How Deception Became India’s Fastest-Growing Cyber Threat
Haryana youth scammed by promises of Russia immigration meet Minister Anil Vij. (Image Vij Office)
By P. SESH KUMAR
AI-generated investment reels and “digital arrest” scams are exploiting authority, fear and technology to fuel a new wave of cybercrime in India. The cost is not just financial—it is institutional trust itself.
In the span of just a few years, India’s digital public square has turned into a dangerous theatre where trust itself is the main commodity on sale-and the main casualty. On one side of the stage, slick AI-generated deepfake reels on Facebook and other platforms parade the faces and voices of the Finance Minister, the Prime Minister, the RBI Governor, and stock exchange CEOs, “announcing” magical investment schemes that promise to turn a few thousand rupees into lakhs every month.
These are not harmless curiousities of technology; regulators from the Press Information Bureau’s (PIB) Fact Check Unit to the Reserve Bank of India (RBI) have repeatedly branded such clips fake, warning that neither the Government nor the RBI announces or endorses investment products through social media videos. On the other side of the stage, a far darker drama unfolds: the “digital arrest” scam, where fraudsters masquerading as CBI, ED, customs, or police officers lock mostly elderly citizens into marathon WhatsApp or Skype video calls, terrorising them into transferring their life savings under threat of fabricated warrants, fake court orders, and imaginary drones circling their homes.
These twin scams-one weaponising greed, the other weaponising fear-are not separate epidemics but two blades of the same guillotine, exploiting the same structural fault line: a society that has moved online at breakneck speed without a matching upgrade in digital literacy, regulatory reflexes, and collective scepticism. The Indian state has not been asleep; the Supreme Court has taken suo motu cognisance of digital arrest scams, handed the CBI a nationwide mandate, and publicly lambasted the system for letting nearly Rs 3,000 crore vanish into the ether, while the government has tightened IT rules to force platforms to label synthetic media and take down flagged AI content within hours.
Yet the fraudsters remain a step ahead, moving at machine speed across borders, while victims caught in the crossfire are often retired officers, doctors, engineers-people who did everything “right” their whole lives until one call, one reel, one click. This article seeks to distill the twin crises into a single narrative: how synthetic deception became a mass crime business in India, why warnings and laws have not yet stemmed the tide, and what a credible way forward looks like if India wants to save not just its money, but its fragile, hard-earned trust in institutions.
From a distance, the Facebook reel looks like just another slice of the endless scroll: a vertical video, a familiar face, a caption promising a life-changing shortcut. The audio crackles with authority. The Finance Minister, or so it seems, is explaining a new “exclusive scheme for ordinary citizens,” a once-in-a-lifetime opportunity to earn Rs 60,000 in 24 hours or Rs 20 lakh a month on a token investment. Some reels flash the Prime Minister’s face, others the RBI Governor’s, still others the CEOs of the NSE or BSE. The URLs in the description lead to “news portals” that look suspiciously like real media sites, designed to disarm the viewer’s doubt by cloaking the fraud in borrowed legitimacy.
Under the hood, however, this is not a public service announcement. It is a synthetic heist. The video is an AI-generated deepfake, a product of Generative Adversarial Networks (GAN) that have learned, frame by frame and phoneme by phoneme, how to stitch a real face to fake words with unnerving realism. The fraudsters lift genuine footage from interviews or speeches, overlay AI-cloned audio, massage the lip sync just enough to pass a casual glance, then feed the clip into Facebook’s advertising engine with a modest budget that buys them millions of impressions among precisely those users whose timelines are saturated with financial anxiety and aspirational content.
Regulators have been forced into the absurd position of repeatedly announcing that their leaders have not, in fact, lost their minds. The Press Information Bureau’s (PIB) Fact Check Unit has had to issue post after post calling these reels “FAKE and AI-generated,” clarifying that neither the Government nor the Finance Minister has launched any such investment scheme.
The RBI has warned citizens that videos of its top management apparently “endorsing” platforms promising high guaranteed returns are also fabrications, stressing that the central bank never gives individual investment advice and certainly does not roll out schemes through social media clips. Exchanges like the BSE have been forced to respond multiple times as deepfake videos of their CEO resurface, each time warning that such “advice” is bogus and that viewers should verify any claim through official channels before parting with their money.
