The Digital Masquerade, Karnataka’s Cybercrime Surge and India’s Looming Battle Against Impersonation Fraud

The Digital Masquerade, Karnataka’s Cybercrime Surge and India’s Looming Battle Against Impersonation Fraud

In the digital age, where identity is increasingly a string of code and a collection of data points, a new and pervasive form of crime has emerged from the shadows of the internet. Cybercrime, once a niche domain of hackers and virus writers, has evolved into a mainstream threat, with “cheating by personation” at its vanguard. Nowhere is this alarming trend more pronounced than in Karnataka, a state celebrated as India’s Silicon Valley. According to the latest government data, Karnataka accounted for a staggering 25.3% of all cybercrime cases in India in 2023, but more disturbingly, it was the epicenter for over 70% of the nation’s cases under Section 66C of the Information Technology (IT) Act, which specifically deals with “cheating by personation using a computer resource.” This surge in digital deception, however, is met with a justice system in crisis, where low charge-sheeting and conviction rates create a culture of impunity, threatening to undermine the very fabric of digital trust in India.

The rise of these crimes—encompassing fake job offers, online investment scams, fraudulent social media profiles, and sophisticated impersonation—paints a picture of a society grappling with the double-edged sword of rapid digitization. While technology has brought unparalleled convenience and connectivity, it has also opened new vectors for exploitation. The data reveals a story not just of increasing criminality, but of a systemic failure in our legal and law enforcement apparatus to keep pace with the sophistication and scale of digital fraud. The perpetrators of these crimes are operating with a perceived invincibility, shielded by jurisdictional complexities, technological barriers, and a justice system struggling to adapt.

The Karnataka Conundrum: A Hotspot or a Pioneer?

Karnataka’s position at the top of the cybercrime chart demands a nuanced interpretation. On the surface, the numbers are alarming. The state’s share of India’s total cybercrime cases saw a significant resurgence in 2023, reaching 25.3% after a dip in the preceding years. However, these figures cannot be viewed in isolation. Karnataka, and particularly its capital Bengaluru, is India’s most densely digitized state. It has the highest penetration of internet services, digital banking, and e-commerce activity. A higher reported incidence of cybercrime can be a function of two contrasting realities: a genuinely higher rate of criminal activity, or a more digitally literate population that is more likely to recognize and report such crimes, coupled with a more proactive and trained police force.

In fact, Karnataka should not be singled out solely as a cybercrime hotspot. It was the first state in India to establish a dedicated city-level cybercrime police station. The Bengaluru City Police pioneered the creation of eight specialized Cybercrime, Economic, and Narcotic (CEN) police stations as early as March 2017. This institutional foresight means that Karnataka’s police are better equipped to register and classify cybercrimes accurately, which could artificially inflate its numbers compared to states where such crimes go unreported or are misclassified under traditional sections of the Indian Penal Code. Therefore, the high case count is as much an indicator of advanced policing as it is of a serious crime problem.

The Anatomy of an Epidemic: Understanding Section 66C

The true story of Karnataka’s cybercrime surge is not in the total numbers, but in the specific, explosive growth of offenses under Section 66C of the IT Act, 2000. This section states: “Whoever, by means of any communication device or computer resource, cheats by personation, shall be punished with imprisonment of up to three years and a fine.”

The data is unequivocal. The share of Section 66C cases within all cybercrimes in Karnataka has skyrocketed from a mere 8.5% in 2019 to an astonishing 83% in 2023. Nationally, the trend is similar, rising from 12% to 29% in the same period. This indicates a massive pivot in criminal strategy towards identity-based fraud.

What do these cases look like in practice? They are the scams that have become tragically familiar:

• The “Deepfake” Scam: The viral deepfake video of actor Rashmika Mandanna in 2023 is a prime example, showing how technology can be used to create hyper-realistic, fraudulent impersonations for malicious purposes, including defamation or extortion.

• Institutional Impersonation: In a high-profile case, a fraudster posing as an official from the Telecom Regulatory Authority of India (TRAI) successfully cheated a senior officer in the Karnataka State Finance Department. This demonstrates the audacity of criminals and the vulnerability of even well-informed citizens.

• Fake Job Frauds: The case registered in Kashmir against five individuals for circulating a forged National Health Mission job selection list preys on the desperation of unemployed youth, leveraging the name of a trusted government institution to lend credibility to the scam.

