As another year winds down, a cybercrime epidemic of mindboggling proportions continues unabated in India. Striking with impunity and alarming frequency, there is seemingly no tactic that’s too bizarre and no target that’s out of reach for cyber fraudsters. Earlier this year, a doctor in Gujarat was kept under video surveillance for three months, reportedly losing Rs 19 crore during her digital-arrest ordeal. More recently, a former Punjab Police IG was defrauded of more than Rs 8 crore in an investment scam. The shock led him to shoot himself in the chest.While the law of the land does not specifically recognise the concept of “digital arrest”, cases are reported every day from across India — mostly, instances of cybercriminals impersonating police and central security officials and using panic and manipulation to wipe people’s bank accounts clean.But there are many more ways in which they come for your money (see box), like infecting your phone with forwards that transfer control, catching you by surprise with a video call and morphing the footage for blackmail, or ‘pig butchering’ you with texts about lucrative investment returns.The number of cases, and the swindled cash involved in those, has seen an exponential rise: 23 lakh cybercrime complaints were registered on the National Cybercrime Reporting Portal (NCRP) in 2024, a 42% jump over 2023. And the money lost to such frauds in 2024 was estimated to be Rs 23,000 crore, a 200% jump from Rs 7,500 crore in 2023. As a hydra-headed monster that takes new forms virtually every month, cybercrime is no longer a battle that state police can fight within their own limited jurisdictions and win. Which would explain why Supreme Court this month ordered CBI to launch a sweeping probe into all digital arrest scams.Central teeth for national problemBringing in the might of a central agency was an overdue move. As a senior cyber cell officer in Delhi pointed out, “the core challenge lies in the complex inter-state and geographical nexus of these operations, where the victim and the perpetrator are separated not just by distance but also by an intricate web of digital and financial layering.”Cybercrime presents a challenge entirely different from that posed by conventional crime. In a ‘digital arrest’ scam, which is perpetrated over a video call that can last hours, weeks, days, or even months, the money moves quickly through a series of what are known as ‘mule accounts’.These are usually located in places far apart and opened using forged documents or with the connivance of bankers. For example, money from a ‘digital arrest’ in Delhi, Gurgaon, Bengaluru or Hyderabad could be routed to mule accounts in West Bengal, Uttarakhand and Gujarat. That is why recoveries are only a fraction of the defrauded cash because, by the time the labyrinth of transactions has been decoded, the money has vanished.In India, two key hubs of cybercrime have been identified in Jharkhand’s Jamtara and the triangle of Bharatpur (Rajasthan), Mathura (Uttar Pradesh), and Nuh (Haryana). But an even more concerning dimension is the rise of large organised overseas operations in countries like Cambodia, Laos, Vietnam and, of late, Myanmar.
These are operations that run call-centre-style scam compounds, drawing their manpower from human trafficking victims, including Indians who are snared by local placement agents with the lure of foreign jobs in data entry, IT and management. “Once trapped, these recruits are held in prisonlike conditions and coerced into undertaking cybercrimes targeting their own countrymen,” said a Delhi Police officer.Several of these international operations have been traced to Chinese criminal syndicates that provide technical infrastructure like apps and VoIP. “CBI is uniquely positioned to connect these disparate dots: like a SIM card issued in one state, a bank account opened in another, and an IP address originating at a third location,” said a government official.Banking, telecom breachesThe digital epidemic has fed on an explosive growth of the internet user base. While India has become an increasingly digital society, large sections of people remain digitally naïve because initiation to new technology and devices happened at a later stage in life. But cybercrime’s uncontrolled spiral has also exposed major vulnerabilities in two critical pillars — the telecom sector and the banking system. Both have failed to build adequate safeguards.“Fraudsters routinely exploit lax Know Your Customer (KYC) norms to illegally procure huge numbers of SIM cards. They are similarly also able to open mule bank accounts, the lifeblood of their operations,” said a Delhi cyber cell investigator. Systematic targeting of senior citizens with pension funds in their accounts and women makes it clear that scammers have access to banks’ customer data, investigators said.Recently, CBI arrested the manager of a prominent bank in Mumbai for allegedly accepting illegal gratification to process account-opening forms, creating channels for rapid layering of cybercrime proceeds. The accused is said to have facilitated the use of accounts that are linked to multiple cybercrime cases.Similar crackdowns across states, like ‘Operation Insider’ by Telangana Police, have led to the arrest of many bank officials for opening current accounts without due diligence in exchange for commissions from fraudsters.It’s the transnational cybercrime syndicates in Laos, Cambodia, Myanmar and Vietnam that execute the most complex frauds, increasingly deploying AI and deepfakes. These are the crimes that have so far proved the hardest to crack for police across Indian states. “Funds siphoned from Indian victims are quickly laundered, often converted into cryptocurrency and then moved internationally to accounts in countries like China, Singapore and Vietnam to evade detection,” explained a senior police officer.What’s the counterpunch?Sleuths may still have to play catch-up with new tactics, but the fight against cybercrime is much more organised now than it was two years back, which will help CBI.The Indian Cyber Crime Coordination Centre (I4C), through its Citizen Financial Cyber Fraud Reporting and Management System, has helped save around Rs 7,130 crore by facilitating rapid freezing of funds. NPCI (National Payments Corporation of India), too, has helped freeze scam proceeds in real time. A centralised toll-free helpline number, 1930, has been operationalised for quick assistance in lodging cybercrime complaints.Govt has blocked over 11 lakh SIMs and around 3 lakh IMEI numbers linked to frauds, underscoring the necessity of a coordinated, technological counteroffensive. Creation of a ‘Suspect Registry’ by I4C to flag suspect bank accounts and use of the ‘Pratibimb’ module to map criminal locations based on telecom and crime data are among other tech responses that have taken shape.“A state-of-the-art Cyber Fraud Mitigation Centre has been set up at I4C. It has brought together representatives of major banks, financial intermediaries, payment aggregators, telecom service providers, IT intermediaries and representatives of states/UTs and police to tackle cybercrime,” a government official said.Over to CBIBy combining domestic reach and collaborations with security agencies globally, CBI can serve as the lead enforcer and nodal point for busting complex, transnational cybercrime networks. Through specialised initiatives like Operation Chakra, CBI has been coordinating simultaneous raids on financial nerve centres of cybercrime with organisations like FBI and Europol. This is something that no state police force can do.CBI can ensure that the digital trail of a crime — which might involve a victim in Delhi, a server in Europe, and a perpetrator in Southeast Asia — is traced and documented for prosecution. By utilising the Bharatpol portal and its Global Operations Centre, CBI can also create a bridge between state police forces and international intelligence, allowing real-time sharing of data. CBI’s strength also lies in its role as National Central Bureau for Interpol in India, which gives it a direct line to law enforcement in over 190 countries.The agency is also equipped to lead large-scale crackdowns on illegal call centres that have been operating as hubs for international extortion. Besides, it has extraterritorial mandate under Section 75 of the IT Act, which gives it legal authority to investigate any individual, regardless of nationality, whose digital actions impact systems within India.
