On a normal weekday, Meera (38) gets a call from a “bank officer” warning that her account will be frozen unless she verifies an one-time password. Minutes later, her savings are gone. This is cheating by personation—criminals pretending to be someone you trust (bank staff, police, delivery agent, recruiter, electricity board, even a friend on messaging apps).

Recent data show a sharp rise in such cases across India. One state—Karnataka—accounted for about one-fourth of all cybercrime cases in 2023. Nationally, Section 66D cases (cheating by personation using a computer resource) form a growing share of cyber offences. Worryingly, even as complaints rise, charge-sheeting is low (about one in four cases under 66D in 2023), and convictions remain modest. Many scams cross state borders, use mule accounts, deepfake voices, and spoofed caller IDs, making investigations slower.

What exactly is “cheating by personation”? (Section 66D, IT Act 2000)

“Whoever, by means of any communication device or computer resource, cheats by personation, shall be punished with imprisonment up to three years and a fine up to one lakh rupees.”

In plain words: lying about who you are on phone/apps/web to make someone send money or share secrets.

Common avatars

• “KYC update / bank verification” calls; UPI or card OTP theft
• Parcel/customs scam (fake seizures, “pay to release”)
• Electricity bill disconnection threat; fake FASTag or SIM KYC
• Investment and trading app frauds; fake job or loan approvals
• Impersonation on WhatsApp/Instagram (“it’s me—urgent!”)
• Deepfake video/voice asking for money or sensitive images (sextortion)

Why are these cases rising?

• Low entry barriers: cheap bulk SIMs, caller-ID spoofing, rented accounts, ready-made phishing kits.
• Scale via platforms: mass Robocalls, SMS blasts, and social media.
• Money mules: quick cash-out through newly opened or compromised bank and wallet accounts.
• Skill gap: district police get flooded; digital forensics and inter-state coordination take time.
• Victim hesitation: late reporting erodes the chance to freeze funds.

India’s current toolkit

• I4C (Indian Cyber Crime Coordination Centre) with the 1930 Citizen Financial Cyber Fraud Reporting helpline to freeze transfers fast.
• National Cyber Crime Reporting Portal (online complaint; route to local police).
• CERT-In directions (report certain incidents within hours; keep logs).
• Intermediary Rules (IT Rules, 2021) — due diligence by platforms; quicker takedown of harmful content.
• Digital Personal Data Protection Act, 2023 — lawful processing and penalties for misuse of personal data.
• DoT’s Sanchar Saathi — block stolen phones; curb misuse of SIMs.
• RBI measures — tighter KYC, digital lending norms, account aggregator trail, and reporting of frauds.

What must improve now

1. 24×7 freezing grid: integrate 1930, banks, wallets and card networks with single-click lien; show citizens a live ticket status.
2. Hit the money mules: joint police-RBI-FIU drives to detect suspicious small bursts; blacklist mule rings; prosecute sellers of accounts.
3. Clean the pipes: mandatory caller-ID authentication for enterprises; penalties for bulk SMS/call spammers; strict SIM lifecycle audits.
4. Deepfake response cell: quick face/voice forensics, public advisories within hours, and takedowns with platforms.
5. Faster chargesheets: standard e-templates, district cyber prosecutors, and time-boxed lab reports.
6. Victim-first SOP: zero FIR refusals; on-the-spot FIR numbers from 1930 calls; protection for victims facing harassment (sextortion).
7. Campus & workplace drills: quarterly phishing fire-drills; two-factor as default; password managers and device hardening for staff.
8. Local cyber police stations: one per district with forensics kits; women-led desks for privacy-sensitive cases.
9. Public dashboards: state-wise data on freeze-rate, refund-rate, chargesheets, convictions; name and shame repeat mule banks or telemarketers.
10. Consumer redress: cooling-off windows for risky transactions; opt-out from marketing lists by default; plain-language fraud warnings on payment screens.

How citizens can stay safe

• Secret never shared: OTP/PIN/CVV—no one legitimate asks.
• Type the address: do not click links from unknown messages.
• Official app only: download from trusted stores; avoid screen-sharing apps.
• Call on Cyber helpline 1930: the earlier you call, the higher the chance to freeze funds. Also file on the portal and with your bank.

Five key terms

• Personation: pretending to be someone else to cheat.
• Deepfake: AI-made audio/video that sounds/looks real.
• Spoofing: faking caller ID, e-mail, or website to gain trust.
• SIM swap: duplicate SIM to hijack messages and banking OTPs.
• Money mule: a person/account used to move stolen money quickly.

Exam hook

Key takeaways

• Personation scams are India’s fastest-growing cybercrime type.
• Early reporting (1930) and freezing networks decide recovery.
• Strong laws exist, but execution gaps in chargesheets, forensics and platform hygiene keep conviction rates low.

UPSC Mains question

“Cheating by personation under Section 66D has become the face of cybercrime in India. Examine why such crimes scale fast despite new laws and portals. Suggest a district-level plan covering rapid fund-freezing, mule-account crackdown, deepfake response and victim-centric procedures.”

UPSC Prelims question

Q. With reference to India’s cybercrime response, consider the following:

1. Section 66D of the IT Act covers cheating by personation using a computer resource.
2. 1930 is the helpline for rapid reporting and fund-freezing of online financial frauds.
3. CERT-In is India’s nodal agency for cyber incident response.
4. Sanchar Saathi is run by the Reserve Bank of India to block mule accounts.

Which of the statements given above are correct?
(a) 1, 2 and 3 only (b) 1 and 3 only 

(c) 2, 3 and 4 only (d) 1, 2, 3 and 4
Answer: (a) (Sanchar Saathi is a Department of Telecommunications initiative for mobile/SIM hygiene, not an RBI tool.)

One-line wrap: Trust no unexpected ask, call 1930 fast, and make the system freeze first—only then can personation scams be stopped at scale.