The mobile phone has been weaponised by predators over the years to such a degree that folks can be forgiven for thinking they’re too savvy to fool. But this is happening—and to people who might think they should know better. Things are so bad that even Prime Minister Narendra Modi brought it up recently, asking people to be vigilant.
Anyone who watches TV or consumes social media will tell you that the last people they want to hear from are officials of the Narcotics Control Bureau (NCB), the Central Bureau of Investigation (CBI), the Directorate of Enforcement (ED), income tax, or even the local police. Because they all know what happens after that. It’s this very terror that scamsters and bad actors are preying on.
Generally, the first approach is through a call alerting the recipient to a parcel from overseas that contains drugs, an Aadhaar card that’s been misused, a phone number linked to illegal activity, a family member caught committing a crime.
The callers demand compliance and manage to convince victims they’re neck deep in trouble, convincing them of the dire repercussions they face.
Then comes the digital arrest. Someone posing as police or tax officials will video call them, levelling false charges, adopting a tone that varies between cajoling and threatening, essentially in order to destroy the victim’s psychological defences.
Discover the stories of your interest
They then order their victims to stay in one place–usually their homes—because they are under ‘digital’ arrest. They are instructed not to contact anyone and the only way they can avoid punishment is by paying, by online transfer.These ‘officials’ appear to be in a police station, tax office or a federal investigation agency. They also wear official-looking uniforms and display IDs to appear legitimate. Deepfake videos and false arrest warrants have also been reported as part of such criminal activity.
Also Read: AI-generated scams to increase cyber risks in 2024
“These scams are not new. We have seen some iteration of them since Covid and India’s rapid digitisation,” cybercrime investigator and founder of V4WEB Cybersecurity Ritesh Bhatia told ET.
“It all started with the FedEx scams. Then came the TRAI (Telecom Regulatory Authority of India) and high court scams. These are all types of digital arrest scams which have gotten so bad today that we needed the Prime Minister to swoop in and address them because this is affecting everyone and ultimately, is a huge loss to the exchequer.”
During his warning earlier this week, Prime Minister Modi clarified that digital arrests do not exist in Indian law and no enforcement agency would ever ask citizens for personal details by phone or video call.
Indians lost Rs 120.3 crore in digital arrest scams alone in the first quarter of 2024, according to reports based on Ministry of Home Affairs (MHA) data. This form of cyber fraud was one of the top categories of scams reported to the Indian Cybercrime Coordination Centre (I4C), which handles cybercrime complaints.
Data from the National Cybercrime Reporting Portal (NCRP) also showed the escalation in cyber complaints, with 740,000 filed in the first four months of 2023, up from 452,000 in 2021.
“At its very core, digital arrest scams are rampant because they exploit social engineering, driven by fear rather than technical issues,” said Wriju Ray, chief business officer at identity verification company IDfy. “The exponential rise in digital arrest cases over the past year calls for a proactive approach to block these UPI handles or accounts.”
Ray said that platforms like WhatsApp should foster a secure environment by actively blocking reported numbers and conducting thorough verification of businesses registered on the platform.
“Additionally, scammers use mule accounts to accept payments from victims, avoiding detection,” he said. “This vulnerability arises from lax KYC (know your customer) norms, which compromises identity security. Stricter KYC regulations are essential to prevent misuse.”
Also Read: Indians faced over 10 million internet-borne cyberthreats during April-June quarter: report
Bhatia agreed that the onus was on intermediaries to detect suspicious activity. He said they could not shirk responsibility and had to be held accountable.
“Intermediaries including telecom providers, banks, NPCI and Skype boast of the most advanced AI/ML capabilities but why is it that this technology is not able to detect and suspend such scammers?” Bhatia said.
“Many of these scammers use Skype or Zoom to get on a video call. Why is it that they have not been able to take any action? Even banks need to step up. People are losing crores because of these scams and the banks should be able to shut down an account if it is an unusual transaction as a precautionary measure.”
He went on to say telecom authorities need to tighten their grip on how SIM cards are doled out to ensure that they are not given with lax know your customer (KYC) protocols.
Further, when a complaint is made, the bank accounts, IP address and mobile network should be tracked down and these scammers should be brought to book.
Ibrahim Khatri, cofounder and CEO of data privacy management firm PrivEzi, said that understanding digital arrest scams is vital because they prey on trust and fear, often catching people off guard.
