From OTP scams that drain savings to deepfakes that erode trust, cybercrime today is sophisticated and relentless. The good news is that much of it can be prevented.
By Neha Saini
In an era when nearly every aspect of life has gone digital, millions of Indians rely on their smartphones for everything from paying utility bills to transferring life-changing amounts of money. Digital convenience has fuelled inclusion and economic growth, but it has also unwittingly opened the door to a parallel world of digital predators. Today’s cyber threats range from deceptively simple One-Time Password (OTP) scams to sophisticated artificial intelligence (AI)-driven deepfake frauds. Together, they make one thing abundantly clear: cyber awareness isn’t optional anymore — it’s essential.
The digital revolution … and its dark side
India’s digital ecosystem is among the most advanced in the world. With low-cost internet, the ubiquity of UPI and mobile wallets, and rapid adoption of online services, digital transactions have become effortless. But this convenience has come at a cost: cybercriminals have evolved just as quickly, if not faster.
Between January and May 2025 alone, Karnataka reported a staggering ₹938 crore lost to cybercrooks in over 6,000 registered cases, with AI increasingly powering sophisticated phishing campaigns and scams.
Similarly, Mumbai’s cybersecurity data paints an alarming picture: over the past five years, the city recorded nearly 20,000 cyber-financial frauds, including OTP scams and card cloning, resulting in losses exceeding ₹2,000 crore.
And these aren’t isolated pockets of crime — cyberfraud is pervasive across urban and semi-urban India. In Kolkata, authorities reported losses of ₹210 crore due to cyber scams in 2025, even as awareness campaigns helped improve recovery rates.
Behind these numbers lie real human stories: life savings drained in minutes, panic and humiliation experienced by victims, and a persistent sense of vulnerability.
OTP frauds: A simple trick, a devastating impact
One of the most common and fastest-growing cyber threats in India is the OTP (One-Time Password) scam — deceptively simple but devastatingly effective.
Scammers often disguise themselves as bank officials, customer-care agents, or even friends and family. They convince victims that their accounts are compromised, or that there’s a problem requiring immediate action. To “help,” they ask for an OTP sent to the victim’s phone. Once shared, fraudsters can instantly empty bank accounts or authorize UPI transfers.
A newer variant, known as “call-merge OTP fraud,” is particularly alarming. In this scam, fraudsters spoof legitimate bank caller IDs and then ask victims to “merge” a second call — which actually carries an OTP — into the ongoing conversation. The victim unknowingly divulges the code, leading to unauthorized transactions within seconds.
Such scams are not theoretical threats; they happen every day to ordinary people — not just the digitally naive. The rapid shift to online banking and digital payments has given criminals fertile ground to operate.
When AI joins the fray: Voice cloning and deepfake scams
If OTP scams represent the “bread and butter” of cybercrime, then generative AI technologies such as voice cloning and deepfakes represent the next frontier — one that is changing the nature of digital deception.
Deepfakes (synthetic media created using AI models like Generative Adversarial Networks) can mimic voices, faces, and identities with unnerving realism. They were once the stuff of sci-fi thrillers, but today they are very real threats.
According to recent reports, the number of deepfake files globally jumped from around 500,000 in 2023 to over 8 million by 2025, with fraud attempts skyrocketing in the Asia-Pacific region.
In India, deepfake cases are up an estimated 550% since 2019, and projected losses linked to deepfake — including identity theft and scams — could reach ₹70,000 crore by 2025.
A widely cited McAfee survey found that 75% of Indians had encountered deepfake content in the past year, and nearly half reported knowing someone who had been duped by scams involving synthetic media.
What makes deepfakes especially dangerous is how they are now being used in real-world scams:
• Voice-cloned calls from a “relative in distress,” asking for urgent money transfer.
• Fake video endorsements or investment pitches that appear to come from trusted individuals or celebrities.
• Image or video alterations used to extort or blackmail victims.
In one documented case, a victim in India transferred money after being fooled by a deepfake video of a colleague asking for help — a scam costing several thousand rupees.
The trouble goes beyond personal finance. Deepfakes are being weaponized to spread misinformation, manipulate public opinion, and undermine trust in institutions and media.
Why cyber awareness matters more than ever
So why are these scams so effective? The answer isn’t just clever technology — it’s human psychology and a lack of digital literacy.
AI-driven scams succeed because they exploit trust, urgency, and social instincts. A message that looks real, or a voice that sounds familiar, can bypass rational skepticism. A deadline or threat can trigger fear. And before the victim has time to think critically, the damage is done.
Many Indians still struggle to distinguish an AI-generated voice from a real one, with surveys indicating that over two-thirds are unable to tell the difference.
Compounding this is the sheer volume of scam attempts. During festive seasons like Diwali, reports suggest Indians may face up to a dozen scam attempts per day, ranging from phishing emails to fake ads and deepfake content.
In this environment, a reactive approach — reporting fraud after it happens — is insufficient. What’s urgently needed is proactive cyber awareness: understanding risks, recognising red flags, and adopting safe practices before harm occurs.
What every citizen can do right now
Cyber awareness is not just for IT professionals. Every internet user — regardless of age or technical expertise — can take practical steps to protect themselves:
1. Never share your OTP
Banks and official services will never ask for your OTP over phone, SMS, or messaging apps. If someone does — hang up and verify independently.
2. Enable two-factor authentication everywhere
Use 2FA on your email, social accounts, banking apps, and even messaging apps like WhatsApp and Telegram. This adds an extra layer of protection.
3. Verify unexpected requests
If someone claims to be a bank official, relative, or acquaintance and requests money or credentials, always verify through known contact numbers — do not trust incoming caller IDs.
4. Educate your family
Children and senior citizens are often the most vulnerable. Discuss common scams and red flags with them regularly.
5. Use trusted platforms and software
Install apps only from official app stores, keep devices updated, and use reputable antivirus software.
6. Report suspicious activities promptly
India’s National Cybercrime Reporting Portal and helpline 1930 exist precisely for quick reporting. Early reporting can prevent losses and help authorities trace criminals.
The role of institutions and educators
Government initiatives and police awareness campaigns have begun making a difference, but they need amplification. In metropolitan areas like Pune, cyber police are collaborating with industry and education institutions to raise awareness, a strategy credited with helping recover crores of lost funds.
Yet legislation and enforcement must evolve to keep pace with the rapid adoption of AI and digital tools. Existing laws, such as the IT Act (2000) and the Digital Personal Data Protection Act (2023), were drafted well before generative AI became mainstream, leaving gaps in the regulation of synthetic media and algorithmic deception.
Universities and schools must incorporate digital safety and cyber hygiene education into their curricula, not as an elective but as a foundational life skill — just like financial literacy or language comprehension.
Conclusion: A shared responsibility
The digital age has brought immense benefits — convenience, inclusion, and innovation. But it has also spawned dangers that can strike anyone at any time.
From OTP scams that drain savings to deepfakes that erode trust, cybercrime today is sophisticated and relentless. The good news is that much of it can be prevented — not by technology alone, but by a culture of awareness and vigilance.
We must stop treating cyber threats as abstract, distant problems. They are here, they are growing, and they are affecting real people. Cyber awareness is not a luxury for the tech-savvy; it is a necessity for every digitally connected citizen.
Only when individuals, institutions, and governments work together to educate, empower, and protect will India’s digital future be secure.
----------------------------------
[Neha Saini is an Assistant Professor of Computer Science at CHRIST University, Delhi NCR Campus.]
