Alarming scenario of Cybercrimes in India

Alarming scenario of Cybercrimes in India  

Praveen Dixit

According to a recent report, India has overtaken the top target for mobile malware attacks, accounting for 28% of global incidents. A sharp increase in phishing and trojan attacks, particularly targeting the financial sector, highlights the vulnerability of Indian users and businesses. Out of the cyber-attacks in India, Maharashtra and Tamil Nadu accounted for 25% each and remaining in other States. In last 11 months, cybercriminals have defrauded people by over 12000 crores of rupees. With a view to damage Indian economy and to create fear psychosis among the passengers and parents, hoax bomb threats are regularly created exploiting cyber space against aviation sector, railway stations and schools which are soft targets.   Geometrical increase in the number of cybercrimes every day and at every place, is not only alarming but also traumatic. There is no exception and it is engulfing almost everybody whether rich or poor, educated or uneducated, men and women, elderly as well as youth. The criminals are usually invisible, and if visible their identity is fake. The victims are the gullible unsuspecting persons. They easily fall prey to the tactics including creating fear psychosis or desire to become rich overnight. The victims realise that they have been cheated after substantial period and few of these reach police stations but very little is gained in the process as the transactions are complete and the transferred amount has been withdrawn by the criminals. Many do not report these crimes out of shame or fear or lack of awareness. 

The nature of cybercrime differs from place to place and incident to incident. It may be investment in equity market through fake portals, it could be an attractive job offer in the name of some reputed company, award of unsolicited lottery, it could be matrimonial proposal or it may be so called digital arrest by law enforcing authorities including cyber police, CBI, Income Tax or ED authorities.. Cybercriminals are increasingly leveraging search engine optimisation (SEO) to deceive victims. SEO manipulation allows criminals to rank fraudulent websites at the top of search results, making them appear legitimate and credible, duping victims into sharing sensitive personal and financial information. Fraudsters create fake websites that mirror legitimate businesses, online stores or financial platforms. There is a paid process to get your website at the top in search. Such websites look similar to the original. When the victim proceeds further, the money is transferred to third person through the gateway. It is suspected that bank employees could be part of such crimes while sharing victims’ documents with a third party. KYC of the bank account holder should be updated but many banks ignore this, which leads to difficulties in tracking the account information. Loan apps and gaming apps are another medium of losing private information. FedEx scam is currently at its peak.  Cybercrimes may take place through a call from unknown and fake person sometimes giving attractive offer, or it could be threatening recorded message for a crime or accident which has never taken place. It may be in the name of gas connection company asking you to update your personal details and demanding bank account details.  It could be through email asking you to provide your personal bank details or a video call putting you under fake “digital arrest’’ and demanding instant payment of huge amounts.  Till the payment is completed the fraudsters won’t allow even to leave the room. Victims may be recently retired persons interested in investing their retirement benefits at attractive returns, or unemployed youth looking for a job offer in India or abroad. It could be a young woman interested in marriage offer. There are also instances when women may be threatened with blackmailing or publishing their obscene photos. One may say every possible trick to attract you for false promises, luring you to unusual returns because of your greed, or expecting to realise your dream for which you are not eligible, the cybercriminal is likely to entice you. Obviously, persons with substantial funds fall prey to these tricks and unfortunately, they are also those who are savvy with social media, mobile handling, or computer knowledgeable. 

In fraction of the cases, where law enforcing agencies have been able to nab the criminals, even these offenders themselves are not aware where the money has been transferred. As per the recent NIA statement on October 10, 2024, NIA investigations have revealed that five persons were involved in trafficking vulnerable Indian youth to the Golden Triangle Region in Lao PDR where they were forced to commit cyber scams targeting European and American citizens. They operated through the consultancy firm ‘All International Services’ which functioned as a front for human trafficking. It is noticed that the real culprits are either from China or Pakistan and they are causing this cybercrime havoc in India, USA, UK etc.  

The India Cyber Threat Report 2025 by the Data Security Council of India (DSCI) and Seqrite, spotlighted the evolving tactics of cybercriminals and the rise of AI driven attacks as a major concern. “Artificial intelligence (AI) will be used to develop highly sophisticated phishing campaign utilising deep-fake technology and personalised attack vectors, making them harder to detect. AI driven malware will adapt in real time to evade traditional security measures, while data poisoning attacks will compromise the integrity of critical AI systems in sectors such as healthcare and autonomous transportation” the report noted. 

Deepfake technology will create compelling malicious content, including fake video or audio messages from trusted sours. This will facilitate more effective social engineering attacks, making it easier for cybercriminals to deceive users into executing malware or revealing sensitive information, it added. 

