhile, I reached out to two Jio AVPs, both of whom were supportive but unable to bypass the Aadhaar e-KYC requirement. Despite their willingness to help, the system’s dependency on Aadhaar authentication left them with no viable solution. The only response I received was from JioCare, which simply reiterated, “Get your biometrics unlocked on the Aadhaar website.”
Airtel vs. Jio: A Stark Contrast
When I lost my mobile in April 2024, my primary number was with Airtel. At that time also, my Aadhaar biometrics were locked, yet Airtel managed to issue me a duplicate SIM within two minutes without any hassle. In contrast, my experience with Jio has been riddled with delays and obstacles due to the strict Aadhaar e-KYC requirement. This situation makes me question, was porting from Airtel to Jio a mistake?
Police Complaint: An Uphill Battle
On October 15, I prepared a detailed complaint, including the mobile invoice and IMEI numbers, and went to the Sector 126, Noida Police Station around 5 PM. However, the response from the officers was far from encouraging.
Their first objection was about the language: “Ye to English me likha hai, isko padna padega” (This is written in English; we will have to read it). The second issue they raised was trivial—“Aapne application ke back side me invoice ki scanned copy kyu lagayi hai?” (Why have you attached the scanned invoice on the back of the application?).
After reading my complaint, they outright refused to register an FIR, arguing that since the theft had occurred in Train at Delhi, I should approach the Government Railway Police (GRP) at New Delhi Railway Station. My repeated requests for a Zero FIR, which should have been registered as per government guidelines, were completely ignored.
Online E-FIR Complaint on UP Police Website
Determined to file a complaint, I attempted to lodge an E-FIR on the UP Police website. What followed was an exhausting five-hour ordeal. The website was entirely in Hindi, making it difficult to navigate, especially while filling in all the required details.
After painstakingly completing the form, I had to take a printout, sign it, scan it, and upload it, a cumbersome process in itself. But just when I thought I was done, the website repeatedly displayed the error message in Hindi: “Samasya hai” (Error). No matter how many times I tried, I couldn’t get past this stage.
Frustrated, I finally gave up. To this day, the “samasya” persists, and I suspect it’s because I mentioned Delhi as the place of theft while trying to file an E-FIR in Uttar Pradesh. Uffff!
www.ceir.gov.in. CEIR Portal: A System Designed to Fail
The Government of India, Ministry of Communication has launched a website, www.ceir.gov.in, to help citizens block and track lost mobile phones using their IMEI numbers. On the surface, this seems like a great initiative.
However, there’s a flawed requirement, one cannot file an online complaint to block or track a lost mobile until they obtain a duplicate SIM for the same lost number. This means that unless your SIM is reissued, you’re helpless in preventing misuse of your stolen phone.
To highlight this absurdity, here is a screenshot of the website’s first page, where this impractical condition is clearly stated.
In an attempt to block and trace my lost mobile, I tried filing an online complaint on www.ceir.gov.in. However, the process turned out to be a complete joke.
To submit a complaint, the portal requires an OTP—but here’s the catch: the OTP is sent only to the lost mobile number. The system does not allow changing the number for OTP verification. This means that unless you first get a duplicate SIM, you cannot even report your lost phone!
As a result, I was able to finally lodge a complaint eight days after losing my mobile—by then, the damage was already done. What’s the point of blocking or tracking a phone after eight days?
The real question is, what logic is there behind sending an OTP to the very number that is lost and already blocked by the owner? How does the government expect users to retrieve an OTP from a non-existent, disconnected SIM? This flaw defeats the entire purpose of the portal.
CPGRAM & Social Media: The Game Changers
After personally speaking to two Jio VPs and still not receiving a favourable response for a duplicate SIM without Aadhaar-based eKYC authentication, I decided to escalate the matter. On October 17, I:
- Filed a complaint on CPGRAM (Centralized Public Grievance Redress And Monitoring System).
- Used social media to highlight my issue. Ms Needhi Sharma, a resident of Jaypee Wish Town helped me to connect with senior executive in JIO.
- Emailed the office of Mukesh Ambani, hoping for
To my surprise, this strategy worked! On October 19 at 4:30 PM, I received a call from Jio, informing me that my CPGRAM complaint had been noted, and they had decided to issue a duplicate SIM using paper-based Aadhaar verification.
Shortly after, at 5 PM, Mr. Gaurav Bhatia, Jio Delhi Circle Onboard Team Head, personally contacted me. He instructed me to visit the same Jio Store in Sector 120 to get my duplicate SIM that very day.
