The Changing Geolocation of Cybercrime Hotspots in India

According to a recent study by a start-up incubated at IIT Kanpur, Rajasthan’s Bharatpur and Uttar Pradesh’s Mathura have now overtaken Jharkhand’s Jamtara and Haryana’s Nuh as the notorious hotspots for cybercrime in India. The study revealed that the top 10 districts account for a staggering 80% of cybercrime across the country.

What links Mathura in Uttar Pradesh, Bharatpur in Rajasthan, and Mewat in Haryana? These three districts create a triangle that is quickly becoming the new “Jamtara,” the Jharkhand city infamously known as India’s “phishing capital.” Certain areas in Nuh, particularly those bordering Bharatpur and Mathura, have emerged as significant centres for cybercrime. This region has gained infamy as the ‘new Jamtara,’ especially following extensive police raids that targeted 300 locations across 14 villages in Nuh. This operation, the largest against cybercrime in the area, involved 102 police teams and over 5,000 officers. The UP Police’s Cyber Cell also conducted investigations into approximately 400 cyber fraud cases in recent months, highlighting the prevalence of deepfake-based blackmail schemes in this ‘triangle.’

The Future Crime Research Foundation (FCRF), another start-up incubated at IIT Kanpur, conducted a thorough analysis of cybercrime trends in India from January 2020 to June 2023. According to their findings, ten districts are responsible for 80% of reported cybercrime incidents in the country.

Bharatpur district in Rajasthan is identified as the most cybercrimeprone region, accounting for 18% of reported incidents. Following closely is Mathura in Uttar Pradesh, responsible for 12%. Nuh in Haryana ranks third, contributing 11% to the nation’s cybercrime statistics. Notably, Jamtara district in Jharkhand, the backdrop for the Indian Netflix original series “Jamtara – Sabka Number Ayega,” which explores a phishing racket, now ranks fifth on this list.

The FCRF study highlighted that while established cybercrime hubs remain significant threats, emerging hotspots require immediate attention and proactive measures from individuals and authorities. These new areas are experiencing a rise in various forms of digital criminal activity, often catching law enforcement agencies and the public off guard.

Different regions exhibit unique patterns of online mischief. For instance, in Rajasthan, cyber tricksters use social engineering tactics for sextortion, while fraudsters crowd online marketplaces or pose as customer support on Google to execute their scams. Jharkhand sees a variety of scams, including one-time password deception, fake KYC processes, manipulation of utility bills, and misleading online quizzes. In Delhi, issues include loan app harassment, gift card traps, matrimonial fraud, and fake employment and investment schemes, while Bihar faces challenges related to phishing and unauthorised credit card transactions.

The findings identify Bharatpur as the leading hotspot, accounting for 18% of cybercrimes. This prevalence is attributed to its proximity to major cities like Delhi and Jaipur, and limited job opportunities leading individuals to cybercrime as a side hustle. Mathura, a popular tourist destination with numerous financial transactions, also stands out, comprising 12% of cybercrime cases. Nuh follows closely with 11% of such cases. Its proximity to the national capital attracts both cybercriminals and potential victims. Deoghar accounts for 10%, largely due to the absence of adequate law enforcement resources. Jamtara, though now fifth with 9.6%, remains notorious for online fraud and phishing activities. Gurgaon, known as a corporate IT hub, represents 8.1% of cybercrime activity, drawing criminals in search of valuable data and money. Alwar, at 5.1%, serves as a transit point for scammers due to its convenient location between Delhi and Rajasthan. Bokaro and Karma Tand, both at 2.4%, face cyber threats due to limited resources and lack of digital education, while Giridih, at 2.3%, is an attractive spot for web crimes due to its remote location and minimal law enforcement presence.

This analysis reveals several common factors that contribute to the vulnerability of these districts. Key elements include geographical proximity to major urban centres, limited cybersecurity infrastructure, socioeconomic challenges, and low digital literacy. These conditions increase residents’ susceptibility to cybercrimes such as online fraud and phishing.

