As another year comes to an end, the shocking cybercrime epidemic in India continues unabated. With impunity and alarming frequency, it appears there is no tactic that is too bizarre and no target that is beyond the reach of cyber fraudsters. Earlier this year, a doctor in Gujarat was kept under video surveillance for three months after he allegedly suffered a loss of Rs 19 crore during his digital-arrest. More recently, a former IG of Punjab Police was defrauded of over Rs 8 crore in an investment scam. Due to shock he shot himself in the chest.While the country’s law does not specifically recognize the concept of “digital arrest”, cases are reported every day from across India – mostly, examples of cyber criminals impersonating police and central security officials and using coercion and manipulation to wipe out people’s bank accounts.But there are many other ways they come for your money (see box), such as infecting your phone with forwards that transfer control, surprising you with video calls and altering footage for blackmail, or ‘pig slaughtering’ you with messages about lucrative investment returns.The number of cases and the amount of cash fraud involved has seen a rapid increase: 23 lakh cyber crime complaints were registered on the National Cyber Crime Reporting Portal (NCRP) in 2024, a 42% increase compared to 2023. And the loss from such frauds is estimated to be Rs 23,000 crore in 2024, which is 200% more than Rs 7,500 crore. 2023. As a one-headed monster that takes on new forms almost every month, cyber crime is no longer a battle that state police can fight and win within their limited jurisdiction. that would explain why Supreme Court ordered this month CBI To launch a comprehensive investigation into all digital arrest scams.Central cog for national problemBringing in the strength of a central agency was an overdue step. As a senior cyber cell officer in Delhi explained, “The main challenge lies in the complex inter-state and geographical linkages of these operations, where victims and criminals are separated not only by distance but also by a complex web of digital and financial layers.”Cyber crime presents a completely different challenge from that posed by traditional crime. In the ‘digital arrest’ scam, which is carried out over a video call that can last for hours, weeks, days or months, money is rapidly transferred through a series of what are known as ‘mule accounts’. These are usually located in far-off places and are opened using forged documents or in collusion with bankers. For example, money from ‘digital arrest’ in Delhi, Gurgaon, Bengaluru or Hyderabad can be sent to mule accounts in West Bengal, Uttarakhand and Gujarat. This is why recovery is only a fraction of the cash siphoned off, because by the time the maze of transactions is deciphered, the money has disappeared.In India, the two major hubs of cyber crime are Jamtara in Jharkhand and Bharatpur (Rajasthan), Mathura (Uttar Pradesh), and Nuh (Haryana). But an even more worrying dimension is the rise of large organized foreign operations in countries such as Cambodia, Laos, Vietnam and most recently Myanmar.
These are operations that run call-centre-style scam complexes, drawing their manpower from human trafficking victims, including Indians, who are lured by local placement agents with the lure of foreign jobs in data entry, IT and management. “Once trapped, these recruits are kept in prison-like conditions and forced to commit cyber crimes targeting their own countrymen,” a Delhi Police officer said.Many of these international operations have been traced to Chinese criminal syndicates that provide technical infrastructure such as apps and VoIP. A government official said, “The CBI is uniquely positioned to connect these disparate points: like a SIM card issued in one state, a bank account opened in another and an IP address originating in a third.”Banking, Telecom ViolationsThe digital pandemic has fueled the explosive growth of the Internet user base. While India has become an increasingly digital society, a large section of people remain digitally naive as new technology and devices are introduced at a later stage of life. But the uncontrolled cycle of cyber crime has also exposed major vulnerabilities in two critical pillars – the telecom sector and the banking system. Both have failed to create adequate security measures.“Fraudsters regularly exploit Know Your Customer (KYC) norms to illegally obtain large numbers of SIM cards. “They are equally capable of opening bank accounts, which are the lifeline of their operations,” said an investigator from Delhi Cyber Cell. The investigators said that systematically targeting senior citizens and women with pension funds in their accounts makes it clear that the scammers have access to customer data of banks.Recently, the CBI arrested the manager of a major bank in Mumbai for allegedly taking illegal bribes to process account opening forms, creating a channel for faster deposit of cyber crime proceeds. The accused is said to have facilitated the use of accounts which are linked to several cyber crime cases.Similar actions in the states like ‘Operation Insider’ by Telangana Police have led to the arrest of several bank officials for opening current accounts without due diligence in exchange for commission from fraudsters.It is international cybercrime syndicates in Laos, Cambodia, Myanmar and Vietnam that carry out the most complex fraud, increasingly deploying AI and deepfakes. These are the crimes that have so far proved most difficult for the police in Indian states to deal with. “The money taken from Indian victims is rapidly laundered, often converted into cryptocurrencies and then transferred internationally to accounts in countries such as China, Singapore and Vietnam to avoid detection,” a senior police officer said.What is counter attack?Spies may still have to adopt new tactics, but the fight against cyber crime is now much more organized than it was two years ago, which will help the CBI.The Indian Cyber Crime Coordination Center (I4C), through its Citizen Financial Cyber Fraud Reporting and Management System, has helped save approximately Rs 7,130 crore by facilitating faster freezing of funds. NPCI (National Payments Corporation of India) has also helped in preventing scam proceeds in real time. A centralized toll-free helpline number, 1930, has been launched for quick assistance in filing cyber crime complaints.The government has blocked over 11 lakh SIMs and nearly 3 lakh IMEI numbers linked to the fraud, underscoring the need for a coordinated, technological counter-attack. The creation of a ‘Suspicious Registry’ by I4C to flag suspicious bank accounts and the use of the ‘Reflection’ module to map criminal locations based on telecommunications and crime data are among other technological responses that have taken shape.“A state-of-the-art cyber fraud mitigation center has been set up at I4C. It has brought together major banks, financial intermediaries, payment aggregators, telecom service providers, IT intermediaries and representatives of states/UTs and police to tackle cyber crime, a government official said.CBI. hand over toBy combining domestic reach and cooperation with security agencies globally, CBI can serve as a key enabler and nodal point to bust complex, transnational cyber crime networks. Through special initiatives like Operation Chakra, the CBI is coordinating simultaneous raids on the financial nerve centers of cyber crime with organizations like the FBI and Europol. This is something that no state police force can do.The CBI can ensure that the digital trail of a crime – which may involve a victim in Delhi, a server in Europe and a criminal in South East Asia – is traced and documented for prosecution. Using the Bharatpol portal and its Global Operations Centre, the CBI can also create a bridge between state police forces and international intelligence, allowing real-time sharing of data. The strength of the CBI also lies in its role as the national central bureau for Interpol in India, giving it a direct line to law enforcement in over 190 countries.The agency is also equipped to carry out a large-scale crackdown on illegal call centers that are operating as hubs of international extortion. Furthermore, it has a superhuman mandate under Section 75 of the IT Act, which gives it legal authority to investigate any person, regardless of nationality, whose digital activities affect systems within India.