At the store, the manager was initially reluctant, but after some persuasion, he agreed to issue the SIM based on a photocopy of my Aadhaar. By 7 PM, I had the new SIM in my hands.
However, the activation process was still slow:
- October 20, 2 PM: The SIM was activated.
- October 21: SMS services were finally
It was frustrating that a simple process took so much escalation, but ultimately,
CPGRAM and social media pressure made Jio take action.
The Horror Unfolds
On October 21, 2024, at around 5 PM, as soon as SMS services were activated on my mobile, the first thing I did was check my bank accounts. That’s when my worst nightmare began.
While my accounts in two private banks were safe, my SBI savings account told a different story.
Between October 15 and October 17, 2024—the period when my SIM was blocked—a total of 17 unauthorized transactions had taken place.
? Total amount stolen: Rs 1,33,201.00
I was shocked and outraged! How could this happen?
- Without SMS access, I couldn’t even log into my own bank account, yet
scammers managed to withdraw money without any OTP verification.
- All my banking apps were secured with two-factor authentication (2FA), yet the fraudsters had bypassed every security layer.
It was clear that I was a victim of a highly sophisticated cybercrime, and the real battle was just beginning.
Report of Financial Loss to SBI, Sector 126, Noida
On October 22, 2024, at approximately 11:00 AM, I visited SBI, Sector 126, to report my financial loss. Ms. Mamta Thakur, the branch manager, was extremely supportive and understanding. She accepted my application and provided me with a four-page form for reporting financial loss. Additionally, she advised me to obtain a copy of the FIR, as the loss exceeded one lakh. Ms. Thakur kindly directed me to the Cyber Cell office at Sector 108, Noida Police Station. However, I found that more than three pages of the form were irrelevant to my case. After obtaining the form, I headed to Cyber Cell Sector 128, Noida to file a complaint with the Cyber Crime unit.
Report of Cyber Crime on www.cybercrime.gov.in
For over the past two years, I have been conducting workshops and classes to raise awareness about cybercrime. I have been educating people on what actions to take and how to respond if they fall victim to cybercrime. However, the time had now come for me to experience firsthand the very advice I’ve been giving others.
Website www.cybercrime.gov.in Not Responding
On October 21, 2024, I made multiple attempts to file a complaint on the website www.cybercrime.gov.in. After filling out the lengthy form and uploading required attachments, such as the invoice, I encountered a recurring issue. Each time I entered the captcha, the website would redirect me to the first page without providing any error message, preventing me from successfully submitting the complaint.
1930 All India Helpline Number – A Joke
As part of my workshops and lectures, I have often advised people to call 1930 to report cybercrime. However, when I tried to use the helpline myself, I encountered a frustrating issue. Each time I dialled 1930, my call was directed to the Delhi Police control room. Since I was calling from Noida, they refused to take my complaint and instructed me to dial again so it would reach the control room of UP Police in Lucknow. Despite trying over 50 times, my call always ended up with the Delhi Police. Following their suggestion, I also tried dialling 112, but that proved to be another futile attempt, as they too said they were helpless. I can’t help but wonder why 1930 is called an “All India Helpline” if I have to ensure my call reaches the Lucknow at UP Police control room. Frustrated, I gave up on 1930.
Visit to Cyber Cell Noida Police
On October 22, 2024, after my visit to SBI, I went to the Cyber Cell of Noida Police in Sector 108. After parking, I entered their well-maintained office and, after a brief wait, met with Head Constable Mohan Bharadwaj. He listened to my complaint regarding the cybercrime I had experienced and reviewed my case. He initially advised me to lodge the complaint online. When I explained the issues, I had faced with the online process, he agreed to assist me. After attempting for about 5 minutes and encountering the same problem, he suggested I delete my browsing history, clear the cache, and close all open tabs. Following his advice, I was finally able to successfully file the complaint on www.cybercrime.gov.in around 2:00 PM on October 22, 2024, and received a copy of the complaint.
Registering Complaint on 1930
Head Constable Mohan Bharadwaj was pleased to see my relief after successfully lodging my cybercrime complaint online. Motivated by my success, he kindly agreed to try reaching 1930 as well. Despite his persistent efforts, dialling 1930 10-15 times from three different phone numbers, he was unable to get the call to connect to the Lucknow UP Police Control room. Frustrated by the continuous failure, we both gave up, and I was unable to register the complaint through 1930.
SBI Response
Equipped with a copy of the cybercrime complaint acknowledgment showing a loss of over one lakh, I filled out the four-page form from SBI and submitted it to the manager at the Sector 126 branch on 22 Oct 24. However, later in the evening, the manager called to inform me that SBI’s backend team required an FIR rather than just a complaint. I managed to file an e-FIR on the Noida Police website and received a copy for SBI’s records. Unfortunately, the UP Police later on rejected my e-FIR without providing any explanation.
