Notes PYQ's Blogs Syllabus Trends Daily Quiz

AI-Enabled Phishing and the Threat to Digital India

Cyber Security India AI Phishing digital arrest DPDP Act 2023 UPSC GS 3 Internal Security I4C CERT-In Sanchar Saathi Smishing Quishing

Ministry of Electronics and Information Technology warned of AI-driven phishing targeting the India AI Impact Summit 2026, including smishing, quishing, and digital arrest scams. With India highly targeted, safeguards under Digital Personal Data Protection Act, Indian Cyber Crime Coordination Centre, and Sanchar Saathi stress zero-trust and coordinated defense.

Description

Copyright infringement not intended

Picture Courtesy:  NEWSONAIR

Context

The Ministry of Electronics and Information Technology (MeitY) issued a warning  about a sophisticated phishing scam targeting India AI Impact Summit 2026 attendees via SMS and WhatsApp to steal financial data with a fake refund offer.

What is Phishing?

Phishing is a cybercrime where attackers impersonate legitimate entities to steal sensitive information like bank details or Personally Identifiable Information (PII).  

  • Smishing (SMS Phishing): Fraudulent messages are sent via SMS, as seen in the AI Summit scam.
  • Quishing (QR Code Phishing): Malicious QR codes are placed in public areas, which, when scanned, lead users to fake websites designed to steal data,
  • AI-Driven Sophistication: Unlike older scams with poor grammar, criminals now use Generative AI to create flawless, context-aware, and highly convincing messages that are harder to detect.

India faced over 80 million phishing attacks in 2024, making it the third most targeted country globally. (Source: Zscaler).

Concern for India's Digital Ecosystem

Massive Financial Losses: In the past six years, Indians lost over ₹52,976 crore to various cyber frauds and cheating cases. (Source: I4C Data)

Targeting Critical Infrastructure: Attackers are targeting high-profile government events and critical national infrastructure, moving beyond individual targets.

The "Digital Arrest" Tactic: Fraudsters impersonate Police, CBI, or Narcotics officials, using video calls to falsely accuse victims, impose "digital arrest," and extort money.

Framework to Combat Cyber Fraud India

Legislative Framework

Information Technology Act 2000: Provides the primary legal basis for prosecuting phishing under Section 66C (Identity Theft) and Section 66D (Cheating by personation).

Digital Personal Data Protection (DPDP) Act 2023: Imposes heavy penalties (up to ₹250 crore) on organizations that fail to implement security measures to prevent data breaches that fuel phishing campaigns.

Bharatiy Nyaya Sanhita (BNS) 2023: Includes specific provisions to tackle organized crime, which is often the backbone of large-scale cyber fraud syndicates.

Institutional Framework

I4C (Indian Cyber Crime Coordination Centre): Established by the Ministry of Home Affairs to act as a nodal point in the fight against cybercrime. Manages the 'Pratibimb' portal for mapping cybercriminals.

CERT-In (Indian Computer Emergency Response Team): The national nodal agency for responding to computer security incidents and providing alerts and advisories.

Sanchar Saathi Portal: A citizen-centric initiative by the Dept. of Telecommunications. It includes the 'Chakshu' facility for reporting suspected fraud communications. (Source: DoT Annual Report 2023-24).

Key Challenges in Curbing Cyber Fraud

Jurisdictional Complexity

Cybercrime is borderless, making it difficult to trace and prosecute criminals operating from other countries. Scams like "Pig Butchering" are often run from Southeast Asia, requiring complex international cooperation.

The "Mule Account" Network

Fraudsters use a vast network of rented bank accounts (mule accounts) to quickly layer and withdraw stolen money. The RBI noted a 300% rise in digital payment frauds, largely enabled by this infrastructure. (Source: RBI).

Cybersecurity Workforce Shortage

India faces a severe deficit of skilled cybersecurity professionals. The demand for over 1 million professionals is met by a supply of less than half that number. (Source: DSCI Report).

