India is grappling with a significant surge in cybercrime, with estimated losses soaring to thousands of crores, largely attributed to networks operating from Southeast Asian countries.
India’s Alarming Cybercrime Surge
Cyber scams are causing substantial financial damage across India. The Ministry of Home Affairs (MHA) estimates that Indians lost approximately Rs 7,000 crore to online frauds in just the first five months of this year.
More than half of these losses are linked to cybercrime networks based in Southeast Asian nations like Myanmar, Cambodia, Vietnam, Laos, and Thailand. These operations often exploit trafficked individuals, including Indians, forcing them to participate in these scams.
Common Cybercrime Tactics
As India embraces digital transformation, cybercriminals are evolving their methods. Cybercrime broadly refers to any illegal act using a computer or network to commit a crime.
Key types of cybercrime include phishing, where attackers trick victims into revealing sensitive information via emails, texts, or calls. Ransomware attacks, a form of malware, lock users out of their systems until a ransom is paid. India has seen a sharp 55% increase in ransomware incidents recently.
More targeted attacks, like “whale phishing” or “spear phishing,” focus on specific high-profile individuals. Meanwhile, “smishing” uses SMS messages, and “vishing” involves fraudulent phone calls, often impersonating bank officials to extract details like OTPs.
AI’s Role in Modern Scams
Cyber threats are becoming increasingly sophisticated, driven by Artificial Intelligence (AI). AI allows criminals to create highly personalized phishing emails by scraping social media profiles, making scams much harder to detect.
Deepfake technology is also being used, generating realistic AI voices and videos to impersonate trusted figures in vishing calls. There have been instances where deepfake voice calls of CEOs led to fraudulent financial transfers in Indian companies.
Additionally, AI-powered “polymorphic malware” can constantly change its code to evade traditional antivirus software. Even chatbots are being employed in smishing campaigns to mimic human-like interactions, making fraudulent schemes more believable.
Why is India a Target?
The rapid digitalization in India, while transformative, has also expanded the opportunities for cybercriminals. As more people conduct financial and social activities online, vulnerabilities multiply.
The global and anonymous nature of the internet makes it difficult for law enforcement to track down offenders who operate across borders. Furthermore, a lack of consistent cybersecurity laws and international cooperation in some regions can complicate efforts to combat these crimes effectively.
India’s Multi-pronged Response
Legal Backbone
India has a robust legal framework to tackle cybercrime. The Information Technology Act, 2000, covers offences like phishing and vishing. More recently, new criminal laws, including the Bharatiya Nagarik Suraksha Sanhita and Bharatiya Sakshya Adhiniyam, were introduced.
These new laws facilitate the use of electronic First Information Reports (FIRs) and classify electronic evidence as primary proof, streamlining investigations and judicial processes for cybercrimes.
Government Initiatives
Beyond legal reforms, the government has launched several key initiatives:
- The Indian Cyber Crime Coordination Centre (I4C) was established to combat cybercrime nationwide. Its platforms include the Cyber Fraud Mitigation Centre (CFMC) for financial fraud, the ‘Samanvaya’ Platform for data consolidation, and a Central Suspect Registry.
- The National Cybercrime Reporting Portal (NCRP) allows citizens to report all types of cybercrime online, including financial fraud and online child abuse material.
- The Indian Computer Emergency Response Team (CERT-In) is the national agency responsible for responding to cybersecurity incidents.
- The ‘Cyber Swachhta Kendra’ helps detect and remove malicious software from devices.
- The Reserve Bank of India (RBI) introduced the ‘.bank.in’ domain for all Indian banks by October 2025, aiming to minimize cybersecurity threats and enhance trust in digital banking.
- The Citizen Financial Cyber Fraud Reporting and Management System (CFCFRMS) facilitates immediate action on financial cyber fraud complaints through the 1930 helpline.
- A new ‘e-Zero FIR’ initiative automatically converts high-value cyber financial crime complaints into FIRs.
- Sanchar Saathi, a Department of Telecommunications initiative, empowers mobile users with services to trace lost phones, verify connections, and report suspicious calls.
- The RBI also developed MuleHunter.AI, an AI-powered model to help banks identify and deal with “mule” bank accounts used in digital fraud.
Combating cybercrime requires a collective effort. Investing in robust security infrastructure, regular awareness training, and international collaboration are crucial steps for individuals, organizations, and governments to stay ahead of these evolving threats.
