How India's Cybercrime Ecosystem Works

Cybercrime is India's fastest-growing crime category: NCRB 2023 recorded 31.2% growth to approximately 86,000 cases; NCRB 2024 recorded a further 17% rise to 1.01 lakh (101,000) cases — representing only the tip of an iceberg since massive under-reporting characterises cybercrime. 

The India Cyber Threat Report 2025 by DSCI documented 369 million malware detections across 8.44 million endpoints, averaging 702 potential attacks per minute on India's digital infrastructure. The most significant new category in 2024 was the "Digital Arrest" scam — where criminals impersonating CBI, Customs, or police officers conduct video calls threatening immediate arrest and extort victims into transferring their life savings; the PM had to address this specifically in his Mann Ki Baat broadcast, indicating its scale and social impact.

How India's Cybercrime Ecosystem Works
Representational Graphic: How India's Cybercrime Ecosystem Works
India's cybercrime landscape divides into two distinct categories. The first is "social engineering" fraud — phone scams, UPI fraud, fake investment platforms, "pig butchering" romance scams, and the new digital arrest variant — originating primarily from organised criminal clusters in Jamtara (Jharkhand) and Mewat (Haryana), as well as from Southeast Asian scam operations run from Myanmar, Cambodia, and Laos (where Indian nationals are reportedly trafficked to operate as cyber fraud agents). 

The second is sophisticated cyberattack infrastructure — ransomware, state-sponsored intrusion, DDoS attacks on critical infrastructure — predominantly from Chinese and Pakistani state-adjacent actors as documented in Label 8. Both categories are growing; the law enforcement response is structurally underprepared.

What You Need to Know

  • NCRB 2024 cybercrime: 1.01 lakh cases — a 17% rise from 2023's 86,000; fraud dominant motive (70%+ of cases); digital arrest scams the major new trend; cybercrime rate 7.3 per lakh population (up from 6.2 in 2023); Delhi and Maharashtra highest absolute case counts.
  • I4C (Indian Cybercrime Coordination Centre): MHA body coordinating state police cybercrime response; manages cybercrime.gov.in reporting portal; in 2024–25 blocked 7 lakh SIMs used in fraud, blocked 1,11,185 "suspicious" online content items; operates Samanvay Platform for inter-state cybercrime coordination.
  • Digital arrest scam mechanics: criminals call victims (typically elderly or less digitally literate) on video call; impersonate police/CBI/Customs officials; show fake "arrest warrant"; claim victim's phone/Aadhaar linked to crime; demand "penalty" or "bail" transferred digitally to "safe account"; sophisticated operations use fake agency uniforms, fake offices in video backgrounds; estimated losses ₹1,500+ crore nationally in 2024.
  • Southeast Asian cyber fraud connection: Indian nationals (and some foreign nationals) trafficked to Myanmar, Cambodia, Thailand, and Laos to operate cyber fraud call centres under criminal control; trafficked individuals are forced to conduct phone/internet fraud against Indian victims; Ministry of External Affairs has assisted in repatriation of some victims.
  • Cybercrime hotspots: Jamtara (Jharkhand) — documented as India's "phishing capital," specialising in OTP fraud, mobile banking fraud, UPI cloning; Mewat (Nuh district, Haryana) — extensive sextortion, fake loan app fraud; Bharatpur (Rajasthan); Black zones documented by CERT-In and I4C for unusual concentration of fraud origination.

How It Works in Practice

1. The cybercrime reporting and response gap: A cybercrime victim who loses money can: file a complaint on cybercrime.gov.in (24/7 portal); call 1930 (cybercrime helpline); file a local FIR at the nearest police station (referring to cybercrime unit). In practice: most victims who file complaints on cybercrime.gov.in receive automated acknowledgment but no active investigation; only large-value cases receive dedicated investigation attention; district police cybercrime units are understaffed; the 1930 helpline has improved fund-freeze response time (30-minute window for freezing transferred funds), reducing actual loss in some cases.

2. The jurisdictional fragmentation problem: Cybercrime is inherently multi-jurisdictional: a fraud call originates in Mewat (Haryana), the victim's bank account is in Bengaluru, funds are transferred to a mule account in Kolkata, and ultimately withdrawn in Delhi. The investigation requires coordination across four state police forces, national banks, NPCI (UPI transaction records), and potentially international agencies; state police forces are reluctant to share jurisdiction; the I4C's Samanvay Platform facilitates coordination but does not resolve the fundamental jurisdictional issue.

3. Jamtara and the organised cybercrime cluster model: Jamtara's rise as India's phishing capital — documented in Netflix's "Jamtara" docudrama — illustrates how criminal specialisation clusters develop: early success in phone fraud attracted more participants; informal mentoring spread skills; equipment (SIM cards, smartphones, fake banking apps) became locally available; the local political economy tolerated the activity (income generation in a poor district); police raids disrupted but did not eliminate the cluster. The Mewat sextortion model similarly involves thousands of operators running relatively low-sophistication but high-volume fraud operations.

