The playbook is more or less fixed. You get a phone call from a law enforcement officer implicating you in a serious crime. The caller then offers to connect you to other officials through video calls. They, in turn, explain the charges in thick legalese, buttressing claims with trappings you have come to expect from the justice system.
You are asked not to leave home or even the room you are in, or talk to anyone else, while the investigation proceeds. Strict written instructions are issued: you are not to switch off your phone or laptop camera. Your mundane activities are monitored, sometimes for days on end, accompanied by an unending stream of questions.
And then comes the demand: a large sum of money, in lieu of actual arrest or further legal wrangling. Once you – by now running on fumes – complete the transfer, the phone abruptly goes silent. The inquisitors are gone. The money too vanishes without trace.
The number of reported instances of digital arrest frauds nearly tripled between 2022 and 2024.
Welcome to the Kafkaesque nightmare that is a “digital arrest” fraud.
According to a government estimate, Indians lost more than 19 billion rupees (around AU$350 million) to approximately 120,000 such and related scams last year alone. What is alarming is that the number of reported instances of digital arrest frauds nearly tripled between 2022 and 2024. A significant fraction of these scams originate in Southeast Asia, a known cybercrime hub. However, Indian nationals are almost invariably involved in the activity.
Despite a massive awareness campaign and a slew of countermeasures, cases continue to pile up. Victims include academics, bankers, retired bureaucrats, businesspeople, medical doctors, and even a former senior police officer. Unable to cope with the trauma, a few have died by suicide.
Cybercriminals are the equal-opportunity practitioners of borderless commerce. Their repertoire is equally diverse. One estimate puts the economic cost of global cybercrime in 2025 at more than US$10 trillion. Yet digital arrest frauds seem to predominantly harm Indians. Just why that is the case is a puzzle. Universal, interacting cognitive biases – “illusions of thought”, as the late Daniel Kahneman famously called them – accentuated by specific cultural attitudes and socio-economic trends make for a plausible answer.
But this, in turn, raises a serious concern. Can the persistent vulnerabilities that make digital arrest frauds so effective be leveraged by India’s adversaries through cognitive war?
The spell of authority
The most pronounced aspect of a digital arrest scam is the near-continuous invocation of authority: police and security agencies; the judiciary; and in some cases, international organisations. It is this appeal to our innate authority bias – reposing trust in figures perceived to be superior and/or have sway over our life – that renders such scams their potency.
And trust in state authority is certainly very high in India. According to a 2025 survey, 79 per cent of those polled in India trusted their government to do the right thing, against 47 per cent in Australia and 41 per cent in the United States. This faith, in turn, works hand-in-glove with India’s inherent paternalistic orientation. Government action, however constraining or intrusive, is deemed to be for the greater good by a significant portion of the population. (Public reaction to the 2016 experiment with “demonetisation” – the overnight removal of the vast majority of cash in circulation – serves as a case in point.) The net effect is more-or-less default acceptance of onerous state diktats, real or fabricated, as long as it is framed the right way. Such as the notion of digital arrest.
A large 2005 study involving college students from 51 cultures found that Indians scored the highest when it came to acquiescence, a response bias defined as the propensity to agree.
A corollary of state paternalism, alongside a sluggish administrative apparatus, is fear of entanglement with law enforcement and the judiciary. As an opposition politician acidly noted, “being spared the ordeal of interacting with these institutions can feel like a divine blessing”. These preferences are nourished in a “culture of obedience and hierarchy”, as one conservative ideologue puts it. It is easy to dismiss such an observation as stereotyping. Yet it is in sync with a large 2005 study involving college students from 51 cultures, which found that Indians scored the highest when it came to acquiescence, a response bias defined as the propensity to agree, rather than disagree, to statements, independent of their content. In other words, agreement by default.
The salience pull
As Chief Justice of India for two years starting late 2022, Dhananjaya Chandrachud was an unusually visible figure, in equal parts because of his role in adjudicating several high-profile cases, as well as his media-friendly temperament. It is unsurprising that his image would be incessantly used by digital arrest scamsters as an effective prop, an unimpeachable symbol of authority. (Ironically, Chandrachud was a major proponent of the judiciary’s embrace of technology.)
