MUMBAI: Move over Jamtara, there’s a new cyber playground in town. The once-notorious hub for online mischief in Jharkhand no longer reigns as India’s cybercrime epicentre. Emerging from the shadows are fresh contenders—districts like Bharatpur, Mathura, Nuh, Deogarh, Gurgaon, Alwar, Bokaro, Karma Tand, and Giridih—that have claimed the spotlight and are collectively responsible for 80% of reported cybercrimes across country.
Future Crime Research Foundation (FCRF), a nonprofit startup incubated at the Indian Institute of Technology, Kanpur, released a report last month that reveals insights on cybercrime hotspots in the country where the art of online deception has been unfolding and flourishing. The report takes into account data from January 2020 to June 2023.
“We utilised a combination of open-source data analytics, expert insights, and thorough research on recent cybercrime trends. This involved examining reported cybercrime cases, collating data from central and state government sources, credible media reports, identifying digital attack patterns, and collaborating with law enforcement agencies and cybersecurity professionals,” explains Shashank Shekhar, co-founder of FCRF.
Hotspots
The findings pinpoint Bharatpur as the frontrunner, accounting for 18% of cybercrimes, driven by its proximity to major cities like Delhi and Jaipur, coupled with limited job opportunities that pushed individuals toward cybercrime as a side hustle. Mathura, a tourist hotspot with a flurry of financial transactions, is also a goldmine for cybercriminals with the district accounting for 12% cybercrime cases. Nuh also features among the hotspots with 11% cybercrime cases. Being close to the national capital, Nuh draws both cybercriminals and potential victims.
In the case of Deoghar (10%), the lack of adequate law enforcement resources makes it susceptible. Jamtara (9.6%), despite dropping to the fifth spot, remains infamous for online fraud and phishing activities. Gurgaon (8.1%), the corporate IT hub, attracts cybercriminals seeking valuable data and money.
Alwar (5.1%) serves as a transit point for scamsters due to its convenient location between Delhi and Rajasthan. Bokaro (2.4%) and Karma Tand (2.4%) face cyber threats due to limited resources and digital education, while Giridih (2.3%), tucked away in a remote corner with minimal law enforcement presence, is an attractive spot for web crimes.
Modus
According to cybercrime investigator Ritesh Bhatia, as the spotlight intensified on Jamtara—drawing the attention of police, government agencies and the media—cybercriminals slipped away to less conspicuous locales with reduced scrutiny.
Shekhar attributes the shift to rapid increase in internet penetration, easy access to data, legal loopholes, and socio-economic disparities.
Different regions have unique patterns of online mischief. In Rajasthan, cyber tricksters employ social engineering tactics for ‘sextortion’, while fraudsters throng online marketplaces or masquerade as customer support on Google for their cons. Jharkhand indulges in a buffet of scams, including one-time passwords, faking KYC processes, manipulating utility bills, and deceptive online quizzes. Delhi deals with loan app harassment, gift card traps, matrimonial frauds, and fake employment and investment schemes. Bihar contends with phishing and unauthorised credit card transactions.
Access to tools
FCRF’s research also highlights that with readily available hacking tools and malware, even those with limited technological know-how can now engage in cybercrimes. In addition, insufficient KYC and verification processes on online platforms enable criminals to craft fake identities and enjoy access to counterfeit resources like rented SIM cards in the black market.
The concern lies in the growing arsenal of cyber frauds, says Bhatia, drawing attention to increased use of virtual private networks or VPNs, user-friendly website building tools, and proliferation of affordable deepfake apps that have empowered conmen to obscure their online whereabouts and scale illicit activities. “With the advent of AI-powered tools, they’re able to craft impeccably written emails and messages in English that are hooks for sextortion scams and sophisticated business frauds,” adds Bhatia.
Besides, the recruitment and training processes of cybercrime syndicates operating in these regions reveal a sinister playbook. “These syndicates actively seek out unemployed individuals with technical skills and a propensity for unlawful activities. Separate teams are dedicated to sourcing data, procuring fake SIMs or setting up fraudulent bank accounts to run their elaborate scam factories,” says Shekhar, adding that they also tap into dark web marketplaces to mine valuable data and collaborate with other criminal organisations. Surprisingly, training sessions aren’t shrouded in secrecy. “The knowledge on cyber tools and tactics is freely shared and accessible on video platforms like YouTube,” he adds.
Upskilling
An investigation by TOI earlier this year had found that swindlers from Ahmedabad were jetting off to Nigeria for theory and practical training in hacking, phishing, and other cyber cons. “They’re upskilling in new ways to smooth talk or use fear psychosis to target not just Indians but also Europeans and Americans,” says Bhatia, highlighting its lucrative prospects that are drawing people into the cybercrime fold. “One can rake in up to Rs 10 lakh a day, and therefore, are willing to invest in tools to generate a deepfake for a mere Rs 30 or clone voices for 50 paise per second,” he says.
