India’s cyber-fraud problem is scaling fast—fuelled by UPI adoption, social engineering, AI-assisted deception and organised networks that operate across states (and often across borders). Government-linked reporting indicates ₹22,845.73 crore in cyber-fraud losses in 2024, alongside 36 lakh+ financial cybercrime complaints.

The result: scams are no longer “random SMS traps”. They are scripted, psychological operations—built on fear, urgency, false authority and fake dashboards that look legitimate.

1) “Digital Arrest” Scams: Coercion via Fake Authority

How it works: Fraudsters impersonate police/CBI/ED/RBI officials, push fake allegations (money laundering, courier parcel, SIM misuse), and keep victims on continuous calls/video calls—creating panic and isolation. Victims are pressured into “fund verification” transfers to avoid arrest. Recent cases show large losses, including multi-crore frauds.

Red flags

1. Threats of immediate arrest over phone/video call
2. “Don’t tell anyone / stay on video call” instructions
3. Demands for transfers to “government” or “verification” accounts

Prevention

1. Police don’t conduct arrests over WhatsApp/Zoom. Cut the call.
2. Verify only through official channels; never share OTP/UPI PIN or transfer “for clearance.”
3. If pressured, call 1930 immediately (see “Golden Hour” below).

2) Fake Traffic Challan / QR Payment Scams: Fear-Driven Payment Theft

How it works: Victims receive SMS/WhatsApp messages claiming an e-challan is pending, often with links, PDFs, or QR codes. The goal is to rush you into paying on a fake page or scanning a rogue QR. This pattern has been repeatedly flagged in recent reports.

Red flags

1. Unknown sender + “Pay now to avoid legal action”
2. Links that don’t match official domains
3. QR codes sent by strangers for “fine payment”

Prevention

1. Check challans only via official platforms/apps (don’t rely on forwarded links).
2. Never scan a QR code to “receive” money—QR is a payment instruction.
3. If unsure, don’t click; verify first.

3) Fake Investment + “VIP Store / Task” Schemes: The New-Age Trap

How it works: Scammers lure victims through “part-time task” messages (like products, rate items). Small payouts build trust, then victims are pushed into “VIP Store” tiers with higher returns, and finally into crypto transfers (e.g., USDT), after which withdrawals are blocked and more “fees/taxes” are demanded.

Red flags

1. Guaranteed returns, “VIP levels”, or withdrawal unlocked only after more deposits
2. Pressure to switch to crypto
3. Apps/web dashboards showing “profits” but blocking withdrawals

Prevention

1. Treat “pay to earn” as a hard stop.
2. Stick to regulated financial intermediaries; verify registrations (SEBI for markets).
3. Never move money because a WhatsApp group or “mentor” says so.

4) Deepfake Endorsement Scams: AI Videos That Look Real

How it works: Fraudsters circulate convincing deepfake/edited videos of public figures “endorsing” a platform. In one Hyderabad case, a retired doctor reportedly lost ₹68.3 lakh after engaging with a fake stock-trading platform promoted through a fabricated video featuring the Finance Minister.

Red flags

1. A viral “endorsement” with a phone number/WhatsApp contact
2. Push to deposit via QR/RTGS quickly
3. “Withdrawals allowed only after you add more money”

Prevention

1. Never act on unsolicited video ads or forwarded clips.
2. Independently verify on official sites; use only known brokerages/exchanges.
3. Assume viral investment “testimonials” can be manufactured.

5) Malware + Account Takeovers: APK Trojans and SMS Forwarders

How it works: Victims receive APK links disguised as updates, delivery tracking, customer support, or “KYC/verification.” Once installed, trojans and SMS-forwarder apps can capture banking credentials/OTPs and drain accounts via mule accounts. Varanasi Police recently reported arrests in a case involving Trojan + SMS-forwarder APKs, alleged forged Aadhaar paperwork, and bank fraud.

Red flags

1. “Install this APK” from SMS/WhatsApp
2. Prompts to allow Accessibility/SMS permissions
3. Phone suddenly heats up, lags, or unknown apps appear

Prevention

1. Install apps only from official app stores; disable “unknown sources.”
2. Review app permissions ruthlessly (SMS/accessibility = high risk).
3. Use device security features (Play Protect / app verification).

Why the spike?

1. More digital surface area: UPI + wallets + online investing = more targets
2. Better deception: deepfakes, scripted social engineering, fake dashboards
3. Industrial-scale networks: SIM/IMEI misuse and infrastructure enable repeated fraud attempts; the government has discussed large-scale blocking and coordinated mitigation measures.

The 10-Point Prevention Checklist (Citizens)

1. Don’t click unknown links; don’t install APKs from messages.
2. Never share OTP, UPI PIN, CVV, or screen-share access.
3. Don’t scan QR codes sent by strangers.
4. Verify challans/penalties only via official channels.
5. Treat “digital arrest” calls as fraud—disconnect immediately.
6. Avoid “task earnings” and “VIP store” investment pitches.
7. Use strong passwords + 2FA; don’t reuse passwords.
8. Keep OS/apps updated.
9. Turn on transaction alerts and set sensible limits.
10. Teach family (especially seniors) the top 3 scams: digital arrest, fake challan, fake investment.

If you’re scammed: What to do in the “Golden Hour”

1. Call 1930 immediately and report on the National Cyber Crime Reporting Portal.
2. Inform your bank/payment app ASAP and request transaction freezing.
3. Preserve evidence: screenshots, numbers, UTR/transaction IDs, URLs, chat logs.
4. Don’t delete the conversation; don’t reset your phone until evidence is saved.
5. Quick reporting materially improves recovery odds—states have reported higher recoveries with swift action.

“Report & Check Suspect”: NCRP also hosts a suspect identifier repository to cross-check suspicious UPI IDs/phone numbers when available.

By – Sonali