“Many of us don’t realise the risks in sharing personal information, and that lack of awareness can make anyone vulnerable,” he said. “These scams don’t just impact individuals; they put entire organisations at risk when employees unknowingly fall into these traps.”
That’s the reason companies should educate their teams, helping them recognise the signs and empower them to report anything suspicious, according to Khatri.
“A little awareness can go a long way in keeping both personal and corporate worlds safe from these increasingly sophisticated scams,” he said.
A cyber security company executive said that many have received calls this festive season from people claiming to be from the customs department or the NCB, alleging that their Diwali gift hampers contained MDMA.
A vast majority of these fraudsters are based outside India. As per the I4C, 46% of reported cyber frauds in early 2023, amounting to Rs 1,776 crore, were linked to scams originating from Myanmar, Laos and Cambodia.
Kanishk Gaur, cofounder and CEO of cybersecurity firm Athenian Tech, said that the government has taken cognisance of this and has even approached the governments of some of these nations.
“The Indian government has been proactive in setting up dialogues with some of these countries to address the escalation of these scams,” Gaur said. “A number of these frauds originate in countries like Cambodia and if India is looking to address this menace, it will have to take a holistic approach that involves dialogue with these countries to nab the scammers.”
Although this particular kind is thus far unique to India, digital scams aren’t restricted to India. Even countries such as the US are grappling with this challenge. Venu Chalamala, founder and CEO of Atlas Systems, said digital scams are evolving rapidly worldwide, exploiting technology and cultural vulnerabilities to target individuals.
Also Read: Google tests new AI scam call detection feature amid rising cyber crime
In the US, scams have surged among the elderly, who are particularly vulnerable due to social isolation and a lack of digital fluency, he said. Fraudsters exploit these factors, often impersonating officials to coerce victims into disclosing sensitive information or making payments.
“The US tax season introduces a separate threat: IRS (Internal Revenue Service) impersonation scams,” he said. “These frauds aim to gather personal and financial details, enabling scammers to file false tax returns and reroute refunds to cryptocurrency accounts, making recovery particularly challenging.”
Both India and the US illustrate a troubling trend, he said. Scammers are becoming increasingly adept at tailoring tactics to fit local societal contexts and exploiting technology to evade detection, underscoring the need for greater awareness and robust digital literacy efforts worldwide.
Scammers often convert the money they’ve stolen into cryptocurrency, which is hard to track, but not impossible.
“Bitcoin transactions are recorded on the public blockchain, allowing specialised agencies and companies to track transaction flows,” said Khushbu Jain, founding partner ARK Legal.
“However, if funds are routed through multiple ‘mixers’ or converted into other cryptocurrencies, tracking becomes significantly more complex. Even when authorities successfully identify a scammer’s wallet address, jurisdictional limitations and time delays can hinder their ability to take action, especially if the wallet is located in another jurisdiction.
Due to these challenges, the recovery rate for stolen funds remains low.”
Jain said conviction rates for digital arrest scams remain low, largely due to the complex nature of these crimes. Scammers operate anonymously, using advanced techniques to mask identity and frequently work from overseas locations where jurisdictional challenges and lax enforcement complicate prosecution efforts.
Also Read: Fintechs scramble to protect brands from fraudsters
And now with deepfake technology, experts warned that scammers are having a field day by enhancing the effectiveness of digital arrest scams by creating realistic impressions of real individuals, including officials or family members, making their claims seem more credible.
“AI can replicate the voices of trusted figures (like judges or police officers), further convincing victims that they are dealing with legitimate authorities,” Jain said. “Deepfake tools can also generate fake video footage that appears authentic, making it easier for scammers to fabricate scenarios that intimidate victims into compliance.”
She also urged strict KYC protocols for SIM card issuance, such as biometric authentication. Jain said this would help eliminate scammers who exploit SIM cards obtained with fake or stolen identities, which often become a major hurdle for law enforcement in catching criminals.
“With enhanced KYC verification, authorities would be better equipped to prevent misuse of digital identities, ultimately aiding in the identification and prosecution of the actual criminal,” she said. “And users should stay informed and alert, trust their instincts, verify identities, and never give in to pressure tactics over the phone.”
Also Read: Biz correspondents face account freeze as fraudsters hop on agent network