• Investment “Sextortion” and Romance Scams: Fraudulent social media profiles are used to build trust and romantic relationships with victims, who are then manipulated into investing in fake cryptocurrency schemes or blackmailed with compromising information.

These crimes are effective because they exploit fundamental human emotions: trust, ambition, fear, and affection. The digital medium provides the criminal with anonymity, scale, and a powerful toolkit for deception.

The Justice Deficit: A System on the Back Foot

The most troubling part of this story is not the rise in crimes, but the systemic inability to deliver justice. The data reveals a justice system that is failing to keep pace. In 2023, the charge-sheeting rate for Section 66C offenses across India was a dismal 25%. This means that for every 100 cases registered, only 25 reached the stage where the police filed a formal charge sheet in court, indicating the conclusion of the investigation. This rate is even lower than the already poor average of 33.9% for all cybercrimes.

The situation worsens in the courtroom. Of the few cases that do make it to trial, only 33% result in a conviction for Section 66C offenses. The conviction rate for all cybercrimes is even lower, at 27.6%. This creates a devastatingly low probability of any criminal facing consequences. With a 25% charge-sheeting rate and a 33% conviction rate for those charge-sheeted, the overall chance of a conviction from a registered case is a meager 8.25%. For the criminal, this is a risk worth taking; for the victim, it is a brutal denial of justice.

These low rates are symptomatic of profound gaps in the ecosystem:

1. Jurisdictional Challenges: Cybercrimes often span multiple states and even countries. A victim in Bengaluru, a server in Delhi, and a perpetrator in Jharkhand create a jurisdictional maze that delays and often derails investigations.

2. Evidence Preservation: Digital evidence is fragile and volatile. Properly seizing, preserving, and presenting it in a court of law requires specialized knowledge and chain-of-custody protocols that many local police stations lack.

3. Lack of Specialized Training: As highlighted at the Shield 2025 cybersecurity conference in Hyderabad, there is an urgent need for specialized training for all stakeholders. A retired Supreme Court justice pointed out the need for trained lawyers, prosecutors, and judges, while a senior police officer from Rajasthan stressed that investigating officers must be “digitally adept” and trained to respond quickly before digital trails go cold.

4. Overburdened Courts: The traditional judicial system is ill-equipped to handle the technical complexities and rapid evolution of cybercrime, leading to protracted trials and a high attrition rate.

The Way Forward: Building a Resilient Digital Justice System

Addressing this crisis requires a multi-pronged, war-footing approach that goes beyond mere awareness campaigns.

• Capacity Building at Scale: Every police district needs a dedicated, trained cybercell. The model of Karnataka’s CEN stations must be replicated and scaled across the country, with continuous training on new threats like deepfakes and cryptocurrency tracing.

• Legal and Judicial Modernization: The judiciary requires fast-track, specialized cybercrime courts. The curriculum for law schools and judicial academies must be updated to include cyber forensics and digital evidence law.

• Strengthening Inter-Agency Cooperation: Bodies like the Indian Cyber Crime Coordination Centre (I4C) must be empowered to act as central command posts, facilitating seamless cooperation between state police forces and international agencies.

• Public-Private Partnerships: Technology companies, financial institutions, and social media platforms must be legally obligated to cooperate proactively with law enforcement in investigating fraud and taking down malicious content swiftly.

• Reviewing Penalties: The punishment under Section 66C—imprisonment of up to three years and a fine—may be insufficient for large-scale, organized fraud. A graded penalty structure based on the financial and social impact of the crime could act as a stronger deterrent.

Conclusion: Reclaiming the Digital Commons

The surge in cheating by personation in Karnataka is a canary in the coal mine for India’s digital future. It is a stark warning that our transition to a digital economy is being sabotaged by a lack of commensurate investment in digital justice. The high registration of cases shows that citizens are facing the problem head-on; the abysmal conviction rates show that the state is failing to protect them. Bridging this “justice gap” is not just a law and order issue; it is a fundamental prerequisite for sustaining digital India. Without trust and accountability, the promise of a connected, digital nation will remain unfulfilled, leaving citizens vulnerable in a lawless virtual frontier. The time to fortify our digital defenses, both in terms of technology and jurisprudence, is now.

Q&A: Unpacking the Cybercrime Crisis in Karnataka and India

Q1: What exactly constitutes “cheating by personation” under Section 66C of the IT Act?