Despite these warnings, the numbers tell a sobering story. Analyses of cybercrime in India suggest that losses from deepfake-driven and related investment scams have exploded over the past few years, with investment frauds accounting for a majority of reported cyber fraud losses. Behind the aggregate figures are real people: a retiree in Kerala tricked by a voice-cloned caller, tech professionals in Bengaluru lured by a deepfake of a respected business leader, a startup founder who wired lakhs because he believed he was talking to a colleague whose voice had been cloned in real time. This is not the amateur, spelling-mistake-ridden scam of old. It is industrial-grade deception, underwritten by cloud GPUs and monetised through platform ad dashboards.
Cyber Fraud Losses Jump 10x in 3 Years Draining ₹22800 Crore
If the deepfake investment reel is a weapon aimed at the greed node in the human brain, the “digital arrest” scam is trained squarely on the fear centre. It does not need a reel. It just needs a ringtone. The victim’s phone lights up with a call from an unfamiliar number-often on WhatsApp, sometimes on Skype, occasionally on a regular line. On the other end is a voice heavy with menace and bureaucratic jargon: this is the CBI, or the ED, or the Narcotics Bureau, or a telecom regulator. There is a “case” against the victim. Their SIM has been misused. A parcel in their name contained drugs. Their Aadhaar has been linked to a money-laundering racket.
Within minutes, the caller floods the screen with pseudo-official artefacts: forged warrants, doctored “court orders,” fake identity cards bearing the emblem of the Supreme Court or the logo of a government agency. The production design is chillingly precise-font choices, seals, serial numbers, even fabricated signatures that look close enough to the real thing to paralyse a law-abiding citizen who has spent a lifetime equating official seals with unquestionable authority.
Then comes the twist that gives the scam its name. The victim is told they are now under “digital arrest.” They must stay on the video call. They may not contact anyone-not their spouse, not their children, not their banker. They must follow every instruction of the “officer” on the screen, who claims that failure to cooperate will result in immediate physical arrest. What follows is a psychological siege. Over hours and sometimes days, the fraudsters shepherd the victim through a series of transfers: from savings to current, from current to newly opened accounts, from those to “safe” accounts supposedly controlled by the authorities but in reality belonging to mule networks across the banking system.
The victims read like a roll call of the respectable middle class. A retired bank officer who spent decades spotting fraud in other people’s accounts, stripped of his defences by the authority of a voice on a screen, loses Rs 20 lakh before his family even realises what is happening. A senior citizen couple in Ambala, kept on video surveillance by scammers who order them not to speak to their children, parts with over a crore. An 82‑year‑old is bled of nearly Rs 23 crore in a case so egregious that it rockets straight to the Supreme Court docket. In another instance, a man’s father is told that drones are hovering over his apartment, that every move is being watched; he transfers almost all his retirement savings over 22 days, one transaction at a time, while his family remains in the dark.
When the full scale of this carnage was placed before the Supreme Court, the bench reacted with a mix of fury and disbelief. Reports presented to the Court indicated that around Rs 3,000 crore had already been extracted from victims-most of them elderly-through digital arrest scams. Data from specialised cyber units showed that a large share of high-value cases involved senior citizens, and that the scams were increasingly linked to overseas “cyber slave camps” in Myanmar, Cambodia, and Laos, where trafficked youth are forced under threat of violence to work phones and scripts in fraud factories targeting Indians. Faced with forged judicial orders, fake Supreme Court seals, and a crime pattern that made individual FIRs look like water pistols against a forest fire, the Court took suo motu cognisance and signalled that this was no ordinary fraud.
In orders and remarks that have since reverberated across the system, a bench headed by Chief Justice Surya Kant characterised digital arrest scams as an organised national threat that strikes at the very foundation of public trust in state institutions. The Court handed the CBI a free, countrywide mandate to investigate these cases-even in states that had previously withdrawn general consent to CBI probes-emphasising that jurisdictional politics could not be allowed to shield a crime wave of this magnitude.
It directed the RBI to explain why it had not already deployed advanced analytics and AI to spot “mule accounts” receiving suspicious flows, urged the Department of Telecommunications to overhaul SIM issuance norms in light of evidence that fraudsters were operating hundreds of SIMs under single identities, and told social media platforms to preserve and share device and account data linked to suspected scam networks. Crucially, the bench made it explicit, both in court and through public-facing coverage, that Indian law enforcement agencies do not investigate cases through WhatsApp or Skype calls, do not demand immediate transfers to “prove innocence,” and that the very concept of a “digital arrest” has no legal existence.