For one victim, a neurologist in her 40s, a man claiming to be “Judge Dhananjay” was her “judge” over a video “trial”, while the man’s contact card shared with her by the scamsters over WhatsApp featured a photo of Chandrachud. She was unable to spot the discrepancy. Another, a 33-year-old woman who lost more than two million Indian rupees, recalls a man impersonating Chandrachud hearing her “case”. Most spectacularly, a Chandrachud impersonator also played a crucial role in scamming an 84-year-old textile magnate last year.
The persistent use of a very prominent public figure in different digital arrest scams suggests exploitation of another cognitive bias, salience. Victims mentally zoomed in on an extremely recognisable name, without considering the improbability of their “case” reaching the Chief Justice straight off the bat, or even, in the neurologist’s case, in face of an obvious inconsistency.
In the textile magnate’s instance, the salience bias was amplified as scamsters tied him to (real) charges against another prominent businessman, private-aviation pioneer Naresh Goyal. According to the scamsters, the magnate had a specific bank account that was being investigated as being linked with Goyal. In reality, the octogenarian not only did not have such an account, but was also not acquainted with the former airline honcho. He made this clear to the "investigating officer”. That should have been the end of the story.
But it was not.
By continuing to engage with his interlocutors, the textile magnate implicitly accepted a connection between his legal troubles (fabricated by the scamsters) and that of Goyal’s (objectively true). What is more, he even went on to suggest a tenuous link between the two himself. He had travelled on Goyal’s (once wildly popular, but by 2019, defunct) airline, the victim stated; it would have his national identification card details. They could have been misused to open the account then, the scamsters pretended to adduce, as if completing the victim’s thought.
The salience bias has been part of the cybercrime play targeting Indians for a while.
And by advancing the link – a good example of an illusory correlation, between travelling in an airline, and being implicated in a money-laundering case related to the airline’s founder – the victim walked straight into a psychological trap. To wit, he committed himself to the basic premise that was being suggested to him. As marketers understand very well, this was the biggest step in securing his continued compliance, ultimately translating to 70 million Indian rupees (about AU$1.3 million).
The salience bias has been part of the cybercrime play targeting Indians for a while. A primitive iteration of the digital arrest scam would start with an emailed “letter” from law enforcement agencies, the plural referring to an utterly odd mishmash of various departments. Some of these letters refer to the Bureau of Police Research and Development; reference to that relatively obscure government think tank is possibly meant to invoke the Research & Analysis Wing, India’s external intelligence service, in the recipient's mind. What is striking about such artefacts is the use of numerous garish stamps, logos and other annotations. While they resemble nothing like actual government correspondence, they are meant to draw attention, especially from those who imagine it to be replete with bureaucratic hieroglyphs.
Available and primed
Goyal’s arrest and subsequent detention is one of several high-profile criminal cases that has kept the Indian press busy over the past few years. The high and mighty’s fall from grace makes for good copy and television almost everywhere. In the hypercompetitive world of Indian media, it is par for the course, along with a distinct and worrying predilection for sensationalism.
The media ends up providing a ready roster of standout examples for digital arrest scamsters and their victims alike. Indeed, beyond Goyal, whose legal woes have been consistently milked in numerous scams, swindlers have also exploited criminal charges against a former CEO of a major bank, and a prominent Muslim politician from Maharashtra.
For victims, these names and cases are quite familiar. On top of that, “corroborating” information about them is just a couple of clicks away. In fact, it is quite plausible that scamsters tailor their stories according to victims, based on social media surveillance.
They are careful to select contemporaneous names – banking on the brain’s natural tendency to remember recently presented information – and avoid references that are obscure or outlandish. In any case, the availability heuristic – a mental shortcut that makes us draw on easily recalled information for decision-making – ends up adding credibility to the story the scamsters sell. It also plays another important role, in amplifying a very real social and economic shift.
