Pay Up, Or: The Menace of Digital Arrests In India

Fraudulent calls like these, where cyber criminals ask for transfer of lakhs of rupees have suddenly become regular events across India. On December 3 alone, Delhi Police received 1,939 complaints of such fraudulent crimes, of which 258 cases were formally registered, The Secretariat has learned from a senior police official.

The Department of Telecommunications, too, issued a 'International Fraud Calls' warning on X in the beginning of this week.

But now the problem has grown manifold for the law enforcement authorities, because these pesky spam callers have a more sophisticated and hard-to-catch cousin, who can rob people with speed and finesse. It is going around by the name ‘Digital Arrest’.

What Is Digital Arrest?

Legally speaking, there is no such thing as a digital arrest. The term doesn’t exist in Indian law. It must not be confused with house arrest, which is a legal measure to confine a person to their residence as an alternative to imprisonment.

Digital arrest is just a made-up term — a ploy in which fraudsters call a potential victim and inform them that the target has sent (or is the intended recipient of) a parcel, which contains illegal goods, drugs, fake passports or any other contraband item. 

Sometimes, scammers weave a tale about a loved one being caught in a crime or accident, and is now in custody or hospital. To "resolve" the matter, they demand money from the target.

"The tactics brought in use involve posing as cybercrime officers or police, using technical jargon like "IP tracked", "cyber violation" or "digital offenses", and by creating urgency to push victims into paying without verifying," Gaurav Sahay, practice head (technology and general corporate) at Fox Mandal & Associates LLP told The Secretariat.

The National Cyber Crime Reporting Portal (NCRP) has received a spate of complaints regarding intimidation, blackmail, extortion and digital arrests in the first quarter of 2024.

Cyber fraud losses amounted to Rs 11,333 crore in the first nine months of 2024, according to the Indian Cyber Crime Coordination Centre (I4C), set up under the Ministry of Home Affairs. Stock trading scams topped the list, with Rs 4,636 crore lost in 2,28,094 cases. Investment scams followed, costing Rs 3,216 crore across 1,00,360 cases, while digital arrest frauds resulted in Rs 1,616 crore in losses from 63,481 complaints, reported Indian Express.

A Web Of Deception

In certain instances, unsuspecting victims are made to undergo digital arrest and remain visually available over Skype or other video conferencing platforms to the fraudsters, till their demands are met.

This is a scam straight out of the Bourne film franchise. Scamsters are known to use studios modeled after police stations and government offices, and wear uniforms to appear genuine. This was corroborated by a head constable The Secretariat spoke to on condition of anonymity.

“Poori bhumika banayi jaati hai (the entire drama is enacted),” said the head constable. “Ek fake police officer bolta hai ki aapka Aadhaar card Mumbai airport par pakda gaya hai. Phir video call par police dress pehenke bhi aate hain, aur bolte hain ki "agar call kaata toh arrest kar liye jaoge" (A fake police officer says your Aadhaar card has been deposited at Mumbai airport. Then they make a video call wearing a police uniform and say that "if you cut the call, you will be arrested".”

Sahay further elaborated that threats of legal action or arrest instil fear in the victims, which leads them to act without verifying the claims. Many people, especially those unfamiliar with cyber law or online threats, may not realise they are about to become victims.

To add to this, the fear of authority figures like the police or judiciary may make Indians especially hesitant to doubt such threats. And embarrassment may stop them from reporting the crime later on.

The issue has become so big that even Prime Minister Narendra Modi, in his 115th Mann Ki Baat address on October 27, 2024, issued a warning: “Wait, think and then take action. These three steps will become the protectors of your digital security. Friends, I would like to say again that no provision like digital arrest is there in the law. This is just a fraud, a fabrication, a lie by a gang of scoundrels.”

How Criminals Access Your Data

The police aren't clear on how these criminals are getting hold of personal information of the victims. The vast and tangled web of the dark web, however, offers plenty of clues.