While the judiciary and enforcement apparatus scramble to catch up, the legislative and regulatory machinery has begun, belatedly but decisively, to rewrite the rules of the digital game. India’s original IT Act was drafted in a pre-deepfake era, relying on general provisions on identity theft and impersonation that fit poorly over modern synthetic media.
A newer criminal code has added provisions targeting false or misleading statements likely to cause public mischief-tools that can be brought to bear on creators of fabricated investment videos. But the most striking pivot has come through the Ministry of Electronics and IT’s (MeitY) amendments to the Intermediary Guidelines and Digital Media Ethics Code, notified in early 2026, which for the first time define “synthetically generated information” and lace it with concrete obligations for platforms.
Under these revised IT Rules, platforms must now require users to declare whether uploaded content is AI-generated, label synthetic media clearly, embed provenance metadata, and, critically, remove flagged deepfake or illegal AI content within sharply shortened timelines-often as little as three hours from receipt of a lawful complaint or order. Failure to comply is not just a slap on the wrist; intermediaries risk losing safe-harbour protections that previously shielded them from liability for user content, making them directly exposed to legal consequences if synthetic scams flourish on their watch. The message from government negotiators in closed-door meetings with Big Tech has been blunt: the three-hour takedown mandate stands; operational difficulties are a problem to solve, not a reason to dilute the rules.
Overlaying this is the Digital Personal Data Protection framework, which introduces penalties for misuse of personal data-including faces and voices-without consent, offering another handle for action against deepfake producers who rummage through people’s digital footprints to build convincing forgeries.:On the enforcement front, the Indian Cyber Crime Coordination Centre (I4C) under the Home Ministry has been scaled up as a central node, blocking lakhs of SIMs and IMEIs suspected to be part of fraud networks, helping to freeze or claw back billions in attempted losses, and running the 1930 helpline alongside the cybercrime.gov.in portal as the country’s early-warning and reporting grid.
Yet, for all this legal muscle, the crimes persist, often mutating faster than the rules can be drafted. The structural asymmetry is brutal. A fraud ring can spin up a deepfake overnight, seed it across multiple platforms, back it with ad spend, and shepherd victims into off-platform channels long before a regulator even hears about the clip, let alone issues a takedown order that platforms must then execute within three hours. Fact-check threads from PIB or warnings from RBI chase the scam with all the agility of a government notification, which is to say: far slower than a viral video riding algorithmic momentum into millions of feeds.
Compounding this is platform economics. A social media company profits from every sponsored post, including those that later turn out to be deepfake ads for fraudulent schemes, until they are flagged and removed. The new IT Rules attempt to bend incentives by tying safe harbour to rapid compliance, but enforcing this against global corporations headquartered in other jurisdictions requires a blend of diplomatic pressure, legal resolve, and technical sophistication that is still in the making.
In parallel, financial regulators such as SEBI have started requiring intermediaries and influencers to display registration details prominently on social media, making it harder for fake profiles to masquerade as licensed entities, but such measures are ultimately perimeter fences around a battlefield that extends across encrypted messaging apps, foreign-hosted websites, and anonymous domains.
Strip away the legal and technical jargon, and a simpler truth emerges: humans, not laws, sit at the hinge of this crisis. Deepfake investment reels and digital arrests both work because they plug directly into cognitive biases honed over lifetimes. The deepfake reel exploits authority bias (if the Finance Minister says it, it must be true), scarcity bias (exclusive, limited-time scheme), and social proof (millions of views, thousands of likes) to bulldoze scepticism. The digital arrest call hijacks the deeply ingrained respect-sometimes fear-of uniforms, seals, and courtrooms, convincing even highly educated professionals to suspend independent judgement in the face of apparent state power.
This is what makes the digital arrest phenomenon particularly unsettling: the vulnerability it exposes is not ignorance but virtue. The victims include ex-bureaucrats, bank officers, engineers, doctors-people trained to follow rules, respect authority, cooperate with investigations. Fraudsters weaponise precisely those instincts, ordering victims to keep the call secret “so as not to compromise the investigation,” to obey instructions “for their own protection,” to trust that the money will be “returned after verification.” It is a grotesque inversion in which the qualities that make someone a model citizen become the very levers through which criminals empty their accounts.