The integration of AI capabilities with vulnerabilities in supply chains will lead to new types of cyber threats. Cybercriminals will employ AI driven methods to execute intricate attacks, taking advantage of compromised development resources and hardware manufacturing processes to insert malicious code through corrupted libraries and embedded hardware, it said. 

“Critical infrastructure sectors in India, including healthcare, finance, and energy, will remain prime targets for cybercriminals. These attacks will aim to disrupt services, steal sensitive data, and exploit geopolitical tensions, emphasising the need for robust security frameworks and continuous monitoring to protect essential services,” the report, which studied over 18 industry sectors, said. 

Furthermore, the convergence of fake government service applications and fraudulent investment platforms will create hybrid threats in 2025, it said. Cybercriminals will create advanced applications that mimic government benefit systems and investment services, using social engineering, influencer marketing, and sophisticated malware to carry out widespread financial fraud and identity theft, targeting public welfare recipients and retail investors alike. 

Additionally, the rise cryptocurrency mining will invite a surge in cryptojacking attacks, where malware hijacks computing resources to mine cryptocurrencies without user’s knowledge. 

The changing threat landscape of 2025 requires CISOs to fundamentally rethink their cybersecurity strategies, the report said, adding that traditional security models are becoming ineffective against emerging quantum threats and Ai-driven attacks. 

Apart from registering offences under Bhartia Nyaya Sanhita, 2023, and I.T Act under various provisions, the RBI and other public as well as private banks, as well as telecom companies are constantly alerting their customers and the public in general against the spam messages from the fraudsters and appealing not to disclose their account details, or not fall prey to any links for undue rewards. They have also publicised their helplines where the victims are asked to report at the earliest. Government of India has issued the helpline no 1930 as well as asking victims to report to https://www.cybercrime.gov.in . It has also issued detailed safety tips on their portal. One such link is https://cybercrime.gov.in/Webform/Crime_OnlineSafetyTips.aspx.     

                   Department of Telecommunication has a portal called CHAKSHU:  https://services.india.gov.in/service/service_url_redirect?id=MjQ0MDY=  For Reporting Suspected Fraud and Unsolicited Commercial Communication received within last thirty days the link is as under https://services.india.gov.in/service/detail/chakshu-report-suspected-fraud-communication 

With a view to strengthen efforts in fighting cybercrime, Government of Maharashtra has recently established Cybercrime Investigation Capacity Centre. It claims to possess best global technologies including Technology Assisted Intelligence (TAI) and machine learning tools to aid investigations into crimes like cryptocurrency fraud and combat cybercrime effectively.  It houses Security Operation Centre (SOC) designed to manage large scale security breaches and respond to threats targeting individuals and businesses. It has launched a new dedicated helpline 14407 in a 24*7 Command Centre. It has Computer emergency Response Team (CERT) to coordinate swift responses to cyber incidents.

India Cybercrime Coordination Centre 

                      Indian Cybercrime Coordination Centre (I4C) was established by MHA, in New Delhi to provide a framework and eco-system for Law Enforcement Agencies (LEAs) for dealing with Cybercrime in a coordinated and comprehensive manner.

                 I4C is envisaged to act as the nodal point to curb Cybercrime in the country. ( https://i4c.mha.gov.in/ ) It deals with efforts in creating awareness through training law enforcing agencies in the form of Cyber योद्धा and has trained thousands of police officers in cybercrime. It also spreads awareness message through social media in the form of cyber दोस्त. According to the same, safe practices to prevent cybercrime include 

1. Avoid pop ups, unknown mails and links: https://i4c.mha.gov.in/#:~:text=Avoid%20pop%2Dups%2C%20unknown%20emails%20and%20links 
2. Use strong password and authentication: https://i4c.mha.gov.in/#:~:text=Use%20strong%20password%20protection%20and%20authentication
3. Install updates and backups for your data (  https://i4c.mha.gov.in/#:~:text=Install%20updates%20and%20back%20up%20your%20files) 

               The portal mentions cybercrimes categories such as

• cryptocurrency crime, 
• cyber terrorism, 
• hacking /damage of computer systems, 
• online and social media related crime such as:

1. Cheating by Impersonation
2. Cyber Bullying / Stalking / Sexting
3. E-Mail Phishing Fake/Impersonating Profile

1. Impersonating Email

1. Intimidating Email

1. Online Job Fraud

1. Online Matrimonial Fraud

1. Profile Hacking / Identity Theft

1. Provocative Speech for unlawful acts

                 To summarise, updated list of recent cybercrimes is as follows:

