The Industrialisation of Digital Crime
Cybercrime is no longer the sole domain of expert hackers. The rise of Fraud-as-a-Service (FaaS) has turned it into a plug-and-play industry. On dark web forums and encrypted chat groups, a thriving marketplace offers everything an aspiring scammer needs:
phishing kits, stolen personal data, malicious software, and even AI-powered tools like deepfakes and voice cloners. For a subscription fee as low as a few thousand rupees, anyone can rent the tools to orchestrate sophisticated scams without writing a single line of code. This model borrows directly from the legitimate Software-as-a-Service (SaaS) industry, complete with customer support and regular updates, making fraud scalable, accessible, and incredibly difficult to trace. This has lowered the barrier to entry for criminals and is fuelling a surge in organised digital crime that targets every corner of India's booming digital ecosystem.
Consumers Under Siege
For the average Indian, this shift is profoundly personal. India's suspected digital fraud rate in 2025 was 7.1%, nearly double the global average of 3.8%. This translates into a daily barrage of scam attempts. Indians receive an average of 13 scam messages a day and spend the equivalent of nearly three work weeks a year trying to distinguish real communications from fake ones. Scammers in India are increasingly focused on account takeover rather than creating new fake accounts. They use stolen credentials from data breaches to gain access to existing user profiles, making account logins the highest-risk stage for fraud in the country. This is why phishing, where fraudsters trick people into revealing personal data, remains one of the most common attack methods. The financial and emotional toll is immense, with total losses to cybercrime in 2025 reaching over ₹22,000 crore.
The Challenge for Businesses
Indian businesses are fighting a war on multiple fronts. The logistics sector faces the highest rate of suspected fraud at 16.3%, followed by telecommunications at 14.7% and insurance at 11.5%. These industries are targeted for their high volume of real-time transactions and vast customer networks, which create gaps in identity verification. For e-commerce and food delivery platforms, fraud includes refund abuse, where AI-generated images are used to fake damaged products, and reseller fraud. Some food delivery platforms reportedly lose between ₹10 crore and ₹30 crore per month to such schemes. A significant challenge for 48% of Indian enterprises is the rise of 'mule networks'—large clusters of accounts used to launder stolen funds, which are incredibly difficult to detect and disrupt.
Digital Payments: A Double-Edged Sword
The Unified Payments Interface (UPI) has revolutionised finance in India, but its success has also made it a prime target. Fraudsters exploit the system's immediacy. Scams involving impersonating officials, creating fake emergencies, or using deepfake videos for KYC verification have become common. The core of the fraud supply chain now includes not just phishing kits but also OTP interception tools and KYC bypass services. While sectors like retail and financial services have successfully reduced their fraud rates by strengthening security, criminals have simply shifted their focus to more vulnerable areas. This highlights a critical reality: as India's digital payment ecosystem expands, so does the attack surface for criminals armed with FaaS toolkits. The very convenience that drives adoption is also a vector for exploitation.
Strengthening the Defences
Combating an industrialised threat requires an industrialised defence. India’s cybersecurity agency, CERT-In, is at the forefront of this battle, handling nearly 30 lakh cyber incidents in 2025 and actively collaborating with global agencies to tackle cross-border fraud. The agency warns the public against common scams like "digital arrest" and urges caution against pressure tactics used by fraudsters. For businesses, the focus is shifting from reactive measures to proactive intelligence. This includes implementing multi-factor authentication, using advanced AI to detect anomalies, and participating in network-level intelligence sharing to identify threats in near real-time. Ultimately, securing Digital India requires a collective effort from regulators, businesses, and vigilant consumers to dismantle the fraud industry, not just chase individual crimes.
















