The Silent Epidemic Emptying Millions of Wallets

India's digital revolution has been nothing short of extraordinary. With over 900 million internet users and the world's largest real-time payments ecosystem, the country has leapfrogged into a cashless future at breathtaking speed. But this transformation carries a dark underbelly: India now ranks among the world's most targeted nations for cyber fraud, with losses running into thousands of crores of rupees each year.

The methods are as diverse as they are devious. From fake customer-care numbers hijacking Google search results, to elaborate "digital arrest" scams where fraudsters impersonating CBI or Narcotics Bureau officers extort terrified citizens over video calls - the ingenuity of India's cybercriminals is matched only by the staggering scale of their operations. According to data from the Indian Cyber Crime Coordination Centre (I4C), over fifteen lakh complaints were filed on the national cybercrime helpline in 2023 alone, representing losses of more than eleven thousand crore rupees - and those are only the cases that were reported.

Investment fraud, known in international cybercrime circles as "pig butchering," has become alarmingly widespread. Victims are cultivated over days or weeks on WhatsApp or Telegram by convincing personas - sometimes romantic, sometimes friendly - before being introduced to fake trading platforms that show spectacular paper profits. Everything looks legitimate until the moment the app vanishes overnight along with the victim's life savings. Entire middle-class families have been financially devastated by a single such encounter.

OTP fraud remains the most common attack vector, exploiting the very one-time password systems built to protect us. A single phone call, a plausible pretext - a blocked SIM card, an expiring KYC, a courier held at customs - and one unguarded moment is all it takes for a bank account to be emptied. The elderly are disproportionately targeted because they are less familiar with the mechanics of digital banking, but no age group, profession, or income level is immune. Engineers, doctors, retired civil servants and college students have all appeared in the growing casualty lists.

What distinguishes today's cyber criminal from the small-time phone fraudster of a decade ago is infrastructure. Scam networks operating out of border enclaves in Myanmar, Cambodia, and, increasingly, from compounds within India itself run professional call-centre-style operations complete with shift rosters, sales scripts, performance incentives, and internal escalation hierarchies. A victim who resists the first agent is smoothly passed to a more senior "closer." The operational professionalism is chilling in its ordinariness.

Artificial intelligence has further tilted the playing field in the criminal's favour. Deepfake video calls impersonating relatives in apparent distress, AI-cloned voices of trusted contacts requesting urgent wire transfers, and hyper-personalised phishing messages crafted from data scraped off social media profiles - these are no longer the stuff of science fiction thrillers. They are happening in Indian cities and towns today, and they are catching even tech-savvy individuals off guard.

The government's response has accelerated considerably. I4C has frozen hundreds of thousands of mule bank accounts, blocked millions of SIM cards linked to fraudulent networks, and partnered with payment platforms to interrupt suspicious transactions in real time. The 1930 cybercrime helpline and the National Cybercrime Reporting Portal have both seen dramatic increases in usage, which reflects growing public awareness even as it underscores the scale of the problem. Law enforcement agencies have begun conducting coordinated crackdowns on call-centre scam hubs, with notable raids in Rajasthan, Jharkhand and Uttar Pradesh exposing industrial-scale fraud operations.

Yet enforcement alone cannot solve a problem that is rooted as much in human psychology as it is in technology. The greatest vulnerability exploited by cyber scammers is not a flaw in software - it is urgency, fear and trust. Scammers engineer situations where the victim feels they must act immediately, without consulting anyone, lest terrible consequences follow. Understanding this social engineering dimension is the single most important insight a potential victim can carry with them.

Financial literacy - a practical, street-level understanding of how digital transactions work, what legitimate institutions will and will never ask, and how to recognise the hallmarks of a social engineering attempt - must become as fundamental to Indian public education as reading and arithmetic. The Reserve Bank of India, banks, payment platforms and civil society all have a role to play, but ultimately the front line runs through every household that owns a smartphone. The battleground has moved from bank vaults to mobile screens, and every connected Indian is now both a potential target and a potential line of defence.

This book, Cyber Scams in India, is an attempt to arm ordinary citizens with exactly that knowledge - not through dry technical jargon, but through the stories of real people who were scammed, the anatomy of the scams that trapped them, and the practical wisdom that could have protected them. Because in a country digitising at India's pace, the most dangerous thing a citizen can be is uninformed.

This article is an excerpt from the forthcoming print edition of the book Cyber Scams in India by Sunil Garodia.

You can buy the book here: