In the early 1980s, before the dawn of the internet, bank robberies, house burglaries and looting were common news. Fast forward to the post-pandemic period, and we see that technology is transforming human lifestyle at a good pace. The rapid digitalisation and digital modes of payment have heralded a new revolution.

A flipside to this success story is the criminal abuse of the same technology by fraudsters to strip the naive of their hard-earned income. Tactics like phishing, data theft, One-Time-Password (OTP) fraud, spamming and various means of hacking or targeting personal computing devices, including smartphones, have been prevalent for quite some time.

However, the last many months saw the country witnessing the spectre of ‘digital arrest,’ which had led to many ordinary citizens losing their money through this form of organised crime.

At one stage, even addressed by Prime Minister Narendra Modi in his monthly radio show, Mann Ki Baat. That the instances of ‘digital arrest’ continued even after the Prime Minister’s warning revealed not just the intensity and pervasive reach of the cybercrime ecosystem in the country but also the failure of law enforcement and policing agencies to effectively tackle this menace.

According to the reports provided by the Indian Cybercrime Coordination Centre (I4C), Indians lost more than Rs 1750 crore to cybercrime just in the first four months of 2024 with over 7.40 lakh complaints of cybercrime being registered during this period. Accordingly, an average of 7000 cybercrime complaints were filed by May 2024.

In a written reply to the Lok Sabha, then Minister of State for Home, Ajay Kumar Mishra, stated that over 11.28 lakh cybercrime complaints were reported across the country from 1 January to 31 December 2023. The Minister informed in the same reply that “since the inception of Citizen Financial Cyber Fraud Reporting and Management System, more than Rs 1200 Crore have been saved in more than 4.7 lakh complaints.”

Such saved amount doubled to Rs. 3431 Crore in more than 9.94 lakh complaints, according to another reply given to the Lok Sabha by Minister of State for Home, Bandi Sanjay Kumar, in November 2024. The Minister also provided a list of cybercrimes registered between 2018-2022, noting the startling increase in numbers every passing year.

A cumulative trend that emerges out of these reports is the fact that over 4 cybercrime complaints are filed every minute in India during the first four months of 2024.

The spectre of digital arrest

Digital arrest is now a widely reported phenomenon and, hence, a vast section of the populace should be deemed to be aware of it. According to reports, as many as 92,323 cases of digital arrests were reported across the country with the swindled amount pegged at 2,140.99 crore between January and November 2024.

Yet, it came across as a startling fact that organised gangs were able to easily deceive educated and affluent sections of the urban Indians to part with their savings by exploiting their vulnerabilities.

Most cybercrimes target the gullibility and nescience among the general populace about the technologies they handle on a day-to-day basis along with the loopholes that are inherent in these daily-use technologies. However, the phenomenon of ‘digital arrest’ portends far greater societal dimensions as the organised gangs exploit the fear of the citizenry for law enforcement agencies and the justice system to intimidate them into easy submission.

Relevant to this context is the prevailing culture of abuse of powers by law enforcement agencies, which goes unchecked in the Indian social milieu, and has inhibited the possibility of a vigilant citizenry who could be conscious about their rights to question the credentials of a law enforcement officer who approaches them.

The spectre of cybercrimes in general and digital arrest in particular also raises questions on the socio-economic conditioning that prompts unemployed youth to resort to such organized crime through extensive abuse of technology. When seen together with the failure of the State to curb and eliminate such organised crime networks resolutely, it will be pertinent to ask whether the pervasion of cybercrimes would embody some form of technological anarchy.  

For a nation that has been making significant progress in science and technology, building infrastructure for counter-terror surveillance, snooping on enemies, and larger usage of artificial intelligence (AI) for national security, such organized crime happening unabated is bewildering.

Unemployment and lack of job opportunities are perhaps pushing a section of the youth into organized cybercrime. The surge in cyber fraud cases and phishing scams run by educated, or rather, technologically-empowered individuals paint a grim picture that economic distress is perhaps fuelling digital crime.

Some level of technological anarchy is evident in the unchecked increase in cybercrimes as the intervention from government agencies seems effective. While state cyber crime units seem to be overwhelmed with the unrelenting cases of cyber violations of all hues, regulatory bodies like the Telecom Regulatory Authority of India (TRAI) seem to be visibly falling short in addressing even basic sectoral problems like spamming and securing networks and service from abuse by organised gangs.

Centralised agencies such as the Indian Computer Emergency Response Team (CERT-In) and the Indian Cyber Crime Coordination Centre, which runs the National Cyber Crime Reporting Portal, have been relatively effective in evolving a national response system to the problem. The Home Ministry has also established a state-of-the-art Cyber Fraud Mitigation Centre (CFMC), where representatives of banks, financial intermediaries, payment aggregators, telecom service providers, IT intermediaries, and officials of law enforcement agencies from various states and union territories collaborate to tackle cybercrime.