As per the Internet Organised Crime Threat 2024 report by Europol, the dark web is a key enabler of cybercrime. Although it is illegal and unethical, stolen information including credit card numbers, social security numbers and login credentials, are readily available for purchase on the dark web.

"Dark web is a significant marketplace for stolen data, obtained by means of data breaches, hacked devices, and most often, by callous actions of individuals themselves," Sahay elaborated. "The dark web is a part of the internet that isn’t indexed by search engines, and requires special software like Tor to access."

Softwares like Tor (short for The Onion Router) help people browse the internet anonymously, and host illegal marketplaces.

Khushall Kaushik, founder & CEO of Lisianthus Tech, a cyber security firm based out of Gurugram, told The Secretariat, "20 out of 100 is a reasonable estimate for the involvement of the dark web in cybercrime cases, especially for crimes like trafficking, hacking services, and fraud."

But scammers aren't only looking at the dark web. They are scraping publicly available data from social media, public directories and forums, such as information shared on LinkedIn, Instagram, Facebook, X, etc.

"Massive breaches like in Aadhaar (India's identity database) and global platforms (eg., LinkedIn, Facebook) are the feeding grounds for scammers. Smaller breaches, targeting SMEs with weak cybersecurity defences, are another weak spot," added Sahay.

Hackers are breaking into banks, online stores and healthcare systems to steal personal information like names, addresses, phone numbers, credit card details and passwords. They also use malicious software hidden in fake downloads or email attachments to secretly capture data such as keystrokes, login details and files from infected devices.

"It has also been seen on certain instances that employees or contractors with access to sensitive data, end up selling it to scammers or on the dark web for financial gain," added Sahay.

Other ways of extracting data involve tricking individuals into revealing confidential information via fake emails, messages or websites that mimic legitimate organisations, like fake bank notifications asking for OTPs, or links claiming to offer tax refunds or lottery winnings, he added.

Anyone Can Be Targeted

A Mumbaikar woman, who was made to strip on call for "body verification", thereafter lost Rs 1.7 lakh. In Navi Mumbai, a music therapist lost Rs 32 lakh to fraudsters posing as Enforcement Directorate officials, who claimed her Aadhaar was linked to illegal accounts, reported Economic Times.

It is suspected that these operations are carried out by cross-border crime syndicates. When a 90-year-old man in Gujarat was duped of Rs 1 crore under the garb of digital arrest, the authorities found the perpetrators to be operating an international syndicate out of China. 

Similarly, an 80-year-old retired man in Maharashtra's Koparkhairane was swindled out of Rs 22 lakh on fake terrorism charges. Luckily for him, quick action by bank staff saved him from losing a further Rs 12 lakh.

A limited understanding of technology and digital rights makes it easier for scammers to exploit victims. “A citizen’s biggest armour against getting robbed is awareness,” said the senior police official. “Don’t get greedy and click on random links that promise you lakhs of rupees in a lottery. Report the incident immediately at 1930 or www.cybercrime.gov.in.”

Meanwhile, the fraudsters aren’t discriminating on the basis of gender or age, a Delhi Police SP told The Secretariat. “Whether young, old or middle-aged, they are cold-calling everybody.”

Coordinating such cybercrime activities, the Indian Cyber Crime Coordination Centre (I4C) was set up under the Ministry of Home Affairs in 2021 and has been taking action against cases of these menacing digital arrests.

In response to a question asked in the Rajya Sabha, MoS Bandi Sanjay Kumar responded that over Rs 3,431 crore has been saved in more than 9.94 lakh complaints of cybercrimes.

The I4C, in collaboration with Microsoft, has so far blocked over 1,000 Skype IDs involved in digital arrests, and is also facilitating the blocking of SIM cards, mobile devices and mule accounts (an account used by criminals to move stolen money without the owner's knowledge). Over 59,000 WhatsApp accounts have also been blocked so far.