The evolving nature of cyber threats stemming from new hotspots pose a formidable challenge for cybersecurity experts. “These borderless crimes require skilled workforce, dedicated teams at regional levels, collaboration with international law enforcement agencies and extensive public awareness campaigns to fight it,” stresses Shekhar.
Future Crime Research Foundation (FCRF), a nonprofit startup incubated at the Indian Institute of Technology, Kanpur, released a report last month that reveals insights on cybercrime hotspots in the country where the art of online deception has been unfolding and flourishing. The report takes into account data from January 2020 to June 2023.
“We utilised a combination of open-source data analytics, expert insights, and thorough research on recent cybercrime trends. This involved examining reported cybercrime cases, collating data from central and state government sources, credible media reports, identifying digital attack patterns, and collaborating with law enforcement agencies and cybersecurity professionals,” explains Shashank Shekhar, co-founder of FCRF.
Hotspots
The findings pinpoint Bharatpur as the frontrunner, accounting for 18% of cybercrimes, driven by its proximity to major cities like Delhi and Jaipur, coupled with limited job opportunities that pushed individuals toward cybercrime as a side hustle. Mathura, a tourist hotspot with a flurry of financial transactions, is also a goldmine for cybercriminals with the district accounting for 12% cybercrime cases. Nuh also features among the hotspots with 11% cybercrime cases. Being close to the national capital, Nuh draws both cybercriminals and potential victims.
Expand
Alwar (5.1%) serves as a transit point for scamsters due to its convenient location between Delhi and Rajasthan. Bokaro (2.4%) and Karma Tand (2.4%) face cyber threats due to limited resources and digital education, while Giridih (2.3%), tucked away in a remote corner with minimal law enforcement presence, is an attractive spot for web crimes.
Modus
According to cybercrime investigator Ritesh Bhatia, as the spotlight intensified on Jamtara—drawing the attention of police, government agencies and the media—cybercriminals slipped away to less conspicuous locales with reduced scrutiny.
Shekhar attributes the shift to rapid increase in internet penetration, easy access to data, legal loopholes, and socio-economic disparities.
Different regions have unique patterns of online mischief. In Rajasthan, cyber tricksters employ social engineering tactics for ‘sextortion’, while fraudsters throng online marketplaces or masquerade as customer support on Google for their cons. Jharkhand indulges in a buffet of scams, including one-time passwords, faking KYC processes, manipulating utility bills, and deceptive online quizzes. Delhi deals with loan app harassment, gift card traps, matrimonial frauds, and fake employment and investment schemes. Bihar contends with phishing and unauthorised credit card transactions.
Access to tools
FCRF’s research also highlights that with readily available hacking tools and malware, even those with limited technological know-how can now engage in cybercrimes. In addition, insufficient KYC and verification processes on online platforms enable criminals to craft fake identities and enjoy access to counterfeit resources like rented SIM cards in the black market.
The concern lies in the growing arsenal of cyber frauds, says Bhatia, drawing attention to increased use of virtual private networks or VPNs, user-friendly website building tools, and proliferation of affordable deepfake apps that have empowered conmen to obscure their online whereabouts and scale illicit activities. “With the advent of AI-powered tools, they’re able to craft impeccably written emails and messages in English that are hooks for sextortion scams and sophisticated business frauds,” adds Bhatia.
Besides, the recruitment and training processes of cybercrime syndicates operating in these regions reveal a sinister playbook. “These syndicates actively seek out unemployed individuals with technical skills and a propensity for unlawful activities. Separate teams are dedicated to sourcing data, procuring fake SIMs or setting up fraudulent bank accounts to run their elaborate scam factories,” says Shekhar, adding that they also tap into dark web marketplaces to mine valuable data and collaborate with other criminal organisations. Surprisingly, training sessions aren’t shrouded in secrecy. “The knowledge on cyber tools and tactics is freely shared and accessible on video platforms like YouTube,” he adds.
Upskilling
An investigation by TOI earlier this year had found that swindlers from Ahmedabad were jetting off to Nigeria for theory and practical training in hacking, phishing, and other cyber cons. “They’re upskilling in new ways to smooth talk or use fear psychosis to target not just Indians but also Europeans and Americans,” says Bhatia, highlighting its lucrative prospects that are drawing people into the cybercrime fold. “One can rake in up to Rs 10 lakh a day, and therefore, are willing to invest in tools to generate a deepfake for a mere Rs 30 or clone voices for 50 paise per second,” he says.
The evolving nature of cyber threats stemming from new hotspots pose a formidable challenge for cybersecurity experts. “These borderless crimes require skilled workforce, dedicated teams at regional levels, collaboration with international law enforcement agencies and extensive public awareness campaigns to fight it,” stresses Shekhar.