However, the cybercriminal enterprise has grown as an octopus with not just a national spread but also cross-border tentacles that have made tracking, detection, and intervention an ever-challenging endeavour. 

As the technological landscape keeps evolving, criminal gangs continue to mutate and expand with impunity with newer tools like Artificial Intelligence (AI), deepfakes, and encrypted networks, aiding them. Though the government has attempted to add legal teeth through legislation like the Telecommunications Act 2023, they are falling short and ill-equipped in light of fast-changing technological developments. 

Furthermore, the modest international cooperation on cybercrime also makes it difficult to tackle such offences despite their inherent transnational character. For instance, many of the calls leading to ‘digital arrest’ are shown as being made from outside India – with numbers traced to Central or South Asian countries – which also entail the use of tools like IP spoofing or even the use of messenger services and by displaying Indian phone numbers.

The modus operandi

Several spine-chilling incidents have come to the fore in recent months when scammers resorted to digital arrest to defraud gullible victims who were forced to part with a considerable part of their savings. Cybercriminals impersonate law enforcement officials using deepfakes and tampered videos to create a sense of panic. Often, the victims are accused of serious crimes and forced to transfer money to accounts that ultimately vanish along with the victim’s money.

They are, meanwhile, placed under ‘digital arrest’ even as they are allowed to arrange the money to enable the ‘officials’ to help them wriggle out of legal action. 

Imagine losing your life savings to some cyber thugs posing as intelligence officers or from the cybercrime branch, only to eventually know that you have been duped when it is too late. In many instances, these criminals pose as courier agencies informing victims that their parcels have been seized in the customs for drug trafficking.

People who panicked lost thousands, lakhs, and even crores to such fraudulent acts.

Everything is perfectly stage-managed and starts with the victim receiving random calls on WhatsApp from unknown numbers and being told that they are placed under digital arrest. Criminals use messenger services like WhatsApp in order to ensure they are not traced. Often these calls display international numbers which happens through IP spoofing and misuse of such technologies.

Members of Team Polity had received several such calls that showed origins in Central Asian and South East countries.   

The caller informs the victim that their phone number is connected to a money laundering case or has been booked for sexual or physical harassment, and FIRs have been registered in their name.

To ensure that the victim falls into the bait, the fraudsters send documents resembling official versions of the Central Bureau of Investigation (CBI), Reserve Bank of India (RBI), Mumbai Police, Income Tax Department, Enforcement Directorate, or any such national organisations or law enforcement agencies. If the victim does not cooperate, they are threatened with consequences including arrest or their images splashed across media channels.

Under such circumstances, fearing arrest and social stigma, victims end up transferring money, thinking that the money would be returned once investigations are over. This, however, never happens, and when real police investigate, it is found that there is no money in the primary account used by the scammers.

In simple terms, criminals prey on fear and ignorance of the law, which results in substantial financial loss and emotional stress, more often than not. Victims are manipulated into believing that they are dealing with investigative officers for some serious crimes.

Technological advancements have made human lives easy with cashless transactions becoming the norm in the Indian economy. It is easy to transact online through your smartphone, without having to wait before bank queues or ATMs, as in the days of yore. This new ecosystem, however, also enabled the proliferation of organised gangs who operated in the grey fringes of the eco-system where the optimal deployment of technology was not compensated with ample societal learning about the benefits and pitfalls of the technology.

A spectacular con game

In November 2024, a techie from Bengaluru was swindled of Rs. 11.8 crore by fraudsters who identified themselves as police officers, saying that the techie’s Aadhaar card had been misused for money laundering. The victim was asked to download Skype, and a man who appeared in police uniform threatened him that he and his family would be arrested if he did not cooperate.

Some RBI guidelines were shown to the victim, and he was coerced into transferring funds into a certain account for verification purposes. In a panic state, the techie transferred Rs. 11.8 crores in multiple transactions over several days, and much later only the reality dawned upon him that he had been scammed.

In another instance, a woman from Bengaluru was conned out of Rs 30 lakh, forced to break her fixed deposits, and empty bank accounts by fraudsters impersonating CBI and Mumbai Police officials. The lady was put under digital arrest for 11 days, and it was only when the scammers stopped contacting her that she got to know she had been duped.  

Ruchika Tandon, a Lucknow-based doctor, was drained of her life savings after being told that her number would be disconnected due to complaints of harassing messages sent from it. The doctor believed the scammers and ended up transferring large sums of money from her savings account, including even from her mutual fund investments. It was a nightmare for her when she realized the gravity of the situation and how she had been tricked into the bait.