In addition to the hard copy of my complaint, I also sent a detailed email outlining all
17 transactions totalling a loss of Rs. 1,33,201. On October 25, 2024, SBI acknowledged my email by sending 35 automated emails and 35 SMS messages, each transaction receiving its own SMS and email, including some duplicates. This created confusion and wasted a lot of time and effort. SBI issued 17 ticket numbers for my complaints.
On October 25, 2024, SBI sent another batch of 17 emails, each stating: “BHIM SBI PAY (UPI) – UPI PAYMENT/TRANSFER – AMOUNT TRANSFERRED INTO WRONG ACCOUNT has been investigated. We would like to inform you that for merchant transactions, there is no option to raise a wrong transaction chargeback. Hence, we request you to get in touch with the merchant bank (Yes Bank) and account number (1425000000051).” Each of these 17 emails had different numbers and transaction details.
These same emails were repeated on October 28, 2024, with similar content, which reflects poorly on SBI’s administrative efficiency.
I was surprised that SBI referred to these transactions as “wrong transactions” instead of unauthorized transactions, which occurred without my knowledge, without OTPs, and without my valid authorization. None of the 17 transactions had any record in the history of my BHIM app transactions, as alleged by SBI.
Despite the confusion, I didn’t give up and took the time to respond, as I was out of India for a week. On November 11, 2024, I challenged SBI’s response by sending 17 emails, one for each transaction, clearly explaining how these transactions were not “wrong” but indeed unauthorized.
Lack of Proper Response from SBI
SBI did not respond to my representation dated November 11, 2024. I followed up by sending a reminder on December 6, 2024. In this reminder, I provided full details of the scammers involved in the 12 transactions, including their names, addresses, bank accounts, mobile numbers, and current balances in their accounts.
On December 24, 2024, I personally visited the SBI branch and met with the manager. I informed her that I would not give up and that I would take SBI to court if necessary. I also sent a second reminder to SBI on the same day, which seemed to prompt a response from the bank.
This time, the manager herself took the initiative to reclassify my complaint as “unauthorized transactions” instead of “wrong transactions.” The email response was sent on December 24, 2024, acknowledging my complaint with 35 system- generated emails. The content of the email was as follows:
“Dear NRIP KUMAR MEHTA,
Thank you for banking with us. Customer Care Case: 569396635 has been recorded for UNAUTHORIZED TRANSACTION – UPI (BHIM SBI PAY / GPAY / PHONEPE/ PAYTM, ETC.) – TRANSACTION NOT DONE BY THE CUSTOMER and will be resolved within 90 days. In case of any further queries, please contact our Customer Care Team or visit your nearest Branch.
If you have not raised this issue, kindly contact Customer Care service immediately. This is a system-generated email. Please do not reply.
Thank you,
SBI Bank Customer Care”
Complaint to RBI Ombudsman
Along with my second reminder to SBI on December 24, 2024, I also filed a representation with the RBI Ombudsman. I attached all relevant documents, including SBI’s responses and a tabulated form detailing the 12 transactions. The table included the names, addresses, bank accounts, mobile numbers, and current balances in the beneficiaries’ accounts. I submitted this complaint via email to the RBI and also lodged it on their website.
Fresh Response from SBI
After my second reminder and representation to the RBI, on December 26, 2024, SBI responded again through 12 system-generated emails. This time, SBI informed me that a shadow account had been created, and an amount equal to each transaction had been placed in that shadow account. The contents of the 12 similar responses from were as follows:
“Greetings from SBI!
Dear Customer,
Shadow amount Rs. 20,000.00 marked in your a/c XXXXX011062 for ticket no. 0000000569416279. Please contact your home branch for submitting necessary documents.
SBI”
This was first positive indication.
Final Outcome
While I was initially disappointed by the lack of progress after more than 30 days following my representation to the RBI, I was seriously considering legal action. However, I was pleasantly surprised to receive an SMS at 4:28 PM on February 1, 2025, notifying me that an amount of Rs. 1,33,201.00 had been credited to my account by the bank. In disbelief, I immediately called the SBI manager. She was also surprised but checked my account and confirmed that it was indeed a genuine transfer. It took 107 days to get my money back.
