Days later, a series of links began to appear and one fateful day, his one unassuming click set in motion a catastrophic chain of events. Saxena realised he lost Rs 3.25 lakh––his salary and a matured fixed deposit––when an ATM screen flashed “insufficient balance”.
The fraudsters didn’t stop with this either. They transferred Rs 16,000 to Saxena’s account and filed a complaint against him at a local police station in Tamil Nadu, accusing him of fraud, and this led to his bank accounts being frozen. As Saxena saw his financial security being razed to the ground, his mother had to mortgage her jewellery to repay a loan.
Such financial frauds are rapidly becoming India’s digital nightmare.
India, along with the United States of America, the United Kingdom, Canada, and Germany, are the top five countries targeted by phishing attacks. According to the Zscaler ThreatLabz 2024 Phishing Report, phishing attacks surged by 58.2 per cent in 2023 compared to the previous year.
Understanding phishing, smishing, and vishing attacks
All three are cyber attack attempts with the same motive––stealing personal information including credit card numbers and PINs, passwords to bank accounts, one-time passwords on the phone etc., but with different approaches.
Story continues below this ad
Phishing: Fraudulent emails or fake websites impersonate legitimate entities like banks, insurance firms, or government departments to steal information.
Smishing: Scam messages impersonate organisations like Aadhaar services or digital wallets, urging users to click on harmful links.
Vishing: Phone calls from fraudsters pretending to be officials, such as bank representatives, trick victims into revealing OTPs or account details.
“India’s massive and diverse internet user base makes the country a prime target for such scams,” said Dr Chiranjiv Roy, global head of data science, machine learning and applied generative AI at C5i.ai. He also said, “The increasing adoption of digital payment platforms only multiplies the risks.”
Story continues below this ad
“These complaints tend to almost double every year due to the increasing use of the internet and mobile phones and low awareness about cyber crimes,” said Lohit Matani, Deputy Commissioner of Police (Cyber), Nagpur.
The AI Revolution in Cybercrime
Cyber threats have transformed into sophisticated, AI-powered operations, meticulously designed to exploit human vulnerabilities. Latest attacks are becoming increasingly complex and difficult to detect. These aren’t just incremental improvements—they represent a fundamental reimagining of digital threat strategies.
Dr Roy listed some common threats:
Personalised phishing: AI enables attackers to scrape social media profiles and create highly targeted phishing emails. For instance, a professional in Bengaluru might receive an email mimicking a local job portal, claiming to offer a high-paying job at Infosys.
Deepfake technology: AI-generated voices and videos are used in vishing calls to impersonate trusted figures. For example, deepfake voice calls of CEOs have been used to authorise fraudulent financial transfers in Indian companies too.
Story continues below this ad
Polymorphic malware: AI-powered phishing campaigns can deploy malware that constantly evolves its code, bypassing traditional antivirus programs.
Chatbots for smishing: AI bots mimic human-like interactions in messaging platforms like WhatsApp or Telegram, making fraudulent schemes more believable.
Dr Roy also listed some emerging tactics in India.
Interactive smishing: AI chatbots pretending to be customer service agents for platforms like Zomato or Swiggy can extract payment details during simulated ‘refund’ conversations.
Voice spoofing in vishing: Attackers use AI-generated voices to mimic regional accents and dialects. For instance, scammers can impersonate Tamil-speaking bank officials to trick customers in Tamil Nadu.
Story continues below this ad
Hybrid smishing-vishing Attacks: Fraudsters combine SMS and voice calls, with an SMS serving as bait, followed by a convincing call to extract further details.
During the COVID-19 pandemic, cyber attacks reached new heights. Smishing attacks claiming to offer COVID-19 relief funds were common and led to widespread data theft. In one notable incident, in 2020, Cosmos Bank in Pune fell victim to a phishing attack that resulted in the loss of Rs 94 crore. Hackers manipulated SWIFT transactions and ATM withdrawals internationally. In 2021, fraudsters posed as BSNL representatives, in a vishing attack scamming users by claiming SIM deactivation unless they shared sensitive details.
Identifying cyber attacks
The key is to be vigilant. If you receive e-mails from suspicious domains––@sbi-services.in instead of @sbi.co.in, for instance––double check previous emails and do not click on any links within the e-mail. Similarly, if the e-mail requests for urgent action with messages like “Click here to avoid account suspension,” be rest assured it’s a scam. You may also find weird sentence constructions and spelling and grammatical errors in such mails.
You may receive threatening SMSes claiming your PAN card will be blocked unless verified immediately. These are common tactics and you need to steer clear from these messages with links. Be always suspicious about messages with shortened URLs. Example, something with bit.ly links.
Story continues below this ad
In case of calls, make this ground rule for yourself––you will never share OTP or passwords to anyone over a call. Scamsters will try their best to make you share the OTP. If you’re concerned, cut the call. If they use threatening language or try to create urgency by saying “Your account will be frozen,” you can be sure it is a scam call.
How to combat cyber attacks
AI-powered cyber security platforms like Quick Heal and K7 Security can be used by organisations to detect phishing links and malware or anti-spam and anti-phishing browser extensions. “While spam filters and anti-virus software form the first line of defense, multi-factor authentication and encryption offer robust protection against evolving threats,” Dr Roy said.
Multi-factor authentication (MFA) is widely adopted by Indian digital payment platforms like Paytm and Google Pay. This makes multiple verification steps mandatory for the user to log in to their accounts. Many Indian banks and e-commerce sites now use encryption to secure sensitive data during transactions.
Major telecom players in India have already rolled out free AI-powered “spam call detection” tools that will display warnings when numbers previously reported as spam call. You can avoid cyber frauds by not picking such calls.
Story continues below this ad
Regular cyber security awareness programmes need to be conducted, especially in industries like banking and IT.
Legal Measures in India
India has a comprehensive legal framework to address cybercrimes. The Information Technology Act, 2000 covers offences related to phishing, smishing, and vishing, prescribing fines and imprisonment. The Indian Computer Emergency Response Team (CERT-IN) mandates organisations to report data breaches within six hours.
“In cases of phishing, particularly where some money is lost, the cyber cell freezes the account of the accused and helps in transferring the frozen account to the victim. Moreover, information about the accused is taken from his KYC details, and attempts are made to arrest the accused thereafter,” said Matani. He also said that citizens can report such crimes on the National Cybercrime Reporting Portal (NCCRP).
Saxena, however, had a different experience. Even after reporting about the crime online, his case was transferred to a local police station and the police constable assigned to his case did not entertain his calls or his visits, citing his busy schedule.
Story continues below this ad
Steps cyber fraud victims can take
– Contact your bank’s fraud helpline number.
– Report the incident to the Cyber Crime Reporting Portal (cybercrime.gov.in).
– Change all compromised passwords and monitor accounts for unauthorised activity.
– Avoid sharing personal details or clicking links from unknown sources.
– Use tools like Truecaller to identify and block spam calls.
“India will need AI-powered cyber security solutions, better legal frameworks, and widespread digital literacy campaigns to stay ahead of these threats,” said Dr Roy.
All hope is not lost. Awareness and alertness are the best weapons to defend yourself against cyber attacks. Understanding these threats, recognising the warning signs, and developing a healthy skepticism can be the difference between safety and financial ruin.
In this digital age, vigilance is not just a choice—it’s a necessity.
