Expert SpeakYoung Voices
Published on Jul 18, 2026
India has built real momentum against digital arrest scams at home, but the criminal infrastructure sustaining them sits entirely outside its borders — and outside every major international cybercrime framework it has yet to join.
Cyber fraud has emerged as one of the most frequently reported crimes in India in recent years, particularly in the form of economic and digital offences. In April 2026, an elderly man in Mangaluru lost INR 2.07 crore after scammers posing as government investigators convinced him he was under investigation, underscoring the growing sophistication of digital arrest scams
This is not an isolated incident, but a window into India’s most rapidly escalating security challenge. Digital arrest scams alone drained over INR 22,495 crore from Indian citizens in 2025, part of a broader pattern of cyber fraud that has cost Indians a cumulative INR 52,976 crore over six years, according to the National Human Rights Commission. Victims span a striking range — from high-ranking officials and security personnel to elderly citizens and those with limited digital literacy. What separates digital arrest scams from ordinary online fraud is not their scale, but their architecture: organised networks operating out of Myanmar, Cambodia and Laos that use trafficked and coerced Indian citizens into staffing the very scams targeting their compatriots.
Digital arrest scams have outgrown consumer cybercrime and are now seen as a national security threat, because their financial impact is inseparable from a cross-border criminal economy beyond the reach of Indian law enforcement alone
Digital arrest scams have outgrown consumer cybercrime and are now seen as a national security threat, because their financial impact is inseparable from a cross-border criminal economy beyond the reach of Indian law enforcement alone.Two structural gaps sustain this threat, namely a fragmented financial system and a diplomatic gap, since transnational cybercrime is still treated largely as a domestic law-and-order issue.
The Financial and Economic Loss
Table 1: Digital Arrest Cases over the years
|
Amount |
Year |
|
|
INR 24 crore |
Bengaluru |
|
|
INR 1.6 crore |
Maharashtra |
|
|
INR 2.5 crore |
Gwalior |
|
|
INR 8.1 crore |
Gujarat |
|
|
INR 14 crore |
New Delhi |
Between 2022 and 2025, India witnessed 241,537 cases of digital arrest and scams, causing a serious economic impact on India’s GDP, with losses of INR 3,012 crore. In 2026, India lost INR 11.6 crore in just 59 days
Although India is moving toward a digital economy, investment in digital economic security has not kept pace. The 2025-26 budget allocated INR 1,900 crore to cybersecurity capital projects; for 2026-27, the Union Budget assigned just INR 790 crore to cybersecurity projects — a decline of over 58 percent, even as digital arrest scams and other cyber fraud continue to escalate
Government investment has not scaled at the same pace. The Indian Cyber Crime Coordination Centre (I4C), which coordinates the national response, was approved in 2018 — funding that predates the digital arrest wave entirely. The Union Budget for 2026-27 does little to close that gap: the Ministry of Electronics and Information Technology’s (MeitY) overall allocation fell nearly 17 percent, cybersecurity capital projects rose only marginally from INR 782 to INR 790 crore, and the Data Protection Board’s allocation doubled but only to INR10 crore, a rounding error against a threat measured in tens of thousands of crores. The spending is scattered across MeitY, the Ministry of Home Affairs (MHA), and the Department of Telecommunications, with no dedicated trackable line for digital arrest, making it structurally hard for India to invest in proportion to a threat that grows faster than any single ministry’s budget.
What sets digital arrest scams apart from ordinary cybercrime is their organised and systematic operation
A National Security Threat, Not Just Consumer Fraud
What sets digital arrest scams apart from ordinary cybercrime is their organised and systematic operation.I4C data indicate that nearly 46 percent of these operations originate in Cambodia, Myanmar, and Laos. In April 2024, the government told Parliament that 2,907Indians had been rescued from these compounds; by 2026, that figure had climbed to 6,998 Indian nationals rescued between 2022 and 2025. Most were lured in by fake job offers, had their passports seized, and were forced to run online scams under threats of violence. In November 2025, two Indian Air Force aircraft repatriated 270 Indians from Myawaddy, Myanmar, in one of the largest single rescue operations to date.
The scale of the underlying economy explains why these compounds persist despite repeated raids. The United States Institute of Peace estimates that cyber scam profits across Cambodia, Myanmar, and Laos amount to nearly 40 percent of the three countries’ combined GDP, with a significant share benefiting Myanmar’s military and elites. I4C has separately identified Pakistan-linked handlers within these syndicates. India is both a major source of trafficked labour for these scam compounds and one of their largest targets, yet its law enforcement agencies have limited jurisdictional reach into the territories where they operate.