Shivankita Dixit, a former Miss India, was duped of nearly Rs. 1 lakh after being digitally arrested by cybercriminals for about two hours on the pretext of the sale of banned drugs and money laundering. Similarly, journalist Richa Mishra, who was put under digital arrest, narrates her experiences in an interview.

Indians have lost a whopping amount of money to digital arrest hoaxes in the year 2024, and most of these stolen funds were funnelled into overseas accounts or cryptocurrency wallets. However, not everyone falls into the trap, and some have outmanoeuvred the tech criminals with their presence of mind, wit, and humour.

For example, a Mumbai-based man turned the tables on a digital scammer who posed as a police officer but was caught off guard by an unexpected response. Instead of showing their face on camera he held his pet in front of the fraudster who in turn was flustered, turned off his camera and disconnected the call.

Saurav Das, a journalist had similarly outwitted sophisticated scammers who called through an automated voice call claiming to be from TRAI. The scammers who posed as Mumbai Police personnel told Das that he was involved in a ‘65-crore money laundering case’. In response, Das told the scammer that his uncle was the underworld don Dawood Ibrahim.

Likewise, Anirudh, a graphics designer from Bhopal, received a call from a scammer saying that his phone number was being used to extort people, including celebrities, and that an FIR had been registered against him with the Mumbai Crime Branch. When asked to produce his Aadhaar card, Anirudh confronted the scammer saying “How do you set up something like this? It must take a lot of effort!” The fraudster replied: “It takes hard work. We are here to help you”. Realizing that Anirudh didn’t fall to the bait, the fraudster even asked him where they went wrong, Anirudh ended the conversation with an emoji.

In one incident, scammers panicked when they learned that they were trying to con Indore Crime Branch Additional DCP Rajesh Dandotiya, who had been spreading awareness about digital arrest. The scammers, who posed as bank officials and police officials, upon seeing Dandotiya in his police uniform escaped by disconnecting the call.

The cybercriminals operate in organized networks, exploiting the vulnerabilities in technology and human psychology, employing sophisticated techniques, including social engineering, deepfakes, and remote access tools to deceive victims and extort money from them. According to media reports, in 2024, many Indians were victims of such scams, resulting in cumulative losses of about Rs. 120 crores. A good number of these scams were carried out from regions like Myanmar, Laos, and Cambodia.

In his monthly talk, Prime Minister Modi stressed the importance of vigilance, advising that whenever one receives such a call they should not be scared. People should be aware that no investigative agency ever enquires like this through a phone call or a video call, he had cautioned.

An uphill task for policing and the justice system

Digital arrest is alien to India’s statutory laws and is missing in either the Indian Penal Code, Criminal Procedure Code (Cr. PC), or even its recent upgradations, the Bhartiya Nyaya Sanhita (BNS) and the Bharatiya Nagarika Suraksha Sanhita (BNSS).

Any arrest procedures strictly fall under the ambit of the provisions of Cr. PC, or, lately the BNSS, as physical apprehension and adherence to legal protocols are mandatory.

While the judicial systems are also gradually waking up to the reality of digital arrests, it is vital to draw an analogy with the guidelines of the Supreme Court on the due procedures and safeguards to be followed while arresting a person or accused.

For instance, the Supreme Court, in Satender Kumar Antil vs. CBI, SLP(Crl) No. 5191/2021, prohibited the police from sending notices by WhatsApp, and directed states and union territories to issue orders to the police to ensure that the service of notice under section 41-A of Cr. PC., 1973 and section 35 (3) of BNS should be strictly in accordance with those laws.

It is expected that the order would be relevant in the efforts to protect innocent citizens from cybercrime, particularly the need to make citizens aware of this vital guideline about electronic means of arrest communication being prohibited.

In a recent observation, the Rajasthan High Court termed digital arrest as a highly insidious cybercrime and directed the state and central government to submit a report on the steps initiated to curb this offence.

However, despite such directions, there has been an alarming increase in digital crime in recent years which poses magnificent challenges to law enforcement and judiciary. For example, in the year 2022, 33,798 cybercrime cases were registered under the IPC, a steep surge from the 25,384 cases registered in 2021. By 2023, the country was reporting 129 cybercrimes per lakh population with Delhi having the highest number of incidents among the states that reported digital arrest crimes.  

In addition to the financial impairments, the backlog of cybercrime cases is a serious concern. By the end of 2021, pending cybercrime cases had surged past 70,000 due to the usual delays in the judicial system. Underreporting is a big challenge, in many cases, the victims hesitate to come forth either due to a lack of awareness or confidence in law enforcement mechanisms, even as they prefer to suffer in silence.

