India is facing an unprecedented wave of cybercrime in 2025, with financial losses projected to soar and millions of digital fraud cases affecting citizens and businesses alike.

According to data from government agencies and cybersecurity firms, the cost of cybercrime in India may reach Rs 20,000 crore or more this year alone, with the banking, e-commerce, and retail sectors bearing the brunt.

Sophisticated scams involving fake calls from impersonated bank officials, phishing via deceptive links, and fraudulent mobile apps are draining personal and corporate bank accounts at an alarming rate.

Officials have issued fresh warnings and guidance to the public, urging vigilance, verification of communications, and prompt reporting of suspicious activity on official cybercrime portals.

Alarming Scale and Financial Impact

The Indian Cyber Crime Coordination Centre (I4C), under the Ministry of Home Affairs, reports that cybercrime complaints have soared past 25 lakh in 2025, continuing a steep upward trajectory from previous years.

Over 5 lakh of these cases involve brand impersonation scams designed to trick users through fake websites, emails, and messages.

The same scams cost Indian businesses and individuals upwards of Rs 9,000 crore in 2025 alone. The banking sector has been the hardest hit, with estimated losses around Rs 8,200 crore, representing more than 40% of all cybercrime-related financial drain this year.

The retail and e-commerce segments face expected losses of Rs 5,800 crore. Fraudulent financial apps, phishing domains, and fake KYC or loan apps have surged by 65–83%, making online fraud more deceptive and widespread than ever before.

Investment scams, false job offers, fake refund and loan scams, and impersonations through digital arrest tactics have also contributed to the mounting losses.

In just the first nine months of 2024, India recorded Rs 11,300 crore in cybercrime-related financial damage, with the trend accelerating in 2025. The scale of cyberattacks is historic: over 1.1 billion malware detections were recorded from October 2023 to September 2024, indicating significant growth in both attack volume and complexity.

The government has responded with increased cybersecurity budgets, expanding CERT-In’s resources and reinforcing the Indian Cyber Crime Coordination Centre’s operational capabilities.

Evolving Scam Tactics and Public Vigilance

Experts warn that cybercriminals are becoming ever more sophisticated in their approach. Many scammers now impersonate bank officials, government employees, or law enforcement officers, using cloned phone numbers and fake video calls to build trust and pressure victims into divulging OTPs, passwords, and personal details.

Some operate elaborate call centres in Southeast Asian countries such as Cambodia, Myanmar, and Vietnam, running scams targeting Indian citizens from secure compounds.

These criminal hubs leverage high-end spoofing software and social engineering tricks, exploiting the rapid digitisation of India’s economy.

Despite ongoing awareness campaigns, even tech-savvy users have fallen victim to these advanced schemes. The National Cybercrime Helpline (1930) and the cybercrime.gov.in portal have been highlighted as critical resources for reporting and combating such frauds. Banks, including SBI and HDFC, have reiterated warnings not to share OTPs or click on unknown links, regardless of how familiar or official the caller seems.

Enhanced monitoring systems using artificial intelligence by telecommunications companies like Bharti Airtel have reduced financial fraud complaints significantly, but the threat remains high.

How the New “Call Merge OTP Scam” Works: Step-by-Step

Step 1: The Random Call

• The scam begins with a call from an unknown number.
• The caller claims they got your number through a mutual friend, sounding casual and friendly.
• They then invite you to a function, event, or social gathering, creating a sense of normalcy so you don’t suspect anything.

Step 2: The Call-Merge Trap

• While you’re still on the call, the scammer requests you to merge another incoming call.
• They say it’s your “friend” trying to join the conversation and ask you to accept the merge.
• Thinking it’s harmless, most people click “merge” without hesitation — and that’s where the trap snaps shut.

Step 3: Silent Theft Begins

• Once the call is merged, the scammer quietly adds a third caller pretending to be from your bank.
• During the merged call, they may trigger a banking transaction in your name, prompting the bank to send an OTP.
• Because the call is merged, the scammer hears the OTP or tricks you into sharing it, allowing them to siphon money from your account without you realising what’s happening.
• By the time you disconnect, the fraud is already complete.

Steps to Stay Safe from Cyber Scams

1. Verify Caller Identity: Always double-check the identity of anyone calling you claiming to be from a bank or government agency. Use official helpline numbers or contacts obtained from trusted sources rather than the number they give you.
2. Never Share OTP or Passwords: One-Time Passwords (OTPs), PINs, ATM codes, and passwords are private. Legitimate organisations will never ask you to share these over calls, messages, or emails.
3. Avoid Clicking Unknown Links: Do not click on URLs or attachments received through unexpected or suspicious SMS, WhatsApp messages, or emails. These links could lead to phishing sites designed to steal your credentials.
4. Beware of Urgent or Threatening Messages: Scammers use fear tactics — fake arrest threats, account suspension warnings, or prize notifications — to rush you into action. Always take time to verify and never act under pressure.
5. Use Official Apps and Websites Only: Download banking, payment, or government service apps only from official app stores or links. Check for permission requests or unusual behaviour within apps.
6. Regularly Update Passwords and Software: Change your passwords periodically and keep your device software and antivirus updated to protect against malware and vulnerabilities.
7. Report Suspicious Activity Immediately: Use the National Cybercrime Helpline (1930) or cybercrime.gov.in portal to report fraud or hacking attempts promptly to enable swift action.
8. Educate and Alert Family & Friends: Share information about the latest scam trends with your close ones, especially elderly and less tech-savvy family members, who are often targeted.
9. Be Cautious on Social Media: Avoid sharing too much personal information online that scammers can exploit for identity theft or social engineering attacks.
10. Enable Two-Factor Authentication (2FA): Wherever possible, activate 2FA on your accounts to add an extra layer of security beyond just passwords.

Historical Context and Forward Path

India’s digital journey has been marked by rapid adoption of online payments, digital wallets, and e-commerce platforms, empowering millions. However, this progress has also introduced new vulnerabilities, as cybercriminals exploit gaps in public awareness and systemic safeguards.

The number of cybercrime complaints has more than doubled in recent years – from approximately 10 lakh incidents in 2022 to over 22 lakh in 2024. In parallel, financial losses reported on national cyber crime portals have touched staggering figures, with Rs 363 crore officially recorded by February 2025.

Past incidents such as “digital arrest” scams, where victims were harassed via fake video calls intended to extort money, showcased the potential harms of deepfake technology and social engineering. Investment fraud apps and fake financial websites proliferating on app stores have compounded the difficulties for regulators and security agencies.

At the same time, internal efforts by the government, police, and private sector aim to strengthen online safety through increased public digital literacy, improved technological safeguards, and international cooperation to dismantle cross-border crime syndicates.

The Logical Indian’s Perspective

As India steps boldly into the digital future, this surge in cybercrime calls for a collective, sensitive, and proactive response.

The Logical Indian emphasises the need for greater empathy towards victims who often feel isolated and vulnerable and encourages the cultivation of a culture of awareness and shared responsibility across society.

Cybersecurity is not only a technological issue but a deeply social one, demanding kindness in education, dialogue in policy, and harmony in enforcement.

Citizens must stay informed but not fearful, institutions should bolster safeguards without stifling innovation, and communities ought to support those affected with understanding rather than blame.