In the case of Bharatpur, the high cybercrime rate can be attributed to its proximity to major urban centres like Delhi and Jaipur, making it an attractive hub for cybercriminal activities. Additionally, a lack of awareness and digital literacy among the population further contributes to its vulnerability.

Mathura, a prominent tourist destination, experiences a significant rate of cybercrime due to the financial transactions related to tourism, which makes it an appealing target for cybercriminals. The limited cybersecurity infrastructure and awareness among businesses and individuals exacerbate this issue.

Nuh’s elevated cybercrime rate may be influenced by its closeness to the National Capital Region (NCR), which attracts both cybercriminals and potential victims. Socioeconomic challenges in the region may also drive individuals toward cybercrime as an illicit source of income.

Deoghar, despite its relatively small size, struggles with cybercrime due to insufficient law enforcement resources and a lack of specialised cybercrime units. Moreover, limited digital literacy and awareness among the local population make them more susceptible to online scams.

Jamtara is notorious as a hub for cybercriminal activities, particularly related to online fraud and phishing. The area has developed a culture of cybercrime with well-organised criminal networks operating within it.

Gurgaon’s high cybercrime rate is influenced by its status as a major corporate and IT hub, attracting cybercriminals seeking valuable data or financial gains. Despite its economic affluence, disparities in digital literacy and cybersecurity awareness persist among Gurgaon’s diverse population.

Alwar, located between Delhi and Rajasthan, serves as a potential transit point for cybercriminals due to its location. Limited cybersecurity infrastructure and awareness in smaller towns within the district contribute to their vulnerability.

Bokaro’s cybercrime rate is linked to the absence of specialised cybercrime units and resources for law enforcement agencies, while economic challenges in the region may drive individuals toward cybercrime as an alternative source of income.

Karma Tand’s cybercrime rate is influenced by its proximity to districts with higher cybercrime rates, facilitating the spread of such activities. Limited access to digital education and cybersecurity resources leaves the population susceptible to online fraud.

Giridih, being relatively remote with a limited law enforcement presence, is an attractive location for cybercriminal operations. The lack of digital literacy and awareness further contributes to the local population’s vulnerability.

Online financial fraud, including phishing and online scams, accounted for a staggering 77.41% of the total reported cybercrimes in India from January 2020 to June 2023, according to the FCRF report.

The increase in such cases can be attributed to a complex interplay of factors such as low technical barriers that allow individuals with limited expertise to engage in cybercriminal activities using readily available hacking tools and malware.

Inadequate Know Your Customer (KYC) and verification processes on online platforms enable criminals to create fake identities, making it challenging for law enforcement to trace them. Additionally, easy access to fake accounts and rented SIM cards on the black market allows criminals to operate anonymously, complicating tracking and prosecution efforts.

Furthermore, the affordability of AIdriven cyberattack tools empowers criminals to automate and scale their attacks, increasing their efficiency. Virtual private networks (VPNs) also provide anonymity for cybercriminals, making it difficult for authorities to trace their online presence and location. The FCRF report also noted that unemployed or underemployed individuals are often recruited and trained by cybercrime syndicates, creating a growing pool of potential criminals.

Financial frauds top the list of cybercrimes, accounting for 77.41% of all reported incidents. These fraudulent activities predominantly involve Internet Banking Fraud, including tactics such as debit/ credit card fraud, depository fraud, and vishing (impersonating reputable companies over calls to seek bank details and credit card numbers). Particularly alarming is the sharp increase in UPI fraud, which constitutes an astonishing 47.25% of all online financial crimes. Online and social mediarelated frauds are second on the list, making up 12% of incidents. These include acts like impersonation, cyberbullying, sexual harassment, and phishing.

Cybercriminals in the country are targeting everyone, from ordinary citizens to the daughter of a prominent political leader. Particularly concerning is their use of technology—designed to simplify online payments, social media interactions, and shopping— to deceive and scam individuals. These criminals employ various tactics, such as creating fake online shopping portals, offering jobs instead of cash, and sending phishing links to extract money from unsuspecting victims.