Domestic measures, however well reisdiction and protected by local political interests
Domestic measures, however well resourced, cannot reach a criminal economy embedded in a foreign jurisdiction and protected by local political interests. That mismatch justifies treating digital arrest as a national security threat rather than a consumer-protection issue. The Supreme Court directed the Central Bureau of Investigation (CBI) to lead a nationwide probe into digital arrest cases, granting it authority to investigate complicit bankers and seek Interpol assistance abroad. Coverage of the order described digital extortion as having evolved into a national security and economic risk — a characterisation that, following a ruling from India’s highest court, signals this is no longer treated as isolated fraud.
India’s Response
The domestic response has been substantial but concentrated at the enforcement end. I4C and the MHA have blocked over 83,668 WhatsApp accounts, 3,962 Skype IDs, approximately 7.81 lakh SIM cards, and over 2 lakh International Mobile Equipment Identity (IMEI) numbers linked to digital arrest operations. In 2025 alone, the government deactivated 1.2 million SIM cards and froze 1.33 million mule accounts, recovering INR 5,489 crore. The Cyber Fraud Mitigation Centre, housed within I4C, coordinates banks, telecom operators, and law enforcement for real-time response.
On structural fixes, theMHA informed the Supreme Court that a high-level committee spanning the Reserve Bank of India (RBI), CBI, MeitY and the Ministry of External Affairs is examining a financial kill switch to instantly freeze accounts linked to suspected fraud, an idea the Court’s December 2025 order reinforced by directing the RBI to report on AI tools for flagging suspicious accounts
The results remain limited relative to the scale of loss. Only 55,484 FIRs were registered in 2025 out of roughly 2.81 million reported cases — a gap that reflects jurisdictional friction between state police forces, the difficulty of tracing money through layered, cross-border networks, and a broader pattern of underreporting that likely means even the 2.81 million figure understates the true scale.
The Way Forward
Digital arrest exposes a troubling paradox at the heart of India’s digital transformation. India’s response is gaining real momentum: the CBI probe, I4C’s technical interventions, and the Supreme Court’s direct engagement are all meaningful steps. Yet the response remains structurally domestic — addressing symptoms inside India’s borders, while the criminal infrastructure that sustains them sits outside. This is the gap that deserves the most attention, because it is the one India has the least excuse for leaving open.
India has signed neither the Budapest Convention on Cybercrime nor the United Nations Convention against Cybercrime. It was excluded from the Budapest Convention’s original drafting process, and has since cited concerns over sovereignty and cross-border data access as reasons for staying out. Yet India also chose not to sign the UN treaty, despite having helped draft it. As dozens of countries join the new convention, India’s continued absence from both frameworks suggests a preference for prioritising sovereignty over stronger international cybercrime cooperation — even as thousands of Indians continue to be trafficked into scam networks operating abroad.
India has no comparable binding agreements with Myanmar or Cambodia. As a result, investigators are left relying on slow, case-by-case mutual legal assistance requests — while the compounds themselves continue operating with little disruption. Closing this gap does not necessarily require signing existing conventions. Instead, India could negotiate sovereignty safeguards that would allow it to join those frameworks, while also pursuing strong bilateral cybercrime and extradition agreements with the Southeast Asian governments where these compounds are concentrated. This recommendation matters because domestic reforms can strengthen India’s response, but only international cooperation can dismantle the networks operating beyond its borders.
Smrity Chetryis an Intern at the Observer Research Foundation
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.

PREVNEXT 
Author
Smrity Chetry
Smrity Chetry is an Intern at the Observer Research Foundation
Read More +
Related Search Terms
Publications

When AI Becomes a Colleague: The Future of India’s Legal Profession
Artificial Intelligence
Jul 18, 2026

Digital Arrest Scams and the Limits of Domestic Enforcement
Cyber Security | Cyber and Technology
Jul 18, 2026
Related:
Digital Automation Training Benin: 5 Winning Skills Employers Demand in 2026
WhatsApp Marketing Automation Africa: 6 Dangerous Mistakes Brands Make in Nigeria
Want to learn this practically?
Join Justfine Infotech and build real digital skills in AI, automation, web development, digital marketing, office productivity, e-commerce, freelancing and cybersecurity.
Available Programmes:
6 Weeks Certificate • 3 Months Professional Certificate • 6 Months Diploma • Full Professional Diploma
WhatsApp:
+229 01 57 57 99 15
+229 01 66 68 11 60
Source: www.orfonline.org