The road to hell is indeed paved with good intentions. India’s rapid digital transformation is justly celebrated globally. The pandemic saw the world go online with a vengeance; India was not an exception. Online classes and work-from-home became the norm, in a country where such large-scale arrangements would have been unthinkable a few years before.
Court proceedings too moved online, and in many instances continue to be so. New laws passed since also equip the judiciary to issue summons and notices over messaging platforms and email, a laudable first step in correcting its sclerotic nature. (The police and other investigating agencies however are not allowed to do so, the Supreme Court ruled in January, due to a fine legal point that would be lost to most.) The aggregate conclusion many – especially among the elderly, a key demographic for cybercriminals – drew from all this is that everything can be done electronically. And once you admit that point of view, digital arrests do not seem that far-fetched. Especially if you also believe in an all-powerful sovereign.
Recent popular culture has done much to contribute to the perception that the Indian state is a veritable Leviathan.
And recent popular culture has done much to contribute to the perception that the Indian state is a veritable Leviathan. Witness, for instance, the endless choice of shows about intelligence and intrigue on local streaming services, where government agencies inevitably come out on top. In itself, this is unexceptionable. After all, everyone loves a good thriller or two. But in conjunction with a media that seems all too happy focusing on national security, and a serious misinformation crisis, it has resulted in a surge of superficial familiarity with – if not downright misunderstanding of – the state apparatus. Digital scamsters have taken note. As but one example, cybercriminals are known to hijack the name of the Intelligence Bureau head. A couple of decades ago, their identity would have been known only to keen followers of security affairs. Not anymore.
Some readers will call this a vibe. Behavioural scientists term it priming.
Weaponising biases
In a classic study, George Akerlof and Robert Shiller provocatively term those who fall for manipulation and deception due to latent cognitive biases, “cognitive phools”. Sadly, victims of digital arrest scams fit the bill.
By the same token, the “phishers” are choice architects seeking to shape how the victim weighs alternatives, skilfully leveraging their cognitive biases through a high-pressure, claustrophobic virtual environment. They have one overarching goal, to impair decision-making: whether or not one should discuss one’s predicament with another person; take time to reevaluate the situation; or, simply, walk away.
Cognitive warfare specialists will recognise this as “command paralysis”. Along with inherent information-processing limitations of the mind, cognitive biases and stress from uncertainty and time pressure all contribute to it, as a US Air Force officer argued in a 1996 thesis.
For many Indians, a phone call from an unknown number is all that it takes to turn their lives upside down.
There is growing interest in cognitive and information warfare within Indian defence circles. A recent cyber operations doctrine, for example, notes the possibility of exploitation of systemic cognitive biases for psychological effects. The larger implications of the tactics used in digital arrests should thus give security planners a pause.
For one, the use of authority figures to shape the target’s perception and amplify biases is an old trick. Consider Sefton Delmer, a British clandestine radio broadcast specialist during the Second World War. Delmer figured one potent way to influence rank-and-file German citizens and soldiers was to assume the role of a disgruntled senior Wehrmacht figure and play to their latent, baser, instincts, and deep-seated suspicions about the Nazi party. More recently, what fuelled the appeal of QAnon – the far-right American political conspiracy theory – was the assumption that “Q” was a high-ranking US government figure, with insider information about large-scale malfeasance within the “Deep State”, a robust baseline belief for most adherents.
What the scenario planners must therefore explore is not “behavioural microtargeting” of the civilian population in order to shape their preferences, as practised, for example, by Cambridge Analytica in the run-up to the 2016 American elections. Rather, key cognitive biases at play when evaluating a given issue (for example, on social media) can be identified and aggregated through large-scale information mining. They could then be leveraged through online disinformation campaigns, for example. Social media, in turn, could be used for priming, through bot farms (a by-now familiar play). Many cybercrime syndicates are sitting on troves of behavioural insights; the continued effectiveness of digital arrest scams attest to that. Those insights could be weaponised.
For the moment though, for many Indians, a phone call from an unknown number is all that it takes to turn their lives upside down.