4. The foreign cyber fraud connection: India's most sophisticated cyber fraud networks have Southeast Asian connections: recruitment agents in Indian cities target young men (and some women) with offers of data entry jobs in Thailand or Cambodia; victims travel to Myanmar/Cambodia border areas; their passports are confiscated; they are forced to conduct phone/online fraud under criminal supervision; Indian MEA has repatriated hundreds of such trafficking victims from Myanmar and Cambodia. The cybercrime is therefore both a domestic law enforcement problem and an international human trafficking problem.

5. Legal framework for cybercrime: The primary cybercrime law remains the IT Act 2000 (with 2008 amendments); the BNS and BNSS do not substantially change cybercrime law; key cybercrime provisions: IT Act Sections 66 (computer-related offences), 66C (identity theft), 66D (impersonation using computer resource), 43 (compensation for computer damage), 66F (cyber terrorism, up to life imprisonment). The DPDPA 2023 adds data protection requirements that indirectly address some cybercrime enabling conditions. India lacks a standalone cyber crime act similar to the US Computer Fraud and Abuse Act.

What People Often Misunderstand

  • Most cybercrime victims in India are defrauded, not hacked: The dominant cybercrime category is social engineering fraud (convincing victims to voluntarily transfer money), not sophisticated hacking; the "digital arrest" scam requires no technical hacking skill, only social manipulation; technical defences (strong passwords, two-factor authentication) protect against hacking but not against social engineering.
  • Cybercrime.gov.in reporting is not the same as active investigation: The portal processes millions of complaints; only a small fraction receive active police investigation; the primary near-term utility of reporting is enabling the 1930 helpline's fund freeze function (which requires rapid complaint for effectiveness) rather than expecting prosecution.
  • Young men in Jamtara are victims of economic exploitation as well as perpetrators: Jamtara's cyber fraud operators typically have minimal education and limited employment alternatives in a poor region; the criminal organisations benefit disproportionately from their risk-taking; criminal justice approaches that focus on prosecution without addressing economic development have limited deterrent effect in the long run.
  • India's 49% of global real-time transactions makes UPI fraud a globally significant problem: UPI's extraordinary scale means that UPI fraud — cloned QR codes, fake payment requests, phishing for UPI PINs — is among the world's largest digital payment fraud problems in absolute terms; even a small fraud rate on trillions of rupees of annual transactions is significant.
  • Not all cybercrime investigations are stymied by cross-border jurisdictions: The majority of India's cybercrime (Jamtara, Mewat patterns) is domestic — domestic perpetrators, domestic victims; the jurisdictional challenge is inter-state coordination within India, not international, for the dominant fraud categories; the international dimension (Chinese and Pakistani state hackers) is a distinct and smaller category.

What Changes Over Time

CERT-In's 2025 comprehensive cybersecurity audit requirements for critical sectors — mandating annual third-party audits — will improve detection of critical infrastructure vulnerabilities. The AI-driven threat detection that CERT-In is deploying (WEF Cybersecurity Outlook 2025 highlighted) will improve national-level cyber threat awareness. The 30-minute fund freeze window at the 1930 helpline — operational since 2023 — has made rapid reporting the single most actionable victim response available.

Sources and Further Reading

(This series is part of a long-term editorial project to explain the structures, institutions, policies, and governing frameworks that shape modern India for a global audience. Designed as a 25-article briefing cluster on Policing, Crime & Justice, this vertical examines how India's criminal justice system functions in practice — from policing and criminal investigation to prosecution, courts, prisons, forensic systems, cybercrime enforcement, drug control, custodial accountability, victims' rights, and the treatment of foreign nationals within the justice system. The series explores not only the formal legal architecture established by the Constitution, statutes, and judicial precedents, but also the practical realities of enforcement, institutional capacity, procedural safeguards, systemic delays, and ongoing reform efforts. Written in an accessible format for diplomats, investors, researchers, academics, journalists, policymakers, students, civil society organisations, and international observers, these briefings seek to explain how law, order, accountability, and justice operate in the world's largest democracy. Particular attention is given to the interaction between individual rights and state power, the evolution of India's criminal laws, emerging challenges such as cybercrime and transnational crime, and the institutional constraints that continue to shape outcomes across the justice system. This is Vertical 10 of a larger 20-vertical knowledge architecture being developed by IndianRepublic.in under the editorial direction of Saket Suman. All articles are protected under applicable copyright laws. All Rights Reserved.)
Loading... Loading IST...
KNOW INDIA
🌍 Governance TRACKER ON
Loading headlines...

Loading Top Trends...

How India Works

Scanning sources...

🔦 Newsroom Feed

    🔗 View Source
    Font Replacer Active