AI in Cybercrime: Ex-FBI Official Warns of Ransomware Threats
The cost, therefore, is not only financial. It is epistemic and civic. Every deepfake that misuses a minister’s face to sell a Ponzi scheme slightly corrodes the credibility of future, genuine messages from that office. Every digital arrest scam that drapes itself in forged Supreme Court orders chips away at public faith in the judiciary’s unique authority. Over time, citizens may begin to respond to all institutional communication with either cynicism (“everything is fake anyway”) or paralysis (“I can’t tell what’s real, so I’ll do nothing”). Neither outcome is compatible with a healthy democracy.
So what does a credible way forward look like in the face of such an adaptive adversary? It begins, paradoxically, with a modest admission: there is no single silver bullet. Instead, there are concentric circles of defence, each imperfect on its own but powerful in combination. At the outermost layer are the citizens themselves. No law will ever be able to catch up with a gullible click. The cardinal rule that must be drilled into the collective consciousness is stark: no legitimate arm of the Indian state announces investment schemes through social media reels; no central bank or regulator offers get-rich-quick schemes or personalised tips; no investigative agency conducts proceedings over WhatsApp or Skype, demands immediate money transfers to avoid arrest, or orders secrecy from families. This is not a matter of fine legal print but of survival-level knowledge that must sit in the same mental drawer as “dial this number in an emergency.”
The state can and must amplify this message ruthlessly. PIB’s Fact Check handles cannot remain niche accounts followed by journalists and policy nerds; their alerts need to ride radios in rural India, television scrolls, and simple printed posters in bank branches and post offices. School curricula should treat digital literacy as basic civic training, teaching children not only how to spot a deepfake-odd eye blinks, mismatched lighting, implausible promises-but also how to cross-verify claims through official sites before acting. Civil society organisations, residents’ welfare associations, and senior-citizen forums can run low-tech awareness workshops that end with one golden rule: if a call or video promises wealth or threatens prison and demands secrecy, hang up and talk to someone you trust before doing anything else.
In the middle layer sit the platforms and financial pipes. Social media companies must go beyond compliance minimalism and invest seriously in pre‑publication detection of impersonation content, particularly when adverts feature faces of public officials or logos of major institutions. High-risk categories-investment opportunities, government schemes, regulatory announcements-should trigger human review, mandatory documentation from the purported advertiser, and cross-checks with official agencies.
Messaging platforms, while encrypted, can still detect and throttle known scam campaign patterns without peeking into message content: bursty call patterns from international numbers, high complaint rates linked to specific accounts, and so on. Banks, for their part, can implement friction-by-design, especially for accounts belonging to seniors: mandatory cooling-off periods for large transfers, automated flags on multiple rapid transfers to new payees, and call-backs from fraud desks when unusual patterns emerge.
At the core are the regulators, courts, and law enforcement agencies who must learn to fight machine-speed crime with machine-speed tools. A dedicated, joint “deepfake and digital arrest rapid response cell” spanning MeitY, RBI, SEBI, and the Home Ministry could act as a single command centre capable of issuing rapid takedown requests, freezing suspect accounts, and sharing intelligence with platforms in near real time.
The Supreme Court’s decision to empower the CBI and rope in Interpol points in this direction-recognising that many operators sit in foreign jurisdictions beyond the reach of individual police stations and that only coordinated intelligence and mutual legal assistance can meaningfully raise the costs for transnational scam cartels. Legislators, meanwhile, should not shy away from designing a synthetic media misuse law that squarely addresses liability for deepfake tools and platforms when they are used at scale for fraud, much as product liability regimes evolved in other sectors when new risks emerged.
Ultimately, the reel and the call are just delivery mechanisms. The real battle is over the invisible mesh of trust that holds a modern economy and democracy together. India has chosen to fight this battle in the open, with courts that broadcast their outrage, regulators that name and shame scams, and rules that force global platforms to adapt to a new accountability regime. But victory will not be measured only in crores saved or SIM cards blocked. It will be measured in whether a retired officer, a small farmer, a young professional-when confronted with the next too-good-to-be-true reel or terrifying midnight call-chooses to pause, to question, to verify. In that split second between instinct and action lies the difference between a society that is merely connected and one that is truly secure.
(This is an opinion piece. Views expressed are the author’s own.)
Digital Arrest: Cyber Fraud Con Over ₹2,500 crores in Just 3-Yr
Follow The Raisina Hills on WhatsApp, Instagram, YouTube, Facebook, and LinkedIn
About The Author