Noting such incidents, international watchdogs like the Financial Action Task Force (FATF) have urged India to expedite prosecutions of economic offences and strengthen its anti-money laundering efforts.

India needs to take a multi-pronged approach to tackle cybercrime by beefing up cybersecurity measures, increasing public awareness, implementing judicial reforms, etc. as a pre-emptive measure. With digital crime evolving rapidly, proactive strategies and swift legal action are crucial to mitigate the threat to individuals and the economy.

The BNS, which replaced the IPC, came into effect on 1 July 2024. Since its implementation, over 5.56 lakh first information reports (FIRs) have been registered under the new code across India. In Chandigarh for instance, within the first month of BNS enforcement, 213 cases were registered, which included cases related to online fraud, leaving aside the 101 cases for vehicle thefts.

The primary objective of BNS has been to modernize India’s criminal justice system by replacing the erstwhile colonial-era laws with provisions that can deal with contemporary societal needs. BNS introduces new offences, increases penalties for certain criminal acts, and incorporates technological tools to augment evidence management and overall efficiency.

Though a significant shift in India's legal framework aims to make it more transparent, efficient, and adaptable to current challenges, even the BNS and BNSS seem to have fallen short in anticipating the full extent and variegated dimensions of cybercrime. Nor has the spectre of digital arrest found explicit mention in these new legal instruments.

For instance, the BNS as well as the domain-specific Digital Personal Data Protection Act (DPDP), 2023, leaves significant gaps in regulating newer domains like Artificial Intelligence which could be extensively misused for fraud, deception and criminal activities.  

The DPDP Act introduces new offences, increases the penalty for certain crimes, and incorporates technological tools to enhance evidence management and overall efficiency. Despite introducing provisions to tackle cybercrimes, the BNS, for its part, has inherent limitations when it comes to addressing modern digital threats comprehensively. 

The Act covers cyber fraud, online scams, digital defamation, and cyber-terrorism. Commendably it has tougher penalties for financial frauds, AI-driven scams, deepfake-based fraud, cryptocurrency-related crimes, and dark web-related activities. However, the absence of clear regulations on crypto scams makes enforcement a difficult task. The BNS also lacks a dedicated framework for cyberbullying, hate speech, and AI-generated misinformation that are rampant online.

There is also a visible gap when it comes to fast-track digital forensics and cybercrime courts to speed up investigations and reduce the growing case backlog. Furthermore, there is no clear integration between BNS and the DPDP Act, 2023, potentially creating enforcement challenges in tackling data breaches and cyber fraud effectively.

To strengthen India’s cybercrime laws, the BNS needs specific provisions for AI-driven frauds, cryptocurrency scams, and transnational cybercrime enforcement. Fast-tracking cybercrime investigations and integrating global cybersecurity frameworks will also be crucial.

Without these upgrades, India’s cyber laws risk falling behind the rapidly evolving digital threats. Raising awareness, strengthening legal frameworks, and enhancing law enforcement capabilities are crucial steps in combating this menace and ensuring a safer digital landscape for all.

The failure to comprehensively and decisively tackle such new-age crimes could also be attributed to outdated infrastructure, inefficient coordination, and so on. Law enforcement agencies, often operating in silos, despite being slow in responses, fall short of the technical expertise in digital forensics, encryption, and handling new forms of cyber threats where cybercriminals exploit AI, blockchain, the dark web, etc. making them harder to be tracked.

Combating these challenges is a herculean task as India must train law enforcement officials, establish fast-track cyber courts, use artificial intelligence-powered surveillance, and increase public awareness. Cybercriminals, on the other hand, use the full extent of technology and exploit gaps in the existing systems to outpace governmental agencies that work to reduce cybercrime.

Without systemic reforms, cybercriminals will continue to stay ahead, making digital arrests and fraud prevention an ongoing challenge.

Lastly, the need for global cooperation is crucial to tackling cross-border digital crimes as well. Notwithstanding many nations adopting national legislations to tackle cybercrime, only a negligible few international frameworks like the United Nations Convention Against Cybercrime, adopted by the UN General Assembly, and the Budapest Convention on Cybercrime, exist to enable global cooperation in this domain.

Owing to the seamless flow of technology across borders, bound by the World Wide Web and the imagined and also unforeseen manifestations of unpredictable technological tools like AI and big data, nations must get together to devise global collaborative mechanisms to tackle cybercrime with the same urgency that is currently been shown to provide normative character to domains like AI.

Follow us on WhatsApp: https://www.whatsapp.com/
channel/0029Vb2MGE66xCSYBQlozV21

Follow us on Facebook: https://www.facebook.com/
profile.php?id=100073685446941

Follow us on X @vudmedia