Way Forward

Adopt 'Zero Trust' Architecture

Government and private sector entities must implement a 'Zero Trust' security model, where no user or device is trusted by default, thereby minimizing unauthorized access.

Strengthen Data Protection Governance

Operationalization of the Data Protection Board under the DPDP Act, as recommended by Justice B.N. Srikrishna Committee is crucial to enforce accountability for data breaches.

Use AI to Counter AI

Deploy advanced AI and Machine Learning (ML) systems to  detect and block phishing SMSs and calls before they reach users, as mandated by TRAI for telecom operators.

Enhance Financial and Digital Literacy

Public awareness campaigns like the 'Cyber Swachhta Kendra' to educate citizens about new-age threats like deepfakes and digital arrest scams.

Conclusion

Protecting India's $1 Trillion Digital Economy requires a secure "Whole-of-Government" approach combining legislation, technology, cooperation, and an alert citizenry.

Source: NEWSONAIR

Attempt Daily Quiz

PRACTICE QUESTION

Q. With reference to the 'Sanchar Saathi' portal, consider the following statements:

1. It is an initiative launched by the Ministry of Home Affairs (MHA).

2. It includes the 'Chakshu' facility for citizens to report suspected fraud communications.

3. It allows users to block lost or stolen mobile phones.

Which of the statements given above is/are correct? 

A) 1 only

B) 2 and 3 only

C) 1 and 3 only

D) 1, 2, and 3

Answer: B 

Explanation:

Statement 1 is incorrect: The Sanchar Saathi portal is an initiative of the Department of Telecommunications (DoT), which falls under the Ministry of Communications, not the Ministry of Home Affairs (MHA).

Statement 2 is correct: The portal includes the 'Chakshu' facility, which allows citizens to report suspected fraud communications received via calls, SMS, or WhatsApp (such as KYC update scams, fake lottery offers, or impersonation).

Statement 3 is correct: One of the primary functions of the portal (through the CEIR module) is to allow users to block and trace lost or stolen mobile phones across all telecom networks in India. 

Frequently Asked Questions (FAQs)

Phishing is a general term for cybercrimes where attackers pose as legitimate entities to steal data. Smishing is a specific type of phishing that uses SMS (Short Message Service) or text messages to deceive victims, often containing malicious links.

"Digital Arrest" is a cyber fraud trend where criminals pose as law enforcement officials (Police, CBI, Narcotics) via video calls. They falsely accuse the victim of a crime and force them to stay on the call ("virtual house arrest") until they transfer money to "clear" their name.

Mule accounts are bank accounts belonging to innocent individuals or created using stolen identities, which are "rented" or used by cybercriminals to receive and launder stolen money, making it difficult for police to trace the original fraudster.

Related Articles

INDIA TO JOIN INTERNATIONAL ENERGY AGENCY (IEA) 23 Feb, 2026
SARVAM AI: MADE-IN-INDIA AI REVOLUTION 23 Feb, 2026
AI IMPACT SUMMIT 2026 ADOPTED NEW DELHI DECLARATION 23 Feb, 2026
DAILY NEWS ANALYSIS -23rd FEBRUARY 2026 23 Feb, 2026
FRESHENING OF THE SOUTHERN INDIAN OCEAN: CAUSES AND IMPACTS 22 Feb, 2026
NITI AAYOG RELEASES REPORT ON ‘REVITALIZING APPRENTICESHIP ECOSYSTEM 22 Feb, 2026
JUDICIAL REVIEW ON FREEBIES: WELFARE VS FISCAL PRUDENCE 22 Feb, 2026
DAILY NEWS ANALYSIS -21st FEBRUARY 2026 21 Feb, 2026
DAILY NEWS ANALYSIS -20th FEBRUARY 2026 20 Feb, 2026
AI driven education reform 19 Feb, 2026
Let's Get In Touch!

Free access to e-paper and WhatsApp updates

Let's Get In Touch!

© 2026 iasgyan. All right reserved