On February 3, 2025, at 10:11 AM, an official from the RBI called to confirm whether I had received the amount and if I was satisfied with the outcome so that they could close the complaint. At my request, the official explained how the case had been decided in my favour. According to him, the exhaustive details of the case, foolproof documentary evidence submitted by me, my persistence in following up, and SBI’s complete failure to justify the unauthorized transfer had worked in my favour.
This call was followed by an email from the RBI confirming the closure of my complaint.
If the Educated Struggle, What Hope for the Common Man?
Having shared the full details of my case, I can’t help but wonder: If someone like me, who is well-educated, tech-savvy, and aware of cybersecurity, faced such difficulties, what would be the situation for others who are less privileged?
I humbly request that the concerned ministries or agencies kindly consider the following suggestions:
1. Ministry of Communications
The requirement for an OTP to be sent to the mobile number that has been lost should be removed from www.ceir.gov.in. In cases like mine, it is not always feasible for someone who has lost their mobile to immediately obtain a duplicate SIM. Requiring a person to wait 4-5 days for a duplicate SIM defeats the purpose of lodging a complaint on www.ceir.gov.in. I suggest incorporating a provision for receiving the OTP via email or an alternate mobile number.
2. I4C & National Cyber Crime Reporting Portal
There should be clear guidelines and notices on the National Cyber Crime Reporting Portal, advising users to clear all cache and history, and to close all tabs before registering a complaint. Additionally, if there is any lapse in the registration process, the user should receive a response explaining why the complaint was not registered, instead of being redirected to the homepage.
3. Unique Identification Authority of India (UIDAI)
UIDAI has been promoting the locking of biometrics on Aadhaar for added security and safety. However, as I mentioned earlier, this additional security became a major hurdle when I tried to get a duplicate SIM from JIO. I request UIDAI to consider authorizing Aadhar Seva Kendras (ASK) to unlock biometrics when the person presents themselves in person.
Does UIDAI consider OTP sent to the registered mobile number as more secure and authentic enough to unlock biometrics than by doing so in physical presence of individual in ASK? Additionally, why does it take more than 7 days to update a mobile number, when the usual prescribed time is 24-48 hours? This delay occurred despite my efforts to follow up with the highest possible officials.
4. JIO & Ministry of Communications
Why does JIO have a different policy compared to Airtel and other service providers when it comes to issuing a duplicate SIM? In the case of a lost mobile or SIM, when the person who originally held the SIM presents themselves at the JIO store with a physical copy of their Aadhaar card, why is e-KYC through Aadhaar authentication still required? While this may be necessary for the first-time issuance of a new SIM, it defies logic in the case of issuing a duplicate SIM to the original customer.
5. Ministry of Home Affairs – 1930
The Government of India, including the Prime Minister, promotes reporting cybercrimes on the all-India toll-free number 1930. However, what is the point if a call made from Noida ends up in the Delhi control room instead of Lucknow? How can a victim ensure that their call is routed to the control room in their city or state?
6. Ministry of Home Affairs – Lodging of FIRs
Lodging an FIR remains a nightmare for the common man. For example, Sector 126 Noida police denied me an FIR, stating that the theft of my mobile had occurred in a train, so I should go to the GRP. The GRP in New Delhi told me to visit the GRP at Delhi Cantt. Additionally, my online e-FIR was rejected by the UP Police website without any explanation. The reason for rejection was unclear. There is an urgent need for the implementation of a “One India One FIR” (OIOF) system.
7. SBI – A Total Failure
While I appreciate the response of Ms. Mamta Thakur, who, despite her lack of experience in cybercrime, tried her best to understand the situation and assist as much as she could, the backend team of SBI has been a total failure. Sending 35+35+35 autogenerated emails in response to my one application is completely unnecessary. While I understand that the system treats each transaction as a separate case, this approach defeats the purpose and only serves to confuse both the customer and the officials handling the case.
SBI’s labelling of the transactions as “wrong transactions” rather than “unauthorized transactions” is an unprofessional approach. If an official from the RBI can call me to inquire about my concerns, then why has no one from SBI ever called me? After all, I have been their customer for the past 40 years.
RBI
To be honest, I never expected RBI to act so proactively or provide a decision so promptly. I am truly appreciative of the action and response from RBI. My wholehearted salute to Team RBI.
My saviours
Before I conclude I must thank all those who helped me in my fight for justice. These are:
- Ms Mamata Thakur, Manager SBI, Sector 126,
- Head Constable Mukesh Bharadwaj, Sector 108, Cyber Cell Noida
- Sub Inspector Sushil Singh, Cyber Cell, Thana, Sector 126, Noida
- Mr Rajesh Sharma, Ex IAF, currently in
- Ms Needhi Sharma, helped me to connect with
