India's Rs 22,800 cr cybercrime hydra: How to defang it

India Today

5 hours ago

In February, Jharkhand's Jamtara police struck a blow against a syndicate that trafficked in malicious Android applications—Android Package Kits (APKs) designed to defraud citizens who believed they were claiming government subsidies. At the helm of it was 25-year-old Mahboob Alam, a Class 10 dropout turned self-taught coder, who weaponised readily available AI tools to sharpen his digital arsenals.Under innocuous names such as 'PM Kisan Yojna.apk' and 'PM Fasal Bima Yojna.apk', his creations promised farmers legitimately owed dues, but instead granted remote access to their bank accounts and personal data. Investigators recovered more than a hundred such APKs, which between them intercepted nearly 270,000 messages and siphoned off some Rs 11 crore from over 2,800 victims.advertisementAlam and his cohort sold more than a thousand of these apps in the past year at Rs 25,000-30,000 apiece, fuelling a thriving black market for industrial-scale fraud.This startling episode proves two stark things: first, that readily accessible AI can elevate even a school-dropout into a technically proficient architect of sophisticated deceit; second, India's explosive growth in smartphone ownership has simultaneously amplified ranks of the digitally uninitiated, rendering vast new cohorts vulnerable to precisely these exploits.
Yet the Jamtara case is far from singular. India's digital leap—set to encompass over 900 million internet users by the end of 2025—has ushered in prosperity, convenience and a parallel surge in cybercrime. According to the Global Initiative for Resilient Emerging Markets (GIREM) Report 2025: The Rise of AI-Powered Cybercrime, Indians lodged over 1.92 million cybercrime complaints in 2024, a staggering uptick from 1.56 million in 2023 and nearly 10 times the total of just five years ago.advertisementFinancial losses reached Rs 22,812 crore in that single year, almost three times Rs 7,496 crore in 2023 and nearly 10 times the Rs 2,306 crore lost in 2022. Over the past four years, criminals have siphoned off an aggregate of Rs 33,165 crore from individuals and businesses nationwide.The report was released on June 25 in Bengaluru by Dr M.A. Saleem, director general and inspector general of Karnataka police; Tekion founder and CEO Jay Vijayan; and Shyam Sundar S. Pani, chairman, GIREM (research partner).What makes India uniquely exposed is not simply the sheer scale of its digital expansion but the cultural texture of that journey. Millions, from urban swathes to remote villages, have leapfrogged straight into mobile banking, e-commerce and social media without any foundational training in digital hygiene. This is the internet adopted, not inherited; in the yawning chasm between enthusiasm and awareness, swindlers have found fertile soil.From Bengaluru's gleaming glass towers to sleepy roads in Jamatara, scams flourish in every milieu. Bengaluru, the country's Silicon Valley, recorded 17,623 cyber-fraud cases in 2023, a 77 per cent leap from the previous year. In the agrarian districts of Karnataka, rural complaints nearly doubled from 880 in 2022 to 1600 in 2024. No corner of India is immune.advertisementThe criminal playbook is a taxonomy of evolving depravity. Phishing remains the quotidian workhorse: emails, SMSs and WhatsApp messages posing as banks, telecom providers or government bodies, and each click a potential catastrophe. A single link can drain a lifetime of savings.Voice phishing, or 'vishing', exploits the ingrained respect for authority: a curt phone call from a supposed bank official, brimming with urgency and performed with practiced diction, can cajole an unsuspecting pensioner into divulging an OTP.Malware and spyware, once the province of remote syndicates, now arrive in innocuous-sounding APKs. In one incident in Tamil Nadu, a university student downloaded pirated software for coursework, only to install a keylogger that exfiltrated his personal files and emails. The attacker then threatened to circulate intimate photographs—and demanded Rs 15,000 to keep them secret. That extortion narrative repeats itself in countless variations across the subcontinent.Overlaying these familiar stratagems is a potent new variable: artificial intelligence. The GIREM report dubs AI a 'double-edged sword'. In 2024, an estimated 82.6 per cent of phishing campaigns worldwide were crafted with generative AI, spawning emails of uncanny authenticity, interactive dashboards that mirror trusted brands, and deepfake videos to impersonate relatives or executives. AI democratises deception, industrialising fraud: what once required technical prowess now demands little more than a chatbot prompt and a stolen identity.advertisementIn November 2024, two Bengaluru residents became victims of a sophisticated online share trading fraud after being misled by deepfake videos portraying two top names from the business world. The scam led to financial losses totalling Rs 8.7 million.The use of deepfakes featuring influential public figures has emerged as a growing tactic among cybercriminals seeking to manipulate unsuspecting targets. Officials have recommended heightened scrutiny of social media content that appears to show high-profile individuals promoting investment schemes.The human cost is profound. Senior citizens are bewildered by spoofed tax notices, often too ashamed to report the indignity. Young job-seekers fall prey to phoney recruitment portals that demand 'registration fees' for non-existent posts. Small businesses pay phantom invoices to 'suppliers' who send nothing but malware. Shame and fear silence most victims; when one's dignity is hacked, the first reaction is often to suffer in silence.Yet the GIREM report insists this avalanche can be arrested through a cultural reimagining of cybersecurity—one rooted in collective responsibility and pre-emptive defence. Digital literacy must begin early, embedded into school syllabuses, reinforced by community workshops, and tailored for women, children and the elderly alike. Public-awareness campaigns in regional languages can dismantle the myth that 'it cannot happen to me'.advertisementIndia's law-enforcement apparatus, too, must evolve. Cybercrime cells are proliferating, but require real-time data feeds, skilled forensic experts and decentralised response units to shorten the chase between offence and arrest. A fast-track digital FIR system, modelled on e-governance platforms, could ensure timely redress for victims.Policy must keep pace as well. Data-protection standards need legislative teeth, secure-app frameworks must be mandated at the development stage, and public–private alliances forged to share threat intelligence. Banks, telecom companies and platform providers bear a duty not only to secure their infrastructures but also to educate their user-base.Finally, technology itself must be weaponised for defence. India possesses the home-grown talent to build AI-powered guardians: anomaly-detecting bots, real-time scam-alert platforms, and algorithms that recognise fraud patterns across geographies. Already, Bihar's police have deployed geo-tracking mobile apps to pre-empt syndicates before they strike—and have seen measurable drops in local complaint rates. This spirit of grassroots innovation must be scaled nationally, backed by funding, shared expertise and political will.Battling cybercrime resembles a public-health campaign: success lies not only in curing infections but in preventing contagion. Just as vaccination protects both individuals and communities, so must cybersecurity practices evolve into social norms. We must move beyond reactive defence into anticipatory governance—training sensibilities as much as systems.advertisementIn today's world, a smartphone is one's identity: banking credentials, personal memories, health records. Mercenary spyware does more than steal data—it watches your life unfold, frame by frame. India's digital leap has been a remarkable chapter in its modern odyssey. But unless we fortify our ramparts, the windows we have thrown open to the world may also admit the wolves. Our digital future is not merely to be defended; it is to be shaped—deliberately, democratically and together.Subscribe to India Today Magazine- Ends