A1: “Cheating by personation” under Section 66C involves using digital means—a computer, smartphone, or any communication device—to pretend to be someone else with the intent to cheat or defraud a victim. This is a broad category that includes a wide range of scams:

• Creating a fake social media profile of a real person to damage their reputation or extort their friends.

• Posing as a bank official, government agent (like a TRAI officer), or tech support executive to trick people into revealing passwords or transferring money.

• Using deepfake technology to superimpose a person’s face onto a compromising video for blackmail (“sextortion”).

• Circulating fake job offer letters or recruitment lists using the name of a reputable company or government body.
  The core elements are the digital impersonation of a real or fictional entity and the intent to cheat, leading to financial loss, reputational damage, or other harm.

Q2: Why is Karnataka reporting such a disproportionately high number of these cases compared to other states?

A2: There are two primary, interconnected reasons:

1. High Digital Penetration: As India’s tech capital, Karnataka has a population that is highly active online, using digital banking, e-commerce, and social media more intensively. This creates a larger pool of potential targets for cybercriminals.

2. Advanced Policing and Reporting: Karnataka, particularly Bengaluru, has invested in specialized cybercrime police units (CEN stations) since 2017. A more trained and sensitized police force is more likely to correctly register a complaint under the specific Section 66C, whereas in other states, such crimes might be recorded under general IPC sections or not recorded at all due to a lack of expertise. Therefore, the high numbers reflect both a real problem and a more efficient system for identifying and reporting it.

Q3: The conviction rate for these crimes is only 33%. What are the biggest hurdles in securing a conviction?

A3: Securing a conviction in cybercrime cases is exceptionally difficult due to several key hurdles:

• Jurisdictional Complexity: The victim, criminal, and digital infrastructure (servers, payment gateways) are often in different states or countries, making investigation and evidence collection a legal and logistical nightmare.

• Technical Nature of Evidence: Presenting digital evidence like IP logs, cryptocurrency transactions, or metadata in a way that is admissible and understandable in a traditional court is challenging. The evidence can also be easily destroyed or altered.

• Anonymity Tools: Criminals use VPNs, encrypted communication apps, and proxy servers to hide their identity and location, making it very hard to trace them.

• Lack of Expert Testimony: There is a shortage of certified cyber forensics experts who can serve as reliable witnesses in court to explain the technical evidence to the judge.

• Delay in Trials: Protracted court proceedings mean that by the time a case comes to trial, witnesses may be unavailable, and technology may have evolved, making the evidence seem outdated.

Q4: The article mentions a “deepfake” case. How is emerging AI technology like deepfakes exacerbating this problem?

A4: Deepfake technology represents a quantum leap in the threat of impersonation. It uses artificial intelligence to create highly realistic but fake audio and video content. This exacerbates the problem by:

• Eroding Trust in Visual Evidence: It makes it difficult to trust what we see and hear, which has been a bedrock of evidence and communication.

• Enabling Sophisticated Extortion and Defamation: As in the Rashmika Mandanna case, deepfakes can be used to create non-consensual pornographic content or fake videos of people making inflammatory statements, leading to blackmail or social ruin.

• Supercharging Existing Scams: A criminal can now use a deepfake video call to impersonate a CEO and order an urgent financial transfer, or impersonate a relative in distress to beg for money, making the scam incredibly convincing.

• Scale and Accessibility: While once a tool for experts, AI-powered deepfake apps are now easily accessible, allowing even low-skilled criminals to create convincing forgeries.

Q5: What concrete steps can citizens take to protect themselves from these personation scams?

A5: Vigilance and skepticism are key. Citizens can protect themselves by:

• Verifying Identity Independently: If you receive a call or message from someone claiming to be from your bank or a government agency, hang up and call back on the official customer service number listed on the institution’s website, not the number provided by the caller.

• Being Wary of Unsolicited Offers: Treat unexpected job offers, investment opportunities, or lottery winnings with extreme suspicion. Remember, if it seems too good to be true, it almost certainly is.

• Securing Personal Information: Never share OTPs, passwords, or Aadhaar details over the phone or email. No legitimate organization will ever ask for this.

• Checking Digital Footprint: Regularly perform a web search of your own name to see if someone has created a fake profile impersonating you.

• Reporting Immediately: If you suspect you have been targeted, report the incident immediately to the national cybercrime helpline (1930) and your local police, preserving all communication as evidence.