One prevalent form of cyber fraud involves online transactions on E-commerce sites and marketplaces. Fraudsters often monitor platforms like OLX, where people sell their products. They create fake accounts, sometimes posing as army personnel, and approach sellers with offers. In one recent incident, a woman named Harshita was trying to sell a second-hand sofa on OLX. She was contacted by a scammer who posed as a buyer. To establish legitimacy, the scammer initially transferred a small amount to her account. He then sent a QR code for her to scan, claiming it would authorise the full payment. Unfortunately, after she scanned the code, Rs 34,000 was debited from her account.

Scammers from regions such as Mathura and Bharatpur often target individuals advertising the sale of second-hand motorcycles, cars, gadgets, and various everyday items. For instance, a retired bank manager was recently scammed out of Rs 5 Lakh after posting a month-old double-door refrigerator for sale for Rs 50,000. The fraudster, pretending to be an army man, initially deposited Rs 100 into the victim’s account to appear genuine. He then claimed he could not transfer the full payment due to being stationed near the border and asked the seller to scan the QR code he provided to complete the transaction. The exbanker ultimately lost Rs 5 Lakh after following the scammer’s instructions.

Several gangs with similar tactics have been busted in these regions before. This tri-junction has become the new Jamtara, but it is even more notorious, expanding its operations beyond phone scams to exploit banking, social media profiles, and online marketplaces.

Cyber experts report that cybercriminals are using fake SIM cards from distant states for their scams. In Mewat, scammers use SIM cards from Assam and Telangana, while in Jamtara, SIM cards come from West Bengal. During one investigation, over 14,000 fake numbers connected to Mewat were identified.

New forms of scams and blackmail have emerged. In sextortion cases, scammers lure victims through links or video calls. A scammer may initiate a video call, record it, edit it with explicit content, and use it to blackmail the victim. Within seconds, the trap is set — the scammer displays ‘obscene’ images and accuses the victim of consuming pornography. First, they demand money directly. If the victim blocks them, the scammer switches to another number to continue harassing them. In the final stage, they impersonate law enforcement: pretending to be from the Delhi Police Cyber Crime Unit, they accuse the victim of distributing pornography and demand money to ‘resolve the case.’

The police reported receiving over 100 cybercrime complaints in just two months. Scammers have also started superimposing their male targets’ faces onto explicit videos, then blackmailing them for sums ranging from Rs 5,000 to Rs 50,000. Some scammers speak fluent English to target affluent individuals in cities like Mumbai and Kolkata. Recently, a Lucknow businessman became a victim to a sextortion attempt. After accepting a woman’s friend request on social media, he received a brief WhatsApp video call from her, which she used to manipulate him. Minutes later, he was contacted and threatened to pay Rs 30 Lakh or have the recording released publicly.

Scammers are also using SMS messages to trick people. Through offers like cashback, luxury hotel stays, and other rewards, victims are lured to a scratch card portal and defrauded. On social media platforms like Facebook, fraudsters use fake profiles and distress messages to solicit help, deceiving people and leading them into financial loss.

As the magnitude of the problem continues to escalate, it has captured the attention of decisionmakers in Delhi. In a recent meeting, the Ministry of Home Affairs (MHA) urged States to take decisive action against these criminals. The Cybercrime Cell of the Home Ministry has also called upon citizens and cyber experts to volunteer in identifying, flagging, and reporting illegal and unlawful content, including child pornography, rape, terrorism, radicalisation, and anti-national activities.

The white paper has highlighted the importance of understanding the key factors contributing to cybercrime in specific districts to design effective prevention and mitigation strategies. An analysis of the top 10 cybercrime hubs in India reveals several common factors that enhance their vulnerability. These include their geographical proximity to major urban centres, limited cybersecurity infrastructure, economic challenges, and low digital literacy levels.

To reduce cybercrime rates in these districts and improve the overall cybersecurity landscape in India, it is crucial to address these factors through targeted awareness campaigns, enhanced law enforcement resources, and educational initiatives.