1. If you are called about how the TRAI is going to disconnect your phone, do not respond. It is a scam.
   2. If you are called by FedEx about a package and asked to press 1 or whatever, do not respond. It is a scam.
   3. If a police officer calls you and talks to you about your Aadhaar, do not respond. It is a scam.
   4. If they tell you that you are under ‘digital arrest’, do not respond. It is a scam.
   5. It they tell you that drugs have been discovered in some package meant for you or sent by you, do not respond. It is a scam.
   6. If they say you can’t tell anyone, do not listen to them. Inform Cyber Crime Police at 1930.
   7. If they contact you using WhatsApp or SMS, do not respond. It is a scam.
   8. If anyone calls you and tells you they have sent money to your UPI id by mistake and that they just want their money back, do not respond. It is a scam.
   9. If someone says they want to buy your car or your washing machine or your sofa and say they are from the army or CRPF and show you their id card, do not respond. It is a scam.
   10. If someone says they are calling from Swiggy or Zomato and need you to confirm your address by pressing 1 or anything else, do not respond. It is a scam.
   11. If they ask you to share OTP just to cancel the order or ride or whatever, do not respond. It is a scam. In any case, do not share your OTP with anyone over phone.
   12. Never answer any calls on video mode.
   13. If confused simply switch off your phone & block that number.
   14. Never press on any link written in blue.
   15. Even if you get a notice from the highest Police, CBI, ED, IT Department; do verify offline.
   16. Always check if such letters are from Government portals
   17. If somebody calls you stating that a subpoena (American’s call summons of Court as Subpoena) and you have to come and collect it or you have to pay to see it., ask him/her to send it through the process server of the court or by registered post to address on the summons or case file.  If they threaten you, just waste the person’s time. Also ask for the Judge’s name, Court Room No and floor and /or building no- if the person is not able to tell, then it means it is a sure shot scam.
   18. If somebody calls and says that he /she is calling from Police station and you are being summoned, ask him/her to send it to local police station (don’t disclose your location/city) and let the local police station serve it on you.
   19.  Don’t part with ANY Debit/ Credit/ Rupay Card details including card number, CVV, Date of Expiry.
   20.  Get True caller. Don’t pick calls marked Spam or Fraud. Block all calls that fall under this category.
   21.  Disconnect any calls informing that “So and so asked me to send such and such amount to you”. Call the person supposed to be sending you money and confirm. But, don’t click on links or scan QR Code or share OTP.
   22.  Don’t do anything if someone calls informing about an emergency/ illness/ accident of a dear one/ relative/ friend, asking to send/ deposit money. Even if it’s a video call or a voice call. Call the dear one/ relative/ friend/ their family etc, and confirm. If the person is not reachable, then Google the numbers yourself and call the hospital etc and make enquiry. Physically reach that place, if feasible.
   23.  Don’t respond to ANY calls/ messages “advising buying of shares/ stock or cryptocurrency”. Don’t buy such stock because “definite gains” are predicted.
   24.  Don’t respond to calls/ messages promising “home based work”. They snare you, make you send money “for investing” while showing “profits”. There are NEVER any profits. It’s a scam.
   25.  Don’t rush out of the house if you hear the voice of a dear one/ relative/ friend in pain, asking for help. Especially during the night. Try to assess who’s outside. Call the dear one/ relative/ friend’s mobile/ home. Call the police, if necessary.
   26.  Don’t fall for “easy loans” Apps. They gradually snare you in taking multiple loans that you can’t return. Sometimes, they promise huge returns, and give you loans for investing. There are NEVER profits. The money you “invested” is gone. You take the loan to only invest in some scam. Your “investment” will be lost but you will be responsible for paying off the Loan and interest. Then they start tightening the screws.

 Precautions:

                      Let me conclude by urging everyone using cyberspace in the form of computer, mobile or any other electronic device to completely refrain from responding to any SMS, audio and video calls from unknown mobile number from India or abroad, or email, or any embedded links. In case you want to respond, first verify the details of the person, calling you or sending email or the link. Constant awareness alone can protect your life, money, dignity and reputation from the ever-increasing cybercriminals. 

                     I further urge the Government of India to make use of these portals and helplines available for 24*7 and make them user friendly so that everyone is able to follow these. Most of the times, the helpline number is not available.  Government also must ensure security of the personal data which is being shared by online firms, banks, investment centres. Fraudsters are able to access this data easily. In fact, the government must come up with legal enactment to prevent the same and stern action needs to be taken against those who leak this data.  Efforts may also need to be made to study the new technological innovations in other advanced countries which are able to precisely locate and nab the cybercriminals wherever they may be operating from. The coordination efforts with international organisations, central banks and governments of other countries need to be stepped up to save Indians from these borderless cybercriminals. 